Editor's Forum
Although many of the articles we publish in Sys Admin deal with tools for systems administration, putting together the annual Tools issue is always especially fun. This issue gives us an opportunity to showcase the efforts of systems administrators around the world to deal with traditional UNIX administration challenges in a new way, or to deal with new challenges in a traditional way. Among other articles in this issue, George Kurtz and Chris Prosise begin a series on performing security assessments with a large enterprise spin, and Michael Schwager wraps up a series on using Sendmail to filter spam. Victor Hazlewood looks at UNIX accounting, and John Mechalas provides us with a Perl-based tool for accessing large numbers of hosts in parallel. As we put the finishing touches on this issue, however, several additional tools that I'd like to bring to your attention have been released or are on the horizon.
As you have probably read, Sendmail has gone open-source commercial. Sendmail, Inc. was formed in 1998 to carry forward the development of this venerable email processing and routing tool. Although various alternative email processing applications have attempted to compete with Sendmail as a mail delivery agent, few have come even close to the power of Sendmail in being able to handle addressing and filtering concerns. Unfortunately, Sendmail has also been one of the most difficult tools to master in the UNIX grab bag. The syntax of Sendmail configuration files leaves many competent SAs scratching their heads, making mastery of this program one of the ways UNIX admins can earn their star-encrusted, black wizard robes. Expect that to change in the not too distant future. Eric Allman and the other folks at Sendmail, Inc., in addition to maintaining and further developing the application through the open-source model, have added a graphical interface for configuring Sendmail. The graphical interface is the company's commercial add-on product, and it is still too early to tell whether pricing and other business considerations will be favorable. But, I got an early look at the product and was impressed. Although gurus who consider fsdb to be their editor-of-choice may still prefer to create Sendmail configuration files by hand, the rest of us may find the convenience of the commercial product to be well worth the price of admission. Time will tell.
On the security front, TITAN was formally presented at the Usenix LISA Conference in Boston during December, 1998 by Dan Farmer, Brad Powell, and Matthew Archibald. TITAN is a freely available tool (http://www.fish.com/security/titan.html) for auditing UNIX systems for security problems. While TITAN does not fix or patch security bugs, the authors indicate that TITAN codifies as many security tricks as they could think of. Although I haven't personally tried TITAN yet, the technical paper published in the Usenix Proceedings paints an appealing picture of the program's functionality. Watch the pages of Sys Admin for more on this.
The last item I want to bring to your attention also stems from a session at the Usenix LISA Conference. Bill LeFebvre, the "Daemons and Dragons" columnist from our sister publication, UNIX Review's Performance Computing, did a guru-is-in session at LISA to discuss DNS and BIND8. Although rumblings about BIND8 have been around for a while, I suspect my personal reluctance to tinker much with a working DNS configuration is not too unlike the concerns of many UNIX admins. LeFebvre's session, however, convinced me that BIND8 will be worth the trouble of getting the source and learning a new configuration syntax. You can get more information about BIND8 at http://www.isc.org/bind8/index.html.
Sincerely yours,
Ralph Barker
|