Better late to mention than never.. .

Monday, May 5 at 10 a.m. PT is the live webcast from CommunityOne, where Sun will launch the new, free and easy-to-use OpenSolaris OS, a leading-edge open source release with world-class support and unique, innovative features.

Mark your calendar.. sabagay, bukas na eto.. hehehe

Arlo Gilbert

Zettabyte File System (ZFS) is claiming to be “The Most Advanced File System on the Planet”!! I think even Mr. iDownload, Arlo Gilbert, the IT Pro, himself will approve of the idea.. as well as the other Arlo Gilbert well, at least I think he wont.

What is ZFS?

ZFS is a proprietary file system from Solaris ZFS is a file system designed and developed by Sun MIcrosystem for Solaris Operating System. ZFS or Zettabyte File System will solve all of the problem any administrator encountered in a filesystem.

In a nut shell, a ZFS kind of like represent a virtual storage pool. Virtual meaning you will be able to grow or shrink file systems very easily by simply adding new physical disks to this pool.

Concept is still the same as any virtual logical volume. Virtual logical volume wherein you configure a bunch of disk to be one super big disk and you group it in volumes/partitions to be used by the system. Having added 10 more physical disks to the pool for example, you’ll be able to decide which filesystems you want to grow.

Here are some qoutes quotes from Sun Microsystem documentation about ZFS:

Physical storage can be added to or removed from storage pools dynamically, without interrupting services, providing new levels of flexibility, availability, and performance.

In scalability,

Solaris ZFS is a 128-bit file system. Its theoretical limits are truly mind-boggling —2¹²⁸ bytes of storage, and 2⁶⁴ for everything else such as file systems, snapshots, directory entries, devices, and more.

And the improvement of RAID-5, which is RAID-Z,

… which uses parity, striping, and atomic operations to ensure reconstruction of corrupted data.

Say ‘atomic operations’ ?? Wah that?!

For more info about Solaris ZFS, check out Sun’s page about it.

Got a page on an error today:

Error, DISK_SPACE:/var - hostname - UNIX - EMAIL - 100% full, 0MB free, 722MB total

Did a quick ‘du’ on /var filesystem and found out the culprit directory:

# du -sk * | sort -rn | more
232013 preserve
222272 tmp
62607 sadm
58204 cfengine
44270 spool
40355 adm
510 cron
503 orca
343 apache

Read the rest of this entry »

This is sort of like a follow up on my DST patch post

How do I change the timezone on my Solaris server/workstation?

Solution

a) Edit /etc/TIMEZONE
NOTE: the man page incorrectly states this file is called /etc/timezone
b) Reboot your server with shutdown or init.

Examples
——–
US/Eastern
US/Central
US/Mountain
US/Pacific

For the full list, look in:
/usr/share/lib/zoneinfo/

Will be doing a DST patch tonight around 9:00pm tonight for Sydney servers.

Basically, what needs to be done is to donwload the timezone data patch (109809-09), unzip and install.

Installing patch:

Installing the patch is as simple as executing ‘patchadd’. Since this will be on a Solaris 5.8, I’ll just be doing

#patchadd /path/to/patch/dir/109809-09

README says:

Read the rest of this entry »

Got a request to reset a password of one of the development server’s account today. Apparently, one of the batch operators, mistyped the password one to many… It was locked.

It was an LDAP environment and the SOP is to change the password to a pre-defined default password and then the user will be the one he wants (Anyway, the user has no choice, once he puts the  initial password he will be prompted to change it)

The problem is, the server wont allow him to use his old password. He wants to use it again since, he’s not the only one who uses that (group) account and changing it to his own, well, he have to tell it to everyone else who’s using the account.. and from what I’ve heard they are more than a handful.

Anyway, to help him, I checked the /etc/default/passwd and took a peek at HISTORY’s value. The number here shows how many password the system will remembers (root not included of course). It was set to 10.

Set it temporary to ‘0′ and changed the password. After confirming that all is good, changed the HISTORY parameters of /etc/default/passwd back to ‘10′ , which is apparently our SOP on password history.

(Machine was a solaris sparc with Solaris 8.10)

Yep, this is a dummy’s reference… I keep on forgetting the syntax so I might as well put it here for my own reference…

vi is the one, if not the most popular text editor available for a System Administrator on a UNIX and UNIX-like machines.

It has two modes, command and editor mode.

Here are some syntax in using the Search and Replace in ‘vi’.

Search:

The most basic and most easily remembered command for searching is vi is slash or ‘/’ followed by the character being searched. That’s for forward searching. For backward, vi use ‘?’ followed by the string being searched.

To go to the next occurrance of the string being searched, vi use ‘n’ command. Doesn’t matter if your searching forward (from up, down) or backward, from down to top.

Example:

(you have to be in command mode… press ESC first)

/search_string

?search_string

Search and Replace

For search and replace, use the syntax

:%s/original/replaced/g

Make sense?
Any command that begins with a “:” is called a line mode command and performs its duty on the line the cursor is currently on.

The above syntax serves my purpose now… If I want to replace text in certain ranges.. syntax can be found here

Solaris (and other OS) allows the use of Virtual IP. Virtual interface or logical interface allows an Operating system with only one (1) network device to have multiple numbers of IP address.

The Problem

Got a page today, just now that one of our managed server went down. It’s a ping/connectivity page.

Logged in to console and investigate. It turns out that the UNIX box is multi-IP’d box. It has a virtual IP and looks like the one that gave out the ping notification is the virtual IP.

Corrective Action

Simple create the missing IP address using a virtual interface. Virtual interface allow a single ethernet interface to listen on additional IP addresses.

Check the existing network IP configuration of the UNIX box:

UNIX-Box(AP)#ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 165.20.21.4 netmask fffffff0 broadcast 65.201.212.47
ether 0:3:ba:3d:ba:99
qfe3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 12.3.55.22.6 netmask ffff0000 broadcast 172.31.255.255
ether 0:3:ba:3d:ba:99

You have to have the info you need to re-create the virtual IP. In this case, it’s the network IP: 12.3.55.22.12To create the Virtual interface:

 ifconfig qfe0:1 plump
ifconfig qfe0:1  12.3.55.22.12 up

You can set the IP address of the interface to 192.168.1.15 and turn on the interface with the following command:ifconfig hme0:1 192.168.1.15 up

Unless you do some additional nonstandard things in your network, all of the subinterfaces on a physical interface need to be in the same subnet.

To make the virtual interface persist following a reboot, you can add the ip address or hostame from /etc/hosts in the file /etc/hostname.hme0:1

Disabling / Removing Virtual Interface

The example above shows how to create a virtual interface using the ‘plumb‘ command. In the same way, in order to remove a virtual interface (and subsequently the IP) the interface is unplumbed using the ‘unplumb’ directive.
To remove the virtual interface eri1:7, run the following command as root:

ifconfig eri1:7 unplumb

 Final Words

Any other things we can do with virtual IP?

In the Monitoring User Login post, the commands and files that are related in tracking user activities are discussed.

Here are some ways of covering your fingerprints on a server using the files that monitors user logins.

We want to erase any trace that will show that we were inside the box. In doing so we’ll just:

cat /dev/null > <file>

Lastlog file

Clear out the last log file if you’re using an existing user from the box. Lastlogin file shows when and where a particular user last login from.

login: razile
Password:

Last login: Fri Oct 21 21:50:02 2007 from 210.2.9.1
Sun Microsystems Inc. SunOS 5.9 Generic May 2002
razile@unix-box %

Erase that if you don’t want the admin see where you last login from (IP, hostname, time etc)

cat /dev/null > /var/adm/lastlogin

After clearing the lastlog file, comparing the first login and the second one:

(first login)

Last login: Thu Nov  1 21:33:41 2007 from 210.23.109.1
Sun Microsystems Inc.   SunOS 5.9       Generic May 2002
user@server->

(after deletion)

 Sun Microsystems Inc.   SunOS 5.9       Generic May 2002
bash: unalias: `e’: not an alias
user@server->

wtmpx/tmpx files

If you want to check those users who logged in to a Unix box, type in ‘last’

UnixBox# last | more
root        pts/21       101.221.224.61    Sat Nov  3 11:38   still logged in
sitescp   pts/20       19.168.128.132  Sat Nov  3 07:00   still logged in
root        pts/23       101.221.224.51    Sat Nov  3 05:05   still logged in
root        pts/22       101.221.224.51    Sat Nov  3 05:05   still logged in
paladel    pts/22       14.122.4.99     Fri Nov  2 14:33 - 15:32  (00:59)
boy1        pts/26       14.122.4.67     Fri Nov  2 13:22 - 14:50  (01:28)
boy2        pts/26       14.122.4.67     Fri Nov  2 13:20 - 13:22  (00:02)

You’ll see the user who was logged in, the terminal used, the IP where he came from the date or duration of his activity in the server.

That is a lot of information, so in covering up your track, delete or zero out the files that stores these information

cat /dev/null > /var/adm/wtmpx
cat /dev/null > /var/adm/tmpx

After doing so, you’ll get this when doing ‘last’

# cat /dev/null > /var/adm/wtmpx
# last | more

wtmp begins Sun Nov  4 00:41
#

You could also zero out the /var/adm/messages if you’re really paranoid.

Of course doing these is like shouting and telling the whole universe that you were there.

These are just a few to cover you track… Do you have any additions? Or any tips in covering the intrusion without knowing that you were there?

In a Linux system (and in Solaris 5.8, 5.9, 10, Solaris in general apparently), there are two (identical? opposite?) commands that are very easy enough to remember. How is that? Well, first the command names speak for itself or do exactly what it is called. What are those commands? Well, they are:

more and and less.

more

The more command is a filter for paging through text one screenful at a time. For example if your viewing one large text file, you could use more to view the content of the file one screenfull at a time.

# more /path/to/file/filename

more also has an interactive mode that uses the commands based on vi. So if you’re viewing a file using more, it will pause on the first screenfull and just in case you would want to ’search’ for a particular string you could use the slash (’/') or the question mark (’?') just like you would if you’re using vi.

less

The command less, is just like more but unlike more which only goes one way, less allows backward movement in the file as well as forward movement.

Also, since more is a lot primitive than less, less also has tons of command line options. See it’s man pages for details.