My Solaris

Thursday, 12 May 2011

Patch Administration

Patch:
A patch is a collection of specified package which especially used to upgrade the system and establish a communication link between the existing application & the new application.
- we can download the patch from the internet and it will be always in 'zip' format.
- we need to unzip it and extract it.
- every patch comes along with batch ID
ex: 118893 -14 //it is called batch id, 118893 is a patch id and 14 is a version
- where the 1st part of the batch id is patch id & 2nd part is version
- by default, if want to add a patch, the patch should be kept at the location called
/var/spool/patch
- but the patch directory doesn't exist, we need to create it
# cd /var/spool

1. # cd /var/spool
2. # mkdir patch
3. # cd patch
4. insert patch cd
# df -h // it displays the cd mounted
# cd /cdrom/cdrom0
# ls
# cd patch_
# ls
(118833_3.zip, 119963_1.zip) // 3- 3 files, 1-1 file

to copy the patch from 'cdrom' to required location
#cp -r 119963_1.zip /var/spool/patch

check:
# cd /var/spool/patch
# ls
119963_1.zip (it should be there)

unzip the file:
# unzip 119963_1.zip
# ls
119963-14 119963-1.zip

Add a patch:
1. #pwd
/var/spool/patch (go to the file where the patch file)

2. # cd 119963-14
3. # pwd
/var/spool/patch/119963-14
4. # patchadd /var/spool/patch/119963-14

to remove the path:
# patchrm 119963-14

Spooling

Spooling: Storing something temporarily in a buffer is called spooling

when we spool a package we can add the package directly with out OS cd

SPOOL: simultaneous peripheral operational online.

1. to spool a package:

# pkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product -s spool SUNWzsh

2. all the spooled packages are stored under

/var/spool/pkg

# cd /var/spool/pkg

# ls

SUNWsh

# pwd

/var/spool/pkg

# cd

# eject cdrom

now delete zsh:

1. remove zsh

# pkgrm SUNWzsh

2. to get back the package from spool

# pkgadd SUNWzsh

Note:

while adding a package the '-d' option is used, to add a package from removal devices

there is no need of '-d' option to add a package from spool.

Package Administration

Package Administration: how to remove patches/packages are called package administration.
1. Package: A group of files or collection of files are called package.
2. Cluster: A group of packages are called cluster.
3. Patch: Specified no of or specified group of packages are called path
4. Software configuration group: A collection of clusters

Software Configuration groups:
Software config groups Software config clusters
1. Entire distribution with OEM SUNWXCall (online support)
2. Entire distribution with out OEM SUNWXCall (no online support)
3. Developer System Support SUNWCprog
4. End User Support SUNWCsu
5. Core System Support SUNWCreq
6. Reduced networking support SUNWCnreq

OEM: online equipment manage
the software group with OEM will be having online support, where as software group without OEM will not be having online support
Note: By default there will not be any difference between with & without OEM, that is initialization wise, working wise, the amount of space that it takes for installation is almost same.

Note: Every cluster is identified with 'SUNW' (Stanford University of Networking)

1. to check the cluster which presently installed in a system:
# cat /var/sadm/system/admin/CLUSTER

2. to check the installed packages in the harddisk
# pkginfo

3. to know the word count of no. of installed packages in a system.
# pkginfo |wc -l

4. to check the specified installed package
# pkginfo SUNWzsh

5. to remove a package
# pkgrm SUNWzsh

6. to add a package again to system:
1. insert the OS cd
2. to view the packages under CDROM
bash-3.00# pkginfo -d /cdrom/cdrom0/s0/Solaris_10/Product |more
bash-3.00# pkginfo -d /cdrom/cdrom0/s0/Solaris_10/Product SUNWzsh

3. check the package
#pkginfo SUNWzsh

7. to view files & directories which are installed along with the package:
# pkgchk -v SUNWzsh

8. to check the consistency of the package:
# pkgchk SUNWzsh

Note: when you add a package by default one is updated automatically
# cat /var/sadm/install/contents

note: every time we cant insert OS CD and installing, so store in buffer called spooling.

Spooling: Storing something temporarily in a buffer is called spooling
when we spool a package we can add the package directly with out OS cd
SPOOL: simultaneous peripheral operational online.
1. to spool a package:
# pkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product -s spool SUNWzsh

2. all the spooled packages are stored under
/var/spool/pkg
# cd /var/spool/pkg
# ls
SUNWsh
# pwd
/var/spool/pkg
# cd
# eject cdrom

now delete zsh:
1. remove zsh
# pkgrm SUNWzsh

2. to get back the package from spool
# pkgadd SUNWzsh

Note:
while adding a package the '-d' option is used, to add a package from removal devices
there is no need of '-d' option to add a package from spool.

Wednesday, 11 May 2011

SMF

SMF (Service Management Facility):
the services under control of svcs are called SMF service, it is under control of user.

SMF services can be different state
1. Degraded: The service is enabe but it is running at a limited capacity
2. Disable: The service which is enabled but not running
3. Maintainace: The service which has encountered with a error that has to be rectified by the admin
4. Offline: the service which is enabled but its not running or not available to run
5. Online: The service which is enabled and has successfully started.
6. Uninitialized: The intial state of the service before the configuration is 'uninitialized'.

to view all the services:
#svcs -a: it will show the disable services also.

Note:
1. In SMF services all the specified services are divided into different categories and named them as 'milstoned'.
we have different mile stones like network, system, application, multi user mode, single user mode, etc.

2. All the services under SMF are identified with "FMRI" (Fault Management Resource Identifier)

to check the status of the service:
# svcs -a|grep telnet

to disable a service:
# svcadm disable telnet

to enable the service:
#svcadm enable svc:/network/telnet: default

RUN LEVELS

There are 8 different kinds of run levels exist in Solaris

0 - Dead mode (power off)
s - Single user mode (maintainance mode)
1 - Single user mode
2 - Multi user mode
3 - Multi user mode
4 - Reserved
5 - Power off
6 - Reboot

1. init s : It is called as single user mode also known as maintainance mode. When you bring the system to this level, all the terminal logins and use logins are disconnected, and all the filesystems are unmounted except root (/) & root user (/user).

2. init 1 : It is same as 'init s' except 'terminal login enable'. It is a single usermode in which 'terminal login' are allowed and 'user logins' are disconnected and new logins are not allowed and all the filesystems are unmounted except root(/), root user(/user).

3. init 2: It is a multi user mode in which all the user logins, & terminal logins are allowed. and all the file systems in mounted state but NFS services will not be working.

4. init 3: (Default run level): It is a multiuser mode in which all allow, NFS also. All the user logins & terminal logins are allowed. All the file system in mounted state along with NFS.

5. init 4: It is reserved for future purpose

6. init 5: power off

7. init 6: reboot

note: For all this run levels the respective services will be stored indirectly in /etc/rcn.d
ex: /etc/rc1.d // all init 1, rc- run control script

Types of services:
1. legacy run services (rc) (system)
2. SMF(service management facility) services (online) (svc) (user)
1. The services which are under control of 'rc' scripts are called legacy run services. which is not maintained by SMF. it is under control of system
2. SMF: the services under control of SVCS are called SMF service. it is under control of user

# svcs // it will show all services
ex:
# cd /etc/rc1.d (display some services of runlevel 1) // k- kill mode (many)
#ls // s- start mode (1)
# cd /etc/rc2.d (display some services of runlevel 2)

Note: for every run level we have respective services which are place under /etc/rcn.d

few important commands

1. # last: It will give all the information regarding booting, when you shutdown, logged in with time.
2. /etc/ntmp: This file contains record of current logged in user
3. /var/adm/wtmp: it contain record of all logins & log outs for each user
4. /var/adm/lastlog: This file contains the list of the last login records for each user.

Sunday, 1 May 2011

Security Administration

Security Administration:

1. /etc/default/passwd
2. /etc/default/login
3. /etc/default/su
4. /etc/nologin
5. /var/adm/loginlog
6. /etc/skel

to break a password

How to break a pass word
1. Insert the Solaris OS CD
2. Ok setenv boot-device cdrom
3. Ok boot cdrom -s // single user (or) maintainance mode
4. # TERM = ansi
# export TERM // RAM to kernel
# mkdir /tmp/root/abc
# mount /dev/dsk/c0t0d0s0 /tmp/root/abc
# vi /tmp/root/abc/etc/shadow
/root/xxxxxxxxxxxxxx/pwd
now remove the 13 encoded characters, save & exit
now restart
# init 6
# ok setenv boot-device disk
# ok boot disk

assign a password to a user

# useradd -d /export/home/sita -m sita
# passwd sita
new password: sun
re-enter new password: sun

note:
1. when you assign a password to file by default one file updated /etc/shadow
to dispaly this file
ex:
# cat /etc/shadow
sita:5znvn4yaDbzck:15065

2. the password file in shadow file is in encrypted format whose length is 13 characters.

Password status:
the user password in 3 different states
1. LK (lock mode)
2. PS (password status mode)
3. NO (no password mode)

check the status of the password:
# passwd -s sita
sita PS // PS - password status

Delete the password:
# passwd -d sita // d- delete

if you check the status now it will be NP(no pwd)
# passwd -s sita
sita NP

if password is not assigned defaultly it takes LK(lock)
# passwd -s jack
jack LK

to lock password:
# passwd -l sita

to unlock password:
# passwd -u sita

Group & user modification:
1. to modify a group ID:
# groupmod -g <new gid> <groupname>

2. to modify a group name:
# groupmod -n <new name> <old name>

3. to delete a group
# groupdel <groupname>

4. to modify user Id
# usermod -u <uid> <user name>

5. to change the primary group name
# usermod -g <group name> <user name>

6. to change the secondary group name
# usermod -G <group name> <user name>

7. to change user name
# usermod -l <new name> <old name>

8. to delete the user:
# userdel <user name>

9. to delete user name along with id:
# userdel -r <username>

how to create a user

Types of User:
1. Normal
2. Admin

User contains username (for admin understanding) & user ID(for kernel understanding)
Syntax to create a user:
#useradd -u<uid> -g<gid> -G<gid> -d /export/home/<home dir> -m -s /bin/kshell <username>

ex: #useradd -u 1166 -g gram -G gramsci -d /export/home/jack -m -s /bin/sh jack
64 blocks

specification:
1. -u: used to specify user ID
2. -g: primary group ID
3. -G: secondary group ID
4. -d: to specify the default home directory
5. -m: to create a dir when directory not present
6. -s: to specify shell

minimum fields required to create a normal user:
ex;
# useradd -d /export/home/shiva -m shiva
# cat /etc/passwd

note:
1. when you create a user by default one file is gets updated automatically
/etc/passwd
2. when you create a user without specifying the primary group, by default it will be linked to default group that is "others". it is a system defined group, and whose gid=1 always.
3. If we do not specify the 'uid' while creating a user, it will take the increament value of the highest uid and if you don't specify a shell it will take defaultly /bin/sh.

ex:
#useradd -d /export/home/sita -m sita
64 blocks (32 kb)
1block = 512 bytes
2block= 1kB

#cat /etc/passwd
jack:x: ->'x' indicate password but it will not store password