Tools for System Administrators
Software
Woodpecker CI: The No-Nonsense CI Tool That Just Builds and Moves On Let’s face it — most CI tools today feel like they were designed by committee. Too many menus, too much “magic,” and YAML that looks like a PhD thesis. Woodpecker CI is different. It’s self-hosted, dead simple, and doesn’t pretend to be anything more than a solid pipeline runner. You set it up once, wire it to your Git repo, write a readable YAML file, and that’s it. No agents sprawling across your cluster. No surprise API limi
Scoop: The Package Manager Windows Should Have Had from the Start Scoop is what happens when someone asks, “Why doesn’t Windows have something like `apt` or `brew`?” — and then just builds it. It’s a lightweight command-line installer for Windows programs, designed for power users who prefer scripts over setup wizards. With a single command, you can install hundreds of CLI tools, dev environments, GUI apps, and even fonts — without admin rights or clicking through installers.
Cdist: Configuration Management That Stays Close to Unix Roots Cdist isn’t about flashy dashboards or enterprise plugins. It’s a minimalist configuration management system designed for people who already speak shell and want full control — without the overhead of agents, databases, or DSLs. It uses plain shell scripts and SSH. That’s it. Every configuration step — from setting a hostname to deploying a package — is done through type-based modules written in POSIX shell. No interpreters. No agent
Pulover’s Macro Creator: When You’d Rather Click Than Script, but Still Want Control There are times when you don’t want to write code — you just want things to happen. Open a window, click a few buttons, paste some text, close a form. Do it again tomorrow. And the next day. And maybe for 12 users. That’s where Pulover’s Macro Creator quietly proves its worth. It’s not trying to be fancy. What it offers is simple: record what you do with the mouse and keyboard, clean up the steps, maybe add a lo
BackupPC: Centralized Network Backups Without the Noise Some backup systems want to be everything — cloud-ready, mobile-friendly, built into dashboards with AI suggestions. BackupPC is not one of them. It’s a straightforward, server-side backup solution that quietly pulls in data from Linux, Windows, and macOS machines over the network, deduplicates it smartly, and stores it locally — usually for years.
It doesn’t need agents. It barely needs your attention once configured. And it works surpris
Kopia: A Backup Tool That’s Quietly Smarter Than Most Most backup software either tries too hard or not hard enough. Kopia is one of the rare ones that gets it just right — doesn’t talk much, doesn’t lock you into anything, and doesn’t mess up your system with daemons or half-working services.
It just works. You run it, point it at a folder, and it starts creating snapshots — encrypted, deduplicated, and fast. No server needed. No GUI dependency (though there is one if you want it). It feels li
Attic: A Simple Backup Tool That Doesn’t Pretend to Be More Than It Is Let’s be honest — Attic isn’t the newest or flashiest backup tool out there. It’s not trying to be cloud-native or smart or “enterprise-ready.” What it does offer is something many admins still want: quiet, repeatable backups with deduplication, straight from the terminal.
No GUIs, no daemons, no nonsense.
You give it a path and a repo location — local or remote — and it stores exactly what changed since the last run. Effic
BorgBackup: Deduplicated, Encrypted Backups That Don’t Waste Time (or Space) There’s a certain type of backup admin who doesn’t care about GUIs, doesn’t want some cloud agent phoning home, and really just wants to back up files efficiently, securely, and locally. That’s who BorgBackup was built for.
It’s fast. It’s battle-tested. It’s deduplicating, compressing, and encrypting every backup you throw at it — with a CLI that makes scripting and automation feel like second nature.
If you’ve ever
Mail-in-a-Box: Self-Hosted Email Without Losing Your Weekend Running a mail server has always been one of those things that sounds empowering — until the DNS records, TLS errors, and spam flags start piling up. Mail-in-a-Box tries to make it less painful. It bundles all the essential parts — mail transport, webmail, DNS, spam filtering, encryption — into a single scriptable setup.
You spin up a clean Ubuntu machine, run one command, and you’ve got a working email server with secure defaults and
SnappyMail: Lightweight Webmail That Respects Your Server (and Time) SnappyMail is what happens when someone takes Roundcube’s legacy and asks, “How can we make this actually fast?” No database. No unnecessary dependencies. Just a clean, minimal webmail client that works — and works quickly — right out of the box.
It doesn’t try to be a full groupware platform. No calendars, no bloat. Just mail — fast, responsive, and respectful of server resources. For people running their own mail stack, Snap
CryptPad: A Private Workspace That Doesn’t Trade Off Control for Convenience When most online tools ask for trust, CryptPad offers something else: proof. It’s a web-based platform for notes, spreadsheets, to-do boards, and forms — but every bit of content is encrypted before it leaves the browser. Not kinda-encrypted. Not just transport-encrypted. Actually encrypted, end-to-end.
There’s no server-side indexing, no surveillance, no ‘oops, we got breached and your files were public.’ The backend
Modoboa: A Complete Mail Hosting Platform for Admins Who Want the Whole Stack Modoboa isn’t just a webmail client — it’s a full mail hosting platform. Mail server, admin panel, webmail, spam filtering, user management — all in one system, installed with a single script. For teams that want total control over email without stitching together Postfix, Dovecot, Rspamd, Amavis, and a calendar app manually — Modoboa makes it doable.
It’s open source, modular, and designed to be admin-first. If you’v
KiTTY: The PuTTY Fork That Does More Than Just SSH PuTTY is great — until you realize how many tiny things it doesn’t do. KiTTY steps in to fix that. It’s a fork of PuTTY with a long list of extras that make terminal work on Windows faster, cleaner, and less frustrating. Still lightweight. Still portable. Still familiar. But with session filtering, local scripts, launcher options, and features that save time when you’re juggling multiple SSH sessions every day.
muCommander: Cross-Platform File Manager with a Classic Feel If you’ve ever used Norton Commander, Total Commander, or even Midnight Commander, you’ll feel right at home with muCommander. It’s a lightweight, dual-pane file manager written in Java — so it runs just about anywhere: Windows, macOS, Linux, BSD. It doesn’t try to reinvent the file manager. Instead, it delivers something simple and predictable: copy, move, compare, archive, mount remote shares — all from a clean, keyboard-friendly int
Cyberduck: A GUI File Transfer Tool That Handles Servers and Clouds Equally Well Some tools are made for developers. Others for sysadmins. Cyberduck feels like it was built for both — and somehow still works for everyone else, too. It’s a graphical file transfer client for Windows and macOS that supports just about every protocol you might need: FTP, SFTP, WebDAV, Amazon S3, Backblaze B2, Google Cloud, Azure, and more. It looks like a basic file browser, but behind the clean interface is a lot o
FreeCommander: A File Manager for Windows That Doesn’t Pretend to Be Flashy Windows Explorer works — until it doesn’t. You open ten folders, try to compare two directories, move 200 files while searching for duplicates, and suddenly it’s all clicks, tabs, and context menus. That’s where FreeCommander steps in — not to dazzle, but to get things done. It’s a dual-pane file manager, old-school in spirit, but polished where it matters. Built for people who move files by the hundreds, rename in batch
LibreNMS: SNMP Monitoring That’s Just… Practical Let’s be honest: SNMP monitoring isn’t sexy. But it’s necessary — and LibreNMS handles it without getting in the way. It doesn’t pretend to be a full-stack observability suite. It just keeps an eye on your routers, switches, firewalls, and servers — and tells you when something smells off. No license keys. No secret paywalls. Just plain, useful, solid network monitoring. And it does more than people expect.
Shinken: A Modern Take on Nagios That Still Plays by Sysadmin Rules Shinken doesn’t try to reinvent monitoring from scratch. Instead, it takes everything Nagios got right — plugin checks, simple configs, host/service separation — and reimagines it with a more flexible, modern core. Written in Python, modular by design, and much easier to scale than classic Nagios, Shinken feels like what Nagios could have become if it had evolved. For sysadmins who still prefer flat config files and plugin-based
VictoriaMetrics: Time Series That Scale Without Fuss Time-series databases tend to fall into two camps: easy but fragile, or fast but nightmarishly complex. VictoriaMetrics walks right between — it’s surprisingly simple to deploy, handles huge volumes of metrics, and just… works. No cluster gymnastics, no Kafka layers, no obscure tuning rituals. Whether you’re pulling in Prometheus data, Telegraf, Graphite, or your own custom metrics — VictoriaMetrics stores it in a compact format, indexes it sm
Fluentd + Kibana: A Solid Pair for Logs That Actually Tell You Something Log pipelines often start small — a few apps, a file or two. Then it snowballs. Suddenly there are containers, microservices, hybrid networks, and logs coming from every direction. That’s when a combo like Fluentd and Kibana starts pulling its weight. Fluentd is the collector and dispatcher. It doesn’t care where logs come from — files, syslog, containers, cloud agents — it grabs everything, processes it, and hands it off.
Unicornscan: Low-Level Network Scanner for When You Need to See It All Most scanners try to be smart — interpret results, summarize things, smooth over the raw data. Unicornscan doesn’t do that. It’s more like: here’s what the network gave you back, figure it out. That might sound like a drawback, but for some, it’s exactly the point.
It was built to be fast, quiet, and detailed. Not beautiful. Not “user-friendly.” Just efficient, and honest about what’s happening on the wire. People still reac
EtherApe: Real-Time Network Mapping You Can Actually See Sometimes the best way to understand a network isn’t through logs or terminal output — it’s by watching the traffic happen. EtherApe gives that to you. It’s a graphical network monitor that visualizes real-time packet activity, showing who’s talking to whom and how much.
No need to dig through captures or scroll through flows — one glance, and patterns start to emerge. It’s not a fancy dashboard system. It’s not a SIEM. But it gives netwo
NetXMS: Monitoring That Doesn’t Blink, Even When the Network Does If you’ve got more than a handful of devices and you want proper visibility — not just a few pings and CPU graphs — NetXMS is the kind of tool that shows up and sticks around. It’s full-stack infrastructure monitoring, built to handle everything from SNMP routers to Windows servers and virtual machines. And it does so without a bloated UI or vendor lock-in. It’s open-source, fast, and surprisingly robust once you plug it into your
mitmproxy: The Moment You Realize Wireshark Isn’t Enough There’s a point in every engineer’s life when packet capture just isn’t cutting it. You’ve got an app making API calls in the background, or a client that misbehaves only when it thinks no one’s watching. That’s where mitmproxy comes in — and honestly, once you’ve used it, it’s hard to go back. It’s not just a proxy. It’s a window into real-time HTTP and HTTPS traffic, with tools to pause, modify, replay, and break things — intentionally.
Parsec: High-Performance Remote Desktops for Teams That Work Visually Not every remote desktop session is about checking email or editing a spreadsheet. Some are about full-frame video editing, live 3D modeling, or responsive dev work on a GPU-powered workstation. That’s where Parsec finds its niche — ultra-low-latency remote access that feels almost local, even when you’re working over the internet.
Originally built for gamers, Parsec has grown into a serious tool for creative professionals, r
X2Go: Remote Desktop That Actually Works Over a Slow Connection In environments where bandwidth is tight and latency is a fact of life, most remote desktop tools start to fall apart. X2Go doesn’t. It’s built to handle exactly that — reliable, fast, and compressed remote desktop access to Linux machines over even unstable networks.
Unlike VNC or plain X11 forwarding, X2Go tunnels the entire session over SSH and uses NX compression, giving a responsive user experience even on flaky links. No need
MeshCentral: Full-Stack Remote Management That Runs On Your Terms Most remote support platforms tie you to cloud accounts or monthly subscriptions. MeshCentral flips that. It’s a self-hosted remote management system — web-based, open-source, and surprisingly capable. You spin up your own server, connect agents, and suddenly you’re managing desktops, laptops, even headless servers — all from a single browser tab.
Developed by Intel and backed by the community, MeshCentral is lean, modular, and f
Snort 3: A New Engine for Modern Intrusion Detection For years, Snort was the de facto standard in open-source intrusion detection. With Snort 3, it’s not just a rewrite — it’s a rework from the ground up. Modular architecture, Lua scripting, multi-threading — this version finally brings Snort in line with the demands of modern, high-throughput networks.
Still free, still powerful, still Cisco-backed — but now more flexible and scalable than ever. What’s New (and Why It Matters)
Wazuh: Open XDR Platform Built on Top of OSSEC Wazuh started as a fork of OSSEC — and then took off in its own direction. Today it’s a full-featured open-source XDR platform combining host-based intrusion detection, log analysis, vulnerability detection, compliance auditing, and SIEM features — all in one stack.
It still uses the agent-based architecture from OSSEC, but adds a modern backend with Elasticsearch, Kibana, a RESTful API, and scalable cluster support. If OSSEC is the engine, Wazuh i
OSSEC: Host-Based Intrusion Detection That’s Still in the Fight When network-level firewalls aren’t enough and you need to keep a close eye on what’s happening inside your machines, OSSEC still holds its ground. It’s a mature, open-source HIDS (Host-based Intrusion Detection System) that monitors logs, file integrity, rootkits, and active responses — all from a lightweight agent setup.
No cloud lock-in, no subscription wall. Just a proven, scriptable tool that can scale from one Linux VM to hun
CrowdSec: Collaborative Defense for Modern Linux Systems CrowdSec isn’t just another intrusion prevention tool — it’s a new kind of approach. At its core, it’s an open-source, behavior-based detection engine for Linux servers, containers, and cloud infrastructure. But what makes it different is its crowdsourced threat intelligence: when one server detects malicious behavior, the entire network benefits.
Think of it as Fail2Ban on steroids, built for the cloud, and powered by a global community
K3s + MicroK8s: When You Stop Arguing About Which Kubernetes to Use — and Start Combining Them Ask around in DevOps circles and you’ll hear it: “K3s is great for edge.” Or “MicroK8s just works for local dev.” Both are lightweight Kubernetes distributions, sure — but what’s more interesting is how well they complement each other when used in tandem.
They’re not competitors. Not really. One thrives in tiny environments, the other scales quietly in CI/CD pipelines and air-gapped networks. The real
Podman: Containers That Don’t Need a Babysitter Not every container runtime needs a daemon lurking in the background. That’s where Podman flips the script. It doesn’t try to be Docker — though it often feels like it — but instead offers a different approach: no central service, no root by default, and no fuss.
You type podman run, and it just… starts the container. No dockerd, no socket, no background process you forgot to restart. It’s all handled by the process that launches it — and when tha
WSL 2 + Docker: When Windows Becomes a Serious Dev Environment There was a time when running containers or real Linux tooling on Windows felt like a bad compromise. It worked — kind of — but you were always watching for version mismatches, networking weirdness, or filesystem bugs. That changed with WSL 2.
And once Docker Desktop started integrating natively with it, something clicked. Suddenly, Windows wasn’t “the machine that runs Linux in a VM.” It became a real development platform. Local, f
VirtualBox: Old-School Virtualization That Still Gets the Job Done Sure, these days everyone talks about containers, cloud-native, and hypervisors that span data centers. But sometimes, all you need is a solid, no-nonsense virtual machine on your desktop — and that’s where VirtualBox still holds up.
It’s not flashy. It’s not bleeding edge. But it’s free, cross-platform, and does what it says on the tin. Whether you’re testing ISOs, simulating networked machines, or spinning up disposable labs,