Thursday, October 13, 2016

We moved to new domain!! kerneltalks.com

Howdy readers! We have moved to new domain www.kerneltalks.com . If you have bookmarked this blog please update new URL. See yaa there! thumbnail 1 summary
Howdy readers!

We have moved to new domain www.kerneltalks.com. If you have bookmarked this blog please update new URL.

See yaa there!

Friday, October 7, 2016

How to check bad wrong login attempts in HPUX

Requirement : To check bad / wrong login attempts done on HPUX server. Howto : HPUX server logs all wrong logins information in  /var/... thumbnail 1 summary
Requirement :

To check bad / wrong login attempts done on HPUX server.

Howto :

HPUX server logs all wrong logins information in /var/adm/btmps file. This file is data file hence commands like cat, more wont work for this file. To read data within this file use below command


# /usr/sbin/acct/fwtmp -X < /var/adm/btmps > /tmp/badlogins.log


This will convert data in btmps file in human readable format (binary to ASCII). Later you can cat or more output file and investigate bad logins.


# cat /tmp/badlogins.log
root          pts/ta       12127  0 0000 0000 1190171137 0 Sep 19 11:05:37 2007 0 10.105.100.89 10.105.100.89
root          pts/tb       13964  0 0000 0000 1190174185 0 Sep 19 11:56:25 2007 0 10.105.100.89 10.105.100.89


Important fields here are :

  1. ID which tried to log in
  2. Terminal from which attempt was made
  3. Date time stamp when attempt was made
  4. IP from which attempt came to server (last field)

Thursday, October 6, 2016

Adding extra or secondary swap in HPUX

Freeimages When system runs low on memory and swap continuously, its time to troubleshoot. Even after troubleshooting and all available ... thumbnail 1 summary
Freeimages
When system runs low on memory and swap continuously, its time to troubleshoot. Even after troubleshooting and all available app/OS tuning you are still running out of memory then you can try
adding extra swap before you think of adding RAM to server which involves cost/resources of parent machine.

Step 1.

For adding extra swap check how much space you have available in root volume group vg00. Use vgdisplay command to get free PE and PE size numbers.


# /usr/sbin/vgdisplay vg00
--- Volume groups ---
VG Name                     /dev/vg00
VG Write Access             read/write
VG Status                   available
Max LV                      255
Cur LV                      9
Open LV                     9
Max PV                      16
Cur PV                      2
Act PV                      2
Max PE per PV               4384
VGDA                        4
PE Size (Mbytes)            16
Total PE                    6544
Alloc PE                    5978
Free PE                     566
Total PVG                   0
Total Spare PVs             0
Total Spare PVs in use      0


Here we have 566 free PE with 16MB size of each. This sums upto 8.8GB of free space in root vg. We can use space from this 8.8GB for adding extra swap.

Check current swap configuration


# /usr/sbin/swapinfo -tam
             Mb      Mb      Mb   PCT  START/      Mb
TYPE      AVAIL    USED    FREE  USED   LIMIT RESERVE  PRI  NAME
dev       43008       0   43008    0%       0       -    1  /dev/vg00/lvol2
reserve       -    1963   -1963
memory    40861    9261   31600   23%
total     83869   11224   72645   13%       -       0    -


Step 2.

Create new contiguous logical volume with no bad block relocation policy and size of your requirement. Lets make a LV of 2GB. 


# lvcreate -L 2048 -C y -r n /dev/vg00
Logical volume "/dev/vg00/lvol10" has been successfully created with character device "/dev/vg00/rlvol10"


Step 3.

Start swap on this lvol. Add -f argument to start forcefully if below command fails.

# swapon -p 1 /dev/vg00/lvol10


Step 4.

Edit /etc/fstab to mount this LV as swap on every boot. Add below entry :


/dev/vg00/lvol10 ... swap pri=1 0 1


Step 5.

Check again swap size.


# /usr/sbin/swapinfo -tam
             Mb      Mb      Mb   PCT  START/      Mb
TYPE      AVAIL    USED    FREE  USED   LIMIT RESERVE  PRI  NAME
dev       43008       0   43008    0%       0       -    1  /dev/vg00/lvol2
dev        2048       0    2048    0%       0       -    2  /dev/vg00/lvol10
reserve       -    1963   -1963
memory    40861    9261   31600   23%
total     85917   11224   74693   13%       -       0    -





Wednesday, October 5, 2016

Adding new storage LUN to integrity virtual machine (iVM) in HPUX

Steps to add new LUN into integrity virtual machine (iVM) in HPUX and use it within existing VG or create a new VG on it.In this process, s... thumbnail 1 summary
Steps to add new LUN into integrity virtual machine (iVM) in HPUX and use it within existing VG or create a new VG on it.In this process, storage luns are always presented to physical host server. from host they are attached to virtual guest server running on it.

Step 1.

Identify new LUN on HP iVM host server. When new LUN is presented to iVM, run ioscan command to scan new disks. Post ioscan, run insf command to make sure all available hardware has its related files created in kernel.


# ioscan -fnCdisk
# insf -e


Now your new LUN is identified in kernel. Match lun id in storage utility (syminq in case of EMC
storage, evainfo in case of HP EVA storage etc) and get related disk number. We are using agile naming convention here so lets take /dev/rdisk/disk10 & /dev/rdisk/disk11 are new identified disks.

Step 2.

Make disks LVM ready by using pvcreate.


# pvcreate /dev/rdisk/disk10
Physical volume "/dev/rdisk/disk10" has been successfully created.

# pvcreate /dev/rdisk/disk11
Physical volume "/dev/rdisk/disk11" has been successfully created.


Step 3.

Attach these disks to iVM (guest) which is running on host. Assume vmserver1 is our iVM here.


# hpvmmodify -P vmserver1 -a disk:avio_stor::disk:/dev/rdisk/disk10
# hpvmmodify -P vmserver1 -a disk:avio_stor::disk:/dev/rdisk/disk11


Step 4.

Once above commands are successful, disks are attached to iVM and needs to scan in guest. Login to iVM server and scan the new disks the same way we did in step 1 and 2 on host. Lets say those disks are identified as /dev/rdisk/disk2 & /dev/rdisk/disk3 on guest server. Observe those are identified as Virtual disk on vm.


disk 6 0/0/0/0.2.0 sdisk CLAIMED DEVICE HP Virtual Disk
/dev/dsk/c0t2d0 /dev/rdsk/c0t2d0

disk 8 0/0/0/0.3.0 sdisk CLAIMED DEVICE HP Virtual Disk
/dev/dsk/c0t3d0 /dev/rdsk/c0t3d0


Step 5.

Complete LVM tasks on these disks to use space in mount point.

To create new VG named vg01



# mkdir /dev/vg01
# mknod /dev/vg01/group c 64 0x010000
# vgcreate -s 64 -p 60 -e 12500 vg01 /dev/disk/disk2 /dev/disk/disk3
Volume group "/dev/vg01" has been successfully created.
Volume Group configuration for /dev/vg01 has been saved in /etc/lvmconf/vg01.conf

# lvcreate -L 200 /dev/vg01
Logical volume "/dev/vg01/lvol1" has been successfully created with
character device "/dev/vg01/rlvol1".

# newfs -F vxfs -o largefiles /dev/vg01/rlvol1
 version 7 layout
 204800 sectors, 204800 blocks of size 1024, log size 1024 blocks
 largefiles supported

# mkdir /data
# mount /dev/vg01/lvol1 /data


To extend current existing VG named vg02 & mount point /data1 within it



# vgextend vg02 /dev/disk/disk2 /dev/disk/disk3
Volume group "vg02" has been successfully extended.
Volume Group configuration for /dev/vg02 has been saved in /etc/lvmconf/vg02.conf

# lvextend -L 512 /dev/vg02/lvol1
Logical volume "/dev/vg02/lvol1" has been successfully extended.
Volume Group configuration for /dev/vg02 has been saved in /etc/lvmconf/vg02.conf

# fsadm -F vxfs -b 524288 /data1
vxfs fsadm: V-3-23585: /dev/vg02/rlvol1 is currently 7731200 sectors - size will be increased



Tuesday, October 4, 2016

HPUX Patch naming conventions

HP release OS patches for HPUX every 6 month i.e. twice a year. For smaller patches which are releases as on need basis HP follows below na... thumbnail 1 summary
HP release OS patches for HPUX every 6 month i.e. twice a year. For smaller patches which are releases as on need basis HP follows below naming conventions 

Patch name format is PHxx_yyyy

Where,

xx = area of patch
        CO : General HPUX commands
        KL : Kernel patches
        NE : Network specific patch
        SS : all other subsystem patches

yyyy = unique number

From patch name you will be able to guess area of its impact so that you can plan your activities accordingly.

Monday, October 3, 2016

Basics of LVM legends

LVM (logical volume manager) legends : PV is Physical Volume.   Any single disk / LUN on system is identified as PV. It can be raw or f... thumbnail 1 summary
LVM (logical volume manager) legends :

PV is Physical Volume. 
Any single disk / LUN on system is identified as PV. It can be raw or formatted with file system. Raw PV is referred as /dev/rdsk/c0t0d1 (legacy) or /dev/rdisk/disk1 (agile) whereas formatted one is referred as  /dev/dsk/c0t0d1 (legacy) or /dev/disk/disk1 (agile). Check PV name in below output as formatted device.


# vgdisplay -v vg00

--- Volume groups ---
VG Name                     /dev/vg00
VG Write Access             read/write
VG Status                   available
Max LV                      255
Cur LV                      13
Open LV                     13
Max PV                      16
Cur PV                      1
Act PV                      1
Max PE per PV               4355
VGDA                        2
PE Size (Mbytes)            32
Total PE                    4345
Alloc PE                    4303
Free PE                     42
Total PVG                   0
Total Spare PVs             0
Total Spare PVs in use      0

   --- Logical volumes ---
   LV Name                     /dev/vg00/lvol1
   LV Status                   available/syncd
   LV Size (Mbytes)            1024
   Current LE                  32
   Allocated PE                32
   Used PV                     1

   --- Physical volumes ---
   PV Name                     /dev/dsk/c3t0d0s2
   PV Status                   available
   Total PE                    4345
   Free PE                     42
   Autoswitch                  On
   Proactive Polling           On



PE is Physical Extent. 
Its smallest chunk of PV which can be used as block under file system. PV is consist of number of PEs. We always use PV names while using LVM commands. In above example PE size is set to 32MB & total 4345 PEs are available on disk.

VG is Volume Group. 
One or more PV come together to form a Volume Group. This grouping enables to slice down combined
storage capacity of disks to our choice of small volumes. In above example vg00 is volume group made up of single PV & its sliced down to 8 LV (only one shown in above exmaple)

LV is Logical Volume. 
Its a slice of volume group using some capacity of PV to form a smaller volume. Its basically used as a mount point /swap like drives (C:, D:) in Windows. We can see one LV in above example and its details.

LE is Logical Extent.
Same as PE, LE are smallest chunk of LV.

Below tables gives you idea about some numbers related to them:

LVs per VG  range : 1-255, default : 255
PVs per VG  range : 1-255, default : 16
PEs per VG   range : 1-66535 default : 1016

with above table, as max PE size is 64MB and 66,535 PEs max per VG, one can create max of 64x66353=4TB of file system.
     

Sunday, October 2, 2016

Account lock unlock status in Linux

Requirement : To check current password status of account in Linux Solution : 1. To check if account is locked or not. Below are two ... thumbnail 1 summary
Requirement :

To check current password status of account in Linux

Solution :

1. To check if account is locked or not.
Below are two examples of command outputs when account is locked and when account is not locked.


# passwd -S user1
user1 LK 2016-10-01 0 90 7 -1 (Password locked.)

# passwd -S user1
user1 PS 2016-10-01 0 90 7 -1 (Password set, MD5 crypt.)



# cat /etc/shadow |grep -i user1
user1:$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7:::   <--- Account is not locked

# cat /etc/shadow |grep -i user1
user1:!!$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7:::  <---Account is locked


2. Lock account manually.



# passwd -l user1
Locking password for user user1.
passwd: Success


3. Unlock account manually.



# passwd -u user1
Unlocking password for user user1.
passwd: Success.


Saturday, October 1, 2016

Password file commands

Here are the list of commands which can be used on /etc/passwd file. vipw This command is being used to edit /etc/passwd file manually... thumbnail 1 summary
Here are the list of commands which can be used on /etc/passwd file.

vipw
This command is being used to edit /etc/passwd file manually. It is not recommended to edit /etc/passwd file manually. All changes on user accounts should be carried out using commands like usermod. But in some scenario if you want to edit passwd file manually, then use this command. It opens file in vi editor and locks it for other users. So any other admin from any other terminal wont be able to open the file in editor for manual editing. This ensures integrity of file.

pwck 
To check integrity of /etc/passwd file this command can be used. Once executed it checks passwd files and its all fields. It reports any issues observed in the file e.g. if user directory does not exist on server, it will report it.


# /usr/sbin/pwck

[/etc/passwd] sfmdb:*:107:20::/home/sfmdb:/sbin/sh
        Login directory not found

[/etc/passwd] smmsp:*:109:20::/home/smmsp:/sbin/sh
        Login directory not found


pwconv
It generates /etc/shadow file which has user passwords in encrypted format under second field in each user entry. If /etc/shadow file already exist on system then this command will update relevant fields if there were any changes in /etc/passwd file. If your system is trusted (see tsconvert command) then user password database (Trusted Computing Database) is being maintained separately and /etc/shadow doesn't exist on system. In that case, this command will update the TCB accordingly.


# /usr/sbin/pwconv

Updating the tcb to match /etc/passwd, if needed.


pwunconv
It reverse the changes made by pwconv command.

Friday, September 30, 2016

UID range in hpux

UID is user identification number in kernel. UID distribution on HPUX system is as below : 0 : root user 1 to 100 : System accounts ... thumbnail 1 summary

UID is user identification number in kernel.

UID distribution on HPUX system is as below :


  • 0 : root user
  • 1 to 100 : System accounts
  • 101 to 60,000 : Normal users
  • Above 60,000 also you can create user but he/she wont be able to access any of system resources.



HPUX boot process

Its not fully detailed boot process. Its very short form of things happens during boot. To make it understand and remember (for interviews) ... thumbnail 1 summary
Its not fully detailed boot process. Its very short form of things happens during boot. To make it understand and remember (for interviews) easily!

1) PDC (processor dependent code) gets executed

  • Checks CPU
  • Checks stable storage for boot path
  • Loads ISL utilities from leaf area of boot disk
  • Here you can halt boot using ESC key and can run PO, SEA commands.

2) ISL (Initial system loader) gets loaded

  • Read AUTO file default kernel
  • Load and runs HPUX from LIF area
  • Here you can halt boot process and boot system into single user mode. U can provide diff options to SSL i.e. kernal vmunix. Like hpux –is, hpux –lq, hpux –lm

3) HPUX loads (Secondary system loader)

  • Uses options and path names from ISL to load kernel
  • And by default loads vmunix

4) After kernel vmunix gets loaded –

  • Swapper daemon starts with PID 0
  • Kernel runs /sbin/pre_init_rc
  • Kernel calls /sbin/init
  • /sbin/init reads /etc/inittab and calls –


  1. /sbin/ioinit – to scan hardware and build kernel io tree
  2. /sbin/bcheckrc – to check FS listed in /etc/fstab
  3. /sbin/rc – to start additional services like lp, cron, cde
  4. /usr/sbin/getty – to start n show login prompt to user.

Thursday, September 29, 2016

Run levels in HPUX at a glance

Current run level in HPUX can be identified using below command : # who -r    .       run-level 3  Jan 19 21:14    3    0    S The out... thumbnail 1 summary
Current run level in HPUX can be identified using below command :


# who -r
   .       run-level 3  Jan 19 21:14    3    0    S


The output fields are :
1. A dot (.) indicates that the terminal has seen activity in the last minute and is therefore          ``current''.
2. Current run level
3. Timestamp
4. Current state of init
5. The number of times that state has been previously entered
6. The previous state

List of run levels in HPUX

0 indicates shutdown state
S indicates single user mode booted to local console only with root FC (RO) mounted
s indicates same as S only current terminal acts as system console.
1 indicates single user mode with local FS (RW) mounted
2 indicates multi user state with CDE launched
3 indicates same as 2 but with NFS
4 indicates GUI (here VUE started instead of CDE)
5,6 indicates reserved state and not yet defined in kernel code.



Wednesday, September 28, 2016

How to restart NFS in HPUX

Requirement : To restart NFS server in HPUX How to do it : Please make a note that all exported NFS mount points will be unavailable t... thumbnail 1 summary
Requirement :

To restart NFS server in HPUX

How to do it :

Please make a note that all exported NFS mount points will be unavailable to all clients during this restart.

Image source : freeimages.com

Stop NFS

# /sbin/init.d/nfs.server stop
# /sbin/init.d/nfs.client stop
# /sbin/init.d/nfs.core stop

Start NFS

# /sbin/init.d/nfs.core start
# /sbin/init.d/nfs.client start
# /sbin/init.d/nfs.server start

Make sure you follow the sequence while stopping and starting as mentioned above.

Tuesday, September 27, 2016

bdf command formatted output in hpux

Requirement : bdf command output normally looks scattered especially when VG names are long. It will be difficult to grep out proper patt... thumbnail 1 summary
Requirement :

bdf command output normally looks scattered especially when VG names are long. It will be difficult to grep out proper pattern out of such output. Also, its not convenient to share this output over email/document when extra lines breaks exists.
In such scenarios, we need to have proper formatted output of bdf. Also sometimes we require output with all its column left aligned.


Solution :

To remove line breaks from bdf output and get single row per entry output

See below normal bdf output. Note that last 2 mount points has two line entry since filesystem column has long entry.


# bdf

Filesystem          kbytes    used   avail %used Mounted on
/dev/vg00/lvol3    2097152  737416 1349304   35% /
/dev/vg00/lvol1    1048576  206160  835928   20% /stand
/dev/vg00/lvol8    8388608 5475640 2902568   65% /var
/dev/vg00/lvol7    8388608 4655256 3713000   56% /usr
/dev/vg00/lvol4    2097152 1052368 1036888   50% /tmp
/dev/vg00/lvol6    8388608 6675168 1700112   80% /opt
/dev/vg00/lvol5     524288   49360  471256    9% /home
testserver01:/data
                   50574008 4541896 43463104    9% /data
/dev/vgdata/lvol1
                   918421504 591931608 306084338   66% /datastore


Now with inline awk we format the output to have one entry per row. Check below command output.


# bdf | awk '{if (NF==1) {line=$0;getline;sub(" *"," ");print line$0} else {print}}'

Filesystem          kbytes    used   avail %used Mounted on
/dev/vg00/lvol3    2097152  737408 1349312   35% /
/dev/vg00/lvol1    1048576  206160  835928   20% /stand
/dev/vg00/lvol8    8388608 5475640 2902568   65% /var
/dev/vg00/lvol7    8388608 4655256 3713000   56% /usr
/dev/vg00/lvol4    2097152 1052368 1036880   50% /tmp
/dev/vg00/lvol6    8388608 6675168 1700112   80% /opt
/dev/vg00/lvol5     524288   49360  471256    9% /home
testserver01:/data 50574008 4541896 43463104    9% /data
/dev/vgdata/lvol1 918421504 591931608 306084338   66% /datastore


To get left aligned bdf output

In above output, columns are not aligned properly. We can even do that with below argument.


# bdf | awk '/\//{printf("%-30s%-10s%-10s%-10s%-5s%-10s\n",$1,$2,$3,$4,$5,$6)}'

/dev/vg00/lvol3               2097152   737408    1349312   35%  /
/dev/vg00/lvol1               1048576   206160    835928    20%  /stand
/dev/vg00/lvol8               8388608   5472792   2905392   65%  /var
/dev/vg00/lvol7               8388608   4655256   3713000   56%  /usr
/dev/vg00/lvol4               2097152   1052368   1036888   50%  /tmp
/dev/vg00/lvol6               8388608   6675168   1700112   80%  /opt
/dev/vg00/lvol5               524288    49360     471256    9%   /home


Please make a note that this awk wont remove any line breaks from output. So one can combine (with pipe |) both awk to get left aligned output with line breaks removed.

Left aligned output with line breaks removed!


# bdf | awk '{if (NF==1) {line=$0;getline;sub(" *"," ");print line$0} else {print}}' |awk '/\//{printf("%-30s%-10s%-10s%-10s%-5s%-10s\n",$1,$2,$3,$4,$5,$6)}'
/dev/vg00/lvol3               2097152   737408    1349312   35%  /
/dev/vg00/lvol1               1048576   206160    835928    20%  /stand
/dev/vg00/lvol8               8388608   5481008   2897240   65%  /var
/dev/vg00/lvol7               8388608   4655256   3713000   56%  /usr
/dev/vg00/lvol4               2097152   1052368   1036888   50%  /tmp
/dev/vg00/lvol6               8388608   6675168   1700112   80%  /opt
/dev/vg00/lvol5               524288    49360     471256    9%   /home
testserver01:/data            50574008  4541896   43463104  9%   /data
/dev/vgdata/lvol1             918421504 591931608 306084338 66%  /datastore

 



Monday, September 26, 2016

How to change sender's email id in EMS HPUX

Requirement : Normally in Event monitoring system on HPUX send an emails with sender id as root@ hostnam e. Many organizations email serve... thumbnail 1 summary
Requirement :

Normally in Event monitoring system on HPUX send an emails with sender id as root@hostname. Many organizations email servers dont allow such email address in sender field. We need generic email id in sender field when EMS shoots an alert email something like notification@xyz.com

Workaround :

There is no provision to change this email id anywhere in HPUX or EMS configurations. You can use below workaround which works perfectly without any issues.

Step 1 :
Make sure you have valid email address (like notification@xyz.com) for your logged in account which works. Send a test email from server to verify using below command


# echo test | sendmail -v receiver_id@xyz.com


Image source : freeimages.com

Step 2 :
Setup crontab for above logged in account (for which email tested) which will execute EMS log scanner script every 30 minutes. As per your convenience you can even schedule it to run every 10 mins or even lower.


00,30 * * * * /scripts/ems_monitor.sh



Step 3:
Script code is as below.


# Script to scan EMS log file and email alert if any
# Author : Shrikant Lavhate
#! /bin/bash
if [ -f "/logs/event_monitor.log" ]
then
:
else
cp -p /var/opt/resmon/log/event.log /logs/event_monitor.log
fi
diff /logs/event_monitor.log /var/opt/resmon/log/event.log > /logs/logfile_difference
if [ -s "/logs/logfile_difference" ]
then
cat /logs/logfile_difference | grep  '^>'|cut -c 2-  | mailx -s "EMS monitor alert from `hostname`" receiver_id@xyz.com
fi
cp -p /var/opt/resmon/log/event.log /logs/event_monitor.log


Step 4:
Now you can test the script by generating test events in EMS. Generate test event with send_test_event command. You will receive test events from admin@hostname email id which is normal. Now run above script and you will receive same email with sender id as notification@xyz.com !!


Friday, September 23, 2016

How to generate CSR file for SSL request on Linux

CSR is Certificate Signing Request file. It will be generated on server on which the SSL certificate will be used. This file contains detai... thumbnail 1 summary
CSR is Certificate Signing Request file. It will be generated on server on which the SSL certificate will be used. This file contains details about organization and URL in encrypted format. Whenever you approach any vendor for getting SSL certificate for your webserver, you have to submit this CSR file to them. Based on information in this CSR file your certificate will be generated. 

Steps :

1. Login to server on which certificate will be used.

Image source : freeimages
2. Run below command to generate 2048 bit key file with name myfile.key. This key file will be used for generation of CSR. This command will ask you for a password which will be assigned within key file. Use password of your choice. This password you need to supply while generating CSR.


# openssl genrsa -des3 -out myfile.key 2048


3. Now genrate CSR file using the key file we generated in above step.


# openssl req -new -key myfile.key -out myfile.csr -sha256


Note that sha256 will generate CSR with SHA2 algorithm which is preferred normally. If -sha256 argument is not given, CSR will be generated with SHA1 which is outdated and normally not preferred.

4. Command will ask you key file password along with below information.



Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:


5. Once you get CSR file, you cat check its using cat. Its bunch of encrypted code which you can even decode and check information within on this link. If there is any typo in data you can regenerate CSR before submitting to vendor.


Wednesday, September 21, 2016

How to remove password expiry in linux

Requirement : To set never expire attribute on account password. Some applications/users are required to have same password for longer dur... thumbnail 1 summary
Requirement :

To set never expire attribute on account password. Some applications/users are required to have same password for longer duration. This requires them to exit from system wide password expiry policy. So that those accounts can run lifetime without need of changing their passwords.

Image source : freeimages


How to do it :

Check account's current policy.


# chage -l testuser

Last password change                                    : Sep 01, 2016
Password expires                                        : Oct 04, 2016
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 33
Number of days of warning before password expires       : 7


Here second line shows when password is expiring post which user will be prompted to set new password. Set password to never expire with below command


# chage -M -1 testuser


Verify changes


# chage -l testuser

Last password change                                    : Sep 01, 2016
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 33
Number of days of warning before password expires       : 7


Get list of desired LUN id from powermt output

Requirement : You have a list of disk names from OS end and you need to get their respective LUN ids from powermt output. This ... thumbnail 1 summary
Requirement :

You have a list of disk names from OS end and you need to get their respective LUN ids from powermt output.

This requires manual work of searching each disk name in powermt output and then copying its respective LUN id. Typically these two lines you are interested in output.

Pseudo name=emcpoweraa
Symmetrix ID=000549754319
Logical device ID=03C4
If you have list of disks to search its a tedious task.

Image source : freeimages


Solution :

Get ouput of powermt in a file


# powermt display dev=all > powermt.old


Get all disk names in one file e.g. test.txt
Run a for loop which will get LUN id of each disk described in file.


# for i in `cat test`
do
cat powermt.old |grep -A 2 $i|grep Logical|awk '{print $3}'|cut -d= -f2
done


You will be presented with the list of LUN ids for respective disks in the test.txt file!

Vice versa: Get disk names by giving LUN ids in text.txt file.


# for i in `cat test`
do 
cat powermt.old |grep -B 2 $i|grep Pseudo|awk '{print $2}'|cut -d= -f2
done



Wednesday, March 16, 2016

Processes using high memory or cpu using unix95

 Listing of processes who are using high memory : UNIX95= ps -eo sz,comm,args | sed 1d | sort -rn | head -10|awk '{size=$1/1024; pri... thumbnail 1 summary

 Listing of processes who are using high memory :


UNIX95= ps -eo sz,comm,args | sed 1d | sort -rn | head -10|awk '{size=$1/1024; printf("%dMb %s\n", size,$2);}'| more


 or


UNIX95= ps -eo vsz,comm,args | sed 1d | sort -rn | more


 Listing of processes who are using high CPU:


UNIX95= ps -e -o "vsz pcpu ruser pid stime time state args" | sort -rn |head -10



How to restore nagios configuration from backup

Requirement : You messed up some configuration in nagios and need to revert back to last known good configuration. Solution: Navigate ... thumbnail 1 summary
Requirement :

You messed up some configuration in nagios and need to revert back to last known good configuration.

Solution:

Navigate to the directory where nagios configuration backups are kept. Normally they should be in gunzip format.

Once inside that directory run restore command.

# check_mk --restore check_mk.11-Mar-2016.tar.gz

After restore to make sure ownership is well in place, run below command

# chown -R apache:nagcmd /etc/check_mk/conf.d/wato/

Lastly restart nagios to take up restored configuration.

# check_mk -R --restart nagios-check_mk

How to remove password expiry in HPUX HP Unix

Requirement : To set never expire attribute on account password. Some applications/users are required to have same password for longer du... thumbnail 1 summary
Requirement :

To set never expire attribute on account password. Some applications/users are required to have same password for longer duration. This requires them to exit from system wide password expiry policy. So that those accounts can run lifetime without need of changing their passwords.

Image source : freeimages


How to do it :



/usr/lbin/modprpw -m exptm=-1  username
/usr/lbin/modprpw -m expwarn=-1  username
/usr/lbin/modprpw  -m lftm=-1  username
/usr/lbin/modprpw  -m mintm=-1  username



Highest size files in mount point

Command to search and display files with high utilization in a mount point. #du -a /tmp | sort -nr | cut -f2 | xargs du -s | head -n 10 ... thumbnail 1 summary
Command to search and display files with high utilization in a mount point.


#du -a /tmp | sort -nr | cut -f2 | xargs du -s | head -n 10


Replace /tmp with mount point of your choice and run command.