Thursday, November 12, 2009

To know the model of the system:

Usually we use to find the version of the OS installed,
by using
# uname -X
# uname -a
# cat /etc/release

But how to identify the model of the machine?
We can use

OK banner
Which returns the model of the system

or

# uname -i


Output:
bash-3.00# uname -i
SUNW,Sun-Fire-280R

SUN CLUSTER:

Resource type:

Is a collection of properties that describe an application to the cluster. This
collection includes the information about how the application is to be started,
stopped and monitored on nodes of the cluster.


Eg:
1. The resource type for Sun Cluster HA for nfs is SUNW.nfs
2. The resource type for Sun Cluster HA for apache is SUNW.apache

DRL - Veritas Volume Manager

DRL - Dirty Region Logging:

The method by which the VxVM monitors and logs modifications to a plex as a bitmap of changed regions. For a volumes with a new-style DCO volume, the DRL is maintained in the DCO (Data Change Object) volume.

How does it works?
DRL logically divides a volume into a set of consecutive regions and keeps
track of the regions to which
writes occur. A log is maintained that contains a status bit representing each
region of the volume. For any write operation to the volume, the regions being
written are marked dirty in the log before the data is written.


If a write causes a log region to become dirty when it was previously clean
the log is synchronously written to disk before the write operation can occur.
On system restart, VxVM recovers only those regions of the volume that are
marked as dirty in the dirty region log.

Wednesday, October 28, 2009

Assigning a banner to ftp server:

A part of the contents is displayed from the file /etc/ftpd/ftpacess

sendbuf 65536 real,guest,anonymous
# flush-wait no anonymous
# passive ports 0.0.0.0/0 32768 65535
# timeout data 600
# timeout idle 300

banner /etc/ftpd/banner.msg

(Output Truncated)

From the above, we can know the default connection time whilst data is transmitting through ftp
and the idle time too.

To assign a banner whilst ftp connection is establishing, do the following:
1. Create a file /etc/ftpd/banner.msg
2. Add the contents to the file


For Eg:
# vi /etc/ftpd/banner.msg
Hi, You are not authorized!!!
:wq!


Output:
bash-3.00# ftp localhost
ftp: connect to address ::1: Network is unreachable
Trying 127.0.0.1...
Connected to localhost.
220-Hi, You are not authorized!!!
220-
220 localhost FTP server ready.
Name (localhost:root):



Hooray!!! It work's!!!

Sunday, October 11, 2009

PROCESS STATISTICS:

List of Process Statistics commands:


# cputrack = Per-processor hardware counters
# pargs = Process arguments
# pflags = Process flags
# pcred = Process credentials
# psig = Process signal disposition
# pldd = Processor's library dependencies
# pstack = Process stack dump
# pmap = Process memory map
# pfiles = Open files and names
# prstat = Process statistics
# ptree = Process tree
# ptime = Process microstate times
# pwdx = Process working directory

Wednesday, September 30, 2009

KERNEL TRACING/DEBUGGING:

Some commands on Kernel Tracing/Debugging:

# dtrace - Trace and monitor kernel
# lockstat - Monitor locking statistics
# mdb - Debug live and kernel cores
# Hotkernel - What is the kernel doing?

SYSTEM STATISTICS:


Some list of commands for system statistics:



# acctcom - Process accounting
# busstat - Bus hardware counters
# cpustst - CPU hardware counters
# iostat - IO & NFS statistics
# kstat - Display kernel statistics
# mpstat - Processor statistics
# netstat - Network statistics
# nicstat - Enhanced network statistics
# nfsstat - NFS client and server stats
# vmstat - Virtual memory stat
# fstat - File system statistics
# memstat - Memory summary
# filestat - UFS Block layout statistics
# statit - system statistics utility

RBAC - Role Based Access Control

Creating a profile similar to Root's profile:

Here, Profile name: complete
List of commands added: Creating a profile with all root privilidges

Step-1:
Step-1: Adding/Creating a profile by editing the file.
# vi /etc/security/prof_attr
complete:::This is to test the duplication of root profile
1 2

Here,
1 = Name of the profile
2 = Comment about the profile (Optional)



Step-2: Mapping the list of commands to the created profile
# vi /etc/security/exec_attr
complete:suser:cmd:::*:uid=0

Step-3: Mapping the user to the profile
# useradd -m -d /export/home/aita -s /usr/bin/pfsh -P complete aita


Output:

bash-3.00# su - aita
sunfire1# echo $USER
root
sunfire1# roles
No roles
sunfire1# profiles
Web Console Management
All
Basic Solaris User
sunfire1# profiles -l | more

Web Console Management:
/usr/share/webconsole/private/bin/smcwebstart uid=noaccess,
gid=noaccess,
privs=proc_audit
All:
*


Note:
1. The output of the commands
# profiles
# profiles -l
will be similar for the root user.

2. From the above output, we can also observe the change in the shell of the user. Normally for the user the shell is $, but since the all the privilidge is given to the user, the shell is #

Monday, September 7, 2009

Basic Tip

List of commands:

1. How to compress the file?
2. How to zip multiple files & directory?
3. How to gzip a file?
4. How to bzip a file?
5. How to view the format of the files?


OUTPUT:
bash-3.00# compress list

bash-3.00# gzip list1

bash-3.00# bzip2 list2

bash-3.00# zip test.zip new list1 list2 list3
zip warning: name not matched: list1
zip warning: name not matched: list2
adding: new/ (stored 0%)
adding: list3 (deflated 75%)

bash-3.00# tar cvf test.tar list6 list5
a list6 34K
a list5 34K

bash-3.00# ls -lh
total 492
-rw-r--r-- 1 root root 12K Sep 7 03:48 list.Z
-rw-r--r-- 1 root root 8.4K Sep 7 03:48 list1.gz
-rw-r--r-- 1 root root 7.9K Sep 7 03:48 list2.bz2
-rw-r--r-- 1 root root 34K Sep 7 03:48 list3
-rw-r--r-- 1 root root 34K Sep 7 03:48 list4
-rw-r--r-- 1 root root 34K Sep 7 03:48 list5
-rw-r--r-- 1 root root 34K Sep 7 03:49 list6
drwxr-xr-x 2 root root 512 Sep 7 03:49 new
-rw-r--r-- 1 root root 70K Sep 7 03:50 test.tar
-rw-r--r-- 1 root root 8.6K Sep 7 03:49 test.zip

NOTE:
Here
-h = displays the size of file & directory in human readable format (ie, in terms of kb,mb & gb)

bash-3.00# file new
new: directory

bash-3.00# file list5
list5: ascii text

bash-3.00# file list.Z
list.Z: compressed data block compressed 16 bits

bash-3.00# file list1.gz
list1.gz: gzip compressed data - deflate method , original file name

bash-3.00# file list2.bz2
list2.bz2: bzip2 compressed data , block size = 900k

bash-3.00# file test.tar
test.tar: USTAR tar archive

bash-3.00# file test.zip
test.zip: ZIP archive

Thursday, September 3, 2009

To make the processor online/offline:

# psrinfo
- Displays information about processors

Output:
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 on-line since 08/18/2009 12:43:54



# psradm
- Change processor operational status

To bring the processor off-line:
# psradm -f

eg:
# psradm -f 1

Output:
bash-3.00# psradm -f 1
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 off-line since 08/18/2009 16:19:39



To bring back the processor on-line:
# psradm -n

Eg:
# psradm -n 1

To gather the processor staus:
# psrinfo

Output:
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 on-line since 08/18/2009 12:43:54


To bring the processor off-line:
# psradm -f

eg:
# psradm -f 1

Output:
bash-3.00# psradm -f 1
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 off-line since 08/18/2009 16:19:39


To bring back the processor on-line:
# psradm -n

Eg:
# psradm -n 1

Output:
bash-3.00# psradm -n 1
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 on-line since 08/18/2009 16:21:50


Note:
Where
# psradm -n = Bring the specified processor on-line
# psradm -f = Bring the specified processor off-line


Note:
The processor can be brought on-line and offline, whilst the machine is in on state.

Monday, August 24, 2009

System Security - FTP (Anonymous)

How to create a directory for anonymous ftp user & How to deny the anonymous user?

Creating a directory for anonymous ftpuser:

Output:


Server side:
# mkdir /ftp_anonymous
bash-3.00# ftpconfig -d /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# ls /ftp_anonymous/
bin dev etc lib pub usr
bash-3.00# ftpconfig /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# svcs -a |grep ftp
disabled 14:40:42 svc:/network/ftp:default
bash-3.00# svcadm enable ftp
bash-3.00# svcs -a |grep ftp
online 15:24:31 svc:/network/ftp:default
bash-3.00# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
ftp 2096 0.0 0.1 2232 1600 ? S 15:24:48 0:00 ftpd: fire1: anonymous/anonymous"gmail.com: IDLE
1 users (no maximum)


Client side:
# ftp 192.168.0.100
Connected to 192.168.0.100.
220 fire2 FTP server ready.
Name (192.168.0.100:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-The response 'anonymous"gmail.com' is not valid
230-Next time please use your e-mail address as your password
230- for example: joe@fire1.network
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
bin
dev
etc
lib
pub
usr
226 Transfer complete.
30 bytes received in 5.8e-05 seconds (508.94 Kbytes/s)
ftp> cd pub
250 CWD command successful.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
new
226 Transfer complete.
5 bytes received in 2.9e-05 seconds (170.78 Kbytes/s)
ftp> cat new
?Invalid command
ftp> bye
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 927 bytes in 2 transfers.
221-Thank you for using the FTP service on fire2.
221 Goodbye.



Denying Anonymous User account:

FTP Server Side:
# vi /etc/ftpd/ftpusers

"/etc/ftpd/ftpusers" 18 lines, 193 characters
# ident "@(#)ftpusers 1.5 04/02/20 SMI"
#
# List of users denied access to the FTP server, see ftpusers(4).
#
daemon
bin
sys
adm
lp
uucp
nuucp
smmsp
listen
gdm
webservd
nobody
noaccess
nobody4
anonymous

# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)



FTP Client side:
Anonymous user disabled in ftpusers:

# ftp 192.168.0100

bash-3.00# ftp 192.168.0.100
Connected to 192.168.0.100.
220 fire2 FTP server ready.
Name (192.168.0.100:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
530 Login incorrect.
Login failed.

Monday, August 17, 2009

System Security - FTP

A few additional information on FTP monitoring:

# ftpcount

Shows current number of users in each ftp server class
-v Displays the user counts for ftp server classes defined in virtual host [ftpaccess]
-V Display program copyright and version information then terminate

Output:

# ftpcount
Service class realusers - 1 users (no maximum)
Service class guestusers - 0 users (no maximum)
Service class anonusers - 0 users (no maximum)



# ftpwho
Shows current process information for each ftp server user
1. Itll display which user is logged in along with the process id
2. Status of the user will be displayed
3. Will also display the password given by the anonymous user

Output:

# ftpwho
Service class realusers:
bhagat 1157 0.0 0.2 4852 2628 ? S 12:48:03 0:00 ftpd: 192.168.0.157: bhagat: IDLE
- 1 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)

Here,
1. A real user named - bhagat is logged through ftp from the machine 192.168.0.157.
2. Similarly if other category of user's are logged in, then their name's & corresponding
machine Ip will be displayed.
3. If anonymous user is logged in then their password will be displayed. (Normally the system
prompts & and ask for e-mail id).

Tuesday, August 11, 2009

Disk Administration

How to mount two or more devices in the same mount point?

1. Creating a mount point
bash-3.00# mkdir /mnt/new


2. Mounting the device in the created mount point
bash-3.00# mount /dev/dsk/c1d0s4 /mnt/new/

3. Verifying the device mounted & its mount point
bash-3.00# df -h
Align LeftFilesystem size used avail capacity Mounted on
/dev/dsk/c1d0s0 9.9G 3.2G 6.5G 34% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 22G 736K 22G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
/usr/lib/libc/libc_hwcap2.so.1
9.9G 3.2G 6.5G 34% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
swap 22G 48K 22G 1% /tmp
swap 22G 40K 22G 1% /var/run
/dev/dsk/c1d0s4 2.0G 2.0M 1.9G 1% /mnt/new

4. Now if we try to mount another device in the same mount point, we face the following error message:
bash-3.00# mount /dev/dsk/c1d0s5 /mnt/new/
mount: /dev/dsk/c1d0s5 is already mounted or /mnt/new is busy


5. So, to mount another device in the same mount point,
bash-3.00# mount -O /dev/dsk/c1d0s5 /mnt/new/


6. Verifying the device mounted & its mount point
bash-3.00# df -h
Filesystem size used avail capacity Mounted on
/dev/dsk/c1d0s0 9.9G 3.2G 6.5G 34% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 22G 736K 22G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
/usr/lib/libc/libc_hwcap2.so.1
9.9G 3.2G 6.5G 34% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
swap 22G 48K 22G 1% /tmp
swap 22G 40K 22G 1% /var/run
/dev/dsk/c1d0s4 2.0G 2.0M 1.9G 1% /mnt/new
/dev/dsk/c1d0s5 2.0G 2.0M 1.9G 1% /mnt/new
Align Left

Monday, August 3, 2009

User administration

In Sun Solaris 10,
# useradd -D
Reads the entry from the following file /usr/sadm/defadduser

Output:
# useradd -D
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/sh inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=


# cat /usr/sadm/defadduser

Output:
# Default values for useradd. Changed Tue Jul 28 04:28:53 2009

defgroup=1
defgname=other
defparent=/home
defskel=/etc/skel
defshell=/bin/sh
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=


This file can be customized by root user, to change the default parameters to 'useradd' command
For eg:

# vi /usr/sadm/defadduser
defgroup=104
defgname=solaris
defparent=/export/home
defskel=/etc/skel
defshell=/bin/bash
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=
:wq!

After saving the changes to the file,

# useradd -D
group=solaris,104 project=default,3 basedir=/export/home
skel=/etc/skel shell=/bin/bash inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=