Servicios

Web hosting
Ver »
Páginas Web
Ver »
Soporte UNIX
Ver »
UNIX TIPS
Ver »

ALL TIPS ON IT-SUNIVERSE FOR Solaris 8, 9, 10


SUPRESSING BLANK LINES
To suppress the blank lines in a text file:
sed '/^$/d'
awk 'NF>0'


TERMINAL RESET
To reset your terminal after accidently opening a binary file you can use the following command:
# tput sgr0
This is supported on Solaris.

CLEANUP DOS FILES
If you deal with DOS files and the "^M" character always appears at the end of the line, here are two ways to get rid of them.
If you edit the DOS text file with the "vi" editor in UNIX, use the following from the "vi" command line:
:%s/^V^M//g
From a Unix shell use the command:
% sed 's/^V^M//g' foo > foo.new
NOTE: ^V is control V and ^M is control M or Enter

JUST THE DIRECTORIES
It useful to be able to list all directories in the current directory without any of the files.
ls -l | grep "^d"

KILL A USER, IN THE UNIX SENSE
DISCLAIMER:If you so choose to it is at your own discretion and you are doing it at your own risk.
To kill all the processes associated with a particular user simply:
# kill -9 `ps -aef | grep USER_LOGIN |awk '{ print $2 }'`
If you want to be a nice admin, tell him first.

KEEP THE USERS OFF WITH NOLOGIN
There is a way to disable any new login attempts into a system. This can be achieved by simply creating a file called /etc/nologin.
It can have a null file size or a message can be placed into the file informing the status of the system. If a user attempts to login remotely, a message will display with contents of the /etc/nologin file, and then disconnect the user.
However, ftp connections are not affected by this, if ftpd is running.

UMOUNT BUSY DEVICES
The "umount" command unmounts a currently mounted filesystem, which can be specified either as a mounted-on directory or a filesystem.
If a mount point is busy, there are a couple things to try:
# fuser -ck /File_System
# umount /File_System

PROTCOLS WITH NETSTAT
Use the command:
% netstat -an
It will show you what ports are in use on the local and foreign machines as well as the protocol running over that port for that connection and IP address information. It also displays the state of the socket being used.
Using the above tip user can identify the port to which he wants to send data is busy or free.

EFFICIENT COMMANDS
In anytime I see someone code inefficiently. Here are three of the most common mistakes, followed by a better way to do the same thing.
Bad: cat somefile | grep something
Better: grep something somefile
Why: You're running one program (grep) instead of two (cat and grep).
Bad: ps -ef | grep something | grep -v grep
Better: ps -ef | grep [s]omething
Why: You're running two commands (grep) instead of three (ps and two greps).
Bad: cat /dev/null > somefile
Better: > somefile
Why: You're running a command (cat) with I/O redirection, instead of just redirection.
Although the bad way will have the same result, the good way is far faster. This may seem trivial, but the benefits will really show when dealing with large files or loops.

BASH HOTKEYS
Bash provides many hot keys to ease use. Like
ctrl-l -- clear screen
ctrl-r -- does a search in the previously given commands so that you don't have to repeat long command.
ctrl-u -- clears the typing before the hotkey.
ctrl-a -- takes you to the begining of the command you are currently typing.
ctrl-e -- takes you to the end of the command you are currently typing in.
esc-b -- takes you back by one word while typing a command.
ctrl-c -- kills the current command or process.
ctrl-d -- kills the shell.
ctrl-h -- deletes one letter at a time from the command you are typing in.
ctrl-z -- puts the currently running process in background, the process can be brought back to run state by using fg command.
esc-p -- like ctrl-r lets you search through the previously given commands. esc-. -- gives the last command you typed.


SORTING BY IP ADDRESS
If you ever need to sort a file by IP address, this little command line will serve you well:
# sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
It will correctly sort IP addresses from the first octet numerically, then each following octet.

If you transferring any script file, plain files or text files between windows and SunOS Server and the file have ^M or nonwished characters you can resolve this issue following the next process:
1.- Open the file using vi editor vi file.txt
2.- type the next command [space] :%!col -bx [enter]
3.- and close and save file.txt file

The issue has been resolved.!!

By Jacosta



CHANGE OWNERSHIP BY USER

You can change the ownership of all files owned by a specific user to a different specific user by simply running ...
find /export/home -user -exec chown {} \;
Obviously you would place the current owner/new owner in place of the
<> listed in the command above ...



How send the output of top command a file ?

Example:
/usr/local/bin/top -o size -d1 28 >> File.out
-d1 Parameter capture 1 seg of activity. 28 Parameter number show only 28 lines of process.



How can I determine/identify what Host Bus Adapter (HBA) is installed in a Solaris server?
The prtpicl command outputs information to accurately determine the make and model of an HBA.
The subsystem-ID value determines the model of HBA. Reference this chart to determine the model of HBA: Review



FINDING DISKS W/O ROOT

On a Solaris system, ever want
to know how many disks are attached
but do not have root access?
% ls -al /dev/dsk/*s2 | grep -v c0t6
However you won't know the
size of the disk space?



VULNERABILITIES IN UNIX

Information provided by the Sans Institute:
http://www.sans.org
The ten most commonly exploited UNIX vulnerabilities?
Poor system administration practices
Reusable/poor passwords
Flawed SUID programs (e.g., rdist, binmail)
HTTP servers and CGI application vulnerabilities
Default "+" entries in the /etc/hosts.equiv file
NFS/NIS vulverabilities sendmail program bugs
Buffer overruns (e.g., gets(), syslog())
SUID shell scripts



How Modified TimeStamp Creation File's

Format time YYMMDDHHMM
# touch -c -t 0812141519 New.txt



MANAGING inetd SERVICES
Become superuser or assume a role that includes the Service Management Profile.
List the properties for the specific service.
# inetadm -l FMRI
Change the property for the service.
# inetadm -m FMRI property-name=value
Example:
# inetadm -m network/telnet tcp_trace=TRUE
# inetadm -l network/telnet

How to Convert inetd.conf Entries in Solaris10
When adding 3rd part service to inetd.conf, you will need to update the inetd smf
# inetconv -i filename
Example:
# inetconv -i /etc/inetd.conf

How send data to locale host with tar and ssh

Example:
# ssh USER@SERVER_REMOTE "tar -cvf - /opt/data/" | tar -xvf -
Send data to remote hosts
# tar cvf - data | ssh USER@SERVER_REMOTE "(cd /opt/; tar xvf -)"



Editing PS1 variables in .profile with sh

PS1="$LOGNAME@`hostname` $ " export PS1



Editing PS1 variables in .profile with ksh

export HOST="`id |cut -d '(' -f2|cut -d ')' -f1' '`@`uname -n` "
export PS1='$HOST# '



Recommended Patches

You can check if and what version of recommended patches is installed with:
cat /var/sadm/install_data/Solaris*log |grep "^\*\*\* Install"



HOW TO LIST THE SOFT PARTITIONS IN A GIVEN SLICE
The metarecover command, with the -n and -v options, will display information about the soft partitons existing in a given slice.
# metarecover -v -n /dev/rdsk/c1t0d0s0 -p
# metarecover -v -n d0 -p

HOW TO EXPANDING A SOFT PARTITION
This example shows how to attach space to a soft partition and then expand the file system on it while the soft partition is online and mounted:
1. Make backup of data.
2. Verify capacity of File System: df -h
3. In this case the FS is mount in /home2
# mount /dev/md/dsk/d20 /home2
4. Add 10g to metadevice d20
# metattach d20 10g
5. Expand the FS
# growfs -M /home2 /dev/md/rdsk/d20
Nota 1: Si el file system no esta montado, la opción -M no es requerida.
Nota 2: Si el comando growfs es abortado, para recuperar cualquier espacio perdido se tendrá que
desmontar el FS y ejecutar un fsck o volver a ejecutar el comando growfs.

"CLEARS TIME OF DAY MESSAGE"
"Clock board TOD does not match TOD on any I/O board"
On a Sun E4500 I get the following message during boot: "Clock board TOD does not match TOD on any I/O board"
This message is not a problem as the system will use the correct time (from clock board).
To copy the contents of the clock board NVRAM and the contents of the TOD clock to all good I/O boards in the system.
OK > copy-clock-tod-to-io-boards


SET AUTORIZED SHELLS

# cut -d: -f7 /etc/passwd | sort -u | sed "/^$/d" > /etc/shells



MODIFY PRIVACY FLAGS IN SENDMAIL

Edit file /etc/mail/sendmail.cf

Add in the PrivacyOptions variable with the next options flags

PrivacyOptions=authwarnings,needmailhelo, needexpnhelo, novrfy, noexpn



EXPIRATION OF PASSWORDS IN SOLARIS10

# vi /etc/default/passwd
WAXWEEKS=13
MINWEEKS=1
WARNWEEKS=1
PASSLENGTH=8
HISTORY=6
MINNONALPHA=2
MAXREPEATS=2



CHECK ACCOUNT USUERS WITH UID 0

# awk -F: '$3 == 0 {print $1}' /etc/passwd



RECOMMENDED PATCHES

You can check if and what version of recommended patches is installed with:
# cat /var/sadm/install_data/Solaris*log |grep "^\*\*\* Install"



SYSTEM ACCOUNT WITHOUT DESCRIPTION IN GECOS OR WITHOUT SHELL

for i in daemon bin sys adm lp listen nobody noaccess nobody4
do
usermod -c "$i" $i
usermod -s /bin/false $i
done



CHECK ACCOUNT USER'S WITHOUT PASSWORD

# logins -p



HOW TO FORCE MAIL QUEUE PROCESSING

# /usr/lib/sendmail -q -v and press Return.



SOLARIS X86 DON'T BOOT BECAUSE THE BOOT ARCHIVE WAS CORRUPT.

Anyway the boot archive in solaris 10 X86 was contain kernel module and configuration file was needed for solaris to startup the system.
Error:
module /platform/i86pc/boot_archive error 3 bad or corrupt data while decompressing file
Workaround:
Boot up your solaris in "solaris failsafe mode", next solaris image will mount with writeable mode on "/a" mount point
sh> rm -f /a/platform/i86pc/boot_archive
sh> bootadm update-archive -R /a
sh> reboot



Administering Data-Links in Exclusive-IP Non-Global Zones

Aplica a partir de version Solaris 10 8/07: Es necesario configurar esta propiedad sólo si la zona es una zona de IP exclusiva. Consulte Solaris 10 8/07: zonas no globales de IP exclusiva y Cómo configurar la zona.

http://docs.sun.com/app/docs/doc/820-2317/6ndu7jbp6?l=es&a=view"
http://docs.sun.com/app/docs/doc/820-2317/geprv?l=es&a=view

zonecfg:my-zone> set ip-type=exclusive
zonecfg:my-zone> add net
zonecfg:my-zone:net> set physical=nxge5
zonecfg:my-zone:net> end

root # zlogin ZONE ifconfig nxge5 plumb

root # zlogin ZONE ifconfig nxge5 10.0.100.145 netmask 255.255.255.0 broadcast + up

Ver status de la interface

root # dladm show-link



Removing "Drive Not Available" from Solaris

These are steps I followed to remove the LUNS which were unmasked from the system.
Removing the Unused/Unmasked LUNS from Solaris.

1. First Step is identifying the from Format o/p.
2. Remove them from Volume Manager. In my case, they are veritas. so I used vxdisk rm
3. look at the cfgadm -al o/p to find the disks which are failing. they are failing because they are unmasked from this system and still OS sees them.
c3::50060482d53135b8,84 disk connected configured failing
c3::50060482d53135b8,86 disk connected configured failing
c3::50060482d53135b8,87 disk connected configured failing
3. luxadm -e offline /dev/rdsk/ # This will kick the device from failing to unusable. and also removes them from format o/p.
4. cfgadm -o unusable_FCP_dev -c unconfigure c3::50060482d53135b8
# This will remove all unusable LUNS from system for particular controller and target id. don't worry there might be some working devices on that target. This command won't affect them. they'll be in working state only.
5. clean the device files using devfsadm -Cv
6. You should be clear now in both format and cfgadm -al.



FIND OPEN TCP PORTS AND PIDs

PCP script to find open TCP ports and PIDs in Solaris

PCP is a script that can help you quickly find Processes (PIDs)
having particular TCP Port(s) open, TCP ports open by specific PIDs
or even list all the TCP Ports open by all PIDs running on your system.

PIDs for TCP Port
Run PCP with "-p" option to show the PIDs of processes having a
TCP port (say Port 22)
Example:
test@mx3 # ksh "pcp.ksh" -p 22 PID Process Name and Port
_________________________________________________________
26308 sshd 22
sockname: AF_INET 10.0.0.7 port: 22
sockname: AF_INET 10.0.0.7 port: 22
sockname: AF_INET 10.0.0.7 port: 22
_________________________________________________________

TCP Ports open by PIDs
Run PCP with "-P" option to show the TCP ports open by specific PID

PIDs for all open TCP Ports
Use the "-a" option to list all TCP ports open with all the PIDs

Many thanks for this Script Sam Nelson and Daniel Trinkle trinkle

Particionamiento de Disco.
Copiar particionamiento a nuevo disco C4T1D0 en un solo paso.
# prtvtoc /dev/rdsk/c4t2d0s2 | fmthard -s - /dev/rdsk/c4t1d0s2


Ver Servidores que sincronizan con NTP Server

# xntpdc -c monlist


MOVING FILES WITH CPIO

If you have a multitude of files to move from one directory or filesystem to another, here's a one liner:

# find /old_directory -depth | cpio -pdmv /new_directory
This will move all of the files under the specified old_directory to the new_directory, keeping the same ownership, permissions, and directory structure.


Automate transfers between two servers with sftp?

Create one file and then use that as input for the sftp command:

test01@ # vi commands_sftp.txt
cd uploads
put *.gz
exit

Connect to the remote machine and transfer the required file:

# sftp test01@remote_server < comandos_sftp.txt


How to use vxdump and vxrestore

# vxdump 0f - /respaldo | ( cd /respaldos2/fs_respaldo_am; vxrestore xf - )


List all tasks currently running on the system, use the following command: vxtask list

Example: # vxresize -g rootdg jetform +4g disk01 disk02

# vxtask list
TASKID PTID TYPE/STATE PCT PROGRESS
168 RDWRBACK/R 94.46% 18874368/27262976/26798080 RESYNC jetform
#


OpenSSH SFTP chroot() only accounts that need access sftp

OpenSSH 4.8p1 minimal version supported

I made the following changes to /etc/ssh/sshd_config file:

#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp
Match user "user_transfer"
ChrootDirectory /export/home



SHOW THE ENTRIES FOR USERS WHO HAVE NO PASSWORD

awk -F: '$2 == ""' /etc/shadow
awk -F: '$2 == "" {print $1}' /etc/shadow



CHANGE HOSTNAME IN SOLARIS10

1. Change the hostname in the following files

/etc/nodename
/etc/hostname.interface primary
/etc/inet/hosts
/etc/inet/ipnodes

2. Rename directory under /var/crash

# cd /var/crash
# mv oldname newname

3. Reboot the server.
# /usr/sbin/shutdown -y -g0 -i6


UNIR TODAS LAS LINEAS DE UN ARCHIVO

# perl -i~ -pe 'y/\n//d' file.txt

# sed -n '1h;2,$H;${g;s/\n/,/g;s///g;p}' file.txt



MONTAR UNA IMAGEN ISO EN SOLARIS 10 COMO UN LOOPBACK FS PARA ZONE

1. En Zona Global ubicar el path de la imagen ISO y montarla.

# /usr/sbin/lofiadm -a /opt/netbackup/NBU7.1_CLIENTES.iso /dev/lofi/1
# mount -F hsfs -o ro /dev/lofi/1 /mnt

2. Crear punto de montaje en Zona.
# mkdir -p /export/zones/foij-2/root/mediaNB

3. Montar en Zona
# mount -F lofs /mnt /export/zones/foij-2/root/mediaNB

4. Verificamos en la Zona el FS montado de la ISO.
# zlogin foij-2
foij-2 # df -h /mediaNB
Filesystem size used avail capacity Mounted on
/mediaNB 3.2G 3.2G 0K 100% /mediaNB
foij-2 #



CONVERT OpenSSH KEY TO SSH2 KEY

Run the OpenSSH version of ssh-keygen on your OpenSSH public key to convert it into the format needed by SSH2 on the remote machine. This must be done on the system running OpenSSH.
#ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/id_dsa_ssh2.pub

CONVERT SSH2 KEY TO OpenSSH KEY

Run the OpenSSH version of ssh-keygen on your ssh2 public key to convert it into the format needed by OpenSSH.
This needs to be done on the system running OpenSSH.
#ssh-keygen -i -f ~/.ssh/id_dsa_1024_a.pub > ~/.ssh/id_dsa_1024_a_openssh.pub


COPIA DE ARCHIVOS EN UNA UNIDAD DE CINTA REMOTA (tar y dd)

# tar cvf - * | rsh remote-host dd of=/dev/rmt/0 obs=126b

EXTRAER ARCHIVOS DE UN DISPOSITIVO DE CINTA REMOTO
Inserte la cinta en la unidad de cinta.
Cambie a un directorio temporal.
$ cd /var/tmp
Extraiga los archivos de un dispositivo de cinta remoto.
$ rsh remote-host dd if=/dev/rmt/n | tar xvBpf -

CÓMO COPIAR TODOS LOS ARCHIVOS DE UN DIRECTORIO EN UNA CINTA (cpio)

$ ls -l | cpio -oc > /dev/rmt/0n
Compruebe que los archivos se hayan copiado en la cinta.
$ cpio -civt < /dev/rmt/0n
Cómo recuperar todos los archivos de una cinta (cpio)
Cambie al directorio donde desea colocar los archivos.
Extraiga todos los archivos de la cinta.

$ cpio -icvd < /dev/rmt/0n


SET UP ALOM CARD ON A Sun Fire V440

Configuración para los servers Sun Fire V210, V215, V240, V245, V445, V250, V440.

a) Moverse hasta el directorio de nuestra arquitectura del server:

root@ # cd /usr/platform/`uname -a`/sbin
root@ # pwd
/usr/platform/SUNW,Sun-Fire-V440/sbin
root@ # ls
eeprom fruadm prtdiag scadm trapstat
root@ # ./scadm shownetwork
IP Address: 0.0.0.0
Gateway address: 0.0.0.0
Netmask: 255.255.255.0
Ethernet address: 00:03:ba:d4:cf:e8
root@ #

b) Configurar parametros de red para su acceso remoto a la ALOM

root@ # ./scadm set if_network true
root@ # ./scadm set netsc_tpelinktest true
root@ # ./scadm set netsc_ipaddr 172.18.136.228
root@ # ./scadm set netsc_ipnetmask 255.255.255.0
root@ # ./scadm set netsc_ipgateway 172.18.136.1
root@ # ./scadm set sc_cliprompt aeromexicoqa

root@ # ./scadm shownetwork
IP Address: 172.18.136.228
Gateway address: 172.18.136.1
Netmask: 255.255.255.0
Ethernet address: 00:03:ba:d4:cf:e8

root@ # ./scadm resetrsc

Ahora a testear conectividad vía telnet, una vez que se halla conectado el cable de red a la tarjeta ALOM.

Ver los archivos de mayor tamaño en un FS para su depuración

root # du -kd / | sort +n



VER QUE PROCESOS ESTAN CONSUMIENDO RECURSOS

root # ps -ef -o pid,user,osz,args | sort +2n



SET UP RSC on a Sun Fire V880

a) Moverse hasta el directorio de nuestra arquitectura del server:

# /usr/platform/`uname -i`/sbin/
# ls
rsc-config rsc-initscript rscadm
#

b) Configurar parametros de red para su acceso remoto a la ALOM

# ./rscadm set ip_mode config
# ./rscadm set ip_addr 172.18.136.240
# ./rscadm set ip_netmask 255.255.255.0
# ./rscadm set ip_gateway 172.18.136.1
# ./rscadm resetrsc

# ./rscadm shownetwork IP Address: 172.18.136.240
Gateway address: 172.18.136.1
Netmask: 255.255.255.0
Ethernet address: 00:03:ba:68:b2:f6
#

Ahora a testear conectividad vía telnet, una vez que se halla conectado el cable de red a la tarjeta ALOM.


Como convertir id_rsa keys OpenSSH a Putty .ppk sin passphrase.

La llave publica y privada id_rsa fue generada en SO UNIX/Linux, sin una passphrase.

Para poder usarla con Putty en Windows es necesario importar la llave privada con PuttyGen y guardarla como .ppk.

En putty:
Click en Conversions => Import Key Click en Save Private Key y Yes para salvar sin una passphrase.
Resguardar la nueva key.ppk en una directorio seguro para evitar que sea eliminada.
Ir a Putty en Connection => SSH => Auth y agregar en Private Key file for authentication.

Validar conectividad con llave privada.

login as: connect01
This computing system is a company owned asset and provided for the exclusive use of authorized 
personnel for business purposes. All information and data created, accessed, processed, or stored
using this system (including personal information) are subject to monitoring, auditing, or review to
the extent permitted by applicable law. Unauthorized use or abuse of this system may lead to
corrective action including termination of employment, civil and/or criminal penalties. Authenticating with public key "imported-openssh-key"


Netbackup Commands

# /veritas/openv/volmgr/bin/tpconfig -d
# /veritas/openv/volmgr/bin/vmoprcmd
# /veritas/openv/volmgr/bin/robtest
# /usr/openv/netbackup/bin/./bpps -a
# /usr/openv/netbackup/bin/goodies #./bp.kill_all


RESPALDAR ARCHIVO wtmpx CON FORMATO LEGIBLE
root@ # cd /var/adm/
root@ # ls -l wtmpx
-rw-r--r--   1 adm      adm      1539641784 Apr 15 18:02 wtmpx
root@ # /usr/lib/acct/fwtmp < /var/adm/wtmpx > /var/adm/wtmpx.`date +%Y%m%d`
root@ # ls -l | grep wtmpx
-rw-r--r--   1 adm      adm      1539693492 Apr 15 18:09 wtmpx
-rw-r--r--   1 root     other    355949528 Apr 15 18:09 wtmpx.20150415
root@ # > /var/adm/wtmpx
root@ # ls -l /var/adm/wtmpx
-rw-r--r--   1 adm      adm          372 Apr 15 18:11 /var/adm/wtmpx
root@ # gzip wtmpx.20150415
root@ # ls -l | grep wtmpx
-rw-r--r--   1 adm      adm        10044 Apr 15 18:12 wtmpx
-rw-r--r--   1 root     other    42045437 Apr 15 18:09 wtmpx.20150415.gz
root@ #


VERIFICAR USO DE RECURSOS ARCHIVE CACHE ZFS
root@ # echo ::memstat | mdb -k
Page Summary                Pages                MB  %Tot
------------     ----------------  ----------------  ----
Kernel                    1577711             12325    9%
ZFS File Data             1042587              8145    6%
Anon                      4504046             35187   27%
Exec and libs              184297              1439    1%
Page cache                 949084              7414    6%
Free (cachelist)          2038059             15922   12%
Free (freelist)           6350360             49612   38%
Total                   16646144            130048
root@ #


SEGURIDAD EN EL KERNEL /etc/system

* For certain classes of bug exploits
set noexec_user_stack = 1
* Log attempted exploits
set noexec_user_stack_log = 1

* File Descriptor parameter set for SAP
set rlim_fd_cur=2048
set rlim_fd_max=2048

* ZFS arch cache to 128G RAM
set zfs:zfs_arc_max=4294967296



Random TIPS

SHOW THE ENTRIES FOR USERS WHO HAVE NO PASSWORD

awk -F: '$2 == ""' /etc/shadow
awk -F: '$2 == "" {print $1}' /etc/shadow

free counters