1. Daily command
Find . -name “*.*” -size +1024k -print | xargs /usr/bin/ls -lrt
1.1 Increse file size
/etc/security/limits
1.2 Change user status
Chuser rlogin=’false’ itptapp
1.3 Replace character
Sed -i ‘s/enabled=1/enabled=0/g’ /etc/yum/pluginconf.d/subscription-manager.conf
1.4 Spit file in unix
Split –b 200m filewantto split (split to each file with 200m)
1.5 Svmon output
Svmon –g –o unit=mb
1.6 Lsconf
Lscfg –vl –rmt24
Lsdev | grep i rmt24
1.7 Set harddisk to no_reserve
Lsatrr –el hdisk4
Chdev -p –l hdisk3 –a reserve_policy=no_reserve
1.8 Clear /var/adm/wtmp
Cp /dev/null /var/adm/wtmp
1.9 Reset failed login
Chsec -f /etc/security/lastlog -a “unsuccessful_login_count=0” -s user
Account_locked=false
# chuser histsize=0 root
A) to enable user smith to access this system remotely, type:
#chuser rlogin=true smith
b) to change the expiration date for the davis user account to 8 a.m., 1 may, 1995, type:
#chuser expires=0501080095 davis
c) to add davis to the groups finance and accounting, type:
#chuser groups=finance, accounting davis
d) to change the user davis, who was created with the ldap load module, to not be allowed remote access, type:
#chuser -r ldap rlogin=false davis
F) to reset failed login account
Chsec -f /etc/security/lastlog -a “unsuccessful_login_count=0” -s ‘hanh’
Or
Chuser unsuccessful_login_count=0 hanh
Time_last_unsuccessful_login = 732475345 tty_last_unsuccessful_login = tty0 host_last_unsuccessful_login = waterski unsuccessful_login_count = 0 time_last_login = 734718467 tty_last_login = lft/0 host_last_login = waterskifiles
1.10 Harddisk size
Bootinfo –s hdisk10
Getconf disk_size /dev/hdisk10
1.11 User and group problem
Usrck –y all =checks for user problems pwdck –y all =checks for password problems grpck –y all =checks for groups problems
1.12 Start xwindows in aix
Install xming
click xlaunch, choose start with noclient
stick no access control in addition parameter
Use putty to login to server.
from server : export display=client_ip :0.0
for root key command. Xhost +
xclock
1.13 Remove orphan file with soft link
1.14 Remove ^m character
:%s/.$//
1.15 Remove account with home directory
rmuser -rmdir emmen
1.16 Bootlist
To invalidate the service mode boot list, enter:
bootlist -m service -i
To make a boot list for normal mode with devices listed on the command line, enter:
bootlist -m normal hdisk0 hdisk1 rmt0 fd
To make a boot list for normal mode with a device list from a file, enter:
bootlist -m normal -f /bootlist.norm
Where bootlist.norm is a file containing device names to be placed in the boot list for normal mode. The device names in the bootlist.norm file must comply with the described format.
To invalidate the previous boot device entry, enter:
bootlist -m prevboot -i
To boot from a token-ring device in slot 2, enter:
bootlist -m normal tok0
To attempt to boot through a gateway using ethernet, and then try other devices, enter:
bootlist -m normal ent0 gateway=129.35.21.1 bserver=129.12.2.10
\ client=129.35.9.23 hdisk0 rmt0 tok0 bserver=129.35.10.19
Hdisk1
To specify boot logical volume hd5 on disk hdisk0 for a normal boot, type:
Bootlist -m normal hdisk0 blv=hd5
To view the boot list set in the preceding example, type:
Bootlist -m normal -o
Hdisk0 blv=hd5
To specify booting in normal mode from the only boot logical volume on hdisk0, or the mb_hd5 boot logical volume on hdisk1, type:
Bootlist -m normal hdisk0 hdisk1 blv=mb_hd5 cd0
To view the boot list set in the preceding example, type:
Bootlist -m normal -o
Hdisk0 blv=hd5 pathid=0
Hdisk1 blv=hd5 pathid=0
1.17 Change user policy and security
Chsec -f /etc/security/user -s root –a rlogin=false
Ssec -f /etc/security/user -s root -a rlogin
Allow su to root
Chuser su=true sugroups=system root
Lssec -f /etc/security/user -s root -a rlogin
1.18 List hardware info
Lsattr –el hdisk1 | grep size
1.19 Configure snmp aix
Start servies.
Startsrc -s aixmibd; startsrc -s hostmibd; startsrc -s snmpmibd; startsrc -s snmpd
Stopsrc -s aixmibd; stopsrc -s hostmibd; stopsrc -s snmpmibd; stopsrc -s snmpd
1.20 List all logical volumes by volume group
Lsvg -o | lsvg -i -l
1.21 Check userhome
awk -f”:” ‘{print $6}’ /etc/passwd | sort
1.22 Increase logical volume max pps
Data3lv mount to /u09/data increase /u09/oradata to 200gb
check pp size :
lslv data3lv => pp size 256 mb * 800=200g
Chlv –x ‘800’ data3lv
1.23 Increase file system size
/usr/sbin/chfs -a size=’+5g’ /u01 /usr/sbin/chfs -a size=’+5m’ /u01
1.24 Ntp sync
Configure for server.
create file /etc/ntp.conf
add below line :
#broadcastclient server 127.127.1.0 server 101.0.100.91 driftfile /etc/ntp.drift tracefile /etc/ntp.trace
Start time server
Startsrc -s xntpd
Ntpdate 54.251.61.122 (public ip)
Date mmddhhmiyy
Ntpdate -u 10.0.100.31
Check ntp off set
Ntpq -p
Set to auto start
Comment out from /etc/rc.tcpip
1.25 Check logical volume space
Lsvg –l datavg
Lslv data3lv
1.26 List all username:
List all username:
Awk -f”:” ‘{ print “username: ” $1 “\t\tuid:” $3 }’ /etc/passwd
Or
Awk -f”:” ‘{ print “username: ” $1 }’ /etc/passwd
Solaris
Cut -d”:” -f6 /etc/passwd |sort
1.27 Fild world writable permission ;
Find . -type d -perm -o=w > myfindoutput.txt
Find . -type f -perm -o=w > myfindoutput.txt
Find . -perm -o=w > myfindoutput.txt
chmod o-w [filename]
chmod u+t [directory]
Find / -type d –perm o=w –exec ls –l {} \ ;
Or
Find / -perm –o=w –type d | xargs ls –ltr | grep drwxrw
Find with or condition (\ ! Mean or)
find \! -perm 644 -type f -o \! -perm 755 -type d
1.28 Find files larger than a certain size
Find /etc -size +100k
Find /etc -size +100k -size -150k
Du -sk * | sort -nr | more
1.29 Find and compress file
Compress each folder with separate name
Cd /archive_monthly
For dir in $(find ./201210* -type d );
Do
Tar -cvf $dir.tar $dir
Rm -rf $dir
Done
Find ./*.tar -type f | xargs gzip
Find / -mmin +90 -type f | xargs gzip
Or
Find / -mmin +90 -type f | grep -v “gz” | xargs gzip
Vmstat 1 10| sed ‘1,6d’ (remove header)
Compress folder
tar -cvf 20120708.tar 20120708 | gzip > 20120708.tar.zip
Tar -cvf folder.tar| gzip -9 > folder.tar.gz
Find file and compress, move:
Vdate=`date +%y%m%d`
Yesterday=`tz=aaa24 date +%y%m%d`
Mkdir /archive_monthly/”$vdate”
Echo $vdate
Find /archive_daily/*”$vdate”* -mmin +30 -exec mv {} /archive_monthly/”$vdate”/ \;
Find /archive_daily/*”$yesterday”* -mmin +30 -exec mv {} /archive_monthly/”$yesterday”/ \;
Echo “find /archive_daily/*”$vdate”* -mmin +30 -exec mv {} /archive_monthly/”$vdate”/ \;”
Echo “find /archive_daily/*”$yesterday”* -mmin +30 -exec mv {} /archive_monthly/”$yesterday”/ \;”
Find /archive_monthly/ -mtime +180 |xargs rm -rf
1.30 Replace rootvg
(the faulty hard disk is hdisk1)
Bootinfo –b (current boot disk)
Output shoud be hdisk0
bootlist –om normal
unmirror none bootdisk (hdisk1)
Mirror fwdump device if need
# mklvcopy fwdump 2 hdisk0
# syncvg –v rootvg
Sync;sync;
Ensure all lv in vg are mirrored. (lsvg -l rootvg)
Unmirror hdisk
# unmirrorvg rootvg hdisk1
Then type: chpv –c hdisk1
Check for any more lv on the hdisk to be removed (lspv -l hdisk1)
If necessary temporary change dump device to /dev/sysdumpnull. To be change back after replacing new disk.
Lspv –l hdisk1
(if /dev/pridumdev is in hdisk1 so need change to null, or secdumplv)
Sysdumpdev –pp /dev/sysdumpnull
Or
Sysdumpdev –ps /dev/sysdumpnull
To display current dump device settings, enter the following command:
Sysdumpdev –l (in hdisk1, make sure are empty)
Remove dump device
Rmlv –f pridumplv (or secdumplv)
Recedure rootvg
reducevg rootvg hdisk1
Check bootlist
#bootlist -om normal
#lspv (hdisk1 pvid should be none)
Clone the disk
#smitty alt_clone
Targtet disk (hdisk1)
On next boot reboot (no)
Reboot when complete (no)
After finishing cloning, type lspv | grep root . Output should have hdisk1 altinst_rootvg vg
Check bootlist again
#bootlist –om normal (make sure bootdisk is not hdisk1)
Stop cluster
Reboot
Upgrade os (if need)
Remove altinst_rootvg vg
Extend rootvg
#extendvg –f rootvg hdisk1
Mirror rootvg vg
#mirrorvg –s rootvg
Configure bootlist
#bootlist –m normal hdisk0 hdisk1
Create bosboot
#check current boot list, bootlist –om normal, make sure current bootdisk is not hdisk1
# bosboot –ad /dev/hdisk1 or bosboot –a
Create back dump lv
Sysdump –l (check current sysdump)
–smitty sysdump
#mklv –y’secdumplv’ –t’sysdump’ rootvg 10 hdisk1
# sysdumpdev –pp /dev/pridumplv
Or
# sysdumpdev –ps /dev/secdumplv
Check mirror status:
#while true; do lsvg rootvg | grep –i stale ;sleep 5; done;
#lsvg –l rootvg | grep –i stale (must be 0)
#lslv –l primdumplv; lsvg –l secdumplv;
1.31 Backup to tape or filesystem
Backup by command
Backup rootvg image
To tape
/usr/bin/mksysb –‘e’ –‘i’ –‘x’ –‘a’ /dev/rmn0
or
‘-E’ ‘-i’ ‘-x’ ‘-p’ ‘-a’ /dev/rmt0 (disable software packing,extend tmp,exclude file)
To file
/usr/bin/mksysb –‘e’ –‘i’ –‘x’ –‘a’ /u02/root_bakcup.bk
backup non rootvg by command
Backup vg by command
Backup vg datavg to tape with
/usr/bin/savevg –f ‘/dev/rmt0’ ‘–i’ ‘-x’ –‘a’ datavg
Back up by filename examples
example 1: read input from a file
# cat listfile
/home/roy/file1
/home/roy/file2
/home/roy/file3
# backup -iqvf /dev/rmt0 < listfile
example 2: use find to generate list
# find /home/roy | backup -iqvf /dev/rmt0
# cd /home/roy
# find . | backup -iqvf /dev/rmt0
list content of vgbackup
/usr/bin/listvgbackup –s –f’/dev/rmt0’ | more
restore file from vgbackup
/usr/bin/restorevgfiles –s –r –f’/dev/rmt0’ /u01/oracle/file_willbe_restore.txt
restore from backup
# restore -tvf /dev/rmt0
restore individual files:
Restore -x [-q] [-v] [-f device] [file1 file2 ..]
# restore -xvf /dev/rmt0/home/mike/manual/chap1
restore complete file system:
Restore -r [-q] [-v] [-f device]
Restore backups in order, that is, -0 then -1 and so forth
# restore -rqvf /dev/rmt0
Backup vggroup
Smitty vgbackup
Savevg: backup vg:
Restorevg: restore vg
Check mksysb backup:
listvgbackup -vf /dev/rmt0
restore
1.32 Reset root password (aix)
Regaining root’s password
Boot from cd-rom, nim, or a bootable tape
Select option 3: start maintenance mode for system
Recovery from the installation and maintenance menu
Follow the options to activate the root volume group and
Obtain a shell
Once a shell is available, execute the passwd command to
Change root’s password
Enter the following command:
# sync ; sync
Reboot the system
1.33 List of user in aix
Lsuser –a id home all
Lsuser -a sugroups all|grep -v all
1.34 Create and mirror filesystem
Below is the steps to make your changes of lv/fs sync for both nodes, this will required downtime.
From the primary node:
1) stop the hacmp services from both nodes:
stop now, on system restart or both now + stop cluster services on these nodes [hacmp1,hacmp2] + <– select both nodes broadcast cluster shutdown? True + * select an action on resource groups bring resource groups> + <– select bring resource groups offline
2) check that the hacmp cluster services has stopped from both nodes:
from pri and sec node issue: lssrc -ls clstrmgres | grep state <– output should show as “st_init”
wait till the current state as st_init.
3) from pri node, manually varyon volume group at the pri node:
– varyonvg vgname
– remove your filesystem, active_daily, make sure all the files in the /active_daily is backed up as removing the filesystem will remove all the data. Smitty rmfs -> remove an enhanced journaled file system -> select the fs remove mount point as “yes”
– add a lv: smitty lv -> add a logical volume -> select the vg -> key in the lv name, the number of logical partitions, the logical volume type as jfs2, and the rest leave it as default and press enter
– add fs smitty fs -> add / change / show / delete file systems -> enhanced journaled file systems -> add an enhanced journaled file system on a previously defined logical volume -> select the logical volume, key in the mount point , mount automatically at system restart? As no, and rest as default.
4) check the lv and fs if added correctly:
– try to mount the fs: mount /mountpointname – df -g, lsvg -l <vg name> – if the above is correct, unmount the filesystem: umount /mointpointname
5) varyoffvg vgname <– check lsvg -o, the vgname should not be shown.
From the secondary node:
6) exportvg vgname
7) importvg -y vgname <hdiskx>
8) check the lv and fs: – df -g, lsvg -l <vg name> – if the above is correct, unmount the filesystem: umount /mointpointname
9) varyoffvg vgname
10) lsvg -o <– check lsvg -o, the vgname should not be shown.
From pri node: 11) start the hacmp services on both nodes:
* start now, on system restart or both start + start cluster services on these nodes [hacmp1, hacmp2] + <– select both nodes * manage resource groups automatically + broadcast message at startup? False + startup cluster information daemon? True + ignore verification errors? False + automatically correct errors found during interactively + cluster start? Mirror filesystem
For example file system asmdatavg
Check have mirror :
Lsvg –l datavg (lps=1/2 of pps)
Lsvg -; datavg to find hdisk of this vg
Lspv –l hdisk2
Lspv -l hdisk4 to check what harddisk should be mirror
Smitty lv => set character of a logical volume=> add a copy to a logical volume=> (asmdatavg) => new total number of logical partition (2) =>physical volume names (hdisk4) =>synchronize the data in the new (yes)
After done, run lsvg –l datavg
Or use command
Like mirro logvl00 to hdisk2
Mklvcopy loglv0 2 hdisk2
Syncvg –v datavg &
1.35 Delete so many files in mount point:
Unmount filesystem Mount without logging #mount -o log=null /directory
3. Remove the files using above command 4. Unmount again 5. Mount normally
Or
Find . -type f | xargs rm
Or
1.36 Configure nmon topas capture data every 1 minutes
/usr/bin/nmon –f –s 60 –c 1440 –d –e –z -20 –o /nmonlogs
/usr/bin/topasrec -l -s 300 -r 1 -r 6 -o /etc/perf/daily/ -ypersistent=1
1.37 Find and remove old file
Find /oracle/app/admin/ahlisp/bdump -mtime +15 -exec rm -f {} \;
1.38 Check harddisk not belong to any volume group:
/usr/sbin/lspv | grep -i none enter commands similar to the following to clear the pvid from each disk device that you want to use: /usr/sbin/chdev -l hdiskn -a pv=clear
1.39 Mount cdrom:
mount -r -v cdrfs /dev/cd0 /cdrom
1.40 Run script by user oracle
Su – oracle -o /home/oracle/ssh.ss
1.41 check file exists
#!/bin/bash file=$1 if [ -f $file ]; then echo “file $file exists” else echo “file $file does not exists” fi
pasted from <http://www.cyberciti.biz/tips/find-out-if-file-exists-with-conditional-expressions.html>
1.42 List all username:
Awk -f”:” ‘{ print “username: ” $1 “\t\tuid:” $3 }’ /etc/passwd
Or
Awk -f”:” ‘{ print “username: ” $1 }’ /etc/passwd
1.43 Find and compress file
Find / -mmin +90 -type f | xargs gzip
Or
Find / -mmin +90 -type f | grep -v “gz” | xargs gzip
Vmstat 1 10| sed ‘1,6d’ (remove header)
1.44 Find file and compress, move:
Vdate=`date +%y%m%d`
Yesterday=`tz=aaa24 date +%y%m%d`
Mkdir /archive_monthly/”$vdate”
Echo $vdate
Find /archive_daily/*”$vdate”* -mmin +30 -exec mv {} /archive_monthly/”$vdate”/ \;
Find /archive_daily/*”$yesterday”* -mmin +30 -exec mv {} /archive_monthly/”$yesterday”/ \;
Echo “find /archive_daily/*”$vdate”* -mmin +30 -exec mv {} /archive_monthly/”$vdate”/ \;”
Echo “find /archive_daily/*”$yesterday”* -mmin +30 -exec mv {} /archive_monthly/”$yesterday”/ \;”
Find /archive_monthly/ -mtime +180 |xargs rm -rf
1.45 Remove so many file.
#find . -xdev -exec ls –al {} \;
#find . -xdev -exec rm -rf {} \;
Please tell us if the result.
Also send us the output below.
#lsattr -el sys0 |grep ncargs
1.46 start xgui in aix
#startsrc -s dtsrc
1.47 Run script as root
Sudo sh ./scriptname.sh
1.48 Ip alias
# ifconfig en1 alias 9.37.207.29 netmask 255.255.255.0 up
The following example deletes the alias:
# ifconfig en1 delete 9.37.207.29
1.49 Configure rbac
List all role: lsrole -a all
Lsrole fsadmin –> to list what is inside the fsadmin role
Lsauth aix.fs.manage.change –> to list what is inside the aix.fs.manage.change authorization
Lssecattr -c -a accessauths all –> to list all the commands related to rbac access authorization
Lssecattr -c -a accessauths all |grep aix.fs.manage.change –> to list only the fislsystem related attributes
Auth commands:
Lsauth – lists an authorization. Lsauth all lists all auths.
Chauth – changes authorization
Rmauth – removes authorization
Mkauth – make a new authorization
Assign hanh to isso role
chuser roles=isso axon
login as hanh
rolelist or rolelist -a
swrole isso
passwd root
As a privileged user, use the following command to display the roles assigned to a specific user:
Rolelist –u user1
To assume the roleadmin and fsadmin roles as a user who has been assigned the roles, enter the following command:
Swrole roleadmin,fsadmin
To run the backupcommand as a role that has the appropriate authorization, enter the following command:
Swrole fsadmin “-c /usr/sbin/backup -9 -u”
Implement role:
Create group or mkgroup -‘a’ steria
Mkrole groups=’steria’ dfltmsg=’maintance role’ maint_role
Or
Mkrole groups=’steria’ dfltmsg=’allows reboot and shutdown’ authorizations=’aix.system.boot.reboot,aix.system.boot.shutdown’ shutdown_reboot
if role is exists
Chrole authorizations=’aix.fs.manage.mount,aix.fs.manage.restore,aix.fs.manage.snapshot,aix.fs.manage.unmount,aix.lvm.manage.import’ maint_role
Lsrole shutdown_reboot
Assign role to user
Chuser roles=shutdown_reboot hanh
Check active role
Rolelist –e
Activate role
Swrole shutdown_reboot
If got error: 1420-050 shutdown_reboot is not a valid role. Then need to update rbac kernel by command setkst
Update rbac kernel
Setkst
List all active role
Rolelist –ea
or
Creating rbac:
step a: creating and assigning (user defined) authorization and roles:
mkauth test_auth <–creating authorization lsauth test_auth <–verifying authorization setsecattr -c accessauths=test_auth shutdown <–associates command with auth. #remove privilege mkrole authorizations=test_auth test_role <–cretaing role chuser roles=test_role testuser <–associates role to a user setkst
step b: execution
login as testuser swrole test_role <–switch to the role test_role (prompts for testuser password ) rolelist -e <–verify whether the testuser has the role execute shutdown command
1.50 List all logical volume group,filesystem, mount point.
#lsvg | lsvg -il
Clear only on error
Errclear -j id
1.51 collect snap file
Snap –r
Snap -gkc
1.52 Find files larger than a certain size
Find /etc -size +100k
find /etc -size +100k -size -150k
du -sk * | sort -nr | more
1.53 Check etherchannel
Sudo smitty etherchannel
1.54 Change user attribute
Chuser rlogin=’false’ itptapp reset failed login
1.55 Finding open files with lsof
Introducing lsof
Simply typing lsof produces a lot of detail, as shown in listing 1. Because lsof needs access to kernel memory and many files, it must be run as root to be fully effective. listing 1. Sample output of lsof
Bash-3.00# lsof
Command pid user fd type device size/off node name
Sched 0 root cwd vdir 136,8 1024 2 /
Init 1 root cwd vdir 136,8 1024 2 /
Init 1 root txt vreg 136,8 49016 1655 /sbin/init
Init 1 root txt vreg 136,8 51084 3185 /lib/libuutil.so.1
Vi 2013 root 3u vreg 136,8 0 8501 /var/tmp/exxdao7d
…
listing 2. Lsof output with a pid filter and txt file descriptors filtered outSh-3.00# lsof -a -p 605 -d ^txt
Command pid user fd type device size/off node name
Sendmail 605 root cwd vdir 136,8 1024 23554 /var/spool/mqueue
Sendmail 605 root 0r vchr 13,2 6815752 /devices/pseudo/mm@0:null
Sendmail 605 root 1w vchr 13,2 6815752 /devices/pseudo/mm@0:null
Sendmail 605 root 2w vchr 13,2 6815752 /devices/pseudo/mm@0:null
Sendmail 605 root 3r door 0t0 58
/var/run/name_service_door(door to nscd[81]) (fa:->0x30002b156c0)
Sendmail 605 root 4w vchr 21,0 11010052
/devices/pseudo/log@0:conslog->log
Sendmail 605 root 5u ipv4 0x300010ea640 0t0 tcp *:smtp (listen)
Sendmail 605 root 6u ipv6 0x3000431c180 0t0 tcp *:smtp (listen)
Sendmail 605 root 7u ipv4 0x300046d39c0 0t0 tcp *:submission (listen)
Sendmail 605 root 8ww vreg 281,3 32 8778600 /var/run/sendmail.pid
Finding an open file’s application
In other cases, you have a file or directory and need to know what application owns the file (if the file is open, of course.) Listing 2showed that /var/run/sendmail.pid was opened by the sendmail process. If you didn’t know this, lsof could provide this information if given the file name. Listing 3 shows the output. listing 3. Lsof being asked for information about a fileBash-3.00# lsof /var/run/sendmail.pid
Command pid user fd type device size/off node name
Sendmail 605 root 8ww vreg 281,3 32 8778600 /var/run/sendmail.pid
As the output shows, /var/run/sendmail.pid is owned by pid 605, which is sendmail, and has been opened for writing with an exclusive lock. If for some reason you needed to get rid of the file, the intelligent thing to do would be to stop the process, rather than just deleting the file. Otherwise, the daemon might fail to start properly next time, or another instance might start up later and cause contention.
Sometimes you know only that a file is open at some part of the file system. When unmounting a file system, the operation fails if any files are open on the file system. You can use lsof to show all open files on a file system by specifying the name of the mount point. Listing 4 shows an attempt to unmount /export/home and then the use of lsof to find out what is using the file system. listing 4. Using lsof to find out who is using a file systemBash-3.00# umount /export/home
Umount: /export/home busy
Bash-3.00# lsof /export/home
Command pid user fd type device size/off node name
Bash 1943 root cwd vdir 136,7 1024 4 /export/home/sean
Bash 2970 sean cwd vdir 136,7 1024 4 /export/home/sean
Ct 3030 sean cwd vdir 136,7 1024 4 /export/home/sean
Ct 3030 sean 1w vreg 136,7 0 25 /export/home/sean/output
Listing 5. Using lsof on linux to look for a deleted file# lsof | grep error_log
Httpd 2452 root 2w reg 33,2 499 3090660
/var/log/httpd/error_log (deleted)
Httpd 2452 root 7w reg 33,2 499 3090660
/var/log/httpd/error_log (deleted)
… More httpd processes …
From this, you can see that pid 2452 has the file opened on file descriptors 2 (standard error) and 7. Thus, the data is available by looking at /proc/2452/fd/7, as shown in listing 6. listing 6. Looking at a deleted file through /proc# cat /proc/2452/fd/7
[sun apr 30 04:02:48 2006] [notice] digest: generating secret for digest authentication
[sun apr 30 04:02:48 2006] [notice] digest: done
[sun apr 30 04:02:48 2006] [notice] ldap: built with openldap ldap sdk
Linux was nice in that it saved the name of the file and even told us it was deleted. This is a handy thing to look for when investigating a compromised system because attackers often delete logs to hide their tracks. Solaris doesn’t offer this information. However, knowing that error_log is used by the httpd daemon and that i can find the pid with the ps command, i can look at all the open files for the daemon. listing 7. Looking for deleted files in solaris# lsof -a -p 8663 -d ^txt
Command pid user fd type device size/off node name
Httpd 8663 nobody cwd vdir 136,8 1024 2 /
Httpd 8663 nobody 0r vchr 13,2 6815752 /devices/pseudo/mm@0:null
Httpd 8663 nobody 1w vchr 13,2 6815752 /devices/pseudo/mm@0:null
Httpd 8663 nobody 2w vreg 136,8 185 145465 / (/dev/dsk/c0t0d0s0)
Httpd 8663 nobody 4r door 0t0 58 /var/run/name_service_door
(door to nscd[81]) (fa:->0x30002b156c0)
Httpd 8663 nobody 15w vreg 136,8 185 145465 / (/dev/dsk/c0t0d0s0)
Httpd 8663 nobody 16u ipv4 0x300046d27c0 0t0 tcp *:80 (listen)
Httpd 8663 nobody 17w vreg 136,8 0 145466
/var/apache/logs/access_log
Httpd 8663 nobody 18w vreg 281,3 0 9518013 /var/run (swap)
Finding network connections
Network connections are also files, which means that lsof can also get information about them. You saw an example of this inlisting 2. It assumed you already knew the pid, which is not always the case. If you know only the port, use the -i parameter to search using socket information. Listing 8 shows a search for tcp port 25. listing 8. Looking for the process listening on port 25# lsof -i :25
Command pid user fd type device size/off node name
Sendmail 605 root 5u ipv4 0x300010ea640 0t0 tcp *:smtp (listen)
Sendmail 605 root 6u ipv6 0x3000431c180 0t0 tcp *:smtp (listen)
The lsof utility expects that you will pass it something in the form of protocol:@ip:port, where the protocol is tcp or udp (and optionally prefixed by 4 or 6 to refer to the version of ip), the ip is a resolvable name or ip address, and the port is a number or name (out of /etc/services) representing the service. One or more elements (port, ip, protocol) are required. In listing 8, :25refers to port 25. The output shows that process 605 is listening on port 25 using both ipv6 and ipv4. If you’re not interested in ipv4, you can change the filter to 6:25 to refer to an ipv6 socket listening on port 25, or simply 6 to mean all ipv6 connections.
In addition to seeing what daemons are listening, lsof can also spy on what connections are happening, again using the -iparameter. Listing 9 shows a search for all connections to or from 192.168.1.10. listing 9. Searching for active connections# lsof -i @192.168.1.10
Command pid user fd type device size/off node name
Sshd 1934 root 6u ipv6 0x300046d21c0 0t1303608 tcp sun:ssh->linux:40379
(established)
Sshd 1937 root 4u ipv6 0x300046d21c0 0t1303608 tcp sun:ssh->linux:40379
(established)
1.56 Mount smb
Mount -v cifs -n pezman/user1/pass1 -o uid 1,fmode=750 /home /mnt
1.57 Top 10 memory consumers in aix
Restart process if paging more than 900 in topas
Ps gv | ps gv | egrep -v “rss” | sort +6b -7 -n -r | grep -i /usr/ib | egrep -v “grep|tty” | awk ‘{ print $5 }’
Displaying top cpu_consuming processes:1Ps aux | head -1; ps aux | sort -rn +2 | head -10
2) displaying top 10 memory-consuming processes:1Ps aux | head -1; ps aux | sort -rn +3 | head -10
3) displaying process in order of being penalized:1Ps -eakl | head -1; ps -eakl | sort -rn +5
4) displaying process in order of priority:1Ps -eakl | sort -n +6 | head
5) displaying process in order of nice value1Ps -eakl | sort -n +7
6) displaying the process in order of time1Ps vx | head -1;ps vx | grep -v pid | sort -rn +3 | head -10
7) displaying the process in order of real memory use1Ps vx | head -1; ps vx | grep -v pid | sort -rn +6 | head -10
8) displaying the process in order of i/o1Ps vx | head -1; ps vx | grep -v pid | sort -rn +4 | head -10
9) displaying wlm classes1Ps -a -o pid, user, class, pcpu, pmem, args
10) determinimg process id of wait processes:1Ps vg | head -1; ps vg | grep -w wait
11) wait process bound to cpu12)Ps -mo thread -p <pid>
For a summary of the top 15 processes using memory on the system, use the following command:
# svmon -pt15 | perl -e ‘while(<>){print if($.==2||$&&&!$s++);$.=0 if(/^-+$/)}’
Memory:
Topas -p this does not tell how much of the application is paged out but how much of the application memory is backed by paging space. (things in memory (working segment) should be backed by paging space by the actual size in memory of the process.) Svmon -pt15 | perl -e ‘while(<>){print if($.==2||$&&&!$s++);$.=0 if(/^-+$/)}’ top 15 processes using the most memory ps aux | head -1 ; ps aux | sort -rn +3 | head -20 top memory processes (the above is better) Ps -ef | grep -c local=no shows the number of oracle client connections (each connection takes up memory, so if it is high then…)
Paging: svmon -pg -t 1 |grep pid ; svmon -pg -t 10 |grep “n” top 10 processes using the most paging space svmon -p -o sortseg=pgsp shows paging space usage of processes
————————
#ps gv | head -n 1; ps gv | egrep -v “rss” | sort +6b -7 -n –r pid tty stat time pgin size rss lim tsiz trs %cpu %mem command 393428 – a 10:23 2070 54752 54840 32768 69 88 0.0 5.0 /var/opt 364774 – a 0:08 579 28888 28940 32768 32 52 0.0 3.0 [cimserve] 397542 – a 0:18 472 6468 7212 xx 526 744 0.0 1.0 /usr/sbi 344246 – a 0:02 44 7132 7204 32768 50 72 0.0 1.0 /opt/ibm
checking memory usage with nmon:
nmon –> t (top processes) –> 4 (order in process size)
pid %cpu size res res res char ram paging command used kb set text data i/o use io other repage 16580722 0.0 226280 322004 280640 41364 0 5% 0 0 0 oracle 9371840 0.0 204324 300904 280640 20264 0 5% 0 0 0 oracle 10551416 0.0 198988 305656 280640 25016 0 5% 0 0 0 oracle 8650824 0.0 198756 305428 280640 24788 0 5% 0 0 0 oracle
size kb: program on disk size ressize: resident set size – how big it is in memory (excluding the pages still in the file system (like code) and some parts on paging disks) restext: code pages of the resident set resdata: data and stack pages of the resident set
————————————–
regarding oracle: ps -ef | grep -c local=no
this will show how many client connections we have. Each connections take up some memory, sometimes if there are memory problems too many users are logegd in causing this triouble. ————————————–
shared memory segments:
root@aix2: /root # ipcs -bm ipc status from /dev/mem as of sat sep 17 10:04:28 cdt 2011 t id key mode owner group segsz shared memory: m 1048576 0x010060f0 –rw-rw-rw- root system 980 m 1048577 0xffffffff d-rw-rw-rw- root system 944 m 4194306 0x78000238 –rw-rw-rw- root system 16777216 m 1048579 0x010060f2 –rw-rw-rw- root system 976 m 12 0x0c6629c9 –rw-r—– root system 1663028 m 13 0x31000002 –rw-rw-rw- root system 131164 m 425721870 0x81fc461c –rw-r—– oracle oinstall 130027520 m 15 0x010060fa –rw-rw-rw- root system 1010 m 2097168 0x849c6158 –rw-rw—- oracle oinstall 18253647872
ibm script for checking what is causing paging space activity: (it will run until po will be 50 then saves processes, svmon and exists)
#!/usr/bin/ksh /usr/bin/renice -n -20 -p $$ while [ true ] do vmstat -i 1 1 | tail -1 | awk ‘{print $9}’ | read po if [[ $po -gt 50 ]] then ps -ef > ps.out & svmon -g > svmon.g & exit 0 fi done
my script for monitoring memory, paging activity:
#!/usr/bin/ksh
/usr/bin/renice -n -20 -p $$
While [ true ]; do
Echo `date` “–>” `svmon -g | head -2 | tail -1` “–>” `vmstat -v | grep numperm` >> svmon.out &
Echo `date` “–>” `svmon -g | head -3 | tail -1` >> paging.out &
Echo `vmstat -iwt 1 1 | tail -1` >> vmstat.out &
Sleep 60
Done
1.58 Run topas/nmon
/usr/bin/topasrec -l -s 300 -r 1 -r 6 -o /etc/perf/daily/ -ypersistent=1
1.59 Hardware command
Lsdev -cc tape (the output will tell me that i have smc0 rmt1 and rmt2)
Rmdev -dl rmt1
Rmdev -dl rmt2
Rmdev -dl smc0
Cfgmgr(once i have successfully deleted the configured devices i need to rescan to find the new devices.
If drivers are required to configure those devices, cfgmgr will notify you. Driver package can be installed using
Lsdev -cc <type>will allow you to view the devices configured on the server. For ex. You would run this after cfgmgr to see if your devices were configured. Below are two examples that i use frequently:
Lsdev -cc tape– list tape and jukebox devices configured
Lsdev -cc adapter– same as above for listing adapters
Smitty– is and interactive interface for adding devices to config database and configuring them (f10 to exit f3 to go back) you can start it by just typing smitty, or you can specify the specific catagory you would like, for example smitty tape. This interface is also used for adding software and drivers.
Rmdev -dl <device> – rmdev as the name implies is used to delete a device that has already been configured (use the device name listed from the output of lsdev -cc <device> as the device name to remove, not the path to the /dev directory.
Lsattr –el hdisk1
1.60 Mounting usb
To familiarize yourself with using usb drives on aix, take a look at the following article at ibm developerworks:
Before you start using it, make sure you dlpar the usb controller to your lpar, if not done so already. You should see the usb devices on your system:
# lsconf | grep usb
+ usbhc0 u78c0.001.dbjx589-p2 usb host controller
+ usbhc1 u78c0.001.dbjx589-p2 usb host controller
+ usbhc2 u78c0.001.dbjx589-p2 usb enhanced host controller
+ usbms0 u78c0.001.dbjx589-p2-c8-t5-l1 usb mass storage
After you plug in the usb drive, run cfgmgr to discover the drive, or if you don’t want the run the whole cfgmgr, run:
# /etc/methods/cfgusb -l usb0
Some devices may not be recognized by aix, and may require you to run the lquerypv command:
# lquerypv -h /dev/usbms0
To create a 2 tb file system on the drive, run:
# mkfs -olog=inline,ea=v2 -s2000g -vjfs2 /dev/usbms0
To mount the file system, run:
# mount -o log=inline /dev/usbms0 /usbmnt
Then enjoy using a 2 tb file system:
# df -g /usbmnt
Filesystem gb blocks free %used iused %iused mounted on
/dev/usbms0 2000.00 1986.27 1% 3182 1% /usbmnt
Unmounting a memory stick
# umount /usb_mnt
# rmdev -dl usbms0
1.61 List all process with memory/cpu usage
For a summary of the top 15 processes using memory on the system, use the following command:
Run by root:
Svmon –p –t 15 –i 1 –o summary=basic
# svmon -pt15 | perl -e ‘while(<>){print if($.==2||$&&&!$s++);$.=0 if(/^-+$/)}’
Ps gv | head -n 1; ps gv | egrep -v “rss” | sort +6b -7 -n -r
Code:
Ps aux | head -1; ps aux | sort -rn +2 | head -10 displaying top 10 memory-consuming processes
Code:
Ps aux | head -1; ps aux | sort -rn +3 | head displaying the process in order of real memory use
Code:
Ps vx | head -1; ps vx | grep -v pid | sort -rn +6 | head -10 displaying process in order of nice value
Code:
Ps -eakl | sort -n +7 displaying the process in order of i/o
Code:
Ps vx | head -1; ps vx | grep -v pid | sort -rn +4 | head -10
1.62 Temperature monitor
/usr/lpp/diagnostics/bin/uesensor -l
1.63 Sort command
Sort simply sorts the file in alphabetical order: $ sort file
All records are sorted alphabetically.
2. Sort removes the duplicates using the -u option: Sort -u file
The duplicate ‘linux’ record got removed. ‘-U’ option removes all the duplicate records in the file. Even if the file have had 10 ‘linux’ records, with -u option, only the first record is retained.
File with numbers: let us consider a file with numbers: Cat file
The default sort ‘might’ give incorrect result on a file containing numbers:
Sort file
In the above result, 200 got placed immediately below 20, not at the end which is incorrect. This is because the sort did ascii sort. If the file had not contained ‘200’, the default sort would have given proper result. However, it is incorrect to sort a numerical file in this way since the sorting logic is incorrect.
4. To sort a file numericallly: Sort -n file
-n option can sort the decimal numbers as well.
5. Sort file numerically in reverse order: Sort -nr file
‘R’ option does a reverse sort.
Multiple files: let us consider examples with multiple files, say file1 and file2, containing numbers:
Sort can sort multiple files as well.
Sort -n file1 file2
The result of sort with multiple files will be a sorted and merged output of the multiple files.
7. Sort, merge and remove duplicates: Sort -nu file1 file2 -u option becomes more handy in case of multiple files. With this, the output is now sorted, merged and without duplicate records.
Files with multiple fields and delimiter: let us consider a file with multiple fields: Cat file
Sorting a file containing multiple fields:
Sort file
As shown above, the file got sorted on the 1st field, by default.
9. Sort file on the basis of 1st field: Sort -t”,” -k1,1 file
This is being more explicit. ‘-T’ option is used to provide the delimiter in case of files with delimiter. ‘-K’ is used to specify the keys on the basis of which the sorting has to be done. The format of ‘-k’ is : ‘-km,n’ where m is the starting key and n is the ending key. In other words, sort can be used to sort on a range of fields just like how the group by in sql does. In our case, since the sorting is on the 1st field alone, we speciy ‘1,1’. Similarly, if the sorting is to be done on the basis of first 3 fields, it will be: ‘-k 1,3’.
Note: for a file which has fields delimited by a space or a tab, there is no need to specify the “-t” option since the white space is the delimiter by default in sort.
10. Sorting file on the basis of the 2nd field: Sort -t”,” -k2,2 file
Sorting file on the basis of 2nd field , numerically:
Sort -t”,” -k2n,2 file
Remove duplicates from the file based on 1st field:
$ sort -t”,” -k1,1 -u file
Aix,25
Hpux,100
Linux,20
Solaris,10
Unix,30
The duplicate linux record got removed. Keep in mind, the command “sort -u file” would not have worked here becuase both the ‘linux’ records are not same, the values were different. However, in the above, sort is told to remove the duplicates based on the 1st key, and hence the duplicate ‘linux’ record got removed. According to sort, in case of a group of similar records, except the first one, the rest are considered duplicate.
13. Sort the file numerically on the 2nd field in reverse order: $ sort -t”,” -k2nr,2 file
Hpux,100
Unix,30
Aix,25
Linux,25
Linux,20
Solaris,10
Sort the file alphabetically on the 1st field, numerically on the 2nd field:
$ sort -t”,” -k1,1 -k2n,2 file
Aix,25
Hpux,100
Linux,20
Linux,25
Solaris,10
Unix,30
Sort a file based on the 1st and 2nd field, and numerically on 3rd fieldon a file containing 5 columns: – see more at: http://www.theunixschool.com/2012/08/linux-sort-command-examples.html#sthash.7xxombju.dpuf
1.64 Replace harddisk
Removing a bad disk
To remove the physical partition copy of the mirrored logical volume from
The erroneous disk, use the rmlvcopy command as follows:
# rmlvcopy lvdb02 1 hdisk4
The logical volume lvdb02 is now left with only one copy, as shown in the
Following:
# lslv -l lvdb02
Lvdb02:/u/db02
Pv copies in band distribution
Hdisk3 500:000:000 21% 109:108:108:108:067
138 ibm certification study guide problem determination
Reduce the volume group by removing the disk you want to replace from
Its volume group:
# reducevg -f mirrorvg hdisk4
# lsvg -l mirrorvg
Mirrorvg:
Lv name type lps pps pvs lv state mount
Point
Lvdb01 jfs 500 1000 2 open/syncd /u/db01
Lvdb02 jfs 500 500 1 open/syncd /u/db02
Loglv00 jfslog 1 1 1 open/syncd n/a
Remove the disk as a device from the system and from the odm database
With the rmdev command:
# rmdev -d -l hdisk4
Hdisk4 deleted
The disk can now be safely removed from your system.
7.3.1.2 adding a new disk
Continuing the scenario from the previous section, this section describes how
To add a new disk into a running environment. After hdisk4 has been
Removed, the system is now left with the following disks:
# lsdev -cc disk
Hdisk0 available 30-58-00-8,0 16 bit scsi disk drive
Hdisk1 available 30-58-00-9,0 16 bit scsi disk drive
Hdisk2 available 10-60-00-8,0 16 bit scsi disk drive
Hdisk3 available 10-60-00-9,0 16 bit scsi disk drive
Use the following steps to add a new disk:
Plug in the new disk and run the configuration manager cfgmgr command.
The cfgmgr command configures devices controlled by the configuration
Rules object class, which is part of the device configuration database.
The cfgmgr command will see the newly inserted scsi disk and create the
Corresponding device. The command requires no options, as shown in the
Following:
# cfgmgr
The result is a new hdisk4 added to the system:
Chapter 7. Lvm, file system, and disk problem determination 139
# lsdev -cc disk
Hdisk0 available 30-58-00-8,0 16 bit scsi disk drive
Hdisk1 available 30-58-00-9,0 16 bit scsi disk drive
Hdisk2 available 10-60-00-8,0 16 bit scsi disk drive
Hdisk3 available 10-60-00-9,0 16 bit scsi disk drive
Hdisk4 available 10-60-00-12,0 16 bit scsi disk drive
The new hdisk must now be assigned to the volume group mirrorvg by
Using the lvm extendvg command:
# extendvg mirrorvg hdisk4
To re-establish the mirror copy of the lv, use the mklvcopy command.
# mklvcopy lvdb02 2 hdisk4
The number of copies of lv is now two, but the lv stat is still marked as
Stale, because the lv copies are not synchronized with each other:
# lsvg -l mirrorvg
Mirrorvg:
Lv name type lps pps pvs lv state mount point
Lvdb01 jfs 500 1000 2 open/syncd /u/db01
Lvdb02 jfs 500 1000 2 open/stale /u/db02
Loglv00 jfslog 1 1 1 open/syncd n/a
To get a fully synchronized set of copies of the lv lvdb02, use the syncvg
Command:
# syncvg -p hdisk4
The syncvg command can be used with logical volumes, physical volumes,
Or volume groups. The synchronization process can be quite time
Consuming, depending on the hardware characteristics and the amount of
Data.
After the synchronization is finished, verify the logical volume state using
Either the lsvg or lslv command:
# lsvg -l mirrorvg
Mirrorvg:
Lv name type lps pps pvs lv state mount point
Lvdb01 jfs 500 1000 2 open/syncd /u/db01
Lvdb02 jfs 500 1000 2 open/syncd /u/db02
Loglv00 jfslog 1 1 1 open/syncd n/a
The system is now back to a normal.
1.65 Refresh services.
Refresh -s inetd
1.66 Configure sftp aix
The three most common reasons for the sftp server to close the connection are
Incorrect path to the sftp-server binary in /etc/ssh/sshd_config 2. Incorrect permissions on the /etc/ssh/sshd_config file 3. “listenaddress” is defined after sftp-server subsystem in /etc/ssh/sshd_config
for the first scenario, check the path for the sftp subsystem in the sshd_config file
# vi /etc/ssh/sshd_config the subsystem line should be:
subsystem sftp /usr/sbin/sftp-server
if the path is different, correct it, then restart sshd:
# stopsrc -s sshd # startsrc -s sshd
for the second scenario, check the permissions on the sshd_config file
# ls -l /etc/ssh/sshd_config
-rw-r–r– 1 root system 3478 sep 07 01:19 /etc/ssh/sshd_config
the permissions should be 644 and the ownership root:system.
# chmod 644 /etc/ssh/sshd_config # chown root:system /etc/ssh/sshd_config
if you are not able to allow world read access due to restrictions in your environment, (e.g. Your permissions are 640) you will need to use the in-process sftp server instead by changing the subsystem line as shown below. Restart sshd after making any changes to the config file.
Subsystem sftp internal-sftp
for the third scenario, review the /etc/ssh/sshd_config file and ensure that any listenaddress lines are specifiedbeforethe sftp subsystem line. Make any necessary changes and restart sshd:
# stopsrc -s sshd # startsrc -s sshd
Comments