LAX LAX A toolset for network administration A toolset for network - - PowerPoint PPT Presentation

▶

Jul 05, 2023 478 likes •690 views

LAX LAX A toolset for network administration A toolset for network administration Thomas Gro teegee thomas.gross@teegee.de LK 2009 Dresden LAX LAX A toolset for network administration A toolset for network administration LAX is a

SLIDE 1

LAX LAX

A toolset for network administration A toolset for network administration

LK 2009 Dresden

Thomas Groß teegee thomas.gross@teegee.de

SLIDE 2

LAX LAX

LAX is a collection of scripts for administrators uses a network directory, (still) a KDE3 portal and openssh autologin channels to remote hosts Is in development, growing, moving Revite on the network A toolset for network administration A toolset for network administration

GUUG LK2009 Dresden

SLIDE 3

LAX LAX

Say you are a IT administrator of a midsize

company. You probably need LAX because you

should

know (and remember) what you have
know if it works
be able to control it

Overpower entropy! A toolset for network administration A toolset for network administration

GUUG LK2009 Dresden

SLIDE 4

LAX LAX

Use LAX to collect: directory of network objects monitor: grab state of network objects alert: notification, reaction, escalation visualize: show network objects control: manage network objects A toolset for network administration A toolset for network administration

GUUG LK2009 Dresden

SLIDE 5

LAX LAX

the LAX server LAXdb: Openldap using a special scheme Network operations start here (openssh) Information is collected here (postgres) Administrator desktops (KDE / NX / RDP) special accounts reflection areas of interest Do not run production services here

GUUG LK2009 Dresden

is an administration machine only

SLIDE 6

LAX LAX

How to use LAX

GUUG LK2009 Dresden

NX, RDP NX, RDP OpenVPN DSL

penssh-

autologin snmp Administrator Intranet Administrator's home-Office Service company Collects and stores Network data Service Desktop Service Desktop Cluster WinXX

Linux/Unix

LAX Server

SLIDE 7

LAX LAX

scripting is s administrators automation technology The administrator puts its know how to the script realize a single administration task per script Systematicly develop and organize scripts

GUUG LK2009 Dresden

create an administration library

SLIDE 8

LAX LAX

scripting Example: vx-start dicl mserver We prefer this name scheme Module-function-subfunc option parameter Simple „development“ tool

GUUG LK2009 Dresden

SLIDE 9

LAX LAX

Groups of network objects enumerated or buit by a script at runtime a group can contain other groups Transactions repeat operations on / with multiple hosts paralle | sequential modules

GUUG LK2009 Dresden

ther concepts
ther concepts

SLIDE 10

LAX LAX

structure: modules structure: modules

LAX-DB dns certs

vpn dhcp ipsec mail clam frox havp alarm squid devel vx instance grey list san ha monitor user GUUG LK2009 Dresden

SLIDE 11

LAX LAX

structure: filesystem structure: filesystem

GUUG LK2009 Dresden

/opt/lax all the software, scripts delivered modules <module> api here are the scripts gui mostly kommander scripts templates /var/lib/lax the local configurations modules <module> api ...

SLIDE 12

LAX LAX

Openldap, hierarchical structure

u=lax
=organization_name

laxnet=networkname host=hostname laxservice=servicename laxdevice=hostname laxservice=servicename

u=administrators
u=laxgroups
u=transactions

Scripts and a gui to manage your network objects

laxdb-host-add pc34 192.168.30.77 Windows

GUUG LK2009 Dresden

LAXdb – the network directory LAXdb – the network directory

SLIDE 13

LAX LAX

GUUG LK2009 Dresden

LAXdb – gui LAXdb – gui

SLIDE 14

LAX LAX

network operations network operations Operations on hosts

lax-run „df -h“ intraweb lax-login intraweb lax-scp intraweb:/srv(www/htdocs/index.html . konsole -e lax-run „yast2 network“ intraweb

Network transactions

laxs „ipconfig /all | grep Suffix“ xp-clients laxta-run RP 2 „df -h | grep -w '/'“ linuxe

GUUG LK2009 Dresden

One (lax's) openssh public key for all administrators One (lax's) openssh public key for all administrators connections as root@<ip>

SLIDE 15

LAX LAX

what is available what is available x.509 certicate managementfor openvpn, apache2 an racoon (ipsec) install certs and revokation list at servers distribute certs to users by eMail aide host based intrusion detection Control of online virus scanners (squid/havp) and ftp (frox) by clamav

GUUG LK2009 Dresden

SLIDE 16

LAX LAX

Control of mailserver postfix including greylisting, clamav virus scanner spamassasin Spamfilter (soon) automatic mail attention (soon) Local installation and update server for

penSUSE

September 2008

what is available what is available

SLIDE 17

LAX LAX

lowest interval: 1 minute an alarm script can be assigned to each object Individual alarm scripts are possible

September 2008

Monitoring and alerting Monitoring and alerting every network object can have its individual value runs the alarm script if the object's checks fails base for HA features at virtualization cluster

SLIDE 18

LAX LAX

Control of Xen based virtualisation systems install from templates manage virtual machines save and restore virtual machines for single virtualisation server 2-node active-active cluster HA cluster based on iSCSI, DRBD, LVM, Xen

GUUG LK2009 Dresden

what is available what is available

SLIDE 19

LAX LAX

GUUG LK2009 Dresden

LAX clustermanager LAX clustermanager

SLIDE 20

LAX LAX

plan design virtual networks

September 2008

LAX LAX

A toolset for network administration A toolset for network administration

Thomas Groß teegee thomas.gross@teegee.de

LAX LAX

LAX is a collection of scripts for administrators uses a network directory, (still) a KDE3 portal and openssh autologin channels to remote hosts Is in development, growing, moving Revite on the network A toolset for network administration A toolset for network administration

LAX LAX

Say you are a IT administrator of a midsize

should

Overpower entropy! A toolset for network administration A toolset for network administration

LAX LAX

Use LAX to collect: directory of network objects monitor: grab state of network objects alert: notification, reaction, escalation visualize: show network objects control: manage network objects A toolset for network administration A toolset for network administration

LAX LAX

the LAX server LAXdb: Openldap using a special scheme Network operations start here (openssh) Information is collected here (postgres) Administrator desktops (KDE / NX / RDP) special accounts reflection areas of interest Do not run production services here

is an administration machine only

LAX LAX

How to use LAX

LAX LAX

scripting is s administrators automation technology The administrator puts its know how to the script realize a single administration task per script Systematicly develop and organize scripts

create an administration library

LAX LAX

scripting Example: vx-start dicl mserver We prefer this name scheme Module-function-subfunc option parameter Simple „development“ tool

LAX LAX

Groups of network objects enumerated or buit by a script at runtime a group can contain other groups Transactions repeat operations on / with multiple hosts paralle | sequential modules

LAX LAX

structure: modules structure: modules

LAX LAX

structure: filesystem structure: filesystem

/opt/lax all the software, scripts delivered modules <module> api here are the scripts gui mostly kommander scripts templates /var/lib/lax the local configurations modules <module> api ...

LAX LAX

Openldap, hierarchical structure

laxnet=networkname host=hostname laxservice=servicename laxdevice=hostname laxservice=servicename

Scripts and a gui to manage your network objects

laxdb-host-add pc34 192.168.30.77 Windows

LAXdb – the network directory LAXdb – the network directory

LAX LAX

LAXdb – gui LAXdb – gui

LAX LAX

network operations network operations Operations on hosts

lax-run „df -h“ intraweb lax-login intraweb lax-scp intraweb:/srv(www/htdocs/index.html . konsole -e lax-run „yast2 network“ intraweb

Network transactions

laxs „ipconfig /all | grep Suffix“ xp-clients laxta-run RP 2 „df -h | grep -w '/'“ linuxe

One (lax's) openssh public key for all administrators One (lax's) openssh public key for all administrators connections as root@<ip>

LAX LAX

what is available what is available x.509 certicate managementfor openvpn, apache2 an racoon (ipsec) install certs and revokation list at servers distribute certs to users by eMail aide host based intrusion detection Control of online virus scanners (squid/havp) and ftp (frox) by clamav

LAX LAX

Control of mailserver postfix including greylisting, clamav virus scanner spamassasin Spamfilter (soon) automatic mail attention (soon) Local installation and update server for

what is available what is available

LAX LAX

lowest interval: 1 minute an alarm script can be assigned to each object Individual alarm scripts are possible

Monitoring and alerting Monitoring and alerting every network object can have its individual value runs the alarm script if the object's checks fails base for HA features at virtualization cluster

LAX LAX

Control of Xen based virtualisation systems install from templates manage virtual machines save and restore virtual machines for single virtualisation server 2-node active-active cluster HA cluster based on iSCSI, DRBD, LVM, Xen

what is available what is available

LAX LAX

LAX clustermanager LAX clustermanager

LAX LAX

plan design virtual networks

deeper development of existing modules Available at source.net/projects/lax www.teegee.de/lax