The last post, was used to chmod a list of home directory.
I used another application for that ‘for..do’ loop again… it’s climbing my favorite script command list.. 
second only to ‘while…do’..
for X in `ls -last | grep 2006 | awk ‘{print $9}’`
do
rm -rf $x
done
bye bye 2006 directories!
/proc is a pseudo-filesystem used to access process information from the kernel. It doesn’t use any storage space and uses little memory. On Linux, you can sometimes make modifications to the running kernel by modifying “files” in /proc.
If / is full, run a command similar to the following to sort all files in the / file system by size:
find / -xdev -ls | sort -n -k 7
“-xdev” limits the find command to the root file system.
This will only look for files found in the root and will not includes those partitions that are defined in /etc/vfstab | /etc/fstab file, those listed when `df -k` is executed:
/dev/md/dsk/d0 2058319 1016097 980473 51% /
/dev/md/dsk/d3 2058319 1801793 194777 91% /var
etc .. etc..
Thanks Brandon!
Brandon H. - Senior UNIX Systems Engineer for an application services provider in Minneapolis, MN.
Solaris (and other OS) allows the use of Virtual IP. Virtual interface or logical interface allows an Operating system with only one (1) network device to have multiple numbers of IP address.
The Problem
Got a page today, just now that one of our managed server went down. It’s a ping/connectivity page.
Logged in to console and investigate. It turns out that the UNIX box is multi-IP’d box. It has a virtual IP and looks like the one that gave out the ping notification is the virtual IP.
Corrective Action
Simple create the missing IP address using a virtual interface. Virtual interface allow a single ethernet interface to listen on additional IP addresses.
Check the existing network IP configuration of the UNIX box:
UNIX-Box(AP)#ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 165.20.21.4 netmask fffffff0 broadcast 65.201.212.47
ether 0:3:ba:3d:ba:99
qfe3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 12.3.55.22.6 netmask ffff0000 broadcast 172.31.255.255
ether 0:3:ba:3d:ba:99
You have to have the info you need to re-create the virtual IP. In this case, it’s the network IP: 12.3.55.22.12To create the Virtual interface:
ifconfig qfe0:1 plump
ifconfig qfe0:1 12.3.55.22.12 up
You can set the IP address of the interface to 192.168.1.15 and turn on the interface with the following command:ifconfig hme0:1 192.168.1.15 up
Unless you do some additional nonstandard things in your network, all of the subinterfaces on a physical interface need to be in the same subnet.
To make the virtual interface persist following a reboot, you can add the ip address or hostame from /etc/hosts in the file /etc/hostname.hme0:1
Disabling / Removing Virtual Interface
The example above shows how to create a virtual interface using the ‘plumb‘ command. In the same way, in order to remove a virtual interface (and subsequently the IP) the interface is unplumbed using the ‘unplumb’ directive.
To remove the virtual interface eri1:7, run the following command as root:
ifconfig eri1:7 unplumb
Final Words
Any other things we can do with virtual IP?
Here’s a common problem that our users complains about:
The Problem
When they telnet or ssh or connect to a remote host, the backspace key doesn’t seem to work. When pressed, all it shows are caret characters but it does not erase.
The Solution
Here’s one way of solving it…
It should now work. 
Read the man page of stty for more information.
In a Linux system (and in Solaris 5.8, 5.9, 10, Solaris in general apparently), there are two (identical? opposite?) commands that are very easy enough to remember. How is that? Well, first the command names speak for itself or do exactly what it is called. What are those commands? Well, they are:
more and and less.
more
The more command is a filter for paging through text one screenful at a time. For example if your viewing one large text file, you could use more to view the content of the file one screenfull at a time.
# more /path/to/file/filename
more also has an interactive mode that uses the commands based on vi. So if you’re viewing a file using more, it will pause on the first screenfull and just in case you would want to ’search’ for a particular string you could use the slash (’/') or the question mark (’?') just like you would if you’re using vi.
less
The command less, is just like more but unlike more which only goes one way, less allows backward movement in the file as well as forward movement.
Also, since more is a lot primitive than less, less also has tons of command line options. See it’s man pages for details.
A request from a colleague was to check if there are traffic coming from a specific host to the local host. Both are running Solaris Unix, one is an Ultra5 (pretty old) and a Sparc Ultra 250, still old.
specific interface
There are many commands used by many UNIX admins to monitor network traffic going to and from a specific UNIX box.
Here are some of them:
It all depends on the admin’s approach and the required information that needs to be gathered.
In our case here snoop serves the purpose very well.
“Snoop” capture and inspect network packets. It captures both TCP and UDP traffic. It is a tool that is shipped with Solaris.
Here’s a sample output we did on the Unix box:
# snoop
Using device /dev/hme (promiscuous mode)
server40 -> serverfs01 TCP D=49678 S=22 Ack=3304463642 Seq=13090730 Len=80 Win=24820
serverfs01 -> server40 TCP D=22 S=49678 Ack=13090810 Seq=3304463642 Len=0 Win=24820
serverws12 -> server40 NIS C MATCH 149.122.32.31 in hosts.byaddr
server40 -> serverws12 NIS R MATCH OK
From
TCP D=49678 S=22
TCP packet with source port of 22 (ssh) and destination of 49678 (some application)
Here’s link for other third party software used in monitoring network traffic.
fsck is the command used in UNIX for checking filesystem for any inconsistencies, usually caused by abnormal shutdown. These abnormal shutdown may be caused by some hardware failure or power failure.
fsck also has options to repair filesystem as well.
Syntax:
fsck [ -F fstype] [-V] [-yY] [-o options] special
-F fstype type of file system to be repaired ( ufs , vxfs etc)
-V verify the command line syntax but do not run the command
-y or -Y Run the command in non interactive mode - repair all errors encountered without waiting for user response.
-o options Three options can be specified with -o flag
b=n where n is the number of next super block if primary super block is corrupted in a file system .
p option used to make safe repair options during the booting process.
f force the file system check regardless of its clean flag.
Most *NIX machines has fsck, but special attention should be made when dealing with Sparc hardware or Solaris UNIX in general.
When doing fsck, make sure that you are checking the ‘raw’ device and not just the logical disk.
Check this out to determine the raw device of a solaris server. We’ll post more of the topic soon.
Vmstat, or virtual memory statistics, is one of the useful UNIX command an administrator can (always) use to check the performance of a server. This is specially useful to determine how a particular UNIX box is doing during it’s peak usage time. It shows information about various system resources and their related performance problems.
An example output of this command is shown below:
% vmstat 1 8 Write a report every second for 5 seconds. procs memory page faults cpu – — ——– —- —- r b avm fre re pi po fr sr cy in sy cs us sy id wa 1 0 4680 365 0 0 0 1 3 0 123 102 75 0 2 97 1 1 0 4680 364 0 0 0 0 0 0 121 86 67 0 3 76 21 1 0 4680 364 0 0 0 0 0 0 114 70 28 1 0 99 0 1 0 4680 364 0 0 0 0 0 0 123 70 32 2 0 98 0 1 0 4680 364 0 0 0 0 0 0 114 74 28 1 0 99 0 1 0 4680 364 0 0 0 0 0 0 113 84 67 0 21 69 10 1 0 4680 364 0 0 0 0 0 0 127 78 56 8 9 82 1 1 0 4680 364 0 0 0 0 0 0 119 91 71 0 3 86 11
That is a lot of numbers. What does the out of VMSTAT means anyway?
In a Nutshell
The command produces information (for the least) about virtual memory (swap), CPU usage, and disk usage. In my case, most of the stats that I frequently checked when users complain are CPU and memory usage.
The Details
There are five main column in a vmstat output - proc, memory, paging, faults, CPU.
The first two columns under procs (or kernel thread on some UNIX) show the number of processes on the system.
(more stuff here….)
The Syntax
The command vmstat takes two arguments, one for how long to wait between reports and the second for how many reports to write out before quitting.
Example:
# vmstat 1 8
produces 8 output (lines) in every one second interval. Omitting the second argument, vmstat will not stop displaying output on the screen until a break is sent (usually CNTRL+D or Z or C)
Final Words
Read some more.
You should check out vmstat’s man page (man vmstat command) to get the details for your system. Since usage and output may vary from one operating system to another.
For the UNIX side of things, we’ll try to feature one command a week that is commonly used in system/user administration on a UNIX box. If anyone wants to contribute more, then we may do one command every two days or ‘Unix Command for the day’. Something like that.
For today, it’s all about getent.
getent is short for Get Entries. The command suppose to get entries from an administrative database. This database can be passwd, group, hosts, ipnodes, services, protocols, ethers, network or netmasks.
For each of these databases, getent uses the appropriate library routines described in getpwnam, getgrnam, gethostbyaddr, gethostbyname, getipnodebyaddr, getipnodebyname, getservbyname, getprotobyname, ethers(3SOCKET), and getnetbyname(3SOCKET), respectively.
getent prints out the database entries that match each of the supplied keys, one per line, int the format of the matching administrive file: Examples, passwd, group, hosts, etc….
Example: To check if a user dpusp or information about the TIT group:
# getent
usage: getent database [ key … ]
# getent passwd dpusp
dpusp:x:7781:500::/export/home/TIT/dpusp:/bin/sh
#
# getent group TIT
TIT::500:adleo,gfish,rpesc,ftpoper,amkor
#
There.
