|
Mostrar los algoritmos disponibles para encryptar.
# encrypt -l Algorithm Keysize: Min Max (bits) ------------------------------------------ aes 128 128 arcfour 8 128 des 64 64 3des 192 192 # mac -l Algorithm Keysize: Min Max (bits) ------------------------------------------ des_mac 64 64 sha1_hmac 8 512 md5_hmac 8 512 1. Crear una llave de 128 byte para mayor seguridad y utilizarla en el encriptado y desencriptado, como regla dividir Max (bits) / 8 . Apoyarse de urandom para la generacion de la key sea rapida y eficiente. Resguardar en un lugar seguro, permisos de lectura solo del propietario. # bc 128/8 16 # dd if=/dev/urandom of=$HOME/arcfour16.key bs=16 count=1 1+0 records in 1+0 records out # # ls -l arcfour16 -rw-r--r-- 1 root root 16 Mar 13 12:50 arcfour16.key # chmod 400 arcfour16 # digest -v -a md5 arcfour16.key md5 (arcfour16) = 90c47c5b0d4d23458c06cecaa97de922 # Encriptar file usando arcfour. # encrypt -a arcfour -i tng.tar -k arcfour16.key -o tng.tar.cry # decrypt -a arcfour -i tng.tar.crypted.arcfour -k arcfour16.key -o tng.tar # ls -lrt | grep .tar -rw-r--r-- 1 root root 7192 Mar 13 13:10 tng.tar.crypted.arcfour -rw-r--r-- 1 root root 7168 Mar 13 13:19 tng.tar # file tng.tar tng.tar: USTAR tar archive # tar tvf tng.tar tar: blocksize = 14 drwxr-xr-x 207/206 0 Mar 13 12:01 2008 tng/ -r-xr-xr-x 207/206 2253 Mar 13 11:56 2008 tng/dictamen_tng.ksh -rw-r--r-- 0/0 865 Mar 13 12:01 2008 tng/monitor_tng.ksh -r-x------ 0/0 90 Mar 13 11:55 2008 tng/tng_log.ksh # 2. Con la key generada se puede inmediatamente usar para el encryptado de los backups a cinta: # ufsdump 0f - /var | encrypt -a arcfour \ -k /etc/mykeys/backup.k | dd of=/dev/rmt/0 3. El orde para desencryptar y restaurar la información de la cinta debemos usar la misma key: # decrypt -a arcfour -k /etc/mykeys/backup.k \ -i /dev/rmt/0 | ufsrestore xvf - |
Removing "Drive Not Available" from Solaris
These are steps I followed to remove the LUNS which were unmasked from the system.
Removing the Unused/Unmasked LUNS from Solaris.
1. First Step is identifying the
2. Remove them from Volume Manager. In my case, they are veritas. so I used vxdisk rm
3. look at the cfgadm -al o/p to find the disks which are failing. they are failing because they are unmasked from this system and still OS sees them.
c3::50060482d53135b8,84 disk connected configured failing
c3::50060482d53135b8,86 disk connected configured failing
c3::50060482d53135b8,87 disk connected configured failing
3. luxadm -e offline /dev/rdsk/
4. cfgadm -o unusable_FCP_dev -c unconfigure c3::50060482d53135b8
# This will remove all unusable LUNS from system for particular controller and target id. don't worry there might be some
working devices on that target. This command won't affect them. they'll be in working state only.
5. clean the device files using devfsadm -Cv
6. You should be clear now in both format and cfgadm -al.
