Home page Services provided Software available Site licenses Systems status Local Documentation Windows 2000 Reporting problems Links Contact information





Next Previous Contents

3. System Applications and Tools

3.1 Big Brother

Big Brother is a network and system monitoring tool. It monitors the connections to machines, check disk space, CPU load, system error messages and processes. Information is gathered every 10 minutes on the client machines and sent to the server. The server checks the network connections every 10 minutes and creates web pages based on the information. You can view a Big Brother display by visiting here: http://wss.yale.edu/bb/.

You can read about the Big Brother installation and configuration by visiting here: http://wss.yale.edu/doco/BigBrother/. Keep in mind that this documentation is for the Computer Science department and the Big Brother home directory may be in a different directory. However, the rest of the configuration should be identical except you substitute your home directory for the home directory in the documentation. Pay special attention to the section about monitoring network printers.

3.2 sudo

sudo lets non-root users perform tasks as root. The database file that contains the list of users and privileges is /etc/sudoers. You should use "visudo" to modify this file. If you used the post-install script from above, then you already have a sample sudoers file installed.

The nice thing about sudo is you don't have to remember or use the root password. It also logs to /var/log/secure whenever you use it.

3.3 TSM (backups)

The TSM backup service performs an incremental backup of all newly created and changed files each day. The files are copied to the tape robot system at 155 Whitney Ave. For the most part, the system is hands off. The process runs every night. You can read more about TSM at http://wss.yale.edu/doco/ADSM/

If you ever have to recover file(s) using TSM, simply start the client /usr/adsm/dsm and select the files you wish to restore. Most likely the files you want to recover have been deleted more than a day ago. They will not show up on the active list. You'll need to change your view to display inactive files or set a date to one when you know the files did exist on the disk. To display the inactive files, click on "Restore Files and Directories to your system". Then click on "View" and "Display inactive files". This should give you a complete list of all current files and ones that you have deleted locally.

Please note that the TSM backup service is not free. You should visit the TSM web site for more information and charging: http://www.yale.edu/tsm/

3.4 Aide

If you used the post-install script above, then Aide has been installed and set up for you. Aide is a file integrity checker that runs every hour on the machine. If you install new products or do an RPM update, you'll have to update the Aide database, otherwise you get a lot of email messages about new or changed files. To update the Aide database: 

  at -f /usr/local/bin/update-aide now

3.5 Kerberos

Kerberos is a very nice utility to use. It will allow users to authenticate using the kerberos server and not local passwords. This makes account creation very easy. It's also easier on the user, since they only have to remember their NetID credentials.

If you followed the Standard Install instructions above, you already have kerberos set up. If you need to set it up later, here's how to do it: 

  Login as root.  
  Open a shell and type <bf/yast/  
  A menu will appear  
  Use the TAB and arrows to move around the menu  
  Move down to Network Services in the left hand column  
  Now move down to Kerberos in the right hand column and hit enter  
  You want "Use Kerberos" 
  The default domain is NET.YALE.EDU 
  The default Realm is NET.YALE.EDU 
  The KDC Server Address is kserv2.net.yale.edu  
  Now click on "Advanced Settings..."  
  Check off Kerberos Support for OpenSSH Client 
  Click on NTP Configuration 
  Check off to start NTP During Boot 
  The address is clock.yale.edu  
  Click on Finish 
  Click Accept 
  Click Finish  
  Now get out of yast by going to quit

3.6 Firewall

SuSE has their own firewall language that sits on top of iptables. If you want to open up ports to everyone for basic services, Yast is very easy to use. If you want to customize your settings to open up to subnets, the custom scripts using raw iptables is easiest to use. If you used the post-install script from above, please take a look at it. There is a section that is commented out that describes how to create a custom firewall.

The SuSEfirewall2-custom file is defined in /etc/sysconfig/SuSEfirewall2. The variable name is FW_CUSTOMRULES. So make sure the line with FW_CUSTOMRULES is commented out and is defined as /etc/sysconfig/scripts/SuSEfirewall2-custom.

To start and stop the firewall, just do the following: 

  /sbin/SuSEfirewall2 start
  /sbin/SuSEfirewall2 stop

Next Previous Contents




Certifying authority: Paul Gluhosky
Manager, AM&T Workstation Support Services
URL: http://wss.yale.edu/doco/SUSE
Last update: 01.18.07
AMT home pageITS home pageYale Front DoorContact usSearchWorkstation Support Services home page