If you ever need to run VNC with inetd on a server after applying SUNWjass's secure.driver, make sure to change the following file that JASS creates - /etc/dt/config/Xaccess (do not confuse this with /usr/dt/config/Xaccess or /usr/openwin/lib/X11/xdm/Xaccess):
(before)
##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS
## Deny all remote access (direct/broadcast) to this X server.
!*
(after)
##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS
## All remote access (direct/broadcast) to this X server.
*
This combined with /etc/hosts.allow and /etc/hosts.deny will provide the necessary security.
Tuesday, December 30, 2008
Auto-ftp script
One of our Peoplesoft developers needed a script to ftp encrypted files to a vendor. Here's what I came up with:
#!/usr/bin/ksh
cd /tmp/ww
HOST='ftp.somehost.com'
USER='myusername'
PASSWD='mypassword'
FILE='somefilename.PGP'
LOCATION='remotefolder'
exec 4>&1
ftp -nv >&4 2>&4 |&
print -p open $HOST
print -p user $USER $PASSWD
print -p cd $LOCATION
print -p binary
print -p put $FILE
exit 0
Monday, December 29, 2008
VMware RCLI commands for ESXi
[I didn't write this, but it's a nice summary]
Using the RCLI to configure a VMware ESXi server.... These tasks can be
accomplished via the Virtual Infrastructure client but with a little
scripting you can easily configure, audit and manage multiple ESX i hosts.
To help identify what command does you can use the --help switch with any
of the perl scripts.
* vicfg-advcfg.pl - allows for the modification of any of the
advanced configuraiton options.
# vicfg-advcfg.pl --server 10.10.1.104 --get Cpu.MigratePeriod
- returns the value of the Cpu.MigrationPeriod
* vicfg-cfgbackup.pl - can backup and restore ESX settings
# vicfg-cfgbackup.pl --server 10.10.1.104 --save rwgood
* vicfg-cfgbackup.pl can also restore the file
# vicfg-cfgbackup.pl --server 10.10.1.104 --load rwgood --force
* vicfg-dns.pl allows you to change the DNS settings of a host
* vicfg-dumppart.pl > helps with the support files
* vicfg-module.pl > allows you to manged the loaded modules
* vicfg-mpath.pl - all sorts of info on the VMFS paths
# vicfg-mpath.pl --server 10.10.1.104 --list
* vicfg-nas.pl
* vicfg-nics.pl > configure the phsical NICs in the host
* vicfg-ntp.pl > managed the NTP settings
# vicfg-ntp.pl --server 10.10.1.104 --list
- Lists the configured NTP servers on the host
# vicfg-ntp.pl --server 10.10.1.104 --add time.gov
- Adds time.gov to the ntp configuration
# vicfg-ntp.pl --server 10.10.1.104 --delete time.gov
- Removes the time.gov from the ntp configuration
# vicfg-ntp.pl --server 10.10.1.104 --start
- Starts the NTP service on the host
# vicfg-ntp.pl --server 10.10.1.104 --stop
- Stops the NTP service on the host
* vicfg-rescan.pl > rescanning for VMFS and storage
* vicfg-route.pl
* vicfg-snmp.pl > configure your SNMP settings
* vicfg-syslog.pl > configure the ESX host syslog target
* vicfg-user.pl > local ESXi user management
* vicfg-vmhbadevs.pl > all about the HBAs
* vicfg-vmknic.pl > more and same infor for you nics
* vicfg-vswitch.pl > configuring the vSwitches
# vicfg-vswitch.pl --server 10.10.1.104 --add mine
- adds new vSwitch called mine
# vicfg-vswitch.pl --server 10.10.1.104 --add-pg public mine
- adds a port group called public to the vSwitch mine
# vicfg-vswitch.pl --server nhqesx036 vSwitch1 --pg mine --vlan 100
- adds a vlan tag of 100 to the port goup mine.
# vicfg-vswitch.pl --server 10.10.1.104 --link vmnic1 mine
- adds the vmnic1 to the vSwitch called mine
* vifs.pl > used to move files to and from the ESX host
* vihostupdate.pl > updating and patching the ESX i
# vihostupdate.pl --server 10.10.1.104 /
--bundle --install ESXe350-200807812-O-BG.zip
- installs the ESXi patch on server 10.10.1.104
# vihostupdate.pl --server 10.10.1.104 -q
- shows the version of the ESXi host
* vmkfstools.pl > same as alway managing disk
* vmkuptime.pl - does nothing yet
* vms.pl
* vmware-cmd.pl > same as always managing the VMs on the host
Using the RCLI to configure a VMware ESXi server.... These tasks can be
accomplished via the Virtual Infrastructure client but with a little
scripting you can easily configure, audit and manage multiple ESX i hosts.
To help identify what command does you can use the --help switch with any
of the perl scripts.
* vicfg-advcfg.pl - allows for the modification of any of the
advanced configuraiton options.
# vicfg-advcfg.pl --server 10.10.1.104 --get Cpu.MigratePeriod
- returns the value of the Cpu.MigrationPeriod
* vicfg-cfgbackup.pl - can backup and restore ESX settings
# vicfg-cfgbackup.pl --server 10.10.1.104 --save rwgood
* vicfg-cfgbackup.pl can also restore the file
# vicfg-cfgbackup.pl --server 10.10.1.104 --load rwgood --force
* vicfg-dns.pl allows you to change the DNS settings of a host
* vicfg-dumppart.pl > helps with the support files
* vicfg-module.pl > allows you to manged the loaded modules
* vicfg-mpath.pl - all sorts of info on the VMFS paths
# vicfg-mpath.pl --server 10.10.1.104 --list
* vicfg-nas.pl
* vicfg-nics.pl > configure the phsical NICs in the host
* vicfg-ntp.pl > managed the NTP settings
# vicfg-ntp.pl --server 10.10.1.104 --list
- Lists the configured NTP servers on the host
# vicfg-ntp.pl --server 10.10.1.104 --add time.gov
- Adds time.gov to the ntp configuration
# vicfg-ntp.pl --server 10.10.1.104 --delete time.gov
- Removes the time.gov from the ntp configuration
# vicfg-ntp.pl --server 10.10.1.104 --start
- Starts the NTP service on the host
# vicfg-ntp.pl --server 10.10.1.104 --stop
- Stops the NTP service on the host
* vicfg-rescan.pl > rescanning for VMFS and storage
* vicfg-route.pl
* vicfg-snmp.pl > configure your SNMP settings
* vicfg-syslog.pl > configure the ESX host syslog target
* vicfg-user.pl > local ESXi user management
* vicfg-vmhbadevs.pl > all about the HBAs
* vicfg-vmknic.pl > more and same infor for you nics
* vicfg-vswitch.pl > configuring the vSwitches
# vicfg-vswitch.pl --server 10.10.1.104 --add mine
- adds new vSwitch called mine
# vicfg-vswitch.pl --server 10.10.1.104 --add-pg public mine
- adds a port group called public to the vSwitch mine
# vicfg-vswitch.pl --server nhqesx036 vSwitch1 --pg mine --vlan 100
- adds a vlan tag of 100 to the port goup mine.
# vicfg-vswitch.pl --server 10.10.1.104 --link vmnic1 mine
- adds the vmnic1 to the vSwitch called mine
* vifs.pl > used to move files to and from the ESX host
* vihostupdate.pl > updating and patching the ESX i
# vihostupdate.pl --server 10.10.1.104 /
--bundle --install ESXe350-200807812-O-BG.zip
- installs the ESXi patch on server 10.10.1.104
# vihostupdate.pl --server 10.10.1.104 -q
- shows the version of the ESXi host
* vmkfstools.pl > same as alway managing disk
* vmkuptime.pl - does nothing yet
* vms.pl
* vmware-cmd.pl > same as always managing the VMs on the host
ISO Mounting on Solaris
# lofiadm -a /export/temp/software.iso /dev/lofi/1
# mount -F hsfs -o ro /dev/lofi/1 /mnt
or
# mkdir /iso ; mount -F hsfs -o ro `lofiadm -a /tmp/software.iso` /iso
# mount -F hsfs -o ro /dev/lofi/1 /mnt
or
# mkdir /iso ; mount -F hsfs -o ro `lofiadm -a /tmp/software.iso` /iso
Tuesday, November 25, 2008
Description of each Solaris service using svcs
Read the svcs manpage for troubleshooting tips, but here's a nice one to list the description of what each service does:
# svcs -o FMRI,DESC
FMRI DESC
lrc:/etc/rcS_d/S29wrsmcfg -
lrc:/etc/rc2_d/S00set-tmp-permissions -
lrc:/etc/rc2_d/S07set-tmp-permissions -
[...]
svc:/system/webconsole:console java web console
svc:/milestone/multi-user-server:default multi-user plus exports milestone
svc:/system/zones:default Zones autoboot and graceful shutdown
svc:/system/basicreg:default -
[Note that the rc scripts don't have a description]
Solaris upgrade / install logs
After performing an upgrade or installation of Solaris 10 you should review the logfiles.
Once the system has been rebooted and is running, the complete transcript of the upgrade and all messages printed to the screen are saved in the file:
/var/sadm/system/logs/upgrade_log
Also of note is the file:
/var/sadm/system/data/upgrade_cleanup
It contains a list of actions that may need to be performed to complete the upgrade.
Once the system has been rebooted and is running, the complete transcript of the upgrade and all messages printed to the screen are saved in the file:
/var/sadm/system/logs/upgrade_log
Also of note is the file:
/var/sadm/system/data/upgrade_cleanup
It contains a list of actions that may need to be performed to complete the upgrade.
Friday, October 3, 2008
HP ProCurve Switch Tips
All these commands need to be performed while in CONFigure Terminal mode (CONF T) at the console command line:
To turn off port security:
no port-security port-#
ex: no port-security b10
To reapply port security:
port-security port-# learn-mode static address-limit 1
ex: port-security b10 learn-mode static address-limit 1
If a user has a need for more than one network device (like a printer or an extra PC using a mini hub), you can increase the number of allowable devices on the port with this command:
port-security port-# address-limit X [where X is a number from 1 to 8]
ex: port-security b10 address-limit 3
These commands can also be applied to multiple ports at the same time using a range of port numbers. Use the syntax b1-b6,c2-c7,f10-f18 for multiple ports on multiple blades. As an example to turn off port security on ports b2-b19 and g6-g11 use this command:
no port-security b2-b19,g6-g11
When done EXIT configure terminal mode, then LOGOUT to leave and YES (if asked) to save the configuration.
--------------------------------
To change banner:
conf t
banner motd 0
[enter banner and end with a "0"]
--------------------
To control Power Over Ethernet (POE):
show power-management brief
switch(config)# interface c22 power
switch(config)# show power-management brief c22
Status and Counters - Port Power Status
| Power Configured Detection Power
Port | Enable Priority Type Status Class
----- + ------- -------- ---------------- ----------- ------
C22 | Yes Low Searching 0
switch(config)# no interface c22 power
switch(config)# show power-management brief c22
Status and Counters - Port Power Status
| Power Configured Detection Power
Port | Enable Priority Type Status Class
----- + ------- -------- ---------------- ----------- ------
C22 | No Low Disabled 0
To turn off port security:
no port-security port-#
ex: no port-security b10
To reapply port security:
port-security port-# learn-mode static address-limit 1
ex: port-security b10 learn-mode static address-limit 1
If a user has a need for more than one network device (like a printer or an extra PC using a mini hub), you can increase the number of allowable devices on the port with this command:
port-security port-# address-limit X [where X is a number from 1 to 8]
ex: port-security b10 address-limit 3
These commands can also be applied to multiple ports at the same time using a range of port numbers. Use the syntax b1-b6,c2-c7,f10-f18 for multiple ports on multiple blades. As an example to turn off port security on ports b2-b19 and g6-g11 use this command:
no port-security b2-b19,g6-g11
When done EXIT configure terminal mode, then LOGOUT to leave and YES (if asked) to save the configuration.
--------------------------------
To change banner:
conf t
banner motd 0
[enter banner and end with a "0"]
--------------------
To control Power Over Ethernet (POE):
show power-management brief
switch(config)# interface c22 power
switch(config)# show power-management brief c22
Status and Counters - Port Power Status
| Power Configured Detection Power
Port | Enable Priority Type Status Class
----- + ------- -------- ---------------- ----------- ------
C22 | Yes Low Searching 0
switch(config)# no interface c22 power
switch(config)# show power-management brief c22
Status and Counters - Port Power Status
| Power Configured Detection Power
Port | Enable Priority Type Status Class
----- + ------- -------- ---------------- ----------- ------
C22 | No Low Disabled 0
Subscribe to:
Posts (Atom)
