Documente Academic
Documente Profesional
Documente Cultură
Trainer Assistance -
Training Professional Center
Expectations Upgrade Linux Solaris Unix System Security Solaris Administration Gain Knowledge in Unix Customer Services
Course: Fundamentals of Unix Solaris Course: Intermediate System Administration for Solaris OE Perform basic Unix tasks Understand basic Unix commands Use vi text editor Interact with a windowing system
6
Day 1 Installation
Introduction to Solaris 10 System Concepts and Choosing Hardware Solaris 10 Installation Initialization, OpenBoot PROM, and Run Levels
( )
( )
Day 3 Security
System Security File System Access Control Role-Based Access Control Users, Groups, and the Sun Management Console Kerberos and Pluggable Authentication
( )
( )
Day 4 Networking
Basic Networking DHCP and NTP Routing and Firewalls Remote Access Internet Layer (IPv6)
11
( )
13
Day1 Day1 - Installation Introduction to Solaris 10 System Concepts and Choosing Hardware Solaris 10 Installation Initialization, OpenBoot PROM, and Run Levels
14
History AT&T Develop from Game Application AT&T Microsoft, Sun, IBM, HP The same core OS Sun Free source code Manual page $> man Editor vi (Visual Editor)
15
Introduction to Solaris UNIX Operating System Multiuser Operating Environment Multitasking Multithreading Developed by Sun Microsystem System V (AT&T) Berkeley (BSD)
Training Professional Center 16
Introduction to Solaris Solaris (Operating Environment) SunOS (Operating System) Solaris 10 = SunOS 5.10 Solaris 9 = SunOS 5.9 Solaris 8 = SunOS 5.8
17
Introduction to Solaris Solaris 10 is to support: Database servers Message Queues XML Web Services J2EE application servers Suns hardware solution based on UltraSPARC Support for SMP more than 100 processors in single server
Training Professional Center 18
Introduction to Solaris Suns innovations move from server to desktop Develop Java Cross Platform support JVM
19
Solaris Innovations
Server Tools
SMC System Management Console Tool Kerberos Version 5 IPv6 and IPSec
20
Security Innovations
SPARC
OpenBoot PROM
IA
BIOS Solaris Device Config Assistant MDB (Multiple Device Boot) Command Option at MDB
Booting system
21
SPARC
bootblk (Pri. boot program) ufsboot (Sec. boot program) load kernel
IA
mboot (MBR) pboot (Solaris Partition boot program) Bootblk (Pri. boot program) ufsboot (Sec. boot program) load kernel
22
SPARC
shutdown,init w/o intervention SCSI, IDE
IA
shutdown,init w/ intervention
Disk Controller
Disk Max. 4 fdisk partition Sol fdisk 10 slices (0-9) but 0-7 store data 3.5, 5.25-inch
Diskette drive
23
Feature
24
Feature
64bits (SPARC only), LDAP, Dynamic reconfiguration, AnswerBook2, Unicode, RPC security, CDE (new tools) IPv6, Naming LDAP, Java2, Wizard (Installation), UDF (Universal Disk Format), DVD, Smart card, PDA, Multilanguage (90 locals,37 langs), XServer (X11R6.4), RBAC (Role-Based Access Control) Mobile IP, Removable Media (DVD,Zip,Jaz,CDROM,diskette) IP Multipathing with NICs, WBEM (Web-Based Enterprise Management, Print USB LDAP+iPlanet WebServer, SMC 2.0 (RBAC), WBEB (init.wbem, update security, SMC Log viewer), USB (Sun Blade 100, 1000 and Sun Ray system) New BIND, sendmail 8.10, IP multipathing with dynamic reconfiguration (DR), Mobile IP (reverse tunnel) PPP 4.0 (async,sync comm., PAP, CHAP), NCA (Solaris Network Cache Accelerator), IP Multipathing (IPMP reboot safe) DR 3.0 (Automated DR), USB (KB,Mouse,Printer,Audio) RPC (Sun ONC+ async protocol)
Solaris 8 (SunOS 5.8) (6/00) Solaris 8 (SunOS 5.8) (10/00) Solaris 8 (SunOS 5.8) (1/01) Solaris 8 (SunOS 5.8) (4/01) Solaris 8 (SunOS 5.8) (7/01) Solaris 8 (SunOS 5.8) (10/01) Solaris 8 (SunOS 5.8) (2/02)
25
Feature
Resource Manager (allocate resource), Fixed-priority (FX), Web Start Flash Install (master,clone), Live Upgrade, New option (df, du, ls, 1K unit), pargs and preap (process debugging), NIS+ LDAP, Sun Internet FTP Server, sendmail 8.12, Improve NCA, IPMP (link-up-down), Mobile IP (advertise dynamic if), BIND 8.2.4, Solaris volume manager, SMC 2.1 (6 new tools), smpatch, Solaris Secure Shell, cdrw (Write CD) X86/X64, SPARC Solaris Container Grid Container (Isolate App, Service, Allocate resource, Increase resource utilization) Solaris Secure Execution (File Integrity and Secure Execution, User&Process Right Management, IP Filter Firewall, Cyptographic Service/Secure, Enterprise Authentication LDAP,PW,MD5,Kerberos,Smartcard) Solaris Dynamic Tracing (easy to analyze, debug, optimize system, App in Realtime, Patch Management) Solaris Predictive Self Healing (Auto diagnostic, isolate recovery from H/W, App fault)
26
27
Copy 2 VMs Introduce VMWare with Solaris Introduce to Windows System on Solaris
CDE Common Desktop Environment JDS Java Desktop System
28
29
Command Mode
Edit Mode
Insert after cursor Append after cursor
Server Preparation
File /etc/hosts (Map IP Hostname) Type 192.168.1.73 suwit001 File /etc/hostname.pcn0 ( IP Type suwit001 ( NIC) /etc/hosts)
File /etc/nodename (hostname login screen) /etc/hosts) Type suwit001 ( Restart Machine # init 6 (reboot) Or # shutdown y i6 g0
Training Professional Center 31
127.0.0.1 xxx.yyy.zzz.aaa
localhost hostname
loghost
32
Solve warning sendmail sendmail try to determine FQHN (Fully-Qualified Host Name) # /usr/sbin/check-hostname File /etc/inet/hosts /etc/hosts
127.0.0.1 xxx.yyy.zzz.aaa
localhost hostname
host.domain
mydomain.domain.domain
34
Kernel Hierarchical file system, begins with root (/) System hardware devices logically on file system The special file (/dev/pty, for pseudoterminals) Process based (Process ID = PID) Set of command-line utilities for text and numeric processing (cat, head, tail, troff, col, tbl etc.) User processes are created (spawned) from shell (Bourne Shell - sh) Multiple processes can be executed with & in background Multiple users can execute commands from pseudoterminals
35
36
Bourne shell (sh) The original UNIX shell used to write all system scripts Korn shell (ksh) Provides enhanced input/output features, including the print and read commands C shell (csh) Offers a command syntax similar to the C programming language Bourne Again shell (bash) An open source, much improved version of the Bourne shell Z shell (zsh) A freely available Bourne-like shell with a focus on sophisticated scripting features
37
cachefs The CacheFS cached file system hsfs The High Sierra file system nfs The Network File System (NFS) pcfs The MS-DOS file system tmpfs A file system that uses memory ufs The standard UNIX File System (UFS)
The default local file system type /etc/default/fs The default remote file system type /etc/default/fstypes
Training Professional Center 39
Multiple users execute multiple application concurrently Multiple threads in single process SMP Symmetric Multiprocessing Zone Virtual instance work in resource management framework
Client/Server Networks
Remote Procedure Call (RPC) technology, NFS Remote Method Invocation (RMI) technology, Java Networking and Distributed computing
40
Naming Services (DNS, NIS, NIS+, LDAP) Java 2 Enterprise Edition (J2EE)
Key Concepts
SPARC Hardware
42
Key Concepts
Supported Platforms
43
Key Concepts
Intel Hardware Devices Supported Under Solaris Intel
44
Base unit (aka pizza box), which contains the motherboard, SCSI controller, and SBUS cards Frame buffer or graphics card SCSI or IDE units connected by SCSI or IDE cables to the SCSI or IDE controller in the pizza box CD-ROM drive, internal or external (SCSI or IDE) DVD-ROM drive, internal on newer systems Speaker box and microphone, external Two serial ports (A and B) A parallel port A tape drive, internal or external (DDAT/DDS/QIC and so on) Mouse (mmechanical or infrared) and keyboard (type 4 or type 5)
45
Workstation Server
46
Basic Networking Terminology /etc/hostname.hmen where n is the interface number and hme is the interface type
Training Professional Center 47
Solaris 10 Installation Preinstallation Planning Disk Space Planning Device Names SPARC Preinstallation Intel Preinstallation
49
PrePre-Installation
1. Host name (# uname n, # hostname) 2. Protocol (IP) address (# ifconfig) 3. Name service type (LDAP, NIS, NIS+, DNS or non) 4. Subnet mask (/etc/netmasks file) 5. Geographic location and time zone (GMT+7) 6. Root password 7. Language
50
Method: Solaris 10 Installation Web Start Wizard JumpStart suninstall Live Upgrade
51
Solaris 10 Installation Disk Partitions Disk Formatting and Virtual Memory The Boot Manager Web Start Wizard Installation
52
Solaris 10 Installation
Web Start Wizard Installation
Configuration Network Support DHCP Server Hostname IP Address Netmask IPv6 Support Kerberos Server Name Services
DNS Server NIS/NIS+ Server LDAP Server
53
Router Time Zone and Locale Power Management Proxy Server 64-Bit Support Disk Selection and Layout Root Password Software Selection
54
Solaris 10 Installation
Server Preparation
Add new 3 HDDs Enable BIOS to boot from CDROM first Insert Solaris 10 x86 Installation CD Power On Option: 1. Solaris Interactive Language: 0 Network DHCP Name Service DNS IPv6: No Kerbeos: No Domain Name: Yourname.com Server IP: 192.168.1.1
Installation
55
56
57
58
59
Solaris 10 Installation
sysidcfg
60
Solaris 10 Installation
sysidcfg
61
PostPost-Check after Installation Software Package after installation File /var/sadm/install/contents View file contents # grep showrev /var/sadm/install/contents # more /var/sadm/install/contents # cat /var/sadm/install/contents Patches & Update http://www.sun.com Download Patch & Update http://sunsolve.sun.com
Training Professional Center 62
63
64
65
OpenBoot Architecture Standard Test and initialize system h/w Determine the system h/w configuration Boot the operating environment Provide an interactive interface for configuration testing and debugging Enable the use of 3rd device # /usr/platform/uname m/sbin/prtdiag v check version of OpenBoot
Training Professional Center 66
OpenBoot Architecture Standard 1.X 2.X 3.X 4.X 5.X SPARC system The first Openboot PROM UltraSPARC 64-bits UltraSPARC Sun Enterprise 3500-3800 etc.
67
68
69
70
71
72
73
74
75
76
77
PROM runs POST boot Locates boot-device boot Reads bootblk boot Loads bootblk
bootblk Loads Secondary Boot Program (ufsboot) ufsboot Loads kernel 32-bit or 64-bit kernel
kernel = genunix / unix
kernel Reads Configuration File /etc/system kernel Initializes itself and Load Modules
78
79
80
The /etc/system file can explicitly control The search path for default kernel modules to be loaded at boot time The root file system type and device The modules that are excluded from loading automatically at boot time The modules to be forcibly loaded a boot time, rather than a first access The new values to override the default
Training Professional Center 81
Form
S,K[0-9][a-z][A-Z]
S10webserver S20dbserver
/etc/rc3.d
S10webserver S20dbserver
83
84
script1 script2 script3 K10xxxx /etc/init.d/script1 K20yyyy /etc/init.d/script2 S10xxxx /etc/init.d/script1 S20yyyy /etc/init.d/script2
/etc/rc1.d /etc/rc3.d
Run RC script $> /etc/init.d/script1 [start | stop] $> /etc/rc#.d/S10xxxx [start | stop] $> /etc/rc#.d/K10xxxx [start | stop]
85
Inode #
Inode #
86
Run Control Script Initialize, Booting # /sbin/rc# /etc/rc#.d/* start # /sbin/rc3 /etc/rc3.d/K##xxxx start # /sbin/rc3 /etc/rc3.d/K##yyyy start # /sbin/rc3 /etc/rc3.d/K##zzzz start # /sbin/rc3 /etc/rc3.d/S##xxxx start # /sbin/rc3 /etc/rc3.d/S##yyyy start # /sbin/rc3 /etc/rc3.d/S##zzzz start
Training Professional Center 87
init
88
Become root / superuser # telinit [run level] (Recommend) # init [run level] shutdown y g [period] i [run level] [message] # shutdown y g 30 i 6 System will shutdown
Shutdown
89
Starting Up Systems
Booting Protocols
90
Turn off system power because of power outage Change kernel parameters in /etc/system Perform system maintenance, backup or restore system data Repair system configuration file /etc/system Changing pseudo device parameters in /etc/system Add or remove hardware from system Boot kernel debugger to track down system problem
91
/var/adm/messages halt d (save in swap file system) /tmp dumpadm (configure crash dump) savecore (/var/crash/hostname) SPARC IA
92
IA
Screen selection mode
b s # mount /dev/dsk/c0d0s0 /a # cd /a/etc # vi passwd (in case of user recorvery) # vi shadow (in case of password recovery)
93
Starting Up Systems
Search text in file
grep search string filename # grep Aug 22 13:56 /var/adm/message # grep i Aug 22 13:56 /var/adm/message egrep # cat > filename
Type content Ctrl-C
95
Not recommendation
/usr/sbin/halt /usr/sbin/reboot /usr/sbin/uadmin 2 0
96
97
Review Day1 Day1 Introduction to Solaris 10 System Concepts and Choosing Hardware Solaris 10 Installation Initialization, OpenBoot PROM, and Run Levels
98
99
Day 2 System Essentials Introducing the Solaris OE Directory Hierarchy Managing Local Disk Devices Managing the Solaris OE File System Performing Mounts and Unmounts Installing Software, Live Upgrade, and Patching Text Processing and Editing Shells, Scripts, and Scheduling Process Management
Training Professional Center 100
101
Symbolic link to /usr/bin (binary files of standard system command) Primary directory for logical device names - soft link point to device files in /devices
Dialup device - modem Block disk device Frame buffer device File descriptors (fd0=stdin, fd1=stdout, fd2=stderr) Logical volumn management metadisk devices Pseudo disk devices Raw disk devices Tape device Audio device Serial devices
/cua /dsk /fbs /fd /md /pts /rdsk /mnt /sound /term
/devices
/acct Configuration info accounting /cron.d Configuration cron utility /default Default info for various program /inet Network services /init.d Script for changing between run levels /lib Dynamic linking libraries /lp Printer subsystem /mail mail subsystem (sendmail free) /nfs NFS server logging /opt Optional packages /rc#.d Script enter/leave specific run level number /skel Default shell initialization files for new user accounts
103
104
usr = UNIX System Resources /bin Standard system commands /ccs Compilation programs and libs /demo Demo program and data /dt Common Desktop Environment (CDE) software /includes Header files C program /java Java program and lib /kernel Platform-independent loadable kernel module that are not generally required /lib Various program lib, bin /opt Configuration file for program /sbin System command /spool Symbolic link to /var/spool directory
/var
Introducing File Components File Name Inode Number Data Blocks - Name of file - Owner, permission, size - Data
106
Identify File Types Regular files Directories Symbolic links Soft links Device files
107
108
Symbolic Links
109
110
111
Regular Files
112
113
Directories
114
Symbolic Links
115
Device Files
116
117
118
119
Create and Remove - Soft and Hard Links Character-special devices = raw devices Block-special devices = block device # ln s file1 link1 soft link # ln file1 file2 hard link # ls l # ls li inum = 1282 # find . inum 1282 # rm file1
Training Professional Center 120
Hard Link
Same inode # ln file1 file2 rm file1, file2 exists File only, same FS
121
122
123
124
125
126
127
Disk Division/Slices
128
Disk Slices
129
130
Disk Slice Name SCSI Configuration Small Computer System Interface = SCSI
Disk Number = Logical Unit Name (LUN)
131
132
133
134
Introducing Solaris OE Device Naming Convent. Physical device names - The /devices Directory structure
135
136
Reconfiguring Devices
Reconfiguring Devices
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
File system
root swap backup /opt /usr /export/home -
Description
Hold files and directories that make OS Provide virtual memory or swap space Refer to the entire disk, by format command Up to design Up to design Hold App software added to the system Hold OS command, run by users, document, system program Hold home folder from remote system Contain the boot slice info at the beginning of Solaris partition enable boot from HDD Provide area reserved for alternative disk block. Alternative sector slice.
Client/Server
Both Both Both Both Both Both Both Both Both Both
156
157
158
159
160
161
= unix file system (Berkeley fast file system) = high sierra file system (CD-ROM) = PC file system (DOS, FAT32) = universal disk format file system (Optical storage DVD, CD-ROM)
162
nfs = network file system, allows users to share file tmpfs = temporary file system (/tmp), created and destroyed every time the system is reboot swapfs = swap file system is used by kernel to manage swap space on disk fdfs = file descriptor file system /dev/fd/0, /dev/fd/1
#/dev/fd/0 = stdin = < 0< #/dev/fd/1 = stdout = > 1> #/dev/fd/2 = stderr 2> #/dev/fd/3 = file name
procfs = process file system contains a list of active processes /proc such as #ps mntfs = mount file system provides read-only info from kernel
in
163
164
165
VTOC The bootstrap program (bootblk) resides in the 15 disk sector (Sector 1-15), Only the / (root) file system has an active boot block. The number of data blocks The number of cylinder groups The size of a data block and fragment A description of the h/w, derived from the label The name of the mount point File system state flag: clean, stable, active, logging or unknown
166
Boot Block
The replication protects the critical data in the superblock The number of Inodes The number of data blocks in the cylinder group The number of directories Free blocks, free inodes, and free fragments in the cylinder group The free block map The used inode map
167
The type of file and the access mode The UID and GID The size of the file The link count The time the file was last accessed and modified and the inode change The total number of data block used by or allocated to the file Two types of pointer direct pointers and indirect pointers
168
169
170
172
Checking the File system by using fsck command Data Inconsistencies checked by fsck command
173
Checking the File system by Using fsck command Checking the File system # fsck y /dev/rdsk/c0t0d0s0 # fsck y /export/home mount point # fsck o f,p /dev/rdsk/c0t0d0s5 where f = forces a file system check state of regardless mark clean flag p = Check and fix file system
Caution: Never run the fsck command on a mounted file system, / (root), /usr and /var if need run on single mode (# init 0)
Training Professional Center 174
Checking the data consistency of File system # fsck /dev/rdsk/c0d1s0 Finding whether need to checking
/dev/rdsk/c0d1s0 /export/data # umount /export/data # fsck m /dev/rdsk/c0d1s0 If need, init S or s # fsck /dev/rdsk/c0d1s0 # man fsck
175
176
177
178
179
Monitoring File System Use Using the df command Using the du command Using the quot command Using the SMC usage tool
180
# df k # df h
Training Professional Center 181
# du k # du ak /opt # du sk /opt
Training Professional Center 182
Monitoring File System Use - quot quot display how much disk space in Kbytes, is being use by users
-a = report on all mountd file system -f = includes the number of files
183
184
Working with Mounting Fundamentals Virtual file system table: /etc/vfstab The /etc/vfstab file lists all the file system to be automatically mounted at system boot time, with the exception of the /etc/mnttab and /var/run file system # more /etc/vfstab # more /etc/mnttab
185
Clear passwd
# sync # init 0 Insert Solaris Installation CD ok> boot cdrom s # EDITOR=vi # TERM=sun # export EDITOR TERM # mount /dev/dsk/c0t0d0s0 /a # vi /a/etc/passwd # vi /a/etc/shadow # pwcov Stop+A = OK prompt
Training Professional Center 186
HDD
187
Performing Mounts
Automatic read from /etc/vfstab # mount /export/home
# mount o ro /dev/dsk/c0t0d0s6 /usr # mount o ro,nosuid /dev/dsk/c0t0d0s7 /export/home # mount o noatime /dev/dsk/c0t0d0s7 /export/home # mount o nolargefile /dev/dsk/c0t0d0s7 /export/home # mount o logging /dev/dsk/c0t0d0s7 /export/home # mountall mount at /etc/vfstab file # mountall -l
Training Professional Center 188
Performing Mounts Mounting a new file system # mkdir /database # mount /dev/dsk/c1t4d0s0 /database # mount check to determine if the file system is mounted # vi /etc/vfstab add line entry for the new file system
/dev/dsk/c1t4d0s0 /dev/rdsk/c1t4d0s0 /database ufs 1 yes logging
189
Performing Unmount
# umount /export/home # umount /dev/dsk/c0t0d0s7 # umountall # umountall l Error Message Umount: file system name busy - A program is accessing a file or dir in file system - A user is accessing a file or dir - A program has a file open - The file is being share /etc/vfstab
191
Fuser Command
List all of the process that are accessing and kill them if necessary
# umount f command Force the umount of a file system # fuser cu mount_point # fuser ck mount_point Send SIGKILL to each process # fuser c mount_point # umount mount_point Using the umount f command # umount f mount_point
Training Professional Center 192
194
Directory Location
First diskette drive
First PCMCIA
Directory Location
List the path for mounted device that do not contain file system
Troubleshooting vold problem If a CDROM fails to eject from the drive, as the root user attempt to stop volume management. If this is unsuccessful kill the vold daemon # /etc/init.d/volmgt stop # pkill -9 vold # /etc/init.d/volmgt start # eject cdrom
197
Review - Day 2 Introducing the Solaris OE Directory Hierarchy Managing Local Disk Devices Managing the Solaris OE File System Performing Mounts and Unmounts
198
199
Day 3
Installing Software, Live Upgrade, and Patching Text Processing and Editing Shells, Scripts, and Scheduling Process Management System Security File System Access Control Role-Based Access Control Users, Groups, and the Sun Management Console Kerberos and Pluggable Authentication
Training Professional Center 200
201
Freeware URL
http://sunfreeware.com
202
Displaying information for all packages Displaying information for a specific package Displaying information for software packages
Adding a software package Checking a package installation Removing a software package Adding packages by using a spool directory Reviewing package administration
Training Professional Center 203
Package Installation
Web Start Wizard Insert CDROM package # cd /cdrom/cdrom0 # ./installer Select desire to install Command Line # pkginfo [Package Name] check if exist. # pkgrm [Package Name] remove package # pkgadd d [datastream, Path] [Package Name] install package
Training Professional Center 204
Core
205
Package Installation
View the name of the cluster configuration
# grep METACLUSTER /var/sadm/system/admin/.clustertoc
Determine which cluster configuration has been installed on the system # cat /var/sadm/system/admin/CLUSTER
206
Solaris Product Registry # prodreg GUI - View software package installed in system - Add/Remove software package
207
209
211
212
Transferring <SUNWns6m> package instance # ls -al /var/spool/pkg # pkgrm s spool SUNWns6m remove from spool
Workshop: Package Installation Enable FTP server Enable root access FTP server
Transfer file
Open browser: ftp://192.168.9.57 Login FTP user/password Copy files to local host
215
Install package
# file filename check file type # pkgadd d [datastream, package] # pkgadd d top-3.6-xxxx
Following the steps of package installation
216
217
218
#CONSOLE=/dev/console
Comment out
# gedit /etc/default/init LANG=C Default English POSIX ** Comment out others #LC_*
219
220
Remote login via Xwindow Logout to login-screen Click Option Select Remote Login Select Host Name/IP address Select Choose from List
221
222
Managing Software Patches on the Solaris OE Preparing for Patch Administration Introducing Solaris OE patches
Type of Patches
Signed / Unsigned Digital Signature
Patch contents
223
Managing Software Patches on the Solaris OE Installing and Removing Patches Installing a patch Removing a patch Installing patch clusters
224
http://sunsolve.sun.com Recommend Cluster Patch Checking Patch Levels # showrev p # patchadd p # ls /var/sadm/patch
Training Professional Center 225
226
227
Live Upgrade Separate boot environment (BE) Install new OE files to alternative location System need to be rebooted only once If new boot environment fails, the old will take action System layout and configuration can be different from existing Allow to fine-tune the existing configuration
Training Professional Center 228
Live Upgrade
229
Live Update 1. Update patch of LiveUpgrade ** From Installation CD/DVD 2. Add HDD for new BE 3. Become to runlevel 1 (Single User Mode) # init 1 or # /etc/telinit 1 # lu Live Upgrade Application
Training Professional Center 230
231
Visual Display Editor (vi) 3 Modes Command Mode Edit Mode Last line Mode
Last line Mode Command Mode
a,i,o,A,I,O
:
Esc Auto switch Esc Edit Mode
:q = quit from vi :w = save to file :q! = force to quit (save?) :w! = force write (read only?)
232
TextText-Processing Utilities
Operation
> Redirects standard output to file >> Appends standard output to file < Redirects file contents to standard input << Appends file contents to standard input # echo This is Redirection 1 > /tmp/output.txt # echo This is Redirection 2 >> /tmp/output.txt # more < /tmp/output.txt # more << /tmp/output.txt
Man
233
TextText-Processing Utilities
Grep
# grep keyword filename.txt # echo Text > filename.txt # echo $PATH # sort filename.txt # sort filename.txt > filename-sort.txt # diff file1.txt file2.txt
234
Echo
Sort
Diff
235
Understanding Shells
236
Changing Shells from command line # sh Bourne Shell # csh C Shell # ksh Korn Shell # bash Bourne Again Shell # zsh Z Shell Exit from Shells # exit
Training Professional Center 238
Unix Shell
C Shell (/bin/csh)
Bourne
C Shell
239
Prompt Shell
Bourne Shell ($) C Shell (%) Korn Shell ($) Admin (#) Shell # /bin/sh # /usr/bin/bash # /bin/csh # /bin/ksh Shell # exit Shell
240
Shell Variables
Bourne/Korn HOME LOGNAME PS1 PATH PWD # set # env Shell Variables C Shell home user prompt path pwd Home Direcoty Userid/name Prompt Search Path Current Direcoty
241
Shell Variable
Bourne/Korn # PS1=MyPrompt> # PS1=MyPrompt> # PATH=$PATH:/usr/bin:/usr/java/bin Public # Variable=Value # export Variable # Variable=Value; export Variable # PS1=MyPrompt>; export PS1 # PATH =$PATH:/usr/bin:/usr/java/bin; export PATH C Shell %> set prompt=MyPrompt> %> set path=($path /usr/bin /usr/java/bin)
Training Professional Center 242
Bash Shell
Prompt PS1=\s-\v\$ bash-3.00# __ PS1=\u@\h<\w>$ root@host</tmp>$ __ \s = Shell name \v = Version \u = User id \h = Hostname \w = Working Directory
Training Professional Center 243
przzz
244
Bash Shell Session History Key Up / Down # history [enter] (List history command) # !no [enter] # !4 [enter]
245
Korn Shell - Completion # set o emacs # cd /ex [esc][esc] # cd /export # cd /t [esc][esc] # cd /tmp
246
Review Day 3 Installing Software, Live Upgrade, and Patching Text Processing and Editing Shells, Scripts, and Scheduling
249
250
Day 4
Process Management File System Access Control Role-Based Access Control Users, Groups, and the Sun Management Console Backup and Recovery Printer Management Basic Networking
251
[&] is for running as background process CTRL-Z # bg # fg (For running as forground process # find / -name init print
CTRL-Z # bg
# processname
Start / Stop process Show all SIGNALs # kill l Send SIGNAL to process # kill [-signal_name] pid # kill [-signal_number] pid # kill -1 728 Send SIGHUP to PID=728 # kill -HUP 728 Send SIGHUP to PID=728
Training Professional Center 253
/usr/sbin/cron
# cd /etc/cron.d
254
Crontab
crontab [-u user] {-l|-r|-e} -u user -l -r -e cron User cron vi cron
Crontab e
255
crontab
256
crontab e * * * * * /bin/echo "Do every 1 minute: `date` 0,30 * * * * /bin/echo "Do every half hour: `date` * 19 * * * /bin/echo "Do 1 hour since 19:00-19:59: `date` * * 22 * * /bin/echo "Do everytime in date 22: `date` * * * 3 * /bin/echo "Do everytime in March: `date` * * * * 4 /bin/echo "Do everytime in Friday: `date` 0 19 22 3 4 /bin/echo "Do once on Friday 22 March 19:00: `date` 257 crontab l
# vi /var/spool/cron/crontab/root # ps ef | grep cron # kill [cron pid] restart cron to read new crontab # date check time/date Execute /tmp/echo.sh /var/spool/cron/atjobs/[jobid] # at m 1141 at> /tmp/echo.sh CTRL-D
Training Professional Center 258
LAB: Crontab
10:10 25 Jan 2007 /tmp/echo.sh 10 10 25 01 04 /tmp/echo.sh 10 10 25 1 4 /tmp/echo.sh 10 10 25 1 * /tmp/echo.sh Run command every 3 hours * 0 * * * command * 3 * * * command * 6 * * * command * 9 * * * command * 12 * * * command * 15 * * * command * 18 * * * command * 21 * * * command
Training Professional Center 259
Mail client - mailbox # mail ? [enter] Show command for mail client Mailbox of sendmail # more /var/mail/[username]
260
261
Introducing to Solaris Management Console # smc & SMC Service # /etc/init.d/init.wbem status # /etc/init.d/init.wbem stop # /etc/init.d/init.wbem start ** Console / Terminal ** Slow loading
Training Professional Center 262
263
264
Find Disk space # df k (1K block) # df h (1K unit KB, MB,GB) Find Disk Usage # du k [pathname] (1k block) # du h [pathname] (1K unit KB, MB,GB)
Training Professional Center 265
266
267
268
Tools for adding and admin user accounts # smc & # useradd # userdel # usermod Creating password for user # passwd username
269
Setting Up & Admin Groups # groupadd mygroup # groupadd mysale # groupadd mygroup2 Group Name <= 8 Chars Groupid automatic generate (gid=100) File /etc/group Group Modify group information # groupmod g [gid] n [newname] oldgroup
Training Professional Center 270
Password 8 ( )
Password Password
p@ssw0rd
272
/usr/bin/bash
Environment/Profile User
# su - userid/username
Environment/Profile User
Environment/Profile user
Home directory .profile (Bourne) .bashrc (Bash Shell) .cshrc (C Shell) .kshrc (Korn Shell)
Login by using Login Screen (CDE/JDS) Start machine Popup Login screen Type
username: password:
275
Link Profile
Create Soft / Symbolic Link # ln s [source file] [destination file] # ln s [source dir] [destination dir] Link Files # ln s .profile .bashrc # ln s .profile myprofile Link Directory # ln s /usr/bin /bin Remove Link # rm linkname
Training Professional Center 276
Link Profile # ls -l
277
278
279
RBAC Databases Key concepts: sudo allow privileged role to be assigned to various users (has some limitation) RBAC Role-Based Access Control To define role for managing special tasks or set of tasks.
Training Professional Center 280
Roles Primary Administrator PA Assigns rights to other users and is responsible for security System Administrator SA Is responsible for day-to-day administration that is not security-related Operator Performs backups and device maintenance
Training Professional Center 281
Roles
282
Roles
283
Roles
284
285
286
287
288
Administering Systems
289
Determine Hostid
Check HostId = HEX 8 Bytes # hostid # sysdef h 04990A1A # sysdef > /tmp/sysdef.txt Host Information # uname a # more /etc/release Display System Information # prtconf
Training Professional Center 290
291
Changing Timezone Edit in file /etc/TIMEZONE TZ=Asia/Bangkok The complete list of time zone variables /usr/share/lib/zoneinfo
292
293
294
296
297
298
/backup/full.dat
299
Backup & Restore File System List table of content # ufsrestore ta /backup/full.dat Extract data from backup device # ufsrestore ia /backup/full.dat ufsrestore> help ufsrestore> ls ufsrestore> add [filename] ufsrestore> extract
Training Professional Center 300
Backup & Restore File System Creating tar/gzip format # tar cvf - ./etc | gzip - > /export/data/full.tgz Extracting tar/gzip format # gunzip full.tgz tar xvf full.tar OR # gzcat /export/data/full.tgz | tar xvf -
302
Quota Manager
303
304
Syslog
305
306
307
308
Printing Service
309
310
311
312
313
Attached Printer
# lpadmin # lpq
Training Professional Center
Network Printer
314
Setting Print Server Printer Name Server Name Network printer access name IP address for the printer Protocol (TCP)
315
317
318
Internet
319
Internet
60
320
Internet
321
Internet Activity Board IAB RFC
Engineering Task Force
http://www.iab.org
IRTF IETF
IESGIESGIESG IESG
Engineer Steering Group
322
www.iana.org Internet Assign Name Authority Whois > IP address Name space IANA
AfriNIC
APNIC
ARIN 199.xx
RIPE 201.xx
LACNIC
JP
TH
SG
202.xx 203.xx
Training Professional Center 323
ICANN
CCTLD .th
www.thnic.net
.jp
.com
.net
.gov
324
AFNIC a. b.
APNIC c. d. e.
ARIN f. g. h.
RIPE i. j. k.
LACNIC l. m.
325
Root Server ( ) )
. S1 DNS Server .com S3 Delegated DNS abc.com Forwarder xyz.com S2
Delegated DNS S5
326
327
Simple Network
328
Class of IP Addresses
329
330
331
Interface name (pcn0,pcn1,) Sub interface (pcn0:0, pcn0:1, pcn0:2) Create file hostname.pcn0:0 hostname.pcn0:1 hostname.pcn0:2 Create file /etc/hostname.pcn0 /etc/hostname.pcn1 /etc/hostname.pcn2 /etc/hosts 192.168.1.1 hostname0 192.168.1.2 hostname1 192.168.1.3 hsotname2
Multi-Home (NICs)
332
IP address1 hostname1 IP address2 hostname2 IP address3 hostname3 hostname.pcn0:1 hostname1 hostname.pcn0:2 hostname2 hostname.pcn0:3 hostname3
333
/etc/hostname.[interface]:[1-99]
Configure Host and IP address w/ Multi-NICs Multi# touch /reconfigure # init 5 Install Network Cards Power On # cd /etc # vi hosts
IP address0 hostname0 IP address1 hostname1 IP address2 hostname2 hostname.pcn0 hostname0 hostname.pcn1 hostname1 hostname.pcn2 hostname2
/etc/hostname.[interface]
334
Edit /etc/hosts
192.168.1.200 suwit001 suwit001
DHCP Client
# /sbin/dhcpagent
Request Network Information from DHCP Server
Training Professional Center 335
Check ip address Check routing table (Look for line default) nameserver 202.xx.yy.zz Check nameserver (DNS)
# netstat rn netstat r n # more /etc/resolv.conf # more /etc/defaultrouter [Static ip] Manually add routing table # route add default [gateway ip]
# route add default 192.168.1.1
Training Professional Center 336
pcn0 .10
pcn1 .10
192.168. 192.168.1.1
203.151.100. 203.151.100.0 / 24 Route add [NetworkID] [Gateway IP] # route add 0.0.0.0 203.151.100.1 # route add default 203.151.100.1
Training Professional Center
192.168. 192.168.1.0 / 24 Route add [NetworkID] [Gateway IP] # route add 192.168.9.0 192.168.1.1 # route add 192.168.9.9 192.168.1.1
337
Package Installation
Get file lsof.4.74*local.gz # gunzip lsof4.74.gz # lsof4.74*local # pkgadd d lsof*local
/usr/local/bin /usr/local/man
Solaris Router
Internet 192.168.1.1
Static Route
192.168.1.3 Routing table
192.168.9.1
192.168.1.2
192.168.2.0
340
341
NFS
Data share
NFS Server
Computer
/mnt/data /mnt/public
Computer
/etc/init.d/nfs.server start
Client $> mkdir /export/share $> mount F nfs hostname:/export/share /export/share $> mount Check mounting $> df Check mounting
Training Professional Center 343
344
NFS (Network File System) Client # umount /export/share/xxx Server # unshare /export/share # /etc/init.d/nfs.server stop
345
DNS History
30 Internet 500 192.168.1.55 local.domain IP 192.168.1.56 r1.domain SRI-NIC >> Hosts Change
346
BIND
Root >> Delegate
347
348
SSH
349
350
351
Review Day 4
Process Management File System Access Control Role-Based Access Control Users, Groups, and the Solaris Management Console Backup and Recovery Printer Management Basic Networking Network File System and Caching File System
352
353
Day 5
Basic Networking Webmin Administrator Tools (Solaris, Linux) Network Information Service (NIS/NIS+) Domain Name Service Lightweight Directory Access Protocol (LDAP) Sendmail Samba Application Development and Debugging Web Applications and Services DHCP and NTP Routing and Firewalls Remote Access Internet Layer (IPv6)
354
Webmin Installation
Components Webmin Server
Webmin Client Installation Get package from http://www.webmin.com File webmin-1.310.tar.gz # cd /usr/local # gzcat /xxx/webmin-1.310.tar.gz | tar xvf # cd /usr/local/webmin-1.310 # ./setup.sh
Training Professional Center 355
Webmin Installation
* Default answer Enter * User: admin * Password: xxxx * Start webmin at boot: y/n Start & Stop Webmin Server # /etc/init.d/webmin [start | stop] Client Access - Windows XP: Open IE - Solaris: Open Browser http://192.168.9.130:10000
356
Webmin Installation
Client Access http 10000 http://webminserver1:10000 https Install Perl SSLeay package https://webminserver1:10443
357
Authentication
Authentication Server NAS RADIUS Active Directory LDAP TACACS Single Sign On (SSO) NAS
NAS
358
Network Information Service (Server) Domain Name Service (Server) Lightweight Directory Access Protocol (X.500) vs MS ActiveDirectory (X.500)
DNS
LDAP
359
NIS Setting up NIS Server # svcadm enable network/nis/server # svcs network/nis/server # domainname training.net File /etc/defaultdomain training.net # ypinit m # ypstart
360
Service Administration
361
Service Administration
Output
362
Service Administration
NIS Slave NIS Master passwd group hosts YP DB ipnode user1 192.168.9.1 192.168.9.2 192.168.9.3 192.168.9.4 192.168.9.5 192.168.9.6 w1 w2 w3 w4 w5 s1
YP DB
user1
NIS Client
363
NIS Setting up NIS Client # domainname training.net # ypinit c # ypstart Edit file /etc/nsswitch.conf
365
Service Ports (TCP / UDP) Service: 1-65535 Server Service: 1-1023 Client/App Service: 1024 65535 Check current service ports # netstat an | more
366
R* command
Telnet
Rlogin
SSH
Training Professional Center 367
Remote Login
Desktop Manager
Click Remote Login Click Choose from list
Remote Login Remote host must be configured # /etc/hosts.equiv # $HOME/.rhosts hostname username 192.168.9.196 root,user1,user2 + All hosts, users
369
Remote command # rlogin l user1 192.168.9.130 # rup 192.168.9.130 # rsh l user1 192.168.9.130 prstat
# rcp user1@192.168.9.130:/etc/passwd /tmp/passwd # rcp /tmp/passwd user1@192.168.9.130:/etc/passwd
Training Professional Center 370
Check remote system how long be up # rup hostname [ip address] Check remote system alive # ping hostname [ip address] # ping s hostname (infinity loop - Solaris) # ping t hostname (infinity loop - Windows)
371
FTP Client
Computer
/var/ftp/pub
372
ftp> help ftp> get [filename] download ftp> mget [filename *.*] multiple get ftp> put [filename] upload ftp> mput [filename *.*] multiple put ftp> binary Binary file (exe, jpg, gif) ftp> ascii Text file (txt) ftp> prompt Toggle interactive mode ftp> hash Show Progress print # ftp> quit / bye
373
374
375
What is apache?
Apache Web Server Internet Solaris apache
376
What is HTTP?
.htm, .html
Computer
377
/etc/rc3.d/S50apache [start|stop]
Configuration file
# cp /etc/apache/httpd.conf-example httpd.conf # /etc/rc3.d/S50apache start
Web Browser
379
380
381
382
Solaris IP Filter Firewall http://www.muine.org/~hoang/solnat.html Lock down the box Setup network interfaces in the Solaris box Enable packet forwarding, dhcp, firewall and network address translation Configure machines behind NAT Familiarize with IPFilter IPsec Reference
Training Professional Center 383
384
What is SAMBA?
Microsoft Networking UNIX
385
Samba
137-139
Linux
SAMBA Configuration SMB Server Message Box (Microsoft) Script file location
# /etc/rc3.d/S90samba [start|stop]
This form allows you to synchronize the Unix and Samba user list. When Samba is using encrypted passwords, a separate list of users and passwords is used instead of the system user list. The list of users not to convert can contain usernames, UIDs, group names prefixed with an @, or UID ranges like 500-1000 or 500Change UID greater than 1000 # usermod u 1001 user1
388
389
390
DNS Setting
Map DomainName IP address Components DNS Server
Zone Domain name Record (MX Mail Server, NS Name Server, A ServerIP) Configuration file /etc/named.conf
DNS Client
# nslookup www.webmin.com
66.35.250.210
391
DNS Operation
www.google.com www.google.com 66.xxx.xxx.xx 66.xxx.xxx.xx
66.xxx.xxx.xx
http://www.google.com
392
NS Record
192.168.9.130
A Record
serverA 192.168.9.149
MAC1
MAC2
MAC3
MAC4
394
DHCP Setting Automatic IP setting DHCP Server # /usr/sbin/dhcpd Configuration file /etc/dhcpd.conf Location /etc/dhcp/*.* DHCP Client # dhcpagent DHCP Client # /etc/dhcp.[interfaceName] # /etc/dhcp.pcn0
Training Professional Center 395
396
E-mail
wichai@lumplang.com 2
DNS: MX 3
SMTP
lumplang.com 5
397
C Shell setenv path ( $path /sbin /opt/sfw/bin . ) %> source [.cshrc] Full Path of profile
Recognize Problem with Permission, Ownership Change permission of file for execution
400
401
402
Zone configuration
403
Zone configuration
404
405
Main web site Discussions/Forums Free Software Updates & Patches Documents
406
Thank You
407