Howdy readers!
We have moved to new domain www.kerneltalks.com. If you have bookmarked this blog please update new URL.
See yaa there!
Thursday, October 13, 2016
9:44:00 AM
Friday, October 7, 2016
How to check bad wrong login attempts in HPUX
Requirement :
To check bad / wrong login attempts done on HPUX server.
Howto :
HPUX server logs all wrong logins information in /var/adm/btmps file. This file is data file hence commands like cat, more wont work for this file. To read data within this file use below command
This will convert data in btmps file in human readable format (binary to ASCII). Later you can cat or more output file and investigate bad logins.
Important fields here are :
To check bad / wrong login attempts done on HPUX server.
Howto :
HPUX server logs all wrong logins information in /var/adm/btmps file. This file is data file hence commands like cat, more wont work for this file. To read data within this file use below command
# /usr/sbin/acct/fwtmp -X < /var/adm/btmps > /tmp/badlogins.log
This will convert data in btmps file in human readable format (binary to ASCII). Later you can cat or more output file and investigate bad logins.
# cat /tmp/badlogins.log
root pts/ta 12127 0 0000 0000 1190171137 0 Sep 19 11:05:37 2007 0 10.105.100.89 10.105.100.89
root pts/tb 13964 0 0000 0000 1190174185 0 Sep 19 11:56:25 2007 0 10.105.100.89 10.105.100.89
Important fields here are :
- ID which tried to log in
- Terminal from which attempt was made
- Date time stamp when attempt was made
- IP from which attempt came to server (last field)
Thursday, October 6, 2016
Adding extra or secondary swap in HPUX
 |
| Freeimages |
adding extra swap before you think of adding RAM to server which involves cost/resources of parent machine.
Step 1.
For adding extra swap check how much space you have available in root volume group vg00. Use vgdisplay command to get free PE and PE size numbers.
# /usr/sbin/vgdisplay vg00
--- Volume groups ---
VG Name /dev/vg00
VG Write Access read/write
VG Status available
Max LV 255
Cur LV 9
Open LV 9
Max PV 16
Cur PV 2
Act PV 2
Max PE per PV 4384
VGDA 4
PE Size (Mbytes) 16
Total PE 6544
Alloc PE 5978
Free PE 566
Total PVG 0
Total Spare PVs 0
Total Spare PVs in use 0
Here we have 566 free PE with 16MB size of each. This sums upto 8.8GB of free space in root vg. We can use space from this 8.8GB for adding extra swap.
Check current swap configuration
# /usr/sbin/swapinfo -tam
Mb Mb Mb PCT START/ Mb
TYPE AVAIL USED FREE USED LIMIT RESERVE PRI NAME
dev 43008 0 43008 0% 0 - 1 /dev/vg00/lvol2
reserve - 1963 -1963
memory 40861 9261 31600 23%
total 83869 11224 72645 13% - 0 -
Step 2.
Create new contiguous logical volume with no bad block relocation policy and size of your requirement. Lets make a LV of 2GB.
# lvcreate -L 2048 -C y -r n /dev/vg00
Logical volume "/dev/vg00/lvol10" has been successfully created with character device "/dev/vg00/rlvol10"
Step 3.
Start swap on this lvol. Add -f argument to start forcefully if below command fails.
# swapon -p 1 /dev/vg00/lvol10
Step 4.
Edit /etc/fstab to mount this LV as swap on every boot. Add below entry :
/dev/vg00/lvol10 ... swap pri=1 0 1
Step 5.
Check again swap size.
# /usr/sbin/swapinfo -tam
Mb Mb Mb PCT START/ Mb
TYPE AVAIL USED FREE USED LIMIT RESERVE PRI NAME
dev 43008 0 43008 0% 0 - 1 /dev/vg00/lvol2
dev 2048 0 2048 0% 0 - 2 /dev/vg00/lvol10
reserve - 1963 -1963
memory 40861 9261 31600 23%
total 85917 11224 74693 13% - 0 -
Wednesday, October 5, 2016
Adding new storage LUN to integrity virtual machine (iVM) in HPUX
Steps to add new LUN into integrity virtual machine (iVM) in HPUX and use it within existing VG or create a new VG on it.In this process, storage luns are always presented to physical host server. from host they are attached to virtual guest server running on it.Step 1.
Identify new LUN on HP iVM host server. When new LUN is presented to iVM, run ioscan command to scan new disks. Post ioscan, run insf command to make sure all available hardware has its related files created in kernel.
# ioscan -fnCdisk
# insf -e
Now your new LUN is identified in kernel. Match lun id in storage utility (syminq in case of EMC
storage, evainfo in case of HP EVA storage etc) and get related disk number. We are using agile naming convention here so lets take /dev/rdisk/disk10 & /dev/rdisk/disk11 are new identified disks.
storage, evainfo in case of HP EVA storage etc) and get related disk number. We are using agile naming convention here so lets take /dev/rdisk/disk10 & /dev/rdisk/disk11 are new identified disks.
Step 2.
Make disks LVM ready by using pvcreate.
# pvcreate /dev/rdisk/disk10
Physical volume "/dev/rdisk/disk10" has been successfully created.
# pvcreate /dev/rdisk/disk11
Physical volume "/dev/rdisk/disk11" has been successfully created.
Step 3.
Attach these disks to iVM (guest) which is running on host. Assume vmserver1 is our iVM here.
# hpvmmodify -P vmserver1 -a disk:avio_stor::disk:/dev/rdisk/disk10
# hpvmmodify -P vmserver1 -a disk:avio_stor::disk:/dev/rdisk/disk11
Step 4.
Once above commands are successful, disks are attached to iVM and needs to scan in guest. Login to iVM server and scan the new disks the same way we did in step 1 and 2 on host. Lets say those disks are identified as /dev/rdisk/disk2 & /dev/rdisk/disk3 on guest server. Observe those are identified as Virtual disk on vm.
disk 6 0/0/0/0.2.0 sdisk CLAIMED DEVICE HP Virtual Disk
/dev/dsk/c0t2d0 /dev/rdsk/c0t2d0
disk 8 0/0/0/0.3.0 sdisk CLAIMED DEVICE HP Virtual Disk
/dev/dsk/c0t3d0 /dev/rdsk/c0t3d0
Step 5.
Complete LVM tasks on these disks to use space in mount point.
To create new VG named vg01
# mkdir /dev/vg01
# mknod /dev/vg01/group c 64 0x010000
# vgcreate -s 64 -p 60 -e 12500 vg01 /dev/disk/disk2 /dev/disk/disk3
Volume group "/dev/vg01" has been successfully created.
Volume Group configuration for /dev/vg01 has been saved in /etc/lvmconf/vg01.conf
# lvcreate -L 200 /dev/vg01
Logical volume "/dev/vg01/lvol1" has been successfully created with
character device "/dev/vg01/rlvol1".
# newfs -F vxfs -o largefiles /dev/vg01/rlvol1
version 7 layout
204800 sectors, 204800 blocks of size 1024, log size 1024 blocks
largefiles supported
# mkdir /data
# mount /dev/vg01/lvol1 /data
To extend current existing VG named vg02 & mount point /data1 within it
# vgextend vg02 /dev/disk/disk2 /dev/disk/disk3
Volume group "vg02" has been successfully extended.
Volume Group configuration for /dev/vg02 has been saved in /etc/lvmconf/vg02.conf
# lvextend -L 512 /dev/vg02/lvol1
Logical volume "/dev/vg02/lvol1" has been successfully extended.
Volume Group configuration for /dev/vg02 has been saved in /etc/lvmconf/vg02.conf
# fsadm -F vxfs -b 524288 /data1
vxfs fsadm: V-3-23585: /dev/vg02/rlvol1 is currently 7731200 sectors - size will be increased
Tuesday, October 4, 2016
HPUX Patch naming conventions
HP release OS patches for HPUX every 6 month i.e. twice a year. For smaller patches which are releases as on need basis HP follows below naming conventions
Patch name format is PHxx_yyyy
Where,
xx = area of patch
CO : General HPUX commands
KL : Kernel patches
NE : Network specific patch
SS : all other subsystem patches
yyyy = unique number
From patch name you will be able to guess area of its impact so that you can plan your activities accordingly.
Monday, October 3, 2016
Basics of LVM legends
LVM (logical volume manager) legends :
One or more PV come together to form a Volume Group. This grouping enables to slice down combined
storage capacity of disks to our choice of small volumes. In above example vg00 is volume group made up of single PV & its sliced down to 8 LV (only one shown in above exmaple)
LE is Logical Extent.
Same as PE, LE are smallest chunk of LV.
Below tables gives you idea about some numbers related to them:
LVs per VG range : 1-255, default : 255
PVs per VG range : 1-255, default : 16
PEs per VG range : 1-66535 default : 1016
with above table, as max PE size is 64MB and 66,535 PEs max per VG, one can create max of 64x66353=4TB of file system.
PV is Physical Volume.
Any single disk / LUN on system is identified as PV. It can be raw or formatted with file system. Raw PV is referred as /dev/rdsk/c0t0d1 (legacy) or /dev/rdisk/disk1 (agile) whereas formatted one is referred as /dev/dsk/c0t0d1 (legacy) or /dev/disk/disk1 (agile). Check PV name in below output as formatted device.
# vgdisplay -v vg00
--- Volume groups ---
VG Name /dev/vg00
VG Write Access read/write
VG Status available
Max LV 255
Cur LV 13
Open LV 13
Max PV 16
Cur PV 1
Act PV 1
Max PE per PV 4355
VGDA 2
PE Size (Mbytes) 32
Total PE 4345
Alloc PE 4303
Free PE 42
Total PVG 0
Total Spare PVs 0
Total Spare PVs in use 0
--- Logical volumes ---
LV Name /dev/vg00/lvol1
LV Status available/syncd
LV Size (Mbytes) 1024
Current LE 32
Allocated PE 32
Used PV 1
--- Physical volumes ---
PV Name /dev/dsk/c3t0d0s2
PV Status available
Total PE 4345
Free PE 42
Autoswitch On
Proactive Polling On
PE is Physical Extent.
Its smallest chunk of PV which can be used as block under file system. PV is consist of number of PEs. We always use PV names while using LVM commands. In above example PE size is set to 32MB & total 4345 PEs are available on disk.
VG is Volume Group.
One or more PV come together to form a Volume Group. This grouping enables to slice down combined
LV is Logical Volume.
Its a slice of volume group using some capacity of PV to form a smaller volume. Its basically used as a mount point /swap like drives (C:, D:) in Windows. We can see one LV in above example and its details.
LE is Logical Extent.
Same as PE, LE are smallest chunk of LV.
Below tables gives you idea about some numbers related to them:
LVs per VG range : 1-255, default : 255
PVs per VG range : 1-255, default : 16
PEs per VG range : 1-66535 default : 1016
with above table, as max PE size is 64MB and 66,535 PEs max per VG, one can create max of 64x66353=4TB of file system.
Sunday, October 2, 2016
Account lock unlock status in Linux
Requirement :
To check current password status of account in Linux
Solution :
1. To check if account is locked or not.
Below are two examples of command outputs when account is locked and when account is not locked.
2. Lock account manually.
3. Unlock account manually.
To check current password status of account in LinuxSolution :
1. To check if account is locked or not.
Below are two examples of command outputs when account is locked and when account is not locked.
# passwd -S user1
user1 LK 2016-10-01 0 90 7 -1 (Password locked.)
# passwd -S user1
user1 PS 2016-10-01 0 90 7 -1 (Password set, MD5 crypt.)
# cat /etc/shadow |grep -i user1
user1:$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7::: <--- Account is not locked
# cat /etc/shadow |grep -i user1
user1:!!$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7::: <---Account is locked
# passwd -l user1
Locking password for user user1.
passwd: Success
3. Unlock account manually.
# passwd -u user1
Unlocking password for user user1.
passwd: Success.
Saturday, October 1, 2016
Password file commands
Here are the list of commands which can be used on /etc/passwd file.
vipw
pwck
pwconv
It generates /etc/shadow file which has user passwords in encrypted format under second field in each user entry. If /etc/shadow file already exist on system then this command will update relevant fields if there were any changes in /etc/passwd file. If your system is trusted (see tsconvert command) then user password database (Trusted Computing Database) is being maintained separately and /etc/shadow doesn't exist on system. In that case, this command will update the TCB accordingly.
pwunconv
It reverse the changes made by pwconv command.
vipw
This command is being used to edit /etc/passwd file manually. It is not recommended to edit /etc/passwd file manually. All changes on user accounts should be carried out using commands like usermod. But in some scenario if you want to edit passwd file manually, then use this command. It opens file in vi editor and locks it for other users. So any other admin from any other terminal wont be able to open the file in editor for manual editing. This ensures integrity of file.
pwck
To check integrity of /etc/passwd file this command can be used. Once executed it checks passwd files and its all fields. It reports any issues observed in the file e.g. if user directory does not exist on server, it will report it.
# /usr/sbin/pwck
[/etc/passwd] sfmdb:*:107:20::/home/sfmdb:/sbin/sh
Login directory not found
[/etc/passwd] smmsp:*:109:20::/home/smmsp:/sbin/sh
Login directory not found
pwconv
It generates /etc/shadow file which has user passwords in encrypted format under second field in each user entry. If /etc/shadow file already exist on system then this command will update relevant fields if there were any changes in /etc/passwd file. If your system is trusted (see tsconvert command) then user password database (Trusted Computing Database) is being maintained separately and /etc/shadow doesn't exist on system. In that case, this command will update the TCB accordingly.
# /usr/sbin/pwconv
Updating the tcb to match /etc/passwd, if needed.
pwunconv
Friday, September 30, 2016
UID range in hpux
UID is user identification number in kernel.
UID distribution on HPUX system is as below :
- 0 : root user
- 1 to 100 : System accounts
- 101 to 60,000 : Normal users
- Above 60,000 also you can create user but he/she wont be able to access any of system resources.
HPUX boot process
Its not fully detailed boot process. Its very short form of things happens during boot. To make it understand and remember (for interviews) easily!
1) PDC (processor dependent code) gets executed
2) ISL (Initial system loader) gets loaded
3) HPUX loads (Secondary system loader)
4) After kernel vmunix gets loaded –
1) PDC (processor dependent code) gets executed
- Checks CPU
- Checks stable storage for boot path
- Loads ISL utilities from leaf area of boot disk
- Here you can halt boot using ESC key and can run PO, SEA commands.
2) ISL (Initial system loader) gets loaded
- Read AUTO file default kernel
- Load and runs HPUX from LIF area
- Here you can halt boot process and boot system into single user mode. U can provide diff options to SSL i.e. kernal vmunix. Like hpux –is, hpux –lq, hpux –lm
3) HPUX loads (Secondary system loader)
- Uses options and path names from ISL to load kernel
- And by default loads vmunix
4) After kernel vmunix gets loaded –
- Swapper daemon starts with PID 0
- Kernel runs /sbin/pre_init_rc
- Kernel calls /sbin/init
- /sbin/init reads /etc/inittab and calls –
- /sbin/ioinit – to scan hardware and build kernel io tree
- /sbin/bcheckrc – to check FS listed in /etc/fstab
- /sbin/rc – to start additional services like lp, cron, cde
- /usr/sbin/getty – to start n show login prompt to user.
Thursday, September 29, 2016
Run levels in HPUX at a glance
Current run level in HPUX can be identified using below command :
The output fields are :
1. A dot (.) indicates that the terminal has seen activity in the last minute and is therefore ``current''.
2. Current run level
3. Timestamp
4. Current state of init
5. The number of times that state has been previously entered
6. The previous state
List of run levels in HPUX
0 indicates shutdown state
S indicates single user mode booted to local console only with root FC (RO) mounted
s indicates same as S only current terminal acts as system console.
1 indicates single user mode with local FS (RW) mounted
2 indicates multi user state with CDE launched
3 indicates same as 2 but with NFS
4 indicates GUI (here VUE started instead of CDE)
5,6 indicates reserved state and not yet defined in kernel code.
# who -r
. run-level 3 Jan 19 21:14 3 0 S
The output fields are :
1. A dot (.) indicates that the terminal has seen activity in the last minute and is therefore ``current''.
2. Current run level
3. Timestamp
4. Current state of init
5. The number of times that state has been previously entered
6. The previous state
List of run levels in HPUX
0 indicates shutdown state
S indicates single user mode booted to local console only with root FC (RO) mounted
s indicates same as S only current terminal acts as system console.
1 indicates single user mode with local FS (RW) mounted
2 indicates multi user state with CDE launched
3 indicates same as 2 but with NFS
4 indicates GUI (here VUE started instead of CDE)
5,6 indicates reserved state and not yet defined in kernel code.
Wednesday, September 28, 2016
How to restart NFS in HPUX
Requirement :
To restart NFS server in HPUX
How to do it :
Please make a note that all exported NFS mount points will be unavailable to all clients during this restart.
Stop NFS
Start NFS
Make sure you follow the sequence while stopping and starting as mentioned above.
To restart NFS server in HPUX
How to do it :
Please make a note that all exported NFS mount points will be unavailable to all clients during this restart.
 |
| Image source : freeimages.com |
Stop NFS
# /sbin/init.d/nfs.server stop
# /sbin/init.d/nfs.client stop
# /sbin/init.d/nfs.core stopStart NFS
# /sbin/init.d/nfs.core start
# /sbin/init.d/nfs.client start
# /sbin/init.d/nfs.server startMake sure you follow the sequence while stopping and starting as mentioned above.
Tuesday, September 27, 2016
bdf command formatted output in hpux
Requirement :
Solution :
To remove line breaks from bdf output and get single row per entry output
See below normal bdf output. Note that last 2 mount points has two line entry since filesystem column has long entry.
Now with inline awk we format the output to have one entry per row. Check below command output.
To get left aligned bdf output
In above output, columns are not aligned properly. We can even do that with below argument.
Please make a note that this awk wont remove any line breaks from output. So one can combine (with pipe |) both awk to get left aligned output with line breaks removed.
Left aligned output with line breaks removed!
bdf command output normally looks scattered especially when VG names are long. It will be difficult to grep out proper pattern out of such output. Also, its not convenient to share this output over email/document when extra lines breaks exists.
In such scenarios, we need to have proper formatted output of bdf. Also sometimes we require output with all its column left aligned.
Solution :
To remove line breaks from bdf output and get single row per entry output
See below normal bdf output. Note that last 2 mount points has two line entry since filesystem column has long entry.
# bdf
Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol3 2097152 737416 1349304 35% /
/dev/vg00/lvol1 1048576 206160 835928 20% /stand
/dev/vg00/lvol8 8388608 5475640 2902568 65% /var
/dev/vg00/lvol7 8388608 4655256 3713000 56% /usr
/dev/vg00/lvol4 2097152 1052368 1036888 50% /tmp
/dev/vg00/lvol6 8388608 6675168 1700112 80% /opt
/dev/vg00/lvol5 524288 49360 471256 9% /home
testserver01:/data
50574008 4541896 43463104 9% /data
/dev/vgdata/lvol1
918421504 591931608 306084338 66% /datastore
Now with inline awk we format the output to have one entry per row. Check below command output.
# bdf | awk '{if (NF==1) {line=$0;getline;sub(" *"," ");print line$0} else {print}}'
Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol3 2097152 737408 1349312 35% /
/dev/vg00/lvol1 1048576 206160 835928 20% /stand
/dev/vg00/lvol8 8388608 5475640 2902568 65% /var
/dev/vg00/lvol7 8388608 4655256 3713000 56% /usr
/dev/vg00/lvol4 2097152 1052368 1036880 50% /tmp
/dev/vg00/lvol6 8388608 6675168 1700112 80% /opt
/dev/vg00/lvol5 524288 49360 471256 9% /home
testserver01:/data 50574008 4541896 43463104 9% /data
/dev/vgdata/lvol1 918421504 591931608 306084338 66% /datastore
To get left aligned bdf output
In above output, columns are not aligned properly. We can even do that with below argument.
# bdf | awk '/\//{printf("%-30s%-10s%-10s%-10s%-5s%-10s\n",$1,$2,$3,$4,$5,$6)}'
/dev/vg00/lvol3 2097152 737408 1349312 35% /
/dev/vg00/lvol1 1048576 206160 835928 20% /stand
/dev/vg00/lvol8 8388608 5472792 2905392 65% /var
/dev/vg00/lvol7 8388608 4655256 3713000 56% /usr
/dev/vg00/lvol4 2097152 1052368 1036888 50% /tmp
/dev/vg00/lvol6 8388608 6675168 1700112 80% /opt
/dev/vg00/lvol5 524288 49360 471256 9% /home
Please make a note that this awk wont remove any line breaks from output. So one can combine (with pipe |) both awk to get left aligned output with line breaks removed.
Left aligned output with line breaks removed!
# bdf | awk '{if (NF==1) {line=$0;getline;sub(" *"," ");print line$0} else {print}}' |awk '/\//{printf("%-30s%-10s%-10s%-10s%-5s%-10s\n",$1,$2,$3,$4,$5,$6)}'
/dev/vg00/lvol3 2097152 737408 1349312 35% /
/dev/vg00/lvol1 1048576 206160 835928 20% /stand
/dev/vg00/lvol8 8388608 5481008 2897240 65% /var
/dev/vg00/lvol7 8388608 4655256 3713000 56% /usr
/dev/vg00/lvol4 2097152 1052368 1036888 50% /tmp
/dev/vg00/lvol6 8388608 6675168 1700112 80% /opt
/dev/vg00/lvol5 524288 49360 471256 9% /home
testserver01:/data 50574008 4541896 43463104 9% /data
/dev/vgdata/lvol1 918421504 591931608 306084338 66% /datastore
Monday, September 26, 2016
How to change sender's email id in EMS HPUX
Requirement :
Normally in Event monitoring system on HPUX send an emails with sender id as root@hostname. Many organizations email servers dont allow such email address in sender field. We need generic email id in sender field when EMS shoots an alert email something like notification@xyz.com
Workaround :
There is no provision to change this email id anywhere in HPUX or EMS configurations. You can use below workaround which works perfectly without any issues.
Step 1 :
Make sure you have valid email address (like notification@xyz.com) for your logged in account which works. Send a test email from server to verify using below command
Step 2 :
Setup crontab for above logged in account (for which email tested) which will execute EMS log scanner script every 30 minutes. As per your convenience you can even schedule it to run every 10 mins or even lower.
Step 3:
Script code is as below.
Step 4:
Normally in Event monitoring system on HPUX send an emails with sender id as root@hostname. Many organizations email servers dont allow such email address in sender field. We need generic email id in sender field when EMS shoots an alert email something like notification@xyz.com
Workaround :
There is no provision to change this email id anywhere in HPUX or EMS configurations. You can use below workaround which works perfectly without any issues.
Step 1 :
Make sure you have valid email address (like notification@xyz.com) for your logged in account which works. Send a test email from server to verify using below command
# echo test | sendmail -v receiver_id@xyz.com
 |
| Image source : freeimages.com |
Step 2 :
Setup crontab for above logged in account (for which email tested) which will execute EMS log scanner script every 30 minutes. As per your convenience you can even schedule it to run every 10 mins or even lower.
00,30 * * * * /scripts/ems_monitor.sh
Step 3:
Script code is as below.
# Script to scan EMS log file and email alert if any
# Author : Shrikant Lavhate
#! /bin/bash
if [ -f "/logs/event_monitor.log" ]
then
:
else
cp -p /var/opt/resmon/log/event.log /logs/event_monitor.log
fi
diff /logs/event_monitor.log /var/opt/resmon/log/event.log > /logs/logfile_difference
if [ -s "/logs/logfile_difference" ]
then
cat /logs/logfile_difference | grep '^>'|cut -c 2- | mailx -s "EMS monitor alert from `hostname`" receiver_id@xyz.com
fi
cp -p /var/opt/resmon/log/event.log /logs/event_monitor.log
Step 4:
Now you can test the script by generating test events in EMS. Generate test event with send_test_event command. You will receive test events from admin@hostname email id which is normal. Now run above script and you will receive same email with sender id as notification@xyz.com !!
Friday, September 23, 2016
How to generate CSR file for SSL request on Linux
CSR is Certificate Signing Request file. It will be generated on server on which the SSL certificate will be used. This file contains details about organization and URL in encrypted format. Whenever you approach any vendor for getting SSL certificate for your webserver, you have to submit this CSR file to them. Based on information in this CSR file your certificate will be generated.
Steps :
1. Login to server on which certificate will be used.
 |
| Image source : freeimages |
2. Run below command to generate 2048 bit key file with name myfile.key. This key file will be used for generation of CSR. This command will ask you for a password which will be assigned within key file. Use password of your choice. This password you need to supply while generating CSR.
3. Now genrate CSR file using the key file we generated in above step.
Note that sha256 will generate CSR with SHA2 algorithm which is preferred normally. If -sha256 argument is not given, CSR will be generated with SHA1 which is outdated and normally not preferred.
4. Command will ask you key file password along with below information.
# openssl genrsa -des3 -out myfile.key 2048
3. Now genrate CSR file using the key file we generated in above step.
# openssl req -new -key myfile.key -out myfile.csr -sha256
Note that sha256 will generate CSR with SHA2 algorithm which is preferred normally. If -sha256 argument is not given, CSR will be generated with SHA1 which is outdated and normally not preferred.
4. Command will ask you key file password along with below information.
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
5. Once you get CSR file, you cat check its using cat. Its bunch of encrypted code which you can even decode and check information within on this link. If there is any typo in data you can regenerate CSR before submitting to vendor.
Wednesday, September 21, 2016
How to remove password expiry in linux
Requirement :
To set never expire attribute on account password. Some applications/users are required to have same password for longer duration. This requires them to exit from system wide password expiry policy. So that those accounts can run lifetime without need of changing their passwords.
How to do it :
Check account's current policy.
Here second line shows when password is expiring post which user will be prompted to set new password. Set password to never expire with below command
Verify changes
To set never expire attribute on account password. Some applications/users are required to have same password for longer duration. This requires them to exit from system wide password expiry policy. So that those accounts can run lifetime without need of changing their passwords.
 |
| Image source : freeimages |
How to do it :
Check account's current policy.
# chage -l testuser
Last password change : Sep 01, 2016
Password expires : Oct 04, 2016
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 33
Number of days of warning before password expires : 7
Here second line shows when password is expiring post which user will be prompted to set new password. Set password to never expire with below command
# chage -M -1 testuser
Verify changes
# chage -l testuser
Last password change : Sep 01, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 33
Number of days of warning before password expires : 7
Get list of desired LUN id from powermt output
Requirement :
Solution :
Get ouput of powermt in a file
Get all disk names in one file e.g. test.txt
Run a for loop which will get LUN id of each disk described in file.
You will be presented with the list of LUN ids for respective disks in the test.txt file!
Vice versa: Get disk names by giving LUN ids in text.txt file.
You have a list of disk names from OS end and you need to get their respective LUN ids from powermt output.
This requires manual work of searching each disk name in powermt output and then copying its respective LUN id. Typically these two lines you are interested in output.
Pseudo name=emcpoweraaIf you have list of disks to search its a tedious task.
Symmetrix ID=000549754319
Logical device ID=03C4
 |
| Image source : freeimages |
Solution :
Get ouput of powermt in a file
# powermt display dev=all > powermt.old
Get all disk names in one file e.g. test.txt
Run a for loop which will get LUN id of each disk described in file.
# for i in `cat test`
do
cat powermt.old |grep -A 2 $i|grep Logical|awk '{print $3}'|cut -d= -f2
done
You will be presented with the list of LUN ids for respective disks in the test.txt file!
Vice versa: Get disk names by giving LUN ids in text.txt file.
# for i in `cat test`
do
cat powermt.old |grep -B 2 $i|grep Pseudo|awk '{print $2}'|cut -d= -f2
done
Wednesday, March 16, 2016
Processes using high memory or cpu using unix95
Listing of processes who are using high memory :
UNIX95= ps -eo sz,comm,args | sed 1d | sort -rn | head -10|awk '{size=$1/1024; printf("%dMb %s\n", size,$2);}'| more
or
UNIX95= ps -eo vsz,comm,args | sed 1d | sort -rn | more
Listing of processes who are using high CPU:
UNIX95= ps -e -o "vsz pcpu ruser pid stime time state args" | sort -rn |head -10
How to restore nagios configuration from backup
Requirement :
You messed up some configuration in nagios and need to revert back to last known good configuration.
Solution:
Navigate to the directory where nagios configuration backups are kept. Normally they should be in gunzip format.
Once inside that directory run restore command.
After restore to make sure ownership is well in place, run below command
Lastly restart nagios to take up restored configuration.
You messed up some configuration in nagios and need to revert back to last known good configuration.
Solution:
Navigate to the directory where nagios configuration backups are kept. Normally they should be in gunzip format.
Once inside that directory run restore command.
# check_mk --restore check_mk.11-Mar-2016.tar.gzAfter restore to make sure ownership is well in place, run below command
# chown -R apache:nagcmd /etc/check_mk/conf.d/wato/Lastly restart nagios to take up restored configuration.
# check_mk -R --restart nagios-check_mkHow to remove password expiry in HPUX HP Unix
Requirement :
To set never expire attribute on account password. Some applications/users are required to have same password for longer duration. This requires them to exit from system wide password expiry policy. So that those accounts can run lifetime without need of changing their passwords.
How to do it :
To set never expire attribute on account password. Some applications/users are required to have same password for longer duration. This requires them to exit from system wide password expiry policy. So that those accounts can run lifetime without need of changing their passwords.
|
| Image source : freeimages |
How to do it :
/usr/lbin/modprpw -m exptm=-1 username
/usr/lbin/modprpw -m expwarn=-1 username
/usr/lbin/modprpw -m lftm=-1 username
/usr/lbin/modprpw -m mintm=-1 username
Highest size files in mount point
Command to search and display files with high utilization in a mount point.
Replace /tmp with mount point of your choice and run command.
#du -a /tmp | sort -nr | cut -f2 | xargs du -s | head -n 10
Replace /tmp with mount point of your choice and run command.
Subscribe to:
Posts (Atom)