System Admin tools that I like

Table of Contents

Life of a sys admin

System Administrators are no stranger to wearing multiple hats. The more skilled and efficient they get, the more responsibilities that tend to land on their plate. Mostly because their hard work is invisible if everything goes well and thus that leads to an ever-growing to-do list.

With that said, here are some great tools that make that situation worse! Also a few that do the opposite, especially visualization tools. These are a list of tools that I personally enjoy with a brief description of what they do. They help do things such as streamline tasks, visualize your environment, or help ensure stability in what is typically a chaotic environment

Side note: Some of these tools are not free products or services and have pricing attached. However, they all are open source. Which means, if you’re willing to do some set them up with documentation that may not be the greatest, you can get them without any cost if you really want.

Ansible (Puppet, Chef, or Terraform)

I’m a big fan of Ansible, but I recognize there are other excellent tools out there. In my experience, Ansible and Terraform are top-notch—unless your environment is already using another Infrastructure as Code (IaC) tool.

If you’re new to IaC, here’s the gist: these tools help you convert manual, repetitive tasks into structured, repeatable code. They’re more efficient than writing full custom scripts and often double as lightweight documentation.

Whenever you find yourself dreading a repetitive task, it’s probably time to automate it. The specific tool you use is less important than adopting the mindset of Infrastructure as Code.

  • Ansible is great when you want minimal overhead or need to automate systems without installing an agent—if it has SSH or Powershell, you can automate it.

  • Terraform shines when building or scaling cloud environments from scratch.

  • Chef works well in enterprise DevOps environments, especially those using Jenkins or Kubernetes.

  • Puppet is great for auditing and configuration enforcement at scale.

The best part? Once you learn one IaC tool, learning the others is much easier. They share principles, workflows, and even data formats like YAML. It’s mostly about learning new modules and syntax—not starting over from zero.

Ceph

Ceph isn’t something you’ll usually use on its own, but if you’ve seen the name in a UI related to storage—and you’re not already ensuring fault tolerance at the hardware level—you might want to stop and read the docs.

Ceph provides distributed storage across a cluster of physical devices, similar to RAID levels or Microsoft’s Storage Spaces Direct. It handles fault tolerance, load balancing, and redundancy.

It’s relatively easy to set up and doesn’t require much overhead. Backups are still essential, but clustering your storage means that when something fails, users (hopefully) won’t notice. Just remember: like RAID, if you’re not monitoring for failures, you’re just delaying a disaster.

Cloud-Init

If you’ve worked in the cloud, you’ve probably used Cloud-Init; possibly without realizing it. It’s often baked into the UI of cloud platforms. But it’s also extremely useful for on-prem environments.

Cloud-Init lets you preconfigure a Linux VM with users, SSH keys, and network settings. This means you can hand off provisioning to your automation tool of choice and skip manual setup. All major Linux distros support it.

Cockpit

Cockpit is a web-based panel for administering Linux VMs (and pods) without requiring command-line knowledge. I’ve used it as a way for IT staff to manage Linux systems more comfortably, especially if they’re not Linux experts.

That said, it’s a smoother experience on RHEL-based systems like AlmaLinux or Rocky Linux, since Red Hat originally developed it. For example, it supports Podman, not Docker—which can throw off users expecting the more common container runtime.

Diagrams.net

The best diagram tool, period. Free. Open source. Works offline or in the browser. Just use it.

Free IPA

You might not need this day-to-day since you most likely already have Microsoft’s AD DS or some other identity management, but it’s a very cool tool, especially in a homelab.

FreeIPA is a suite of tools wrapped in a single web interface to handle identity management, much like Microsoft’s Active Directory. It includes:

  • 389 Directory Server (LDAP)
  • Kerberos (same version as AD)
  • Chronyd (NTP)
  • BIND (DNS)
  • Dogtag (Certificate Authority)

Even if you work in a Windows-dominated environment, experimenting with FreeIPA can teach you a lot about how enterprise identity systems work under the hood. Making it easier to troubleshoot AD-related issues in the future.

LGTM Stack

LGTM stands for Loki, Grafana, Tempo, and Mimir (though Mimir is often replaced by Prometheus).

This stack is very popular among companies with in-house development, SaaS platforms, or dynamic infrastructure. You don’t need the full suite to benefit—Loki and Grafana are often enough.

  • Loki handles logs.
  • Grafana visualizes data.
  • Tempo tracks traces (if you need observability).
  • Prometheus/Mimir collect metrics.

This stack doesn’t exactly reduce your workload—but it does help make your work more visible to others. That alone can be a game-changer.

LocalStack

LocalStack lets you run ~30 AWS services locally for development or testing, helping avoid unnecessary cloud costs. It’s great for proof-of-concept builds or validating infrastructure as code before deployment.

Ideal if you work in AWS cloud architecture or need to simulate cloud environments without spinning up real cloud infrastructure.

Podman

Podman is a container engine—just like Docker—that follows the OCI (Open Container Initiative) standard. That’s important, because it means it can use Docker-compatible commands and even your existing Docker Compose files.

But Podman has two key advantages:

Security

Podman doesn’t require a daemon and can run containers without root privileges. This helps reduce the blast radius of potential container escapes, like the Leaky Vessels vulnerabilities.

Pods

Like Kubernetes, Podman has a concept of pods (collections of containers that share resources). Docker doesn’t support this natively. So if you’re learning Kubernetes—or deploying apps that eventually will run on it—Podman makes the transition easier.

Powershell

I love PowerShell (Windows PowerShell too) and I use it everywhere. Windows enterprise environments, my own Linux machines, and even on my Mac. I started out using Bash on Linux, but over time, I’ve come to really appreciate PowerShell’s object-based approach, especially as the tasks I handle have grown more complex. Honestly, the commands just make more intuitive sense.

get-content as a command makes far more sense than saying cat to see the text within a file in my opinion. But the commands as a whole with their verb-subject structure make it easy to instantly know what is going on at a glance.

If your environment is mostly a terminal shell, I’ll accept you not learning Powershell. You can go learn Python or something for your object orientated automation. But if you work primarily in a Windows environment, learning PowerShell isn’t optional—it’s essential. And don’t worry if you’ve never coded before. If you enjoy solving problems (If you’re working in IT, you should), learning PowerShell will come naturally.

If you’re curious where to start, I highly recommend this video with the creator of PowerShell. You don’t need to watch it all at once—just chip away at it during a lunch break. It does a great job explaining why PowerShell works the way it does, rather than just tossing out a list of disconnected commands.

Again, if you’re in a Windows dominated environment, I cannot stress enough how much of a must-have in hybrid Windows/Office 365/Azure environments. There are tasks the Office 365 Admin UI simply can’t do. Such as updating branding for Exchange secure messages, or restoring an inactive user’s mailbox to a newly licensed account.

Python

While Python is primarily a programming language, it’s also a great scripting tool—especially in Linux environments. (Powershell works too. But Python is already installed in all modern Linux distributions) You don’t get quite the same “batteries-included” feel as PowerShell out of the box, but it’s close. Just import libraries like shutil, os, and paramiko. It will cover a lot of your sysadmin use cases, from automating tasks to remote management.

Semaphore

Once you’re comfortable with Ansible, it’s worth exploring a web interface. Unless you really prefer working in the CLI. Ansible Tower and AWX are solid options, but I personally enjoy using Semaphore. Semaphore is designed with Ansible in mind and offers a workflow similar to Tower and AWX. What sets it apart for me is that it also supports PowerShell, Python, Terraform, and OpenTofu (a Terraform-compatible alternative).

It’s a great fit whether you’re using Ansible for enforcing specific configurations or CI/CD pipelines.

Snipe-IT

Open-source asset management at its finest. It’s pretty manual out of the box, but its API is fantastic—so if you have the automation chops, you can turn Snipe-IT into a powerful, streamlined asset tracking system.

Wazuh

XDR + SIEM in one package. I haven’t used it extensively in enterprise environments—typically because most orgs already have a preferred XDR/SIEM solution in place. But if you don’t have either, Wazuh is a solid open-source option to explore. Just keep in mind: running a SIEM locally eats up storage fast. That said, Wazuh does offer premium cloud-hosted options if you’d rather offload that burden.

Winget / Choolatey

I’m lumping these together because, while I haven’t personally used Chocolatey, everything I’ve read about it makes me think it’s likely better than Winget in most ways.

Both tools bring Linux-style package management to Windows (finally)! I’ve tried commercial patching solutions for third-party software updates, but in my experience, they just shift the work from “are my endpoints up to date?” to “are the update agents actually working?”

Eventually, I moved to Winget and didn’t look back. It’s fast, free, and integrates well into scripts. However, it has one major flaw: it’s packaged as an MSIX. That means the executable doesn’t get added to the system PATH, so if you’re running updates via a SYSTEM account (which you should be. User’s shouldn’t have direct admin access), you’ll get errors that Winget doesn’t exist.

If you go with Winget, check out this blog for setup instructions that avoid that issue. If that sounds like a headache, Chocolatey might be the better option. Especially if your organization allows using the open-source version.

Wireshark

Whether you’re on Linux or Windows, Wireshark is one of those tools every IT pro should have in their kit. Or, at the very least, you’re using pcap for packet tracing. It’s the gold standard for packet-level inspection and often the only easy way to truly see what’s going on when you’re dealing with deep network issues.

Take TLS handshake failures as an example. You might not see them in your app logs at all because the failure happens before the app layer ever gets the request. When that happens, only Wireshark can give you the clarity you need. Even if you’re not a networking specialist, learning the basics of Wireshark can save you hours of head-scratching.

Zabbix

Out of all the monitoring platforms I’ve used (SolarWinds, OpManager, PRTG, Datadog) Zabbix is probably the only one I’ve genuinely enjoyed. A lot of others either carry enterprise-level pricing or feel way too limited for what I need.

Zabbix does have a bit of a learning curve, and distro-specific quirks can make initial setup tricky. (Package mismatches have bitten me a few times.) But the good news is: you can now run Zabbix in Docker, which simplifies the deployment significantly.

Once it’s up and running, Zabbix’s flexibility is where it really shines. I’ve used it to monitor IBM LPARs—something most tools can’t handle at all.

That said, its out-of-the-box cloud support (especially for Azure) is kind of underwhelming. You can monitor VMs, scale sets, and common databases fairly easily, but when it comes to Azure App Services or Functions, you’re often stuck writing custom integrations or using basic HTTP checks. It works, but it takes more effort than you’d expect from a modern monitoring solution. I just stick with the monitoring resources that Azure provides natively for the cloud in those situations.