Professional Documents
Culture Documents
DISK ADMINISTRATION
NOTE:
In the case of swap memory:
If RAM < 2gb = Double the size of physical memory
If RAM is between 2gb and 8gb = 75% of physical memory
If RAM > 8gb = 50% of physical memory
# prtconf
This command provides the following informations:
1. physical memory size
2. Arch of the system
3. Machine model
4. What are the devices connected to the system along with the driver
# format
This is a utility which provides the following
1. How many hard disk drives are attached and recongnised by the OS.
2. Physical name and logical name of the disk
3. Volume name assigned to each disk
To skip the
utility: Ctrl+c
# echo | format
will also the above mentioned information
# prtvtoc /dev/dsk/c0t0d0s2
* /dev/dsk/c0t0d0s2 partition map
*
Ravi Mishra
Dimensions:
512 bytes/sector
248 sectors/track
19 tracks/cylinder
4712 sectors/cylinder
7508 cylinders
# prtvtoc
prints the Volume Table Of Contents
Following informations will be provided:
1. disk (volume name)
2. disk information, about the sectors, tracks. Cylinders.
3. the created slices inforation along with the flags
Re-labling a disk:
# prtvtoc /dev/dsk/c0t0d0s0 > /var/tmp/test_disk0
Redirecting the output of # prtvtoc to the file
/var/tmp/test_disk0
# fmthard -s /var/tmp/test_disk0 /dev/rdsk/c0t10d0s2
Copying the VTOC (Volume Table Of contents) of disk c0t0d0 to new disk c0t10d0s2
# fmthard
this command is used to create/copy the layout of one disk drive to another.
NOTE: Above command can be used only if both the source disk and the destination disk drive
geometry
remains same.
Reconfiguring the disk:
It can be achieve by 3 ways
1. At OK prompt
OK boot -r
will boot the system and reconfigure, identifies the newly connected disks.
2. # touch /reconfiure
Create a file named "reconfigure" under root.
# init 6
Restart the system
Now, when the system restarts, the newly connected disks will be identified.
NOTE: Once the system is rebooted, the reconfigured file will be removed automatically.
3. # devfsadm Cv
will be applicable when the system supports hot pluggable disk drives.
here
-C = to clear and create a new list of newly identified disk drives
-v = verbose. detailed output
FILE SYSTEM
Mainly classified into 3 types
Ravi Mishra
Ravi Mishra
Where
-o = to specify the option
b = to specify the block number
-y = to confirm "yes"
NOTE: fsck command will check file system consistency, inode consistency, cylinder groups
consistency.
# df -h
will provide
1. what are the devices mounted?
2. where it is mounted?
3. what is the total size of the slice?
4. how much of space is used?
5. how much of space is available?
6. space utilized in %?
Where
-h = to view the information in human readable format.
# du -h /<dir>
# du -ks `ls -d *` | sort nr -- To find directories taking larger space within a given path
# du -h /mnt/sone
will provide how much of space is occupied by each file and directory
# quot -h /dev/dsk/c0t12d0s0
/dev/rdsk/c0t12d0s0:
9 root
will show the ownership.
Ravi Mishra
Ravi Mishra
# cat /etc/vfstab
#device device mount FS fsck mount mount
#to mount to fsck point type pass at boot options
#
fd - /dev/fd fd - no /proc - /proc proc - no /dev/dsk/c2t0d0s1 - - swap - no /dev/dsk/c2t0d0s0 /dev/rdsk/c2t0d0s0 / ufs 1 no /dev/dsk/c2t0d0s3 /dev/rdsk/c2t0d0s3 /usr ufs 1 no /dev/dsk/c2t0d0s4 /dev/rdsk/c2t0d0s4 /var ufs 1 no /dev/dsk/c2t0d0s7 /dev/rdsk/c2t0d0s7 /export/home ufs 2 yes -/devices - /devices devfs - no ctfs - /system/contract ctfs - no objfs - /system/object objfs - no swap - /tmp tmpfs - yes -
Ravi Mishra
Ravi Mishra
NOTE:
1. Volume management (VOLD) features automatic detection of the CD-ROM. However, it does
not detect the presence of diskette that has been inserted in the drive until volcheck command is
run, This command instructs the vold daemon to check the diskette drive for any inserted media.
Volume management can mount ufs, pcfs, hsfs & udfs file system.
- will provide the above information, along with the hardware and software errors.
-- Destination System
Ravi Mishra
PACKAGE ADMINISTRATION
#
#
#
#
#
Ravi Mishra
# pkginfo | wc -l
will list out how many packages is installed to the system
# cat /var/sadm/install/contents
Provide the information about the packages installed to the system
# cd /var/sadm/pkg
Provide what are the packages installed to the system
To install a package:
Let's consider the OS cd/dvd is mounted under /mnt/cdrom
# pkgadd -d <path_of_the_package> <package_name>
# pkgadd -d /mnt/cdrom/Solaris_10/Product SUNWbash
To install a specified package from the current location
# cd /mnt/cdrom/Solaris_10/Product
# pkgadd -d . SUNWbash
To copy the specified package to the default spool directory.
# pkgadd -d /mnt/cdrom/Solaris_10/Product -s SUNWbash
Location of the default spool directory = /var/spool/pkg
Ravi Mishra
10
# pkgchk -p <file_name>
will provide the information about when the file is modified.
# pkgchk -p /etc/shadow
ERROR: /etc/shadow
modtime <11/09/06 10:18:10 PM> expected <07/20/09 11:20:32 AM> actual
file size <296> expected <703> actual
file cksum <20180> expected <48117> actual
# pkgchk -l -p /etc/shadow
Pathname: /etc/shadow
Type: editted file
Expected mode: 0400
Expected owner: root
Expected group: sys
Referenced by the following packages:
SUNWcsr
Current status: installed
Ravi Mishra
11
Ravi Mishra
12
Ravi Mishra
13
Ravi Mishra
14
Ravi Mishra
15
2. # kbd -i
- to initiate the changes done
To enable the stop+A sequence:
1. Edit the file /etc/default/kbd
Output (Only relevant lines are displayed):
# Uncomment the following line to disable keyboard or serial device
# abort sequences:
#KEYBOARD_ABORT=disable
2. # kbd -i
Ravi Mishra
16
SOLARIS
LINUX
N/A
Shutdown
Single User
Single User
Unused
Unused
Shutdown
Restart
Restart
SOLARIS
LINUX
S/s
TYPE
# fdisk -l
Displays the disks & partitions
availability
/dev/hda,/dev/hdb,/dev/sda,/dev/sdb
Disk Admin
# format
Displays the disk availability
/dev/(r)dsk/c#t#d#s#
Mount
File Systems
ufs
# newfs /dev/rdsk/c#t#d#s#
ext3
# mkfs -t ext3 /dev/hda#
Mount
Unmount
/etc/mnttab
/etc/vfstab
/etc/mtab
/etc/fstab
# pkgadd <package>
# pkginfo
# pkgrm <package_name>
Package Admin
Process
Monitoring
Backup &
Restore
Ravi Mishra
# prstat
#uptime,last,who,w = works with both
# top
# free
# ufsdump
# ufsrestore
# dump
# restore
17
Ravi Mishra
18
Ravi Mishra
19
FPROM
NVRAM
(Flash PROM)
Generic Device
Drivers
(Vendor Defined Settings)
(auto-
# who -r
will provide the following information
a. current run level
b. date & time of the last run level change
c. number of times at this runlevel since the last rebppt
d. previous run level
# who -r
.
run-level 3 Oct 28 18:39
Ravi Mishra
0 S
20
Ravi Mishra
21
mode
mode [OK boot -r]
-- Milestone option
Verbose mode [OK boot -v]
mode [OK boot -a]
now press, 'esc' followed by 'b' to boot the system in desired mode.
Properties of Failsafe boot archive:
1. Is self sufficient
2. Can boot on its own
3. Is created by default during OS installation
4. Requires no maintenance
Ravi Mishra
22
Status of the
Degraded:
Disabled:
Legacy_run:
Maintenance:
manually
Offline:
Offline:
Online:
Uninitialized:
SMF:
Service instance is enabled, but is running at a limited capacity
Services are not enabled and not running
Services are not controlled by SMF, but can be observed. (Started with RC scripts)
This state needs roots interrogation. In this case the services has to be made available
Services are enabled but not running
Service is enabled but the service is not yet running or available to run.
Services are enabled and its running
This state is the initial state for all services before their configuration has been read.
Ravi Mishra
23
Ravi Mishra
24
# svcs
List out that are the services running (online), status of the service, FMRI
# svcs
# svcs -l
-l option will give detailed information about a service, includes the FMRI, status of the service,
Eg: svcs -l network
# svcs -l <FMRI>
# svcs -l telnet
fmri svc:/network/telnet:default
name Telnet server
enabled true
state online
next_state none
state_time Mon Aug 24 14:42:57 2009
restarter svc:/network/inetd:default
# svcs -d
Ravi Mishra
25
# svcs -D
-D option will display the other services depends on a given service.
# svcs -D milestone/multi-user
# svcs -p
-p option is to view the processes associated with a service instance.
# svcs -p network/inetd:default
# svcs -x
If a service fails for some reason and cannot be restarted, you can list the service using the -x option.
# svcs -x telnet
svc:/network/telnet:default (Telnet server)
State: online since Mon Aug 24 14:42:57 2009
See: in.telnetd(1M)
See: telnetd(1M)
Impact: None.
SERVICE ADMINISTRATION: [using svcadm]
# svcadm - manipulate service instances
# svcadm enable <FMRI>
-- Starts the service
# svcadm enable telnet
# svcadm disable <FMRI>
# svcadm disable telnet
Ravi Mishra
26
Run Level
N/A
s/S
2
3
3
OK boot m milestone=none
#svcadm milestone <options>
#svcadm milestone multi-user
#svcadm milestone all
NOTE:
1. The svc.stard daemon can obtain information about the services from the repository. This was
previously the responsibility of init process.
2. svc.stard daemon takes on the role of starting the appropriate process for the achieved run level.
3. A corrupt repository prevents the system from booting.
4. Configuration information about the services and system is stored to /etc/svc/repository.db
To restore when the SMF repository is corrupted:
# cd /lib/svc/bin
# ./restore_repositry
To work with svccfg configuration of smf:
# svccfg
svc:> select network
svc:/milestone/network> select telnet
svc:/network/telnet> listprop
general framework
general/entity_stability astring Unstable
general/restarter fmri svc:/network/inetd:default
inetd framework
inetd/endpoint_type astring stream
inetd/isrpc boolean false
inetd/name astring telnet
inetd/proto astring tcp6
inetd/stability astring Evolving
inetd/wait boolean false
svc:> list will list all services defined under smf repository
Ravi Mishra
27
listprop inetd/wait
false
setprop inetd/wait=boolean:"true"
listprop inetd/wait
true
default
default
default
default
default
default
default
default
NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
Ravi Mishra
28
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=TRUE
NAME=VALUE
name="mytelnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
# netservices open
1. Will open or enable all the network related services
2. Needs the system to be restarted.
# netservices open
restarting syslogd
restarting sendmail
restarting wbem
# cd /var/svc/profile/
# ls -l generic.xml
lrwxrwxrwx 1 root root 18 Aug 24 16:59 generic.xml -> ./generic_open.xml
To check:
# svcs -a | grep ftp
online 16:47:14 svc:/network/ftp:default
# netservices limited
1. Will disable all network services except ssh.
2. Need the system to be restarted
# netservices limited
restarting syslogd
restarting sendmail
restarting wbem
Ravi Mishra
29
To check:
# svcs -a | grep ftp
disabled 17:02:01 svc:/network/ftp:default
But,
# svcs -a | grep ssh
online 14:42:58 svc:/network/ssh:default
FILE PERMISSIONS
r= read
w=write
x=execute
u = owner of the file
g = group
o = others
a = all
+ = to add the permissions
- = to remove the permissions
= = to assign the permissions
# chmod
# chown
# chgrp
---
Ravi Mishra
30
file1
OR
#chmod u+s file1
root root 0 Jul 23 14:44 file1
file1
root root 0 Jul 23 14:44 file1
SGID: All files and sub dirs under parent dir with SGID permission assigned will inherit group of its
parent dir
1. SGID will be effective for a directory
2. If SGID permission is assigned to a directory, then the files and sub-dir created under the parent dir
(dir implemented with SGID) will be inheriting the group of the parent directory but if a file/dir is
already present in the parent dir before applying SGID permissions to it than it will retain its original
group permissions whatsoever.
Assign the SGID for the dir dir2
# chmod 2644 dir2 OR
#chmod g+s dir2
drwxr-sr-x 2 root root 512 Jul 23 14:48 dir2
STICKY BIT:
1. It'll be effective for a directory.
2. If a directory is assigned sticky bit permissions, every user in that system has the right to create a
file/directory inside that dir (provided with permission), but only the owner of the file can delete the
file.
NOTE: This can be override by root user.
# chmod 1777 dir3 OR
#chmod +t dir3
drwxrwxrwt 2 root root 512 Jul 23 14:52 dir3
Used to identify what are the files/dir that are having SGID permission.
# find /-user root -perm -2000
/usr/bin/mail
/usr/bin/mailx
/usr/bin/passwd
/usr/bin/write
/usr/lib/sendmail
/usr/openwin/bin/Xprt
/usr/openwin/bin/lbxproxy
/usr/platform/i86pc/sbin/eeprom
/usr/sbin/amd64/prtconf
Used to identify what are the files/dir that are having SUID permission.
Ravi Mishra
31
Used to identify what are the files/dir that are having Sticky bit permission
# find /-user root -perm -1000
USER & GROUP ADMINISTRATION:
/etc/passwd
/etc/shadow
/etc/group
/etc/skel
to
to
to
to
to
to
When the # useradd command is executed, the following 2 files will be updated.
1. /etc/passwd
2. /etc/shadow
To create a simple user account:
# useradd -d /export/home/ravim -m ravim
This command will create the user named ravim with the home directory /export/home
# grep ravim /etc/passwd
ravim:x:522:1::/export/home/ravim:/bin/sh
# grep ravim /etc/shadow
ravim:*LK*:::::::
NOTE: Whenever the user is created, that user account will be "locked" intially untill password to the
user is defined.
Ravi Mishra
32
Ravi Mishra
33
/etc/defult/passwd will provide number of information related to the password security policy
1. defines the length of the password
2. default minimum password age
3. default maximum password age
4. maintaining the history of the password
5. name check (login name cannot be used as the password)
6. dict word ( dictionary word cannot be used a password)
7. alphpa numeric,special characters to password
Ravi Mishra
34
other
other
other
2011
1
1
1
other
Ravi Mishra
35
Ravi Mishra
36
# id <login_name>
# id bryant
will provide the information about the user's id and their primary group along with id.
$ id bryant
uid=1028(bryant) gid=110(sun)
# id -a <login_name>
# id -a bryant
will provide the information about the user's id, primary group id and name, secondary group id and
names
USER ACCOUNT DETAILS: Primary Group and Secondary Group
$ id -a bryant
uid=1028(bryant) gid=110(sun) groups=110(sun)
# finger -m <login_name>
# finger <login_name>
# finger bryant
# finger -m bryant
will provide the informations about the user's home dir, parent shell, when they logged in.
$ finger bryant
Login name: bryant In real life: test
Directory: /export/home/kobe Shell: /bin/bash
Never logged in.
No unread mail
Ravi Mishra
37
PERFORMANCE MONITORING
#w
will list out the following informations
1. who is logged in to the system
2. where they have logged in
3. when they have logged in
4. what they are doing
5. how much time they were idle
6. cpu utilization for each user's process
# w
7:44am
up 2 day(s),
Ravi Mishra
9:13,
5 users,
38
User
ovoadmin
maheshu
ovoadmin
ovoadmin
ravim
tty
pts/1
pts/9
pts/5
pts/3
pts/10
login@
10:06pm
7:14am
10:06pm
2:11am
7:28am
idle
3
31
3
4:24
JCPU
PCPU
what
-bash
-bash
-bash
-bash
w
# who
will listout
1. who is logged into the system
2. where they have logged in
3. when they logged in
4. from where they have logged in (in the case of remote)
# who
ovoadmin
maheshu
ovoadmin
ovoadmin
ravim
pts/1
pts/9
pts/5
pts/3
pts/10
Nov
Nov
Nov
Nov
Nov
1
2
1
2
2
22:06
07:14
22:06
02:11
07:28
(162.8.95.123)
(mlfepp1.feed.ocp.ilx.com)
(162.8.95.123)
(162.8.95.123)
(turnstilel1.ocl.ilx.com)
# whodo
will listout out the information about
1. who are logged and what are they doing
2. what process they are doing
3. the process id of the process
# whodo
ravim
7:30
20053
0:00 bash
1998
0:00 whodo
pts/4
pts/4
ovoadmin 22:26
11845
0:01 bash
pts/1
pts/1
ovoadmin 22:26
11798
0:00 bash
# rusers
will list out who are the remote users logged to the syste
# rusers -l <ip_name_of_the_system>
#rusers -l 192.168.0.252
# vmstat
will display the virtual memory status
# pagesize
will display the page size of the system
# uname -a
SunOS news_sol10 5.10 Generic_142910-17 i86pc i386 i86pc
# pagesize
4096
# uname -a
SunOS newss1 5.10 Generic_127111-02 sun4u sparc SUNW,Sun-Fire
# pagesize
Ravi Mishra
39
reboot
reboot
root
root
root
root
reboot
pts/3
sshd
pts/3
sshd
console
system boot
system down
system boot
system down
pts/3
pts/4
pts/3
console
system boot
blrti2m61165.wks
blrti2m61165.wks
blrti2m61165.wks
blrti2m61165.wks
:0
:0.0
:0.0
:0.0
:0
Wed
Wed
Mon
Mon
Fri
Fri
Fri
Nov
Nov
Oct
Oct
Oct
Oct
Oct
2
2
31
31
28
28
28
17:12
still logged in
17:12
still logged in
16:31 - 21:10 (04:39)
16:31 - 21:10 (04:39)
18:40
still logged in
18:39
18:36
Thu
Thu
Thu
Thu
Thu
Thu
Thu
Sep
Sep
Sep
Sep
Sep
Sep
Sep
8
8
8
8
8
8
8
20:11
20:10
20:09
20:09
19:44
19:42
19:39
Fri
Fri
Mon
Mon
Wed
Oct
Oct
Oct
Oct
Oct
28
28
24
24
19
18:39
18:36
11:48
11:47
17:47
Sep
Sep
Sep
Sep
13
13
13
13
11:02
11:01
10:58
10:57
20:10
20:09
20:09
20:10
(00:00)
(00:00)
(00:25)
(00:28)
11:02
11:01
10:58
10:57
(00:00)
(00:00)
(00:00)
(00:00)
8 19:39
# last -n 5 reboot
will display last 5 times reboot
# last -n5 reboot
reboot
reboot
reboot
reboot
reboot
system
system
system
system
system
boot
down
boot
down
boot
sshd
sshd
sshd
sshd
localhost
localhost
localhost
localhost
Tue
Tue
Tue
Tue
# uptime
will display
1. the status of how many hours the system is in running state
2. how many users are logged to the system
3. cpu load average
# uptime
4:53pm up 2:56, 3 users, load average: 0.07, 0.08, 0.06
# /usr/ucb/whoami
will dispaly the effective user, who is currently working
# who am i
will display the real user, who directly login to the system
Ravi Mishra
40
09/20
09/20
09/20
09/22
09/22
09/22
10/28
11/02
11/02
11/02
14:15
14:15
14:31
11:08
11:08
11:09
18:33
17:58
17:59
17:59
+
+
+
+
+
+
+
+
pts/5 root-suresh
pts/5 root-suresh
pts/5 root-suresh
pts/4 maltesh-root
pts/4 maltesh-root
pts/4 maltesh-root
console root-root
syscon root-ravi
syscon root-ravi
syscon root-ravi
Ravi Mishra
41
# /usr/dt/bin/sdtprocess &
1. will invoke a pop-up menu
2. & - to indicate the shell can be used to do another task
It will provide number of information:
1. Process id of every process
2. Owner of the process
3. cpu utilization to the process
4. Memory utilization to the process
5. What process is running by every user
6. When the process was stated
It will also provide filter options to choose for a particular user.
Note: This command can only be used in the graphical environment / solaris console.
# prstat
will provide/update the following informations
1. process id of every process
2. Owner of the process
3. Cpu utilization to the process
4. Memory utilization to the process
5. What process is running by every user
6. When the process was stated
It will also provide filter options to choose for a particular user.
# prstat
PID
509
790
780
796
712
776
761
USERNAME
root 38M
root 53M
root 47M
root 64M
root 12M
root 48M
root 54M
Ravi Mishra
42
# prstat -t
will display the summary of the process
# prstat -t
NPROC USERNAME SIZE RSS MEMORY TIME CPU
65 root 945M 348M 17% 0:02:53 8.0%
1 noaccess 175M 92M 4.5% 0:00:12 0.0%
1 che 2456K 1636K 0.1% 0:00:00 0.0%
1 lp 2644K 1076K 0.0% 0:00:00 0.0%
1 smmsp 6644K 1432K 0.1% 0:00:00 0.0%
2 daemon 6216K 3080K 0.1% 0:00:00 0.0%
NOTE:
The process id of sched = 0
The process id of init = 1
The process id of svc.startd (SMF) = 7
9 = starts the svc.configd daemon related to SMF - start the services configuration daemon
# netstat
is used to monitor the network status
1. List connections of all protocol & address to and from the machine.
Address families include:
a. INET - ipv4
b. INET6 - ipv6
c. UNIX - Unix domain Sockets (Solaris/BSD/Linux/HP-UX/IBM-AIX/etc)
Protocols include:
TCP, IP, ICMP (which controls ping, echo), IGMP, RAWIP, UDP (DHCP, TFTP)
2. Lists routing table
3. Lists DHCP status for various interfaces
4. Lists net-to-media table. Network to MAC table
# netstat usage:
# netstat
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ ------accel1.telnet intel.32961 49640 0 49640 0 ESTABLISHED
Where
1 => hostname of the sender
2 => port/protocol
3 => hostname of the receiver / remote
4 => port/protocol of remote
NOTE:
1. # cat /etc/services
Displays the well known port number and their corresponding services
2. Hostname is displayed while using the # netstat command can be possible only of the
/etc/hosts file is having the entry of the ip-address and corresponding hostname [resolve].
Ravi Mishra
43
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- ------*.route Idle
*.sunrpc Idle
*.* Unbound
*.32771 Idle
[Output truncated]
# netstat n
a.Shows network addresses as numbers. Normally # netstat displays addresses as symbols.
b.It disables name resolution of hosts and ports and hence displays the ip-address.
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ ------192.168.0.100.23 192.168.0.19.32961 49640 0 49640 0 ESTABLISHED
192.168.0.100.32921 192.168.0.5.6000 500576 0 49640 0 ESTABLISHED
127.0.0.1.32923
[Output truncated]
# netstat i
a.Returns the state of the physical interfaces. Pay attention to errors/collisions/queue whilst
troubleshooting.
b.When combined with -a options displays report on logical interfaces.
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 131536 0 131536 0 0 0
hme0 1500 accel1 accel1 186731 0 189733 0 0 0
NOTE:
mtu - Maximum Transmission Unit
In general the loopback address mtu will be high.
# netstat m
a.Show the STREAMS memory [How much TCP packets is working on the system]
# netstat -m
streams allocation:
streams
queues
mblk
dblk
linkblk
syncq
Ravi Mishra
current
549
1038
983
984
5
17
maximum
590
1068
1512
1603
84
25
cumulative
total
29753
45082
22413
9808550
6
37
allocation
failures
0
0
0
0
0
0
44
qband
# netstat p
Returns net-to-media information
[MAC/layer-2 information] i.e., to arp table.
# netstat -p
Net to
Device
-----bge0
bge0
bge0
Flags
Phys Addr
-------- --------------o
00:00:0c:07:ac:b4
SPLA
00:1a:a0:4d:87:c2
SM
01:00:5e:00:00:00
# netstat P <protocol>
Returns active sockets for specified protocol
Eg: # netstat P tcp
Note:
1.Protocols should be specified with small letters
2.The following protocols are only allowed ip|ipv6|icmp|icmpv6|tcp|udp|rawip|raw|igmp
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ ------accel1.telnet intel.32961 49640 0 49640 0 ESTABLISHED
accel1.32921 192.168.0.5.6000 500576 0 49640 0 ESTABLISHED
localhost.32923
[Output truncated]
localhost.32879 49152 0 49152 0 ESTABLISHED
# netstat r
a.Returns routing table
b.Normally, only interface, host, network & default routes are displayed
c.Combined with -a option, all routes will be displayed, including cache.
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ --------192.168.0.0 accel1 U 1 19 hme0
224.0.0.0 accel1 U 1 0 hme0
localhost localhost UH 47 133672 lo0
# netstat D
Returns DNCP configuration [includes releases/renewal etc]
# netstat an f [inet|inet|6|unix]
-f => allows to specify the family address
Eg: # netstat an f inet
Displays only ipv4 information
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- ------*.520 Idle
*.111 Idle
*.* Unbound
*.32771 Idle
*.* Unbound
[Output truncated]
# ps -ef
Ravi Mishra
45
FTP Commands:
# ftpcount and # ftpwho [displays the connected users & process information]
# ftpconfig utility is used to setup anonymous/guest ftp
FTP Configuration files:
/etc/ftpd
ftpaccess primary configuration file for wu-ftpd
ftphost allow/deny access to users from hosts
ftpservers allows root to define virtual hosts
ftpusers users listed are NOT permitted(denied) to access the server via ftp
ftpconversions facilitates tar, compress, gzip support
NOTE: By default root user is denied to use ftp.
wu ftp daemon supports 2 types of ftp connections : Active and Passive FTP
ACTIVE FTP
In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's
command port, port 21. Then, the client starts listening to port N+1 and sends the FTP
command PORT N+1 to the FTP server. The server will then connect back to the client's specified data
port from its local data port, which is port 20.
Ravi Mishra
46
In Step 1, the client's command port contacts the server's command port and sends the
command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In
step 3 the server initiates a connection on its local data port to the data port the client specified
earlier. Finally, the client sends an ACK back as shown in step 4.
The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make
the actual connection to the data port of the server--it simply tells the server what port it is listening
on and the server connects back to the specified port on the client. From the client side firewall this
appears to be an outside system initiating a connection to an internal client--something that is usually
blocked.
PASSIVE FTP
In order to resolve the issue of the server initiating the connection to the client a different method for
FTP connections was developed. This was known as passive mode, or PASV, after the command used
by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls
filtering the incoming data port connection to the client from the server. When opening an FTP
connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port
contacts the server on port 21, but instead of then issuing a PORT command and allowing the server
to connect back to its data port, the client will issue the PASV command. The result of this is that the
server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the
client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall's standpoint, to support passive mode FTP the following communication
channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1023 (Server responds to client's control port)
Ravi Mishra
47
In step 1, the client contacts the server on the command port and issues the PASV command. The
server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data
connection. In step 3 the client then initiates the data connection from its data port to the specified
server data port. Finally, the server sends back an ACK in step 4 to the client's data port.
While passive mode FTP solves many of the problems from the client side, it opens up a whole range of
problems on the server side. The biggest issue is the need to allow any remote connection to high
numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow
the administrator to specify a range of ports which the FTP server will use.
The second issue involves supporting and troubleshooting clients which do (or do not) support passive
mode. As an example, the command line FTP utility provided with Solaris does not support passive
mode, necessitating a third-party FTP client, such as ncftp.
With the massive popularity of the World Wide Web, many people prefer to use their web browser as an
FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be
good or bad depending on what the servers and firewalls are configured to support.
# ftpcount
Shows current number of users in each ftp server class
-v displays the user counts for ftp server classes defined in virtual host [ftpaccess]
-V display program copyright and version information then terminate
# ftpcount
Service class realusers - 1 users (no maximum)
Service class guestusers - 0 users (no maximum)
Service class anonusers - 0 users (no maximum)
# ftpwho
Shows current process information for each ftp server user
1. Itll display which user is logged in along with the process id
2. Status of the user will be displayed
3. Will also display the password given by the anonymous user
# ftpwho
Ravi Mishra
48
Here,
a real user named - bhagat is logged through ftp
Note: Login time via ftp is defined in the file /etc/ftpd/ftpaccess Time out in seconds.
Anonymous FTP Configuration:
We need to generate the user name as either ftp or anonymous along with directory.
#ftpconfig /anonFTP
Creating user ftp
Creating directory /anonFTP
Updating directory /anonFTP
Ravi Mishra
49
total 0
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
root
root
root
root
root
root
root
root
0
0
0
0
Sep
Sep
Sep
Sep
12
12
12
12
16:51
16:51
16:51
16:51
a
b
c
d
Ravi Mishra
50
# ftpwho
Service class
- 0 users (no
Service class
- 0 users (no
Service class
- 0 users (no
realusers:
maximum)
guestusers:
maximum)
anonusers:
maximum)
Ravi Mishra
51
/etc/cron.d/at.allow this file will not be present by default it has to be created manually. This file
holds the login name of the users who are having the permission to access the at command.
NOTE:
1. In general system will check for the /etc/cron.d/at.allow file first and then moves to the file
/etc/cron.d/at.deny.
2. If a user is given entry to both the files, then he is permitted to use the commands (in both
at,crontab)
/var/cron/log this file logs the at command scheduling
In the case of crond
We have the file /etc/crond.d/cron.deny
# cat /etc/cron.d/cron.deny
daemon
bin
nuucp
listen
nobody
noaccess
Ravi Mishra
52
Ravi Mishra
53
# cat /etc/default/login
# PASSREQ determines if login requires a password.
#
PASSREQ=YES
# cat /etc/default/login
# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
#
TIMEOUT=300
While login through telnet the login prompt will be displayed to 300 sec. It can be decreased.
Output: (Partial output relevant to the topic)
Determine number of retries if the password is wrongly typed.
# cat /etc/default/login
# RETRIES determines the number of failed logins that will be
# allowed before login exits. Default is 5 and maximum is 15.
# If account locking is configured (user_attr(4)/policy.conf(4))
# for a local user's account (passwd(4)/shadow(4)), that account
# will be locked if failed logins equals or exceeds RETRIES.
#
#RETRIES=5
PRINTER CONFIGURATION
# printmgr &
=> This above command opens a menu
=> Printer configuration can be menu driven
NOTE:
1. Before configuring the printer make sure about the compatibility with the sun Microsystems.
2. Check the make and the type
3. The port to which the printer is connected physically.
Once the menu is opened,
1. Enable the "confirm actions" from the main menu
2. Select the newly attached printer
a) give the printer name ( can be any name )
b) description can also be anything
c) choose the correct port
(Here we have chosen /dev/pts/7 for our eg. In this case if we want to specify the port choose "other')
d) select the type of the printer
Ravi Mishra
54
printer 5stars is idle. enabled since Fri Jul 31 16:34:22 2009. available.
printer 5stars_bkp is idle. enabled since Fri Jul 31 16:39:54 2009. available.
# lpadmin -d 5stars_bkp
# lpstat -p
printer 5stars is idle. enabled since Fri Jul 31 16:34:22 2009. available.
printer 5stars_bkp is idle. enabled since Fri Jul 31 16:39:54 2009. available.
# lpstat -d
system default destination: 5stars_bkp
# accept <printer_name>
eg: # accept hp
this command will start sending the request to the printer named "hp"
In other words printer starts printing the desired output.
Ravi Mishra
55
# cat /etc/dumpdates
Ravi Mishra
56
Ravi Mishra
57
Ravi Mishra
58
# cd /
# umount /a
# init 6
Ravi Mishra
59