Reduce ARP caching time in Sun Solaris

using ndd
Networking, security Add comments
Apr 242008

ARP attacks are the easiest attacks that can be launched on a network or a Server causing a
Denial of Service. One of those things that can be done on the Sun Solaris Operating System is
to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays
in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the
hacker.
The default time that ARP entries are cached in a Sun Solaris system is 5 mins.
However, this can be reduced to lower level (say 3mins). This means that the number of ARP
requests and ARP replies to and from the server will increase as a result. So, before modifying
the caching time, check if this can cause andy congestion on your network.
To set the ARP cache time period
solaris# ndd -set /dev/arp arp_cleanup_interval 180000
The above command sets the interval to 3 minutes (1min is equal to 60000ms). Now, all the ARP
entries are flushed at a faster rate (every 3mins)
For this change to persist across reboots, add this command onto the init scripts in /etc/rc2.d
directory for your network interface (where all the required ndd commands are run).

Display/Add/Delete/modify ARP entries in

ARP Table
Networking Add comments
Apr 242008

Not so often we would end up troubleshooting or manipulating ARP and ARP tables in Sun
Solaris. However, following are some of the useful commands which can help when required.
The following commands will help you display,modify,add,delete ARP entries in Sun Solaris
ARP table.
Display ARP table

sunsolaris# arp -a
Net to Media Table: IPv4
Device IP Address
Mask Flags Phys Addr

pcn0 192.168.0.1
255.255.255.255
00:18:4d:f8:a4:6e
pcn0 192.168.0.2
255.255.255.255
00:13:ce:85:0e:e1
pcn0 sunsolaris
255.255.255.255 SP 00:0c:29:d3:76:89
pcn0 BASE-ADDRESS.MCAST.NET 240.0.0.0
SM 01:00:5e:00:00:00
Delete an ARP entry
sunsolaris# arp -d 192.168.0.1
192.168.0.1 (192.168.0.1) deleted
To verify the entry indeed is deleted
sunsolaris# arp -a
Net to Media Table: IPv4
Device IP Address
Mask Flags Phys Addr

pcn0 192.168.0.2
255.255.255.255
00:13:ce:85:0e:e1
pcn0 solaris10
255.255.255.255 SP 00:0c:29:d3:76:89
pcn0 BASE-ADDRESS.MCAST.NET 240.0.0.0
SM 01:00:5e:00:00:00
You can see the ARP entry for 192.168.0.1 is longer found.
Add a Static entry
sunsolaris# arp -s 192.168.0.1 00:18:4d:f8:a4:6e
Syntax is
arp -s HOSTNAME MAC-Address <pub/temp/trail>
where
pub publishes the ARP entries to other hosts on the network
temp Temporary entry
trail Allows Trailer Encapsulations to be sent to host
You can also read static entries from a file. This can come handy if you decide that all ARP
entries are static and no ARP requests are sent and received from the system. You can add the
static entries onto a file and add the arp command onto the network init scripts in /etc/rc2.d/

To read from file

sunsolaris# arp -f /etc/host_mac
where /etc/host_mac is my file name from where the ARP entries are read.
To check the current ARP caching time
sunsolaris# ndd -get /dev/arp arp_cleanup_interval
500000
where 500000 in milliseconds indicates 5mins
To modify ARP Cache timing, click here

Linux rebuild the initial ramdisk image

by Vivek Gite on April 19, 2006

Q: I think I am missing some driver or my initial ramdisk is corrupted for running kernel how do I Rebuild
the initial ramdisk image under Linux?

A: You need ramdisk if you have added new hardware devices such as SCSI or FibreChannel controller to
your server as the ramdisk contains the necessary modules (i.e. drivers) to initialize hardware driver. If
you modified the /etc/modprob.conf (or modules.conf) file then you need to execute special script
called mkinitrd.

The mkinitrd script constructs a directory structure that can serve as an initrd root file system. It then
generates an image containing that directory structure using mkcramfs, which can be loaded using the
initrd mechanism. The kernel modules for the specified kernel version will be placed in the directory
structure. If version is omitted, it defaults to the version of the kernel that is currently running.

Find out your kernel version:

# uname -r

2.6.15.4
Make backup of existing ram disk:
# cp /boot/initrd.$(uname -r).img /root
To create initial ramdisk image type following command as the root user:
# mkinitrd -o /boot/initrd.$(uname -r).img $(uname -r)
# ls -l /boot/initrd.$(uname -r).img
You may need to modify grub.conf to point out to correct ramdisk image, make sure following line
existing in grub.conf file:
initrd /boot/initrd.img-2.6.15.4.img
When the system boots using an initrd image created by mkinitrd command, the linuxrc will wait for an
amount of time which is configured through mkinitrd.conf, during which it may be interrupted by
pressing ENTER. After that, the modules specified in will be loaded.

mkinitrd force-lvm-probe /boot/initrd-2.6.18-92.el5.img 2.6.18-92.el5

Troubleshooting Common Boot Issues

This document (3864925) is provided subject to the disclaimer at the end of this document.

Environment
Novell SUSE Linux Enterprise Server 10
Novell SUSE Linux Enterprise Server 9
Novell SUSE Linux Enterprise Server 8
Novell Open Enterprise Server (Linux based)

Situation
This document is intended as a general guideline for troubleshooting system boot
issues. Please read and evaluate the entire document prior to contacting Novell
Technical Support.

Resolution
Symptom:
Regardless of the kernel selected to boot (failsafe or default), a kernel panic stops the
system from booting.
Error(s):
RAMDISK: Couldn't find a valid RAM disk image starting at 0.
VFS: Cannot open a root device "sda2" or unknown-block(0,0)
Please append a correct"root=" boot option
Kernel panic - not syncing: VFS: Cannot open a root device
"sda2" or unknown-block(0,0)
Probable Cause:
A corrupted or missing initrd.
Resolution:
1. Boot Installed System*.
2. Login as root.
3. Verify that the / (root) and /boot (if used) filesystems are mounted. The mount
command should supply sufficient information. If not, comparing its output with
the contents of /etc/fstab should.
4. Run mkinitrd.
5. Reboot.

Symptom:
The system fails to boot and prompts for the root password.
Error(s):
error on stat() /dev/hdb3: No such file or directory
Failed to open the device'/dev/hdb3' : No such file or directory
fsck.reiserfs /dev/hdb3 failed (status 0x8). Run manually!
fsck failed for at least one filesystem (not /).
Probable cause:
Invalid/etc/fstabentry, /dev/hdb3 is a non-existent device.
Resolution:
1. Enter the root password to enter maintenance mode.
2. Remount the root filesystem as read-write:
mount -o rw,remount /

3. Edit /etc/fstab and remove the non-existent device entry. Comparing the
output of fdisk -l may provide additional guidance for the non-existent device.
4. [CTRL]+[D] reboots.

Symptom:
The system simply hangs after POST. The screen is completely blank. The option to
Boot Installed System* is not available.
Error(s):
If Rescue System is attempted, and fdisk -l run, no partitions are seen. If parted is
used, and check run,Error: Partition doesn't existis returned.
Probable cause:
The MBR has been damaged or corrupted.
Resolution:
1. Boot Installed System*.
2. Login as root.
3. Reinstall GRUB:
grub-install bootdevicepath (e.g. /dev/sda)
4. Reboot.
-or1. If Boot Installed System* is unavailable, the most likely probable cause is that the
partition table is damaged or corrupt, no recovery is possible unless a previous
backup of the partition table is available.

Symptom:
When the system boots, an error message is seen, and the system locks. Sometimes
the screen just goes black or the server reboots. Sometimes all that is seen is the grub
details screen halted after trying to load the/boot/initrd(see below).
Error(s):
No setup signature found ...
initrd /boot/initrd
[Linux-initrd @ 0x1fc38000, 0x2a7ab8 bytes]
Probable cause:
Damaged or corrupted kernel in/boot.

Resolution:
1. Boot Installed System*.
2. Login as root.
3. Install a valid kernel rpm. This can be had from the selected installation medium
(under /suse/arch) or from our website at http://www.novell.com/download
(search the patches section for kernel-).
rpm -Uvh --force kernel-type-revision-arch.rpm
4. Reboot.

Symptom:
The system boots up toSystem Boot Control: Running
/etc/init.d/boot.local, then gracefully reboots.
Error(s):
None.
Probable cause:
Corrupted or misconfigured boot script.
Resolution:
1. At the GRUB menu, type in
init=/bin/bash
on the Boot Options line.
2. Edit /etc/init.d/boot.local and modify or remove the corrupted or
misconfigured line.
3. Reboot.

Symptom:
Once exited from a virtual console, the console is not respawned. The console prompt
just blinks.
Error(s):
INIT: no more processes left in this runlevel
Probable cause:
Corrupt or misconfigured/etc/inittab

Resolution:
1. Login as root.
2. Edit /etc/inittab and change any tty configuration(s) from once to respawn.
3. Reboot or pkill -1 init.

Symptom:
The kernel panics after trying to mount the root filesystem.
Error(s):
Waiting for device /dev/sda1 to appear: . ok
rootfs: major=8 minor=1 devn=2049
rootfs: /sys/block/sda/sda1 major=8 minor=1 devn=2049
mount: unknown filesystem type 'swap'
umount: /dev: device is busy
Kernel panic - not syncing: Attempted to kill init!
Kernel panic: VFS: Unable to mount root fs on sda1
Probable cause:
Corrupt or misconfigured/boot/grub/menu.lst.
Resolution:
1.
2.
3.
4.

Boot Installed System*.

Login as root.
Edit /boot/grub/menu.lst.
Modify the kernel parameter root= to point to the correct root partition. fdisk l should provide sufficient guidance to determine the root filesystem.
5. Reboot.

Symptom:
The system boots to the GRUB prompt (grub>).
Error(s):
None.
Probable cause:
Corrupt or missing/boot/grub/menu.lstfile.
Resolution:
1. Boot Installed System* -or- if sufficiently familiar with GRUB, manually boot the
system.

2. Login as root.
3. Verify the existence of /boot/grub/menu.lst.
If existing, but misnamed, rename it.
If corrupt, delete it and Repair Installed System** (just the Boot Loader
Configuration check should be sufficient).
If missing, Repair Installed System** (just the Boot Loader Configuration check
should be sufficient).
4. Reboot.

Symptom:
The system boots, but filesystems are not mounted. Many mount-related errors are
seen during boot.
Error(s):
Mostly mount-related error messages are seen during boot.
startproc: mount returned not-zero exit status
startproc: /proc not mounted, failed to mount: No such file or
directory failed
Probable cause:
The mount binary is either corrupt or missing.
Resolution:
1.
2.
3.
4.

Either Repair Installed System** -or - the following.

Boot into rescue mode (Rescue System) from the selected installation medium.
Login as root.
Manually mount the root filesystem (i.e., mount /dev/sda2 /mnt). fdisk -l
should provide sufficient information to determine the correct partition.
5. Copy in a valid mount binary from the Rescue System.
6. Reboot.

Symptom:
The system boots, but login fails.
Error(s):
INIT: no more processes left in this runlevel
INIT: /etc/inittab[xx]: missing action field
Probable cause:
Corrupt or misconfigured/etc/inittab
Resolution:

1. Login as root.
2. Edit /etc/inittab and change any tty configuration(s) to include an action
(once or respawn) in the action field (third column).
3. Reboot or pkill -1 init.

Symptom:
The system boots, but only to a GRUB screen, then hangs.
Error(s):
GRUB Hard Disk Error
Probable Cause:
As the full GRUB prompt is not achieved, the problem lies somewhere in GRUB stage1.
The /boot/grub/stage1file may be missing or corrupted.
Solution:
1.
2.
3.
4.

Boot Installed System*.

Login as root.
Copy /usr/lib/grub/stage1 to/boot/grub/stage1.
Reinstall GRUB:
grub-install bootdevicepath(e.g., /dev/sda).

5. Reboot.
-or1. Boot Installed System*.
2. Login as root.
3. Identify the installed version of GRUB:
rpm -q grub
4. Remove the installed version. E.g.,
rpm -ev --nodeps grub-0.97-16.1
5. Reinstall the grub package. This can be had from the selected installation
medium (under /suse/arch) or from our website at
http://www.novell.com/download (search the patches section for grub).
rpm -Uvh grub-version.rpm.
6. Reinstall GRUB:

grub-install bootdevicepath(e.g.,/dev/sda).

Symptom:
The system either doesn't boot, or boots, but some modules aren't loaded and/or some
devices are undetected.
Error(s):
FATAL: Error insertingmodulename(modulepath): Unknown symbol in
module, or unknown parameter (see dmesg).
modulename: Unknown symbol symbolname
Probable cause:
Occasionally, when modules are updated, the modules dependency
file/lib/modules/kernelversion/modules.depis improperly configured or
corrupted prior to updating the initial ramdisk.
Resolution:
1.
2.
3.
4.
5.

Boot Installed System*.

Login as root.
Run depmod to regenerate the modules dependency file.
Run mkinitrd to generate a new initial RAM disk image.
Reboot.

Symptom:
EVMS is used for the root filesystem. The system doesn't boot, with errors related to
finding the root filesystem.
Error(s):
Waiting for device /dev/evms/lvm2/system/root to appear: ... not
found
Probable cause:
The initial RAM disk image lacks EVMS support.
Resolution:
1. Boot the rescue system and enter the shell.
2. Probe EVMS information:
echo "probe" | evms -s
3. Query devices:

echo "q:d" | evms -s

4. Query volumes:
echo "q:v" | evms -s
This should display the name your root container.
5. Mount the root filesystem (note the comma in the mount command):
mkdir -p /old
echo "mount:/dev/evms/lvm2/system/root,/old" | evms -s
6. The contents of the old root filesystem should be visible now:
ls -l /old/
7. Enter the environment of the installed system:
chroot /old
8. Generate a new inital RAM disk, with EVMS support:
/sbin/mkinitrd -f evms
9. Exit the environment of the installed system through [CTRL]+[D].
10. Reboot.

Status
Top Issue

Additional Information
* Boot Installed System is the process of using a SuSE Linux Enterprise Server
installation medium to boot the installed system. These are the steps:
1. Boot the system off of the selected installation medium (CD/DVD in most cases).
This medium should be the same (or later) revision level as the installed system.
I.e., if the installed system is SLES9SP2, the installation medium should be
SLES9SP2 or later.
2. At Welcome screen, Installation should be selected in place of Boot from Hard
Disk.
3. Select the desired Language.
4. Accept the License Agreement(s) (if prompted).

5. At the Installation Mode screen, select Boot Installed System. On SLES10 and
later, click on the [Other] button to see these options.
**Repair Installed System is a process similar to Boot Installed System and provides a
more automatic repair process. In some cases, when a broader approach to fixing the
issue is needed (sledgehammer rather than scalpel), Repair Installed System is the
desired process. These are the steps:
1. Boot the system off of the selected installation medium (CD/DVD in most cases).
This medium should be the same (or later) revision level as the installed system.
I.e., if the installed system is SLES9SP2, the installation medium should be
SLES9SP2 or later.
2. At Welcome screen, Installation should be selected in place of Boot from Hard
Disk.
3. Select the desired Language.
4. Accept the License Agreement(s) (if prompted).
5. At the Installation Mode screen, select Repair Installed System. On SLES10,
click on the [Other] button, on SLES11 click on the [Expert Tools] button to see
these options.

Reinstall a corrupted boot partition.

Submitted by system on Sun, 08/08/2010 - 13:21

Issue
In a system where the "/boot" partition is a separate partition, when /boot is corrupted or be
formatted mistakenly, you can not boot the system but do not want to reinstall the whole
system.

Environment
Red Hat Enterprise Linux, CentOS, Fedora/
/boot partition is installed on the first partition of your first disk
x86 architecture
Resolution
Reinstall /boot partition manually with the following steps:
1. Boot the system into rescue mode with the help of CD or DVD:
At boot prompt, type "linux rescue".
This will start the rescue mode program.
You will be prompted for your keyboard and language requirements.
Enter these values as

you would during the installation of Red Hat Enterprise Linux.

Next, a screen will appear telling you that the program will now attempt to find a Red Hat
Enterprise Linux installation to rescue. Select "Continue" on this screen.
2. At the "sh-3.1" prompt, chroot to /mnt/sysimage:
# chroot /mnt/sysimage
3. Make sure the boot partition is labeled as described in /etc/fstab. (Assuming the boot partition
is /dev/sda1):
# e2label /dev/sda1 /boot
4. Make sure the boot partition is mounted:
# mount /dev/sda1 /boot
5. Mount the CD to install the following rpms:
# mkdir /mnt/iso
# mount -o loop,ro /dev/hdc /mnt/iso
# cd /mnt/iso/Server
# rpm -Uvh --replacefiles --replacepkgs grub-0.97-13.i386.rpm
# rpm -Uvh --replacefiles --replacepkgs redhat-logos-4.9.16-1.noarch.rpm
# rpm -ivh --replacefiles --replacepkgs kernel-2.6.18-8.el5.i686.rpm
6. Install the GRUB:
# grub-install /dev/sda
7. If /boot/grub/grub.conf is lost, you need to create it manually. The following is a sample of
grub.conf, please make sure the the file "vmlinuz-2.6.18-8.el5" and "initrd-2.6.18-8.el5.img"
exist under the directory of /boot (which should be installed after step 4).
8. default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux (2.6.18-8.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=LABEL=/
initrd /initrd-2.6.18-8.el5.img
9. Make a soft link to grub.conf:
# cd /boot/grub
# ln -s grub.conf menu.lst
Then reboot the system.