Chapter 1 Installing Solaris 10 OS

S.No 1 2 3 4 5 6 Sun Software Groups Minimum Reduced Network Core End User Entire Distribution Entire+OEM Distribution

Chapter 3 Managing Local Disk Devices

Disk Logical Components
SUNWCmreq SUNWCrnet SUNWCreq SUNWCuser SUNWCall SUNWCxall Sector Track Cylinder Slice Min 512 Bytes End-to-End Collection of Sectors Stack of Tracks Grouping of Cylinders (0-7) Partition the Hard Disk Format (Reads /etc/format.dat for table of available disk types) & (Set of Pre-defined Partition tables)

Disk Labels
Disk labels VTOC (Volume table of contents) is stored on the first sector of the disk (MBR) Label a Disk: Slice Information on Disk (Write) Disk label: Partition Table On Disk Disk Label (VTOC) Verify In Memory Current Partition Table Print /etc/format.dat Partition Table Storage Select

Device Naming (Logical)

/devices /Dev Physical Device Names Logical Device Names

Installation Methods
Sun Install Flash Install Solaris installation GUI Solaris installation CLI Solaris Custom Jump Start (Unattended) Solaris Flash Archieve (Ghost Installation) Solaris WAN Boot Solaris Upgrade a. Standard Upgrade b. Live Upgrade

Disk Slice Naming

Controller Number (HBA) Host Bus Adapter controls send/receive info Target Number Unique Hardware Address (Switch/Jumper) Disk Number Logical Unit Number (LUN) Slice Number Slice Number ranging 0-7

Six Different ways of installion

Managing Disk Labels

Two methods for managing disk labels 1. Verify ( format> verify {To read disk VTOC}) 2. Prtvtoc (prtvtoc /dev/disk/c0t0d0s1) Relabeling a Disk Backup VTOC to Data file Save VTOC to file (Data file) Fmthard s datafile /dev/rdsk/c#t#d#s2 Fmthard - s Fmthard s /dev/null (data file) {Initialize VTOC)

Device Naming (Physical)

Physical Device Name: Node Names+Seperated by slashes indicate device path. ../..device/pci@if,0/pci@1,1/ide@3/dad@0,0:a

Device Tree: 2 Levels To View/List the names of Cluster Configuration

# grep METACLUSTER /var/adm/system/admin/.clustertoc Device recognized during Boot/POST Device recognized by device driver through kernel

To Determine which Cluster configuration installed

# cat /var/sadm/system/admin/cluster

Directory Hierarchy:

Chapter 2 Introducing Solaris 10 OS Directory Hierarchy

Solaris Create following Default File Systems with their respective Slice No Slice No 0 1 2 3 4 5 6 7 File System Root Swap Entire Disk /var /Opt /User /export/home

Root (Top Most) |- Busnexus Node |- Leaf Node Instance Names: Instance names are shortend abbreviated names assigned by kernel like sdn sd is disk number & n is number of SCSI Dadn dad is Direct Access Disk name for IDE Listing System devices Several ways to list system devices 1. /etc/path_to_inst 2. Prtconf 3. Format Reconfigure/Add New Device There are two methods for reconfigure & adding new device 1. Boot Process (touch /reconfigure file, init 5, install, init 6) 2. Devfsadm (devfsadm c {device class}=disk/tape) (Add entries in /dev, /devices & /etc/path_to_install

Chapter 4 - Managing Solaris File Systems

Collection of Files & Directories Disk Based File Systems Distributed File Systems Pseudo File Systems Disk Based File Systems UFS (Unix File System) Fast & Allow to grow multiple tera-bytes in size HSFS (High Sierra File System) Special Purpose File System for CD PCFS (PC File System) Allows the solaris to access PC-DOS file systems UDFS (Universal Disk Format File System) - Used for Optical Storage (DVD/CD), Allow Universal data exchange (Read/Write) Distributed File Systems - Provides network access to file system resources NFS Allow users to store files among many types of systems on the network Pseudo File System Memory based file systems provides better performance & access to Kernel information.

Tmpfs Temporary File System reduces overhead of writing to disk based file systems, tmpfs is created & destroyed on boot. Swapfs Swap File System is used by Kernel to manage swap space on disk Fdfs Provides explicit name for opening files by using file descriptors Mntfs Provides information from Kernel about locally mounted file system Procfs List of active process in /proc directory & listed by process number Objfs Used by Kernel to store information about currently loaded modules. Objfs is used for /system/object Devfs Manage name space of all devices. Devfs is used for /devices Ctfs used by SMF to track process which compose a service. Disk Label (VTOC) Contain partition table in first disk sector 512 byte block (sector 0) Boot Block (bootblk) Reside in 15 sector (1-15). Only root file system has an active bootblk. Space is allocated for boot block at the beginning of each file system Primary Super Block Resides in 16 sectors (16-31), contains information that describes the file system Backup Super Block copy of super block created at sector 32. Protect the critical data against catastrophic loss Cylinder Groups Each file system is divided into cylinder groups improves disk access, By default min size 16 cylinder per group. File system stores large files across several cylinder groups. Cylinder Group Block A table that describes the cylinder group Pointers There are two types of Pointers 1. Direct Pointers 12 direct points inside the Inode, reference 8KB data blocks for a file upto 96KB 2. Indirect Pointers 3 types of indirect pointer inside Inode Single Indirect Pointers 16MB of data Double Indirect Pointers 32GB of data Triple Indirect Pointers 64TB of data

To Change minfree on an existing file system Tunefs m %free #tumefs m 1 /dev/rdsk/c0t0d0s0 (Character/Raw Device) Checking File System (fsck) Fsck checks the data consistency of a file system and attempt to correct or repair any inconsistency or damaged found (before mounting file system) Never run fsck on the mounted file system Run fsck in a single user mode on system areas Status of the file system flag determine whether the file system need to be scanned by fsck If flag state is clean, stable, logging fsck will not run Non Interactive Mode (fsck) During normal system boot fsck operates in non-interactive mode (as preen or silent mode) address only minor inconsistency for serious inconsistency fsck terminates and request for root password and enter single user mode and execute fsck in interactive mode. Interactive Mode (fsck) , Fsck lists each problem it encounters followed by suggested corrective actions in the form of a question yes or no. To check single unmounted file system # fsck /dev/rdsk/c0t0d0s0 To check mounted file system # fsck /export/home # fsck o f,p /dev/rdsk/c0t0d0s0 (f: forced, P: Preen/Silent Mode) Monitoring File Systems

# quot Display how muchdisk space in kilobytes is being used by users # quot option file system # quot a Chapter 6 Software Package Package Collection of files & directories, Method of distributing software products & installing them in system Software Package contains Files describe the package & required amount of disk space Compressed software files Optional Scripts (Runs when package is added & removed) Package Database Complete record of all the software packages installed # more /var/adm/install/contents

Package Administration Pkgadd Install Package & update /var/sadm/install/contents Pkgrm Remove Package, Find/Remove & update /var/sadm/install/contents Pkgchk Check Package Installation state, if file/package installed or not Pkginfo Display information about installed packages Pkgtrans Translate package from file system -> data stream data stream -> file system Package Format File System consist of files and directories including pkginfo & pkgmap # ls ld sunwrsc Data Stream consist of single file # ls ld sunwrsc.pkg Internet Files - downloaded in data stream format # pkgtrans file_or_dir_path file_or_dir_path |pkg.name # pkgtrans /var/tmp /tmp/sunwrsc.pkg sunwrsc Package Administration Commands Package Add # pkgadd d /tmp/sunwrsc.pkg all (Data stream pkg) # pkgadd d sunwrts (File Syste) # pkgadd d http://instructor/package/sunwrsc.pkg all (Internet pkg) Package Remove # pkgrm sunwapchr (File System) # pkgrm s spool sunwauda (pkg added from default spool /var/spool/pkg) Package check # pkgchk l p showrew (To verify particular package)

Creating UFS File System with Newfs Command

Login as root user & run newfs # newfs /dev/rdsk/c0t0d0s1 (Character/Raw Device) Newfs reserves between 1% - 10% of file system depend on size of file system for maintenance. This free space referred as minfree To present minfree when creating new file system Newfs m (n)% free /dev/dsk/c0t0d0s0 (Block device) #newfs m 2 To verify minfree Fstyp v /dev/dsk/c0t0d0s0 |head # df Display number of free blocks (disk space used in / Total capacity of FS) # du Summarize disk use # quot Summarize file system ownership # df option resource (Amount used & Available space on disk) # df k (Disk allocation Kbytes # df h (Disk allocation in MB/GB Readable form) # du (Display number of Disk blocks used by directories and files.) (Each disk block consist of 512 bytes) # du k (Display disk usage in KB)

# pkgchk sunwladm (Check Contents & Attributes) # pkgchk v sunwladm (To list files in the pkg) #pkgchk p /etc/shadow (check Contents & Attributes of file) Package Information # pkginfo |more (Display info about installed packages) # pkginfo |wc l (List number of packages installed) st # pkginfo d /cdrom/cdrom0/SO/solaris_10/product |more (To check 1 CD) # pkginfo d /cdrom/cdrom0/solaris_10/product |more (To check any DVD) Streaming One/More Packages # cd /cdrom/cdrom0/SO/solaris # pkgtrans s product /var/tmp/stream.pkg sunwzlib sunwflpr # file /var/tmp/steam.pkg # pkgadd d /var/tmp/steam.pkg Package Administration Files and Directories /var/sadm/install/contents (Package Map & Package Database) /var/spool/pkg (Default spool Database) /opt/pkgname (Installation of unbundled Package) /opt/pkgname/bin or /opt/bin (Executable of unbundled Packages) /var/opt/pkgname (log file of unbundled pkg) /etc/opt/pkgname (log file of unbundled pkg) Patch Administration Patch Collection of files and directories, replace existing files and directories that prevent proper execution of software. Some patches contain product enhancement. Distributed as a directory. Patch Types Standard Patch Fix specific problem either Recommended Patch Fix problem occurs on large percentage of systems Firmware & Prom Patch Patch Cluster A group of standard, recommended security patches bundled in a single archive for easy downloading and Installation Access Patch Documentation World wide Web Patch update CD-ROM Anonymous ftp (ftp://sunsolve.sun.com) Use e-mail as a password, Publicly available patch documentation is in the directories (/patchroot/all_unsigned),(/patchroot/all_signed) Default ftp mode in solaris 10 is binary mode. Solaris 8 or early is ASCII To disable interactive ftp use ftp i sunsolve.sun.com Preparing patches for installation in commonly used directory /var/tmp Locating patch and readme file in /pub/patches directory.

Use zcat command to unzip patches Patch Administration Command Patchadd Install uncompress patches Patchrm Remove patches installed on Solaris OS Patch has to be in /var/tmp and unzip before install # patchadd 105050-01 (Patch & Patch Cluster) # patchadd p (Show all patches applied to a system) # showrev p (Show all patches applied to a system) # patchadd R (Show all patches applied to client from server console) # patchrm 105050-01 ( # ./install_cluster options SMPatch Download, apply and remove patch. Default location to download updates is /var/sadm/spool Sun Patch Server : https://updateserver.sun.com/solaris/ # smpatch get L SMPatch can analyze the patch requirements for system and automatically patch the system. (Like Windows Automatic Update Utility) Chapter Executing Boot PROM Commands Boot PROM (Monitor Program) Boot PROM firmware provides basic hardware testing and initialization prior to booting. The Boot PROM also enables you to boot from wide range of devices. Sun Sprac systems have Boot PROM chip of 1MB located on system board, as of 3.x they are permanently soldered to main system board. Ultra Workstation uses programmable Boot PROM (FPROM) Flash PROM allow you to new program through software instead of replacing chip. Desktop Systems have write-protect jumper that must be moved before you write to prom. Boot PROM also provide user with userinterface and firmware utility known as FORTH Command include Boot Commands, diagnostic command to modify default configuration. To determine the version of OpenBoot PROM # prtconf -V or # /usr/platform/uname m /sbin/prtdiag v # prtdiag v System Configuration Information System Configuration Information can be obtained from the banner command ok banner Information Include: Open boot revision/version, Model No, Serial No, Processor, Host ID, Ethernet/Mac Address, Memory Installed System configuration Information can be stored in one of three different components NVRAM (Battery Required) SEEPROM Serial Electronically Erasable PROM (No Battery Required) System Configuration Card Stop Key Sequence The stop key sequence has an effect on the open boot PROM and define how POST runs when a systems power is turned on. Stop-D Key Sequence Automatically switches to Diagnostic Mode Stop-N Key Sequence Set the NVRAM parameters to Default Values Stop-A (Abort) Key Sequence Bring system into command entry mode (OK Prompt) for open boot PROM. This is not a recommended method to get OK prompt unless there is absolutely no alternative. This key sequence can cause Solaris OS file system corruption which can be difficult to repair. Disable Abort (Stop-A) Sequence Disable the abort key sequence on the system to prevent possible corruption of a file system or to provide tighter security. To disable (Stop-A) abort sequence, edit /etc/default/kbd file and comment out the statement Keyboard_Abort=disable and execute the command kbd i The system allows Stop-A key sequence only during boot process. Also configure the system to change the keyboard abort sequence to an alternate key stroke. Basic Boot PROM Commands ok banner List useful information about the system including Open boot Version Model Number Serial Number Processor Host ID Ethernet/Mac Address Memory Installed Booting the System Boot command used to boot Solaris OS from the OK Prompt ok Boot device-name option ok boot Default Multi-user Mode ok boot s Boot in a Single-user Mode ok boot cdrom s Boot in a single-user Mode from CD-ROM ok boot a Boot the system Interactively ok boot r Boot in Re-Configuration Mode

ok boot v Display information to the console (Diagnostic) List NVRAM Parameters ok printenv Display Default & Current Settings of Parameters ok printenv boot-device Display a Single Parameter and Its Value Change NVRAM Parameters ok setenv parameter-name value ok setenv autoboot? False ok rest-all Halts the system clear all buffers & registers. Perform software simulated power-on and power-off of the system Restore NVRAM Parameters ok set-default ok set-default parameter-name

Chapter-9

Performing Boot and Shutdown Process

Service Management Facility SMF Provides centralized configuration structure for managing services. Interaction of services with other services A service can be an entity, a resource or list of capabilities to application and other services both local and remote A service is not necessarily a running process (such as Web Server). Service can also be software state of a device. A system can have more than one occurrence of a service running. Service Identifier Instance of service within SMF has a name which is referred to as a service identifier. Service identifier is in the form of a Fault Management Resource Identifier (FMRI) FMRI Type of service or category / name & instance of service Service Categories Application Device Legacy Milestone Network Platform (svc:/system/filesystem/root.default) Site System Listing Services # svcs Service States Online Offline Disable Legacy Run Uninitialized Maintenance Degraded

Milestone A milestone is a special type of service which is made up of a defined set of other services A milestone can be regarded as system state to reach. There are seven milestones. 1. Single User 2. Multi User 3. Multi User Server 4. Network 5. Name Service 6. System Config 7. Devices To determine current milestones # svcs |grep milestone Svcs.Startd Deamon Svcs.startd daemon is responsible for maintaining the system services. It ensures that system boots to appropriate milestone. The svc.stard daemon obtain information about services from the repository. If no milestone is specified built-in milestone all is used. Milestone that can be used at boot time are 1. None 2. Single User 3. Multi User 4. Al In order to boot the system in specific milestone (-m) option is passed to the boot command at ok prompt ok boot m milestone=single-user Service Configuration Repository Database Repository database store information about the state of each service Distributed among local memory and local disk based files. The disk based database is /etc/svc/repository.db The db file can be manipulated by using SMF Utilities (svccfg & svcprop) The repository is managed by svc.configd daemon Backup every change in repository to fallback Corrupted repository prevent system from booting Corrupted repository can be repaired by booting a system in single user mode and run the command # /lib/svc/bin/restore_repository

Reset All NVRAM Parameters Reset Specific Parameter to its default

Display Devices Connected to System Bus ok probe Display the peripheral devices connected to system ok sifting probe Display available various probe commands ok probe-scsi identify devices attached to SCSI controller ok probe-ide identify devices attached to IDE controller Identifying the System Boot Device Ok show-devs Display the Entire Device Tree Creating and Removing Custom Device Alias A portion of NVRAM called NVRAMRC contain registers to hold custom parameters and storing new device alias names By default external devices dont have aliases. NVRAM is effected by nvalias and nvunalias as well as parameter use-nvramrc Nvalias - Used to create new device alias name Devalias - Identify current boot device alias Nvunalias - Remove a custom device alias name ok nvalias alias-name device-path ok devalias alias-name device-path ok nvunalias alias-name View and Change NVRAM Parameters from Solaris OS (Running) # EEPROM /usr/sbin/eeprom # eeprom List All Parameters with Current Values # eeprom boot-device List Single Parameter and its Value # eeprom boot-device=disk2 Change Parameter Value # eeprom auto-boot=true Change auto-boot Value

Enabled, Successfully Started/Running Enabled, Not yet running / Available to run Not enabled, Not running Not Managed by SMF, Only Observed Initial State of All Services Instance encounter an Error Enabled, Limited Capacity

Run Levels Run Level 0 S 1 2 3 4 5 6

Milestone Single-user

Multi-user Multi-user-server

Function System is running PROM Monitor Single user mode with critical file systems mounted and accessible Single user administrative state with access to all available file systems Multiple users can access the system. All system daemon are running except NFS Multiuser operations and has NFS daemon running sharing resources Not Implemented System is shutdown and power-off System is shutdown and reboot to its default run level

To determine current run level of a system # who r .run level 3 Jun 20 21:30 3 0 S Where 3 Current Run Level S Previous Run Level 0 no of times this run level since last boot Changing Run Levels Change run levels by init command. Init command passes required run level to svc.startd daemon . Run levels can be changed by the following commands Shutdown Reboot Halt Power-off Svcadm can be used to change run level and achieving a milestone /sbin/init use information in /etc/inittab file (04 fields) Id:rstate:action:process P3:s1234:powerfail:/usr/sbin/shutdown y > /dev/msglog Phases of Boot Process Entire Boot Process is described in five phases 1. Boot PROM Phase POST->Boot Device -> Bootblk 2. Boot Program Phase UFS Boot (UFS Load Kernel) 3. Kernel Initialization Phase Kernel Init (/etc/systems) load modules 4. Init Phase Init starts (Kernel starts /etc/init) 5. Svc.startd Phase Starts the system services

Run Control / Legacy Scripts Boot Process Run Control / Legacy scripts are associated with Run Levels/Milestones Each run level has associated scripts located in the /sbin directory, these scripts are associated by svc.startd daemon Run Control scripts are located in /etc/init.d hard link to /etc/rc*.dd scripts Run Control Scripts Function /sbin/rc0 Run /etc/rc0.d/K* scripts then /etc/rc0.d/S* /sbin/rc5 scripts to stop system services and daemons /sbin/rc6 Start scripts perform fast system clear function /sbin/rcS Run /etc/rcS.d scripts to bring up the system to run level S and establish minimum network /sbin/rc1 Run /etc/rc1.d/S* scripts perform the following tasks: Stop system services and daemons Terminate running application process Unmount all remote file systems /sbin/rc2 /etc/rc2.d/K* and /etc/rc2.d/S* scripts /sbin/rc3 /etc/rc2.d/K* and /etc/rc2.d/S* scripts Start certain application daemons. Usually rc3.d dont have K scripts Graceful Shutdown Shutdown+Single user Shutdown+Stop Solaris+ok prompt Shutdown+power-off Shutdown+Multi user+Reboot Init S Init 0 Init 5 Init 6 Shutdown iS Shutdown i0 Shutdown i5 Shutdown i6

System file that stores user information /etc/password /etc/shadow /etc/group /etc/password - Contain default system account entries Login ID:x:uid.gid:comment:home directory:login shell Root:x:0:0:super user::/:/sbin/sh /etc/shadow Only root user can read /etc/shadow file Login ID:pswd:lastchg:min:max:warn:inactive:expire (9 fields) Root:rJrdhjNwQQHoy:6445::::: /etc/groups Each user belong to a group referred as primary user group Each user can belong to upto 15 additional groups as secondary groups /etc/default/password History parameter of password history. The control properties of all user password on the system MAXWEEK MINWEEK PASSLENGTH WARNWEEKS In Solaris 10 number of nre controls for password Management in /etc/default/password. These controls are commented out by default. Password Management Lock_after_retries /etc/security/policy.conf Lock_after_retries key in /etc/user_attr The number of retries is defined by retries in /etc/default/login Passwd u username (unlock previously locked Account) Passwd N username (set the pswd field in /etc/shadow to NP=unmatchable password Effectively disable the account from logging. Managing User Accounts Useradd Usermod Userdel Groupadd Groupmod Groupdel User Administration

Shutdown command executes scripts rc0 kill scripts to shutdown process and application gracefully. # shutdown y g grace-period i init-state (optional Message) Shutdown command does the following Notifies all log-in users that system being shutdown Delay the shutdown for 60 sec by default Enable to include optional message to inform users Ungraceful Shutdown Following commands perform immediate shutdown They dont execute rc0 kill scripts They dont notify log-in users There is no grace period Ungraceful shutdown include the following commands # halt # power-off # reboot Chapter User Administration

Smuser & smgroup Add Modify Delete List

useradd or smuser These commands add entries to /etc/passwd and /etc/shadow and copy all initialization files from /etc/skel into user home directory. User accounts are locked when created by useradd command. Users are added without a password and without automounting home directory by default with sumuser Add User Account # useradd u uid g gid G gid d dir m s shell # useradd u100 g other d:/export/home/user1 m s /sbin/ksh # smuser add auth_args subcommand_args Modify User Account # usermod u uid o(copy) g gid G gid d dir m -s shell -l newlogin loginname # smuser modify n loginname N newlogin d dir Deleting user account # userdel r login # smuser delete auth_args subcommand_args Groups Administration Add Groups # groupadd g gid o groupname # smgroup add -- - ngroup Modify Groups # groupmod g gid o n name groupname # smgroup modify -- -n group1 N group2 Delete Groups # groupdel groupname # smgroup delete -- -n group1

Managing Initialization Files Environment maintained by shells including variables defined by login programs in two initialization files 1. System Initialization Files (Control System Wide Environment) 2. User Initialization File (Control User Environment) Shell support two types of variables 1. Environment Variable Provide information about the user environment to every shell that is started. 2. Local Variables Affect only current shells, Any subshell started would not have knowledge of these variables. System Initialization Files Solaris provide system initialization files in the /etc.directory /etc/profile - > Bourne, Korn, Bash /etc/.login -> C Both initialization files check disk quota,mail, and print messages of the day from /etc/motd files. None of the messages are printed to screen if the hashlogin files exists in the home directory User Initialization Files User initialization files are placed in each user account home directory, when new user is created. Primary function of user initialization files is to define the characteristic of users work environment such as command line prompt, environment variable and windowing environment. Only owner or root can change the contents of these files. When a user logs in to the system, the system includes the users login shell program Customizing the User Work Environment Solaris provides default set of initialization file template in the /etc/skel directory Shell Default Initialization File User Initialization files Bourne/Korn /etc/skel/local.profile $Home/.profile C /etc/skel/local.cshrc $Home/.cshrc /etc/skel/local.login $Home/.login The root user can customize these templetes to create a standard set of user initialization files, provides a common work environment for each user. Users can then edit their initialization files to customize their work environment for each shell. To set environment variables in the user initialization files Shell User Initialization Files Bourne/Korn Variable=Value; export Variable PATH=./; export PATH C Setenv Variable Value Setenv PATH ./

Monitoring System Access Monitoring system for unauthorized user access Determine who is or who has been logged into the system by executing commands and examining log files Who command display a list of users currently logged into the local systems Who command reads binary file /var/adm/utmpx It displays each user login name, login device name, login date and time If user logged in remotely, it displays the remote host name or IP address in the last column of output Display User Information Finger command is used to display detailed information about user activity either local or remote, Finger command displays # finger options username Login Name, Home Directory, Login Time, Login Device, Login Shell, Name of Host, Any Idle Tome Display Users on Remote System The ruser command produces output similar to that of who command, it displays a list of users logged in on local and remote hosts A remote host responds only to the rusers command, if its rpc.rusersd daemon is enabled ruser facility is managed by SMF To see whether rusers facility is online # svcs a |grep rusers Ruser commands # ruser options hostname # rusers l Display Record of Login Activity Last command is used to display a record of all logins and logouts with most recent activity at the top of the output. Last command reads binary file /var/adm/wtmpx # last n number Record Failed Login Attempts All failed login attempts are logged in /var/adm/loginlog After five consecutive failed attempts login activity is written to this file /var/adm/loginlog By default, loginlog file doesnt exist To enable logging, create file with read and write permission for the root users only and it should belong to the sys group # touch /var/adm/loginlog # chown root:sys /var/adm/loginlog # chmod 600 : /var/adm/loginlog

Auditing Users To display information about users who have logged into the system Monitoring Users and System Usage To monitor system resources and watch for unusual activity, when you suspect a breach in security. Use login command to monitor the login status of particular user. Become superuser Display a users login status # login x l <username> Checking for Users with No Password # logins p Display Who is Logged In To obtained the information about who is logged in to a system use who command, Who command reads the /var/adm/utmpx and /var/adm/wtmpx. The utmpx file contain user access and accounting information for the who command. The wtmpx file contains the history of user access and accounting information for the utmpx file # who Who command display following information Login ID Terminal Device Login Date and Time Where the user logged in Display a Record of Login Activity The last command displays a record of all logins and logouts with the most recent activity at the top of the output. The last command reads /var/adm/wtmpx, which records all logins, logouts and reboots. # last Switching Users on a system Avoid logging in directly as root user. This precaution helps protect the system from unauthorized access. Use the su command to switch to the superuser or another user without logging out and back in as that user. # su - username If no username is given, then the su command attempts to switch to the superuser The su (dash) option specifies a complete login by reading all of the users shell initialization files. The (dash) option changes your work environment to what would be expected if you had logged in directly as that specified user. It also changes the user home directory.

Switching to Another Regular User To display the login name of the original user $ who am I (Orignal User who did su - ) To display the login name of the actual user $ whoami (Authorization switch to user) Monitoring su Attempts To monitor who has been using the su command, especially those users who are trying gain root access on the system. Initiate the monitoring by setting two variables in the /etc/default/su file # cat /etc/default/su # SULOG determines the location of the file used to log all su attempts SULOG=/var/adm/sulog # CONSOLE determines whether attempts to su to root should be logged #CONSOLE=/dev/console SYSLOG=YES Controlling System Access A local hosts remote security measures are generally based on an ability to validate, limit or block operators from remote system users. /etc/default/login file gives the ability to protect the root account on system. Restrict access to specific device or to console or disallow all together. To display contents of this file # cat /etc/default/login /etc/default/login /.rhosts (user specific) /etc/host.equiv Restrict Root Access rlogin attempts depend on console variable in /etc/default/login 1. Become a superuser 2. Edit the /etc/default/login file and uncomment the following lines Console = /dev/console PASSREQ = yes If console variable is defined root only login through console If console variable is not defined root login from any device If console variable is empty (console = ) root cant login from any where Remote access granted on the basis of the following files /.rhots and /etc/host.equiv (By default, these files does not exists) Trusted hosts and users are defined in /.rhost and /etc/hos.equiv files First hosts are defined and then its users for trust Hostname Hostname username + (any user from any machine)

AAMIR MALIK Senior System Administrator MCSE,CCNA,RHCE,AIX,SCSA,OCP DBA