Usefull Linux Commands for SAN LUN allocation in RHEL

ls -l /dev/disk/by-* | grep lun-31
ls -l /dev/disk/by-* | grep lun-33
ls -l /dev/disk/by-* | grep lun-20
ls -l /dev/disk/by-* | grep lun-10
cat /sys/class/fc_transport/*/node_name
grep 50060160bee045be /sys/class/fc_transport/*/node_name
lsscsi
./inq.LinuxAMD64 -clariion
multipath -ll
df -h
cat /etc/fstsb
cat /etc/fstab
multipath -ll | grep mpathg
ls -ltr /data*
ls -ls /data*
ls -ld /data*
df -h
mount/dev/mapper/mpathg /data10
mount /dev/mapper/mpathg /data10
df -h
cd /data10
ls -ltr
du -hs regcss
rm -rf regcss
df -h
ls -ltr
vi /etc/fstab
cat /etc/fstsb
cat /etc/fstab
cd
mount /data10
umount /data10
mount /data10
df -h
multipath -ll | grep mpathk
multipath -ll | grep mpathl
ls -l /dev/disk/by-* | grep lun-33
echo “0 5 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 4 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
ls -l /dev/disk/by-* | grep lun-31
cat /sys/class/fc_transport/*/node_name
echo “0 5 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
cd /proc/scsi
ls
cd scsi
cd sg
ls
cd device
cd devices
cat devices
grep 0x50060160bee045be  /sys/class/fc_transport/*/node_name
echo “0 0 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 1 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 3 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 3 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 1 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
grep 0x5006016b08605821  /sys/class/fc_transport/*/node_name
cat /sys/class/fc_transport/*/node_name
grep 0x5006016088605821  /sys/class/fc_transport/*/node_name
echo “0 2 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 4 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 2 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
grep 0x50060160bea0597f  /sys/class/fc_transport/*/node_name
echo “0 3 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 5 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
ls -l /dev/disk/by-* | grep lun-34
echo “0 5 34” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-34
echo “0 2 34” > /sys/class/scsi_host/host2/scan
echo “0 2 34” > /sys/class/scsi_host/host1/scan
echo “0 4 34” > /sys/class/scsi_host/host1/scan
echo “0 4 34” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-34
cd
mkdir /data11
mkdir /data12
multipath ll
multipath -ll
df -h | grep mpathp
history | grep ext4
mkfs.ext4 -L DATA11 -m 0 -b 2048 /dev/mapper/mpathp
df -h | grep mpathq
mkfs.ext4 -L DATA12 -m 0 -b 2048 /dev/mapper/mpathq
df -h
mkdir /data11
mkdir /data12
mount /dev/mapper/mpathp /data11
mount /dev/mapper/mpathp /data12
umount /data12
umount /data11
mount /dev/mapper/mpathp /data11
mount /dev/mapper/mpathq /data12
df -h
umount /data12
vi /etc/fstsb
vi /etc/fstab
df -h
umount /data11
mount all
mount -all
df -h
cat /etc/fstab
df -h
ls -ld /data*
chown -R orarh11g:dba /data11 /data12
ls -ld /data*
df -h
rm -rf /data12
cat /proc/scsi/scsi | egrep -i ‘Host:’ | wc -l
ls /sys/class/fc_host
df -h
cat /etc/fstsb
cat /etc/fstab
vi /etc/fstab
df -h
mount all
mount -all
mkdir /data12
mount -all
df -h
chown -R orarh11g:dba  /data12
df -h
cat /sys/class/scsi_host/host*/device/fc_host/host*/node_name
for i in 0 1 2 3 4 5; do cat host$i/device/fc_host/host$i/port_name;  done
for i in 0 1 2 3 4 5 6 7 8 9 10; do cat host$i/device/fc_host/host$i/port_name;  done
cd  /sys/class/scsi_host/
for i in 0 1 2 3 4 5 6 7 8 9 10; do cat host$i/device/fc_host/host$i/port_name;  done
ls /sys/class/fc_host
fdisk -l |egrep ‘^Disk’ |egrep -v ‘dm-‘
multipath -ll
lspci | grep Fibre
lspci -v -s 05:00.0
ls -l /sys/class/scsi_host
ind /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/state | awk -F’/’ ‘{print $11}’ | sort
find /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/state | awk -F’/’ ‘{print $11}’ | sort
find /sys/class/pci_bus/0000\:05/device/0000\:05\:00.1/host*/rport-*/target*/*/state | awk -F’/’ ‘{print $11}’ | sort
cat /proc/scsi/scsi | grep scsi2
cat /proc/scsi/scsi | grep scsi1
find   /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/block/*/stat | awk -F’/’ ‘{print $11,$13}’
find   /sys/class/pci_bus/0000\:05/device/0000\:05\:00.1/host*/rport-*/target*/*/block/*/stat | awk -F’/’ ‘{print $11,$13}’
udevadm info –query=path –name /dev/sdad
df -h
udevadm info –query=path –name /dev/mapper/mpathq
udevadm info –query=path –name /devices/virtual/block/dm-13
for port in /sys/class/fc_host/host[0-9]/port_name; { echo -n “$port : “; cat $port; }
history
CAILDB-63 scsi_host]#

Check and list luns attached to HBA in RHEL6

This article will show you the mapping from physical HBA card to luns, I use SAN as example below, in general, it’s also applys to any other devices whichever use sysfs, for example direct sas connect.

[root@RHEL6 scsi_host]# lspci | grep Fibre
05:00.0 Fibre Channel: Emulex Corporation Saturn-X: LightPulse Fibre Channel Host Adapter (rev 03)
05:00.1 Fibre Channel: Emulex Corporation Saturn-X: LightPulse Fibre Channel Host Adapter (rev 03)
[root@RHEL6 scsi_host]# lspci -v -s 05:00.0
05:00.0 Fibre Channel: Emulex Corporation Saturn-X: LightPulse Fibre Channel Host Adapter (rev 03)
        Subsystem: Hewlett-Packard Company Device 338f
        Physical Slot: 1
        Flags: bus master, fast devsel, latency 0, IRQ 40
        Memory at f7ff0000 (64-bit, non-prefetchable) [size=4K]
        Memory at f7fe0000 (64-bit, non-prefetchable) [size=16K]
        I/O ports at 5000 [size=256]
        [virtual] Expansion ROM at f1700000 [disabled] [size=256K]
        Capabilities: [58] Power Management version 3
        Capabilities: [60] MSI: Enable- Count=1/16 Maskable+ 64bit+
        Capabilities: [78] MSI-X: Enable- Count=32 Masked-
        Capabilities: [84] Vital Product Data
        Capabilities: [94] Express Endpoint, MSI 00
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [12c] Power Budgeting <?>
        Kernel driver in use: lpfc
        Kernel modules: lpfc

[root@RHEL6 scsi_host]# ls -l /sys/class/scsi_host
total 0
lrwxrwxrwx. 1 root root 0 Jun 20 18:17 host0 -> ../../devices/pci0000:00/0000:00:02.2/0000:03:00.0/host0/scsi_host/host0
lrwxrwxrwx. 1 root root 0 Jun 20 18:17 host1 -> ../../devices/pci0000:00/0000:00:03.0/0000:05:00.0/host1/scsi_host/host1
lrwxrwxrwx. 1 root root 0 Jun 20 18:17 host2 -> ../../devices/pci0000:00/0000:00:03.0/0000:05:00.1/host2/scsi_host/host2

[root@RHEL6 scsi_host]# find /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/state | awk -F'/' '{print $11}' | sort
1:0:0:0
1:0:0:10
1:0:0:11
1:0:0:12
1:0:0:13
1:0:0:14
1:0:0:15
1:0:0:16
1:0:0:33
1:0:1:0
1:0:1:10
1:0:1:11
1:0:1:12
1:0:1:13
1:0:1:14
1:0:1:15
1:0:1:16
1:0:1:33
1:0:2:0
1:0:2:31
1:0:2:32
1:0:2:33
1:0:2:34
1:0:3:0
1:0:3:1
1:0:3:2
1:0:3:33
1:0:4:0
1:0:4:31
1:0:4:32
1:0:4:33
1:0:4:34
1:0:5:0
1:0:5:1
1:0:5:2
1:0:5:33
1:0:5:34
[root@RHEL6 scsi_host]# find /sys/class/pci_bus/0000\:05/device/0000\:05\:00.1/host*/rport-*/target*/*/state | awk -F'/' '{print $11}' | sort
2:0:0:0
2:0:0:1
2:0:0:2
2:0:1:0
2:0:1:10
2:0:1:11
2:0:1:12
2:0:1:13
2:0:1:14
2:0:1:15
2:0:1:16
2:0:1:33
2:0:2:0
2:0:2:31
2:0:2:32
2:0:2:33
2:0:2:34
2:0:3:0
2:0:3:10
2:0:3:11
2:0:3:12
2:0:3:13
2:0:3:14
2:0:3:15
2:0:3:16
2:0:3:33
2:0:4:0
2:0:4:31
2:0:4:32
2:0:4:33
2:0:4:34
2:0:5:0
2:0:5:1
2:0:5:2
2:0:5:33
[root@RHEL6 scsi_host]# cat /proc/scsi/scsi | grep scsi2
Host: scsi2 Channel: 00 Id: 02 Lun: 00
Host: scsi2 Channel: 00 Id: 02 Lun: 31
Host: scsi2 Channel: 00 Id: 02 Lun: 32
Host: scsi2 Channel: 00 Id: 04 Lun: 00
Host: scsi2 Channel: 00 Id: 04 Lun: 31
Host: scsi2 Channel: 00 Id: 04 Lun: 32
Host: scsi2 Channel: 00 Id: 05 Lun: 00
Host: scsi2 Channel: 00 Id: 05 Lun: 01
Host: scsi2 Channel: 00 Id: 05 Lun: 02
Host: scsi2 Channel: 00 Id: 00 Lun: 00
Host: scsi2 Channel: 00 Id: 00 Lun: 01
Host: scsi2 Channel: 00 Id: 00 Lun: 02
Host: scsi2 Channel: 00 Id: 01 Lun: 00
Host: scsi2 Channel: 00 Id: 01 Lun: 10
Host: scsi2 Channel: 00 Id: 01 Lun: 11
Host: scsi2 Channel: 00 Id: 01 Lun: 12
Host: scsi2 Channel: 00 Id: 01 Lun: 13
Host: scsi2 Channel: 00 Id: 01 Lun: 14
Host: scsi2 Channel: 00 Id: 01 Lun: 15
Host: scsi2 Channel: 00 Id: 01 Lun: 16
Host: scsi2 Channel: 00 Id: 03 Lun: 00
Host: scsi2 Channel: 00 Id: 03 Lun: 10
Host: scsi2 Channel: 00 Id: 03 Lun: 11
Host: scsi2 Channel: 00 Id: 03 Lun: 12
Host: scsi2 Channel: 00 Id: 03 Lun: 13
Host: scsi2 Channel: 00 Id: 03 Lun: 14
Host: scsi2 Channel: 00 Id: 03 Lun: 15
Host: scsi2 Channel: 00 Id: 03 Lun: 16
Host: scsi2 Channel: 00 Id: 05 Lun: 33
Host: scsi2 Channel: 00 Id: 04 Lun: 33
Host: scsi2 Channel: 00 Id: 03 Lun: 33
Host: scsi2 Channel: 00 Id: 01 Lun: 33
Host: scsi2 Channel: 00 Id: 02 Lun: 33
Host: scsi2 Channel: 00 Id: 02 Lun: 34
Host: scsi2 Channel: 00 Id: 04 Lun: 34
[root@RHEL6 scsi_host]# cat /proc/scsi/scsi | grep scsi1
Host: scsi1 Channel: 00 Id: 02 Lun: 00
Host: scsi1 Channel: 00 Id: 02 Lun: 31
Host: scsi1 Channel: 00 Id: 02 Lun: 32
Host: scsi1 Channel: 00 Id: 04 Lun: 00
Host: scsi1 Channel: 00 Id: 04 Lun: 31
Host: scsi1 Channel: 00 Id: 04 Lun: 32
Host: scsi1 Channel: 00 Id: 05 Lun: 00
Host: scsi1 Channel: 00 Id: 05 Lun: 01
Host: scsi1 Channel: 00 Id: 05 Lun: 02
Host: scsi1 Channel: 00 Id: 03 Lun: 00
Host: scsi1 Channel: 00 Id: 03 Lun: 01
Host: scsi1 Channel: 00 Id: 03 Lun: 02
Host: scsi1 Channel: 00 Id: 00 Lun: 00
Host: scsi1 Channel: 00 Id: 00 Lun: 10
Host: scsi1 Channel: 00 Id: 00 Lun: 11
Host: scsi1 Channel: 00 Id: 00 Lun: 12
Host: scsi1 Channel: 00 Id: 00 Lun: 13
Host: scsi1 Channel: 00 Id: 00 Lun: 14
Host: scsi1 Channel: 00 Id: 00 Lun: 15
Host: scsi1 Channel: 00 Id: 00 Lun: 16
Host: scsi1 Channel: 00 Id: 01 Lun: 00
Host: scsi1 Channel: 00 Id: 01 Lun: 10
Host: scsi1 Channel: 00 Id: 01 Lun: 11
Host: scsi1 Channel: 00 Id: 01 Lun: 12
Host: scsi1 Channel: 00 Id: 01 Lun: 13
Host: scsi1 Channel: 00 Id: 01 Lun: 14
Host: scsi1 Channel: 00 Id: 01 Lun: 15
Host: scsi1 Channel: 00 Id: 01 Lun: 16
Host: scsi1 Channel: 00 Id: 05 Lun: 33
Host: scsi1 Channel: 00 Id: 00 Lun: 33
Host: scsi1 Channel: 00 Id: 01 Lun: 33
Host: scsi1 Channel: 00 Id: 03 Lun: 33
Host: scsi1 Channel: 00 Id: 04 Lun: 33
Host: scsi1 Channel: 00 Id: 02 Lun: 33
Host: scsi1 Channel: 00 Id: 05 Lun: 34
Host: scsi1 Channel: 00 Id: 02 Lun: 34
Host: scsi1 Channel: 00 Id: 04 Lun: 34
[root@RHEL6 scsi_host]# find   /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/block/*/stat | awk -F'/' '{print $11,$13}'
1:0:0:0 sdb
1:0:0:10 sdc
1:0:0:11 sdd
1:0:0:12 sde
1:0:0:13 sdf
1:0:0:14 sdg
1:0:0:15 sdh
1:0:0:16 sdi
1:0:1:0 sdj
1:0:1:10 sdk
1:0:1:11 sdl
1:0:1:12 sdm
1:0:1:13 sdn
1:0:1:14 sdo
1:0:1:15 sdp
1:0:1:16 sdq
1:0:2:0 sdr
1:0:2:31 sds
1:0:2:32 sdt
1:0:2:33 sdbi
1:0:2:34 sdbk
1:0:3:0 sdu
1:0:3:1 sdv
1:0:3:2 sdw
1:0:4:0 sdx
1:0:4:31 sdy
1:0:4:32 sdz
1:0:4:33 sdbh
1:0:4:34 sdbl
1:0:5:0 sdaa
1:0:5:1 sdab
1:0:5:2 sdac
[root@RHEL6 scsi_host]# find   /sys/class/pci_bus/0000\:05/device/0000\:05\:00.1/host*/rport-*/target*/*/block/*/stat | awk -F'/' '{print $11,$13}'
2:0:0:0 sdad
2:0:0:1 sdae
2:0:0:2 sdaf
2:0:1:0 sdag
2:0:1:10 sdah
2:0:1:11 sdai
2:0:1:12 sdaj
2:0:1:13 sdak
2:0:1:14 sdal
2:0:1:15 sdam
2:0:1:16 sdan
2:0:2:0 sdao
2:0:2:31 sdap
2:0:2:32 sdaq
2:0:2:33 sdbg
2:0:2:34 sdbj
2:0:3:0 sdar
2:0:3:10 sdas
2:0:3:11 sdat
2:0:3:12 sdau
2:0:3:13 sdav
2:0:3:14 sdaw
2:0:3:15 sdax
2:0:3:16 sday
2:0:4:0 sdaz
2:0:4:31 sdba
2:0:4:32 sdbb
2:0:4:33 sdbf
2:0:4:34 sdbm
2:0:5:0 sdbc
2:0:5:1 sdbd
2:0:5:2 sdbe
[root@RHEL6 scsi_host]# udevadm info --query=path --name /dev/sdad
/devices/pci0000:00/0000:00:03.0/0000:05:00.1/host2/rport-2:0-2/target2:0:0/2:0:0:0/block/sdad
[root@RHEL6 scsi_host]# df -h
Filesystem          Size  Used Avail Use% Mounted on
/dev/sda3            50G   20G   27G  43% /
tmpfs                64G 1012K   64G   1% /dev/shm
/dev/sda1           485M   40M  420M   9% /boot
/dev/sda6            92G  9.9G   77G  12% /home
/dev/sda5           7.9G  147M  7.4G   2% /tmp
/dev/mapper/mpathb   99G   17G   82G  18% /oracle
/dev/mapper/mpathc  985G  907G   78G  93% /data01
/dev/mapper/mpathd  985G  911G   74G  93% /data02
/dev/mapper/mpathe  985G  942G   43G  96% /data03
/dev/mapper/mpathf  985G  933G   52G  95% /data04
/dev/mapper/mpathn  985G  920G   65G  94% /data05
/dev/mapper/mpathh  985G  927G   58G  95% /data06
/dev/mapper/mpathi  985G  937G   48G  96% /data07
/dev/mapper/mpathj  985G  895G   90G  91% /data08
/dev/mapper/mpatho  985G  966G   19G  99% /data09
/dev/mapper/mpathg  985G  828G  157G  85% /data10
/dev/mapper/mpathp  985G  545G  441G  56% /data11
/dev/mapper/mpathq  985G   87M  985G   1% /data12

[root@RHEL6 scsi_host]# for port in /sys/class/fc_host/host[0-9]/port_name; { echo -n "$port : "; cat $port; }
/sys/class/fc_host/host1/port_name : 0x1000a0481ce4f1da
/sys/class/fc_host/host2/port_name : 0x1000a0481ce4f1db
[root@RHEL6 scsi_host]#

First, use lspci get HBA card  info installed on the host

# lspci | grep Fibre
15:00.0 Fibre Channel: QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA (rev 02)
15:00.1 Fibre Channel: QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA (rev 02)

HBA detail info

# lspci -v -s 15:00.0
15:00.0 Fibre Channel: QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA (rev 02)
    Subsystem: QLogic Corp. Device 015d
    Physical Slot: 2
    Flags: bus master, fast devsel, latency 0, IRQ 24
    I/O ports at 2200 [size=256]
    Memory at 97b00000 (64-bit, non-prefetchable) [size=16K]
    Expansion ROM at 90000000 [disabled] [size=256K]
    Capabilities: [44] Power Management version 3
    Capabilities: [4c] Express Endpoint, MSI 00
    Capabilities: [88] MSI: Enable- Count=1/32 Maskable- 64bit+
    Capabilities: [98] Vital Product Data
    Capabilities: [a0] MSI-X: Enable+ Count=2 Masked-
    Capabilities: [100] Advanced Error Reporting
    Capabilities: [138] Power Budgeting <?>
    Kernel driver in use: qla2xxx
    Kernel modules: qla2xxx

It tells you that one HBA card in PCI slot2, two FC ports

Find pci slot and scsi_host mapping

# ls -l /sys/class/scsi_host
total 0
...
lrwxrwxrwx 1 root root 0 Oct  9 12:58 host4 -> ../../devices/pci0000:00/0000:00:1f.5/host4/scsi_host/host4
lrwxrwxrwx 1 root root 0 Oct  9 12:58 host5 -> ../../devices/pci0000:00/0000:00:03.0/0000:15:00.0/host5/scsi_host/host5
lrwxrwxrwx 1 root root 0 Oct  9 12:58 host6 -> ../../devices/pci0000:00/0000:00:03.0/0000:15:00.1/host6/scsi_host/host6

You can easily tell that the first port of pcs slot 2(15:00.0) mapped to host5, the other mapped to host6

Find target luns by HBA port

Once you know the pci info of a HBA card, then you can find its port0 target luns or SAN devices.

Note 15:00.0 is used in this case

#find /sys/class/pci_bus/0000\:15/device/0000\:15\:00.0/host*/rport-*/target*/*/state | awk -F'/' '{print $11}' | sort
...
5:0:0:0
5:0:0:1
5:0:0:10
5:0:0:11
5:0:0:2
5:0:0:3
5:0:0:31
5:0:0:4
5:0:0:5
...

It should be consistent with the devices in /proc/scsi/scsi

#cat /proc/scsi/scsi | grep scsi5
...
Host: scsi5 Channel: 00 Id: 04 Lun: 04
Host: scsi5 Channel: 00 Id: 04 Lun: 05
Host: scsi5 Channel: 00 Id: 04 Lun: 06
Host: scsi5 Channel: 00 Id: 04 Lun: 07
Host: scsi5 Channel: 00 Id: 04 Lun: 08
Host: scsi5 Channel: 00 Id: 04 Lun: 09
Host: scsi5 Channel: 00 Id: 04 Lun: 10
Host: scsi5 Channel: 00 Id: 04 Lun: 11
Host: scsi5 Channel: 00 Id: 04 Lun: 31
...

Note: if use the command for sas direct attached devices, change ‘rport’ to ‘port’, same applies to the example below.

Find block devices

If you are only interested in block devices, like tape drive, disk lun or cd rom, here is a way similar.

# find   /sys/class/pci_bus/0000\:15/device/0000\:15\:00.0/host*/rport-*/target*/*/block/*/stat | awk -F'/' '{print $11,$13}'
5:0:0:0 sdb
5:0:0:1 sdc
5:0:0:10 sdl
5:0:0:11 sdm
5:0:0:2 sdd
5:0:0:3 sde
5:0:0:4 sdf
5:0:0:5 sdg
5:0:0:6 sdh

Reverse search, find the physical port that a lun connected to

/proc/scsi/scsi doesn’t tell you which physical port target luns are connected to In the reverse look, for a given device name, for example /dev/sdd, how do I know which hba port it connected to?

# udevadm info --query=path --name /dev/sdd
/devices/pci0000:00/0000:00:03.0/0000:15:00.0/host5/rport-5:0-0/target5:0:0/5:0:0:2/block/sdd

Is is clear?

Or
Multipath also can tell you some hint

multipath -ll | grep sdd
  `- 5:0:0:2  sdd  8:48    active ready running

Or, look into /dev/disk/by-path/ tree
...
lrwxrwxrwx 1 root root 10 Aug 15 16:49 /dev/disk/by-path/pci-0000:15:00.1-fc-0x22430080e524ebac-lun-4 -> ../../sdcx
lrwxrwxrwx 1 root root 10 Aug 15 16:49 /dev/disk/by-path/pci-0000:15:00.1-fc-0x22430080e524ebac-lun-5 -> ../../sdcy

Get HBA WWNA info:

# for port in /sys/class/fc_host/host[0-9]/port_name; { echo -n "$port : "; cat $port; }
/sys/class/fc_host/host5/port_name : 0x21000024ff3434e4
/sys/class/fc_host/host6/port_name : 0x21000024ff3434e5

Dynamically insert and remove SCSI devices

If a newer kernel and the /proc file system is running, a non-busy device can be removed and installed ‘on the fly’.

To hot remove a SCSI device:

    echo 1 > /sys/class/scsi_device/h:c:t:l/device/delete
    or
    echo 1 > /sys/block/<dev>/device/delete
    where <dev> is like sda or sdb etc..
    old way
    echo "scsi remove-single-device a b c d" > /proc/scsi/scsi

and similar, to hot add a SCSI device, do

    echo "c t l" >  /sys/class/scsi_host/host<h>/scan
    or use wildcard like below
    echo "- - -" > /sys/class/scsi_host/host<h>/scan

    old way
    echo "scsi add-single-device h c t l" > /proc/scsi/scsi

where

          h == hostadapter id (first one being 0)
          c == SCSI channel on hostadapter (first one being 0)
          t == ID
          l == LUN (first one being 0)

SIMPLE BACKUP SOLUTION WITH AWS S3

Data availability is one of the biggest concern in IT industry. After moving most of my services to the AWS cloud I was thinking how I can ensure data availability and accuracy in case of AWS data center failure or what if my EC2 EBS volume gets corrupted.

A case study

I have a Oracle RDS running on EC2 instance.

  • I need to ensure I can restore data from backup in case of user demand, in case of data center failure or in case of instance failure
  • On the other hand I need to ensure it will not increase my AWS monthly charges unexpectedly
  • I will only run that service during the business hours

Solution could be

  • Use AWS Oracle RDS. The service will take care of everything including backup and patch update. This is really a very reliable service AWS is providing. But to fulfil my last requirement it will be a lot of work for me, since RDS can’t be stopped, you can only terminate RDS (yes, you can take snapshot before terminating)
  • Use EC2 instance and take snapshot backup of your EC2 EBS volume. But my EBS volume is 120 GB, much bigger than the original SQL DB backup. Which means it will cost me more to store multiple snapshots in S3 (120 GB x 7days).

The solution I am using

  • Created a maintenance plan in SQL Server to take daily db backup
  • Created an AWS CLI script to sync data from SQL server backup location to a S3 bucket
  • aws s3 sync \\SERVER_NAME\backup$ s3://BUCKETNAME –exclude * –include *.bak
  • Created a batch job to move local SQL server backup data to another folder for old data clean-up
  • move \\SERVER_NAME\backup$\*.* \\SERVER_NAME\backup$\movedS3
  • Create a maintenance plan in SQL Server to delete older files from movedS3 folder. It will help me to control unwanted data growth
  • Created a lifecycle policy to delete older files from my S3 bucketS3-Lifecycle

 

What this solution will ensure

  • First of all I can sleep tight during night. I don’t need to worry about my backup data.😉
  • S3 provides me 99.999999999% data durability. It means I will be able to access my S3 data in case of AWS availability zone failure also. Because S3 data synchronizes between multiple availability zone.
  • S3 is the cheapest cloud data storage solution. That’s why drop box dare to give you such storage space as free😉

Iptables Examples For New Sys Admins

#1: Displaying the Status of Your Firewall

Type the following command as root:
# iptables -L -n -v
Sample outputs:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Above output indicates that the firewall is not active. The following sample shows an active firewall:
# iptables -L -n -v
Sample outputs:

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
  394 43586 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
   93 17292 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
    1   142 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 wanin      all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0
    0     0 wanout     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
Chain OUTPUT (policy ACCEPT 425 packets, 113K bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain wanin (1 references)
 pkts bytes target     prot opt in     out     source               destination
Chain wanout (1 references)
 pkts bytes target     prot opt in     out     source               destination

Where,

  • -L : List rules.
  • -v : Display detailed information. This option makes the list command show the interface name, the rule options, and the TOS masks. The packet and byte counters are also listed, with the suffix ‘K’, ‘M’ or ‘G’ for 1000, 1,000,000 and 1,000,000,000 multipliers respectively.
  • -n : Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing.

#1.1: To inspect firewall with line numbers, enter:

# iptables -n -L -v --line-numbers
Sample outputs:

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
Chain FORWARD (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
3    TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
5    wanin      all  --  0.0.0.0/0            0.0.0.0/0
6    wanout     all  --  0.0.0.0/0            0.0.0.0/0
7    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain wanin (1 references)
num  target     prot opt source               destination
Chain wanout (1 references)
num  target     prot opt source               destination

You can use line numbers to delete or insert new rules into the firewall.

#1.2: To display INPUT or OUTPUT chain rules, enter:

# iptables -L INPUT -n -v
# iptables -L OUTPUT -n -v --line-numbers

#2: Stop / Start / Restart the Firewall

If you are using CentOS / RHEL / Fedora Linux, enter:
# service iptables stop
# service iptables start
# service iptables restart

You can use the iptables command itself to stop the firewall and delete all rules:
# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT

Where,

  • -F : Deleting (flushing) all the rules.
  • -X : Delete chain.
  • -t table_name : Select table (called nat or mangle) and delete/flush rules.
  • -P : Set the default policy (such as DROP, REJECT, or ACCEPT).

#3: Delete Firewall Rules

To display line number along with other information for existing rules, enter:
# iptables -L INPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers | less
# iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1

You will get the list of IP. Look at the number on the left, then use number to delete it. For example delete line number 4, enter:
# iptables -D INPUT 4
OR find source IP 202.54.1.1 and delete from rule:
# iptables -D INPUT -s 202.54.1.1 -j DROP
Where,

  • -D : Delete one or more rules from the selected chain

#4: Insert Firewall Rules

To insert one or more rules in the selected chain as the given rule number use the following syntax. First find out line numbers, enter:
# iptables -L INPUT -n –line-numbers
Sample outputs:

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    DROP       all  --  202.54.1.1           0.0.0.0/0
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state NEW,ESTABLISHED

To insert rule between 1 and 2, enter:
# iptables -I INPUT 2 -s 202.54.1.2 -j DROP
To view updated rules, enter:
# iptables -L INPUT -n --line-numbers
Sample outputs:

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    DROP       all  --  202.54.1.1           0.0.0.0/0
2    DROP       all  --  202.54.1.2           0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state NEW,ESTABLISHED

#5: Save Firewall Rules

To save firewall rules under CentOS / RHEL / Fedora Linux, enter:
# service iptables save
In this example, drop an IP and save firewall rules:
# iptables -A INPUT -s 202.5.4.1 -j DROP
# service iptables save

For all other distros use the iptables-save command:
# iptables-save > /root/my.active.firewall.rules
# cat /root/my.active.firewall.rules

#6: Restore Firewall Rules

To restore firewall rules form a file called /root/my.active.firewall.rules, enter:
# iptables-restore < /root/my.active.firewall.rules
To restore firewall rules under CentOS / RHEL / Fedora Linux, enter:
# service iptables restart

#7: Set the Default Firewall Policies

To drop all traffic:
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP
# iptables -L -v -n
#### you will not able to connect anywhere as all traffic is dropped ###
# ping cyberciti.biz
# wget http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.2-rc5.tar.bz2

#7.1: Only Block Incoming Traffic

To drop all incoming / forwarded packets, but allow outgoing traffic, enter:
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
# iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -L -v -n
### *** now ping and wget should work *** ###
# ping cyberciti.biz
# wget http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.2-rc5.tar.bz2

#8:Drop Private Network Address On Public Interface

IP spoofing is nothing but to stop the following IPv4 address ranges for private networks on your public interfaces. Packets with non-routable source addresses should be rejected using the following syntax:
# iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j DROP
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

#8.1: IPv4 Address Ranges For Private Networks (make sure you block them on public interface)

  • 10.0.0.0/8 -j (A)
  • 172.16.0.0/12 (B)
  • 192.168.0.0/16 (C)
  • 224.0.0.0/4 (MULTICAST D)
  • 240.0.0.0/5 (E)
  • 127.0.0.0/8 (LOOPBACK)

#9: Blocking an IP Address (BLOCK IP)

To block an attackers ip address called 1.2.3.4, enter:
# iptables -A INPUT -s 1.2.3.4 -j DROP
# iptables -A INPUT -s 192.168.0.0/24 -j DROP

#10: Block Incoming Port Requests (BLOCK PORT)

To block all service requests on port 80, enter:
# iptables -A INPUT -p tcp --dport 80 -j DROP
# iptables -A INPUT -i eth1 -p tcp --dport 80 -j DROP

To block port 80 only for an ip address 1.2.3.4, enter:
# iptables -A INPUT -p tcp -s 1.2.3.4 --dport 80 -j DROP
# iptables -A INPUT -i eth1 -p tcp -s 192.168.1.0/24 --dport 80 -j DROP

#11: Block Outgoing IP Address

To block outgoing traffic to a particular host or domain such as cyberciti.biz, enter:
# host -t a cyberciti.biz
Sample outputs:

cyberciti.biz has address 75.126.153.206

Note down its ip address and type the following to block all outgoing traffic to 75.126.153.206:
# iptables -A OUTPUT -d 75.126.153.206 -j DROP
You can use a subnet as follows:
# iptables -A OUTPUT -d 192.168.1.0/24 -j DROP
# iptables -A OUTPUT -o eth1 -d 192.168.1.0/24 -j DROP

#11.1: Example – Block Facebook.com Domain

First, find out all ip address of facebook.com, enter:
# host -t a www.facebook.com
Sample outputs:

www.facebook.com has address 69.171.228.40

Find CIDR for 69.171.228.40, enter:
# whois 69.171.228.40 | grep CIDR
Sample outputs:

CIDR:           69.171.224.0/19

To prevent outgoing access to www.facebook.com, enter:
# iptables -A OUTPUT -p tcp -d 69.171.224.0/19 -j DROP
You can also use domain name, enter:
# iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP
# iptables -A OUTPUT -p tcp -d facebook.com -j DROP

From the iptables man page:

… specifying any name to be resolved with a remote query such as DNS (e.g., facebook.com is a really bad idea), a network IP address (with /mask), or a plain IP address …

#12: Log and Drop Packets

Type the following to log and block IP spoofing on public interface called eth1
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j LOG --log-prefix "IP_SPOOF A: "
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

By default everything is logged to /var/log/messages file.
# tail -f /var/log/messages
# grep --color 'IP SPOOF' /var/log/messages

#13: Log and Drop Packets with Limited Number of Log Entries

The -m limit module can limit the number of log entries created per time. This is used to prevent flooding your log file. To log and drop spoofing per 5 minutes, in bursts of at most 7 entries .
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -m limit --limit 5/m --limit-burst 7 -j LOG --log-prefix "IP_SPOOF A: "
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

#14: Drop or Accept Traffic From Mac Address

Use the following syntax:
# iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP
## *only accept traffic for TCP port # 8080 from mac 00:0F:EA:91:04:07 * ##
# iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT

#15: Block or Allow ICMP Ping Request

Type the following command to block ICMP ping requests:
# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
# iptables -A INPUT -i eth1 -p icmp --icmp-type echo-request -j DROP

Ping responses can also be limited to certain networks or hosts:
# iptables -A INPUT -s 192.168.1.0/24 -p icmp --icmp-type echo-request -j ACCEPT
The following only accepts limited type of ICMP requests:
### ** assumed that default INPUT policy set to DROP ** #############
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
## ** all our server to respond to pings ** ##
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

#16: Open Range of Ports

Use the following syntax to open a range of ports:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7000:7010 -j ACCEPT

#17: Open Range of IP Addresses

Use the following syntax to open a range of IP address:
## only accept connection to tcp port 80 (Apache) if ip is between 192.168.1.100 and 192.168.1.200 ##
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT

## nat example ##
iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.20-192.168.1.25

#18: Established Connections and Restaring The Firewall

When you restart the iptables service it will drop established connections as it unload modules from the system under RHEL / Fedora / CentOS Linux. Edit, /etc/sysconfig/iptables-config and set IPTABLES_MODULES_UNLOAD as follows:

IPTABLES_MODULES_UNLOAD = no

#19: Help Iptables Flooding My Server Screen

Use the crit log level to send messages to a log file instead of console:
iptables -A INPUT -s 1.2.3.4 -p tcp --destination-port 80 -j LOG --log-level crit

#20: Block or Open Common Ports

The following shows syntax for opening and closing common TCP and UDP ports:

Replace ACCEPT with DROP to block port:
## open port ssh tcp port 22 ##
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
 
## open cups (printing service) udp/tcp port 631 for LAN users ##
iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 631 -j ACCEPT
 
## allow time sync via NTP for lan users (open udp port 123) ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
 
## open tcp port 25 (smtp) for all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT
 
# open dns server ports for all ##
iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
 
## open http/https (Apache) server port to all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
 
## open tcp port 110 (pop3) for all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 110 -j ACCEPT
 
## open tcp port 143 (imap) for all ##
iptables -A INPUT -m state --state NEW -p tcp --dport 143 -j ACCEPT
 
## open access to Samba file server for lan users only ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT
 
## open access to proxy server for lan users only ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 3128 -j ACCEPT
 
## open access to mysql server for lan users only ##
iptables -I INPUT -p tcp --dport 3306 -j ACCEPT

#21: Restrict the Number of Parallel Connections To a Server Per Client IP

You can use connlimit module to put such restrictions. To allow 3 ssh connections per client host, enter:
# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT

Set HTTP requests to 20:
# iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 24 -j DROP
Where,

  1. –connlimit-above 3 : Match if the number of existing connections is above 3.
  2. –connlimit-mask 24 : Group hosts using the prefix length. For IPv4, this must be a number between (including) 0 and 32.

#22: HowTO: Use iptables Like a Pro

For more information about iptables, please see the manual page by typing man iptables from the command line:
$ man iptables
You can see the help using the following syntax too:
# iptables -h
To see help with specific commands and targets, enter:
# iptables -j DROP -h

#22.1: Testing Your Firewall

Find out if ports are open or not, enter:
# netstat -tulpn
Find out if tcp port 80 open or not, enter:
# netstat -tulpn | grep :80
If port 80 is not open, start the Apache, enter:
# service httpd start
Make sure iptables allowing access to the port 80:
# iptables -L INPUT -v -n | grep 80
Otherwise open port 80 using the iptables for all users:
# iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
# service iptables save

Use the telnet command to see if firewall allows to connect to port 80:
$ telnet www.cyberciti.biz 80
Sample outputs:

Trying 75.126.153.206...
Connected to www.cyberciti.biz.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

You can use nmap to probe your own server using the following syntax:
$ nmap -sS -p 80 www.cyberciti.biz
Sample outputs:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-13 13:19 IST
Interesting ports on www.cyberciti.biz (75.126.153.206):
PORT   STATE SERVICE
80/tcp open  http
Nmap done: 1 IP address (1 host up) scanned in 1.00 seconds

I also recommend you install and use sniffer such as tcpdupm and ngrep to test your firewall settings.

Howto: Recover a file when you don’t know inode number in Linux

Delete a file called abc.sh:
rm abc.sh
Type the following command:
# debugfs -w /dev/mapper/root
At debugfs: prompt type lsdel command:

debugfs: lsdel

Sample outputs:

 Inode  Owner  Mode    Size    Blocks   Time deleted
2113537      0 120777      3    1/   1 Tue May  1 06:21:22 2016
1 deleted inodes found.

Get block data, enter:

debugfs: logdump -i <2113537>

Sample outputs:

debugfs:  logdump -i <2113537>
Inode 2113537 is at group 129, block 4227074, offset 0
Journal starts at block 25167, transaction 344454
  FS block 4227074 logged at sequence 344484, journal block 31233 (flags 0x2)
    (inode block for inode 2113537):
    Inode: 2113537   Type: regular        Mode:  0644   Flags: 0x0
    Generation: 1054075619    Version: 0x00000000
    User:     0   Group:     0   Size: 15
    File ACL: 0    Directory ACL: 0
    Links: 1   Blockcount: 8
    Fragment:  Address: 0    Number: 0    Size: 0
    ctime: 0x575965d9 -- Thu Jun  9 18:19:29 2016
    atime: 0x575965d9 -- Thu Jun  9 18:19:29 2016
    mtime: 0x575965d9 -- Thu Jun  9 18:19:29 2016
    Blocks:  (0+1): 4247552
No magic number at block 31238: end of journal.

Type the following command:
# dd if=/dev/mapper/root of=recovered.file.001 bs=4096 count=1 skip=4247552
# file recovered.file.001

Sample outputs:

file: ASCII text, with very long lines

View file, enter:
# more recovered.file.001

How to recover a deleted file in Linux ?

A step-by-step guide for recovering files using debugfs

[root@unix-support-server ~]# mount

/dev/sda2 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/sdb1 on /var/www type ext3 (rw)
/dev/sdd1 on /LUN93 type ext3 (rw)
/dev/sdc on /LUN92 type ext3 (rw)
/dev/sde1 on /LUN94 type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

Create a text file called data.txt, enter:
echo 'This is a test' > data.txt
Display the index number (inode) of data.txt, enter:
[root@unix-support-server LUN94]# ls -li data.txt

2113537 -rw-r--r-- 1 root root 15 Jun  9 18:19 data.txt

[root@unix-support-server LUN94]#
[root@unix-support-server LUN94]# debugfs -w /dev/sde1

debugfs 1.41.12 (17-May-2010)
debugfs:  logdump -i  <2113537>
Inode 2113537 is at group 129, block 4227074, offset 0
Journal starts at block 25167, transaction 344454
  FS block 4227074 logged at sequence 344484, journal block 31233 (flags 0x2)
    (inode block for inode 2113537):
    Inode: 2113537   Type: regular        Mode:  0644   Flags: 0x0
    Generation: 1054075619    Version: 0x00000000
    User:     0   Group:     0   Size: 15
    File ACL: 0    Directory ACL: 0
    Links: 1   Blockcount: 8
    Fragment:  Address: 0    Number: 0    Size: 0
    ctime: 0x575965d9 -- Thu Jun  9 18:19:29 2016
    atime: 0x575965d9 -- Thu Jun  9 18:19:29 2016
    mtime: 0x575965d9 -- Thu Jun  9 18:19:29 2016
    Blocks:  (0+1): 4247552
No magic number at block 31238: end of journal.

debugfs:  cat  <2113537>
This is a test
debugfs:
debugfs:  q

[root@unix-support-server LUN94]# rm data.txt
rm: remove regular file `data.txt’? y
[root@unix-support-server LUN94]# cat data.txt
cat: data.txt: No such file or directory
[root@unix-support-server LUN94]#
[root@unix-support-server LUN94]# dd if=/dev/sde1 of=data.txt bs=4096 count=1 skip=4247552

1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.000536678 s, 7.6 MB/s

[root@unix-support-server LUN94]#
[root@unix-support-server LUN94]# cat data.txt

This is a test

[root@unix-support-server LUN94]#

How to recover a deleted file in aix / jfs?

It is possible to recover the file using the “fsdb” command (filesystem debugger). when,

No new files have been created on the filesystem.

No files have been extended.

The filesystem is able to be unmounted.

Warning: I have test this in my test server. This is undocumented one. You may facing the critical problem when you follow the below steps on your systems. So try this at your own risk. Please avoid directly try this with your production servers. Here is the output for your reference.

You can get deleted files inode if you don’t have.

#fuser -dV

inode=68     size=34358697984  fd=6
inode=76     size=16106135552  fd=7
inode=65     size=34358697984  fd=16
inode=68     size=34358697984  fd=11
inode=68     size=34358697984  fd=7
inode=68     size=34358697984  fd=6

# lsvg -l testvg

testvg:

LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT

loglv00             jfs2log    1     1     1    closed/syncd  N/A

#

# crfs -a size=256M -v jfs2 -g testvg -m /new            à create a “/new” FS

File system created successfully.

261932 kilobytes total disk space.

New File System size is 524288

#

# lsvg -l testvg

testvg:

LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT

loglv00             jfs2log    1     1     1    closed/syncd  N/A

fslv00              jfs2       16    16    1    closed/syncd  /new

#

# mount /new         à mount the /new FS

#

# lsvg -l testvg

testvg:

LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT

loglv00             jfs2log    1     1     1    open/syncd    N/A

fslv00              jfs2       16    16    1    open/syncd    /new

#

# cd /new

#

# ls -l

total 0

drwxr-xr-x   2 root     system          256 Apr 03 16:47 lost+found

#

# cat >> film         à Create a file named “film”

Hi this is the test file. I want to use this file for recovery test

^C#

#

# cat film

Hi this is the test file. I want to use this file for recovery test

#

# ls –il        à check the inode number of the file “film”. That is 4

total 8

4 -rw-r–r–   1 root     system           68 Apr 03 16:49 film

3 drwxr-xr-x   2 root     system          256 Apr 03 16:47 lost+found

#

#

# rm film     à remove the file “film”

#

# ls -l

total 0

drwxr-xr-x   2 root     system          256 Apr 03 16:47 lost+found

#

# cd ~

#

# umount /new     à unmount the /new FS

#

# lsvg -l testvg

testvg:

LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT

loglv00             jfs2log    1     1     1    closed/syncd  N/A

fslv00              jfs2       16    16    1    closed/syncd  /new

#

# fsdb /dev/fslv00       à use the “fsdb <lv_name>” to recover the deleted  file.

File System:                    /dev/fslv00

File System Size:               523864  (512 byte blocks)

Aggregate Block Size:           4096

Allocation Group Size:          8192    (aggregate blocks)

> dir 2

idotdot = 2

3      lost+found

>

> i 4     à provide the inode number of our deleted file. That is 4

Inode 4 at block 33, offset 0x800:

[1] di_fileset:         16                 [18] di_inostamp:       0x4d98ead4

[2] di_number:          4               [19] di_gen:            3940655789

[3] di_size:    0x0000000000000044      [20] di_ixpxd.len:      4

[4] di_nblocks: 0x0000000000000001      [21] di_ixpxd.addr1:    0x00

[5] di_nlink:           0               [22] di_ixpxd.addr2:    0x00000021

[6] di_mode:            0x000081a4           di_ixpxd.address:  33

0100644 -rw-r–r–      [24] di_uid:            0

[25] di_gid:            0

[9] di_atime.tj_nsec:   0x1e8a1025      [26] di_atime.tj_sec:0x000000004d98eb7d

[10] di_ctime.tj_nsec:  0x0ca85614      [27] di_ctime.tj_sec:0x000000004d98ebac

[11] di_mtime.tj_nsec:  0x1af63892      [28] di_mtime.tj_sec:0x000000004d98eb77

[12] di_otime.tj_nsec:  0x03b74a9a      [29] di_otime.tj_sec:0x000000004d98eb24

[13] di_ea.flag:        0x00            [30] di_ea.len:         0

EAv1                               [31] di_ea.addr1:       0x00

[15] di_ea.nEntry:      0x00            [32] di_ea.addr2:       0x00000000

[16] di_ea.type:        0x0000               di_ea.address:     0

[34] di_ea.nblocks:     0

change_inode: [m]odify, [e]a, [t]ree, or e[x]it > m     à choose “m” to modify

Please enter: field-number value > 5  1   à  put the field number is 5, change the di_nlink value to 1

Inode 4 at block 33, offset 0x800:

[1] di_fileset:         16              [18] di_inostamp:       0x4d98ead4

[2] di_number:          4               [19] di_gen:            3940655789

[3] di_size:    0x0000000000000044      [20] di_ixpxd.len:      4

[4] di_nblocks: 0x0000000000000001      [21] di_ixpxd.addr1:    0x00

[5] di_nlink:           1               [22] di_ixpxd.addr2:    0x00000021

[6] di_mode:            0x000081a4           di_ixpxd.address:  33

0100644 -rw-r–r–      [24] di_uid:            0

[25] di_gid:            0

[9] di_atime.tj_nsec:   0x1e8a1025      [26] di_atime.tj_sec:0x000000004d98eb7d

[10] di_ctime.tj_nsec:  0x0ca85614      [27] di_ctime.tj_sec:0x000000004d98ebac

[11] di_mtime.tj_nsec:  0x1af63892      [28] di_mtime.tj_sec:0x000000004d98eb77

[12] di_otime.tj_nsec:  0x03b74a9a      [29] di_otime.tj_sec:0x000000004d98eb24

[13] di_ea.flag:        0x00            [30] di_ea.len:         0

EAv1                               [31] di_ea.addr1:       0x00

[15] di_ea.nEntry:      0x00            [32] di_ea.addr2:       0x00000000

[16] di_ea.type:        0x0000               di_ea.address:     0

[34] di_ea.nblocks:     0

change_inode: [m]odify, [e]a, [t]ree, or e[x]it > x    à exit

> quit

#

# fsck -yp /dev/fslv00     à run fsck to repaired the  inconsistencies.

The current volume is: /dev/fslv00

Primary superblock is valid.

J2_LOGREDO:log redo processing for /dev/fslv00

logredo start at: 1301867616 sec and end at 1301867616 sec

Primary superblock is valid.

*** Phase 1 – Initial inode scan

*** Phase 2 – Process remaining directories

*** Phase 3 – Process remaining files

*** Phase 4 – Check and repair inode allocation map

File system inode map is corrupt (FIXED)

Superblock marked dirty because repairs are about to be written.

*** Phase 5 – Check and repair block allocation map

Block allocation map is corrupt (FIXED)

Inodes not connected to the root directory

tree have been detected.  Will reconnect.

File system is clean.

Superblock is marked dirty (FIXED)

All observed inconsistencies have been repaired.

#

# mount /new   à mount the /new FS

# lsvg -l testvg

testvg:

LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT

loglv00             jfs2log    1     1     1    open/syncd    N/A

fslv00              jfs2       16    16    1    open/syncd    /new

#

# cd /new  à goto the /new FS

#

# ls -l

total 0

drwxr-xr-x   2 root     system          256 Apr 03 16:47 lost+found

#

# cd lost+found   à go to lost+found dir

#

# pwd

/new/lost+found

#

# ls -l

total 8

-rw-r–r–   1 root     system           68 Apr 03 16:49 4     à you can see the deleted file in the name of your inode number

#

# cat 4   à confirm the file content

Hi this is the test file. I want to use this file for recovery test

#

# mv 4 /new/.      à move the file to the exact place where it was before

#

# pwd

/new/lost+found

# cd ..

#

# pwd

/new

# ls -l

total 8

-rw-r–r–   1 root     system           68 Apr 03 16:49 4

drwxr-xr-x   2 root     system          256 Apr 03 16:55 lost+found

#

# cat 4

Hi this is the test file. I want to use this file for recovery test

#

# mv 4 film  à change the name of the recovered file to the old one.

#

# ls -l

total 8

-rw-r–r–   1 root     system           68 Apr 03 16:49 film   à the deleted file has been recovered.

drwxr-xr-x   2 root     system          256 Apr 03 16:55 lost+found

#

#

 

AWS RDS IAM Policy for Read Only Access and DB Logs Download

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "rds:Describe*",
                "rds:ListTagsForResource",
                "rds:Download*",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeVpcs"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "cloudwatch:GetMetricStatistics",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Creating graphs from SAR output

You must know that sar is a very effective tool to collect system activity or performance information from your system.
To collect all information:

sar -o test.log -A 1 3 2>&1 >/dev/null

This command will make a binary file from output, and you can display it with sadf command:

sadf -t -d test.log — -A

Sometimes, you would like to make graphs from these data, because diagrams are clear and better understandable than plain data.
The best way to create graphs from output of sar is kSar that is an Java-based application with gui.
You can download it from the following site: http://ksar.atomique.net/

This program can process sar text output and make diagrams from them, also it can save graphs as picture or export them into a PDF file.
If you have only the binary output of sar, you can convert it into text file with this command:

sar -A -f test.log >> sardata.txt

Now, you can import text file into kSar, with “Data/Load from text file…” menu entry.
Also, kSar has other useful functions, like remote sar running via SSH, for more details read kSar documentation.
Loading text file:sar-graph2-300x187 sar-graph-300x187 sar-main-300x187