Categories
Commands Unix

Commands.txt

solaris commands

wipro-bby
wiprobby

1. /usr/bin/uname – display current OS name, versin, Architecture

2. /usr/bin/uptime – Display how long the system has been up

3. /usr/bin/prtconf – Displays out detailed hardware info.

4. /usr/bin/prstat – Display active process statistics with the top process taking the most resource.

5. /usr/platform/sun4u/sbin/prtdiag – Displays very detailes hardware info such as CPU speed, CPU chache and on what slots memory chips is installed.

6. /usr/bin/showrev – displays machine and software version info.

7. /usr/bin/w – display info on currently logged on users.

8. Adding users –
#useradd -d /export/home/username -m -s /bin/ksh
the -m option tells the useradd command to automatically create the home directory.
NOte: do not store user directory in /home as this directory is used by solaris automounter. the automountwer gives the user to login to many machines and automatically ahve their home directories mounted on that machines /home area.

9. to delete users. – /usr/bin/userdel
for eg. userdel -r – will delete the users home directory as well.

10. psrinfo -v – processor info.

11. netstat -rn – show the routing table.

12. ifconfig -a – show the network iface info.

13. explorer output
/opt/SUNWexplo/bin/explorer – it is an executable file used to generate the explorer output
/opt/SUNWexplo/etc/ – directory contains the explorer tar files.

14. passwd -sa — for checking all system users password.

Network Configuration in Solaris.
1. to set the machine’s name – /etc/nodename

2. using DNS edit: /etc/nsswitch.conf – look for line that starts with “hosts:”
add “dns” to the end of the line.
you can add the “dns” entry to the very beginning of the line, which changes the order in which solaris will do the name lookups. for eg. if you have “nis” before “dns” it will check in nis database first and try to resolve it from there and if you have files before dns it will look in the /etc/hosts files before it look in dns.

3. adding entries in /etc/resolv.conf
file: /etc/resolv.conf
search domainname.com
domain domainname.com
nameserver ns1
nameserver ns2

4. adding machines info in /etc/hosts file.
file:/etc/hosts
ipaddr hostame

5. edit the following files.
/etc/net/ticlts/hosts
/etc/net/ticolts/hosts
/etc/net/ticotsnord/hosts

6. editing the interface name files.
sun systems can have multiple network cards, and each of those cards answer to a different hostname you may also have to edit a file to assign the hostname to the main network card.. you may want a single server to respond to many hostnames. the main network interface is mainly “hme0”.
to edit interface: /etc/hostname-interface

7. to edit netmask.
/etc/inet/netmasks
—————————————————————————————————————————-
###Exporting Display
##logging on server A using VNC.
1.ssh server B
2.xhost server B
3.export display server A:1.0

##for automatic color schemes.
ls –color=auto

##for time styling
ls –time-style=+%d-%m-%y\&H%M

##adding alias in .profile
alias variable=”alias name”
here “alias name” refers to any command which can be used in conjugtion.

##to show all the hidden files in one directory.
ls -d .*

##to remove empty lines using sed.
sed `/^$/d’

##password aging script in linux if chage is not working.
chage -l usernaem – most appropriate condition.
else
login as root.
grep the users in /etc/passwd file using:
#cut -d: -f1 /etc/passwd
#while read line do
#chage -l $users | grep “password expires” and line
#disply $users- your password will expire on

###Configuring Network.
##adding net up on command line.
#ifconfig eth0 netmask brodcast up

##adding the default gateway.
#route add default gw

##add the nameserver entries.
file: /etc/resolv.conf

#nmblookup -A -d1
#smblookup -LBC8 -I -U knopix % -w workcener name -d3

AIX commands.
#lscfg -vp | grep -p Cabinet — to check the cabinet no. on IBM/AIX

#lsdev -Cc Tape — to list the tape devices.

#rmdev -dl /dev/rmt0 — to delete rmt0 device.

#cfgmgr -v — reread the system hardware components and if iut finds any new thing. it will configure it accordingly.

#lsdev -Cc Tape — configure the tape drive.

#cfgmgr — same as above

#cat /etc/exclude.rootvg — filesystems to exclude while taking complete system backup.

#lsvg -l rootvg — list the volumme group called as rootvg

#smit mksysb — the smit interface to take the system backup

#tail smit.log — tail the log files to see smit is working fine.

#tctl -f /dev/rmt0 rewoffl -eject — this will rewind the tape and will eject the tape device.

#restore -tvf /dev/rmt0 — to list the contents of the tape device

#find ./log ./out -print | backup -ivf /dev/rmt0 | tee /tmp/log — to take backup of some files from ./log and ./out directory on tape device rmt0 while logging and printing the output on the screen.

#restore -xqdvf /dev/rmt0 — restoring the complete backup on the harddisk directory. the command must be fired from the parent directory to avoid confusions in where to restore dir. name.

########Grub.conf — How it works
####Manually loading through the bootloader.

###This will boot the windows partition.
rootnoverify (hd0,0)
makeactive
chainloader +1
boot

###booting linux fron /dev/hda3 device
root (hd0,2)
kernel /boot/vmlinuz root=/dev/hda3 -s
boot
initrd /boot/initrd

####SHUTTING DOWN ORACLE 9i

1. ps -aef | grep pmon -> to check orcale instances running.
2. sqlplus /as sysdba
3. shutdown immediately
4. exit
5. ps -aef | grep ora
6. ps -aef | grep tltns
10. kill -9 ora9ibrn

### copies a single 1024 block from /dev/zero(a continuous stream of zero bytes) to the file new file.
dd if=/dev/zero of=new_file bs=1024 count=1

iostat -En will show the devices like c0t0d0.
product :- the last line gives the size of the disk
mount -F hsfs /dev/dsk/c0t0d0s0 /mnt

To see all of the slices on all of the disks the easiest thing is:
prtvtoc /dev/rdsk/*s2
To see all disks do this:
format /dev/null 2>&1 redirecting the cron log to /dev/null
hwclock –systohc sync date with hwclock

df -g |awk ‘{print $1}’
df -g |awk ‘{print $7}’
df -g |awk ‘{print $4}’

To Change the username and home permission of a user
groupmod -n sysadmin santosh
usermod -d /home/sysadmin -m -g sysadmin -l sysadmin santosh

vncserver -kill :1

psrinfo will give number of cpus in Sun Solar
is

OGL Backup
cd /oraapps/oracle/prodcomn/admin

# find ./out ./log print | backup ivf /dev/rmtn

pscp.exe -pw ‘password’ “local machine path” [email protected]:/path/to/home/

df -g refresh
while :^Jdo^Jdf -g /kcf1dr /kcfdrvg^Jsleep 2^Jclear^Jdone

stopping one spd device
setsp -T -l3

3 is SPD number.

TIP
tip -9600 /dev/ttya
tip -9600 /dev/ttyb

changing users unsuccessful login attempt using sudo
sudo chsec -f /etc/security/lastlog -s username -a unsuccessful_login_count=0

mount -t ext3 -o acl

give rwx privileges to a user which does not belong to the group
setfacl -m u:prod:rwx test
checked the privileges using

getfacl -a test

opensssl rand -base64 6
—————————————————————————-
Restoration of backup
# restore -xdvgf /dev/rmtn
n-> no. of the tape drive attached.

To rewind and ejject the tape
# tctl -f /dev/rmtn rewoffl

To list the contents of the tape drive
# restore -Tl -vf /dev/rmt0

To check user account status like locked, unlocked and when the password expires etc.. use
on
AIX:
chuser

Solaris
passwd -s username

Linux
Chage -l username

Categories
Unix

Bash Tips and Tricks

Categories
Unix

Remote Logins – Telnet

An answer found from Linux Gazette for the question on Remote Logins and su.

Q. i am running red hat linux 6.1 and am encountering some problems i can login as root from the console but not from anywhere else i have to login as webmaster on all other machines on ntwk from nowhere, including the console, can i su once logged in as webmaster any help would be appreciated

Ans. :
Any of these should allow you to access your system through cryptographically secured authentication and session protocols that protect you from a variety of sniffing, spoofing, TCP hijacking and other vulnerabilties that are common using other forms of remote shell access (such as telnet, and the infamous rsh and rlogin packages).

If you really insist on eliminating these policies from your system you can edit files under /etc/pam.d that are used to configure the options and restrictions of the programs that are compiled against the PAM (pluggable authentication modules) model and libraries. Here’s an example of one of them (/etc/pam.d/login which is used by the in.telnetd service):

#
# The PAM configuration file for the Shadow `login' service
#
# NOTE: If you use a session module (such as kerberos or NIS+)
# that retains persistent credentials (like key caches, etc), you
# need to enable the `CLOSE_SESSIONS' option in /etc/login.defs
# in order for login to stay around until after logout to call
# pam_close_session() and cleanup.
#

# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue

# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth requisite pam_securetty.so

# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth required pam_nologin.so

# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# (Replaces the `ENVIRON_FILE' setting from login.defs)
auth required pam_env.so

# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth required pam_unix.so nullok

# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please uncomment and edit /etc/security/group.conf if you
# wish to use this.
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
# auth optional pam_group.so

# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so

# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so

# Standard Un*x account and session
account required pam_unix.so
session required pam_unix.so

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session required pam_limits.so

# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so

# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so

# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You
# can also enable a MAIL environment variable from here, but it
# is better handled by /etc/login.defs, since userdel also uses
# it to make sure that removing a user, also removes their mail
# spool file.
session optional pam_mail.so standard noenv

# The standard Unix authentication modules, used with NIS (man nsswitch) as
# well as normal /etc/passwd and /etc/shadow entries. For the login service,
# this is only used when the password expires and must be changed, so make
# sure this one and the one in /etc/pam.d/passwd are the same. The "nullok"
# option allows users to change an empty password, else empty passwords are
# treated as locked accounts.
#
# (Add `md5' after the module name to enable MD5 passwords the same way that
# `MD5_CRYPT_ENAB' would do under login.defs).
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.

password required pam_unix.so nullok obscure min=4 max=8

# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5

This is from Debian machine (mars.starshine.org) and thus has far more comments (all those lines starting with “#” hash marks) than those that Red Hat installs. It’s good that Debian comments these files so verbosely, since that’s practically the only source of documentation for PAM files and modules.

In this case the entry that you really care about is the one for ‘securetty.so’ This module checks the file /etc/securetty which is classically a list of those terminals on which your system will allow direct root logins.

You could comment out this line in /etc/pam.d/login to disable this check for those services which call the /bin/login command. You can look for similar lines in the various other /etc/pam.d files so see which other services are enforcing this policy.

This leads us to the question of why your version of ‘su’ is not working. Red Hat’s version of ‘su’ is probably also “PAMified” (almost certainly, in fact). So there should be a /etc/pam.d/su file that controls the list of policies that your copy of ‘su’ is checking. You should look through that to see why ‘su’ isn’t allowing your ‘webmaster’ account to become ‘root’.

It seems quite likely that your version of Red Hat contains a line something like:

# Uncomment this to force users to be a member of group root
# before than can use `su'. You can also add "group=foo" to
# to the end of this line if you want to use a group other
# than the default "root".
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
auth required pam_wheel.so

Classically the ‘su’ commands on most versions of UNIX required that a user be in the “wheel” group in order to attain ‘root’ The traditional GNU implementation did not enforce this restriction (since rms found it distasteful).

On my system this line was commented out (which is presumably the Debian default policy, since I never fussed with that file on my laptop). I’ve uncommented here for this exa
mple.

Note that one of the features of PAM is that it allows you to specify any group using a command line option. It defaults to “wheel” because that is an historical convention. You can also use the pam_wheel.so module on any of the PAMified services --- so you could have programs like ‘ftpd’ or ‘xdm’ enforce a policy that restricted their use to members of arbitrary groups.

Finally note that most recent versions of SSH have PAM support enabled when they are compiled for Linux systems. Thus you may find, after you install any version of SSH, that you have an /etc/pam.d/ssh file. You may have to edit that to set some of your preferred SSH policies. There is also an sshd_config file (mine’s in /etc/ssh/sshd_config) that will allow you to control other ssh options).

In generall the process of using ssh works something like this:

  1. Install the sshd (daemon) package on your servers (the systems that you want to access)
  2. Install the ssh client package on your clients (the systems from which you’d like to initiate your connections).
  3. Generate Host keys on all of these systems (normally done for you by the installation).

…. you could stop at this point, and just start using the ssh and slogin commands to access your remote accounts using their passwords. However, for more effective and convenient use you’d also:

  1. Generate personal key pairs for your accounts.
  2. Copy/append the identity.pub (public) keys from each of your client accounts into the ~/.ssh/authorized_keys files on each of the servers.

This allows you to access those remote accounts without using your passwords on them. (Actually sshd can be configured to require the passwords AND/OR the identity keys, but the default is to allow access without a password if the keys work).

Another element you should be aware of is the “passphrases” and the ssh-agent. Basically it is normal to protect your private key with a passphrase. This is sort of like a password --- but it is used to decrypt or “unlock” your private key. Obviously there isn’t much added convenience if you protect your private key with a passphrase so that you have to type that every time you use an ssh/slogin or scp (secure remote copy) command.

ssh-agent allows you to start a shell or other program, unlock your identity key (or keys), and have all of the ssh commands you run from any of the descendents of that shell or program automatically use any of those unlocked keys. (The advantage of this is that the agent automatically dies when you exit the shell program that you started. That automatically “locks” the identity --- sort of.

There are alot of other aspects to ssh. It can be used to create tunnels, through which one can use all sorts of traffic. People have created PPP/TCP/IP tunnels that run through ssh tunnels to support custom VPNs (virtual private networks). When run under X, ssh automatically performs “X11 forwarding” through one of the these tunnels. This is particularly handy for running X clients on remote systems beyond a NAT (IP Masquerading) router or through a proxying firewall.

In other words ssh is a very useful package quite apart from its support for cryptographic authentication and encryption.

In fairness I should point out that there are a number of alternatives to ssh. Kerberos is a complex and mature suite of protocols for performing authentication and encryption. STEL is a simple daemon/client package which functions just like telnetd/telnet --- but with support for encrypted sessions. And there are SSL enabled versions telnet and ftp daemons and clients.