Unix Disabling Daemons / services from inetd.conf

Tune your system more by disabling all unwanted and unused daemons from running on the system. This can be done by  editing the /etc/inetd.conf file and the rc files or directories.

Modify the /etc/inetd.conf file and disable unnecessary daemons running on the system.
# vi /etc/inetd.conf
#
# Configuration file for inetd(1M). See inetd.conf(4).
#
# To re-configure the running inetd process, edit this file, then
# send the inetd process a SIGHUP. kill -HUP [PID]
#
#ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -l
#telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
#talk dgram udp wait root /usr/sbin/in.talkd in.talkd
#ntalk dgram udp wait root /usr/sbin/in.ntalkd in.ntalkd
#uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd
#
#finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
#tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd

#bootps dgram udp wait root /usr/sbin/in.bootpd in.bootpd
#talk dgram udp wait root /usr/sbin/tcpd in.talkd
After the /etc/inetd.conf file has been modified and daemons have been disabled, find the process ID (PID) of the inetd
daemon that is running and restart it with the kill -HUP command.
Flavor: AT&T
# ps -ef | grep inetd
root 124 1 ? S 30:57 /usr/sbin/inetd -s
ugu 10377 10378 pts/4 S 0:00 grep inetd
# kill -HUP 124
Flavor: BSD
# ps -ax | grep inetd
124 ? S 30:57 /usr/sbin/inetd -s
10377 pts/4 S 0:00 grep inetd
# kill -HUP 124


If accounting is turned on you can check the system log files (/var/adm/messages or /var/adm/SYSLOG) to verify the inetd daemon had restarted. If you check the process table again, you’ll see that the PID never changed. It isn’t suppose to. A kill  -HUP does not kill the process, it actually sends a hang-up signal. Many daemons, such as the inetd daemon, will catch the signal and reread its configuration file and continue running.
If the process didn’t restart and you can still connect to the daemons, it is not advisable but it is possible to kill the inetd daemon and restart it manually. It should be done in one single command line, if possible:


# kill 124; /usr/etc/inetd
Then check the process table ( ps -ef or ps -ax ) to verify that the daemon is running. This time it will have a new PID.

Unix Disabling Daemons / services from inetd.conf

Tune your system more by disabling all unwanted and unused daemons from running on the system. This can be done by  editing the /etc/inetd.conf file and the rc files or directories.

Modify the /etc/inetd.conf file and disable unnecessary daemons running on the system.
# vi /etc/inetd.conf
#
# Configuration file for inetd(1M). See inetd.conf(4).
#
# To re-configure the running inetd process, edit this file, then
# send the inetd process a SIGHUP. kill -HUP [PID]
#
#ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -l
#telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
#talk dgram udp wait root /usr/sbin/in.talkd in.talkd
#ntalk dgram udp wait root /usr/sbin/in.ntalkd in.ntalkd
#uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd
#
#finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
#tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd

#bootps dgram udp wait root /usr/sbin/in.bootpd in.bootpd
#talk dgram udp wait root /usr/sbin/tcpd in.talkd
After the /etc/inetd.conf file has been modified and daemons have been disabled, find the process ID (PID) of the inetd
daemon that is running and restart it with the kill -HUP command.
Flavor: AT&T
# ps -ef | grep inetd
root 124 1 ? S 30:57 /usr/sbin/inetd -s
ugu 10377 10378 pts/4 S 0:00 grep inetd
# kill -HUP 124
Flavor: BSD
# ps -ax | grep inetd
124 ? S 30:57 /usr/sbin/inetd -s
10377 pts/4 S 0:00 grep inetd
# kill -HUP 124


If accounting is turned on you can check the system log files (/var/adm/messages or /var/adm/SYSLOG) to verify the inetd daemon had restarted. If you check the process table again, you’ll see that the PID never changed. It isn’t suppose to. A kill  -HUP does not kill the process, it actually sends a hang-up signal. Many daemons, such as the inetd daemon, will catch the signal and reread its configuration file and continue running.
If the process didn’t restart and you can still connect to the daemons, it is not advisable but it is possible to kill the inetd daemon and restart it manually. It should be done in one single command line, if possible:


# kill 124; /usr/etc/inetd
Then check the process table ( ps -ef or ps -ax ) to verify that the daemon is running. This time it will have a new PID.

Unix Backup Key Files !!

  1. Kernel This should be the first file backed up. If it gets deleted you can restore it back. This file is often named /kernel, /unix, or /vmunix.

  2. Password File Having a backup of the password file is a good idea, in case the system password file gets compromised. This is the file referred to as /etc/passwd.
  3. Group File Back this up for similar reasons as you do a password file. This file is /etc/group.
  4. Host Table Make an extra copy of the host table, in case the file is corrupted or entries are removed and then needed in the future. This file is named /etc/hosts.
  5. Filesystem Table This is for recovery of the filesystem configurations. This file is often called /etc/fstab or /etc/vfstab.
  6. Sendmail Config Files If anyone works with sendmail, back these up for sure. If mail breaks, the quickest recovery is to restore from the backed up config files. These would be /usr/lib/sendmail.cf, /usr/lib/sendmail.fc, and /usr/lib/sendmail.mc.
  7. Inetd Configs This file has been known to get misconfigured and is a target for hackers. This is the file /etc/inetd.conf.
  8. TTY settings If you have any specialized devices attached, these should be backed up. These settings are typically found in /etc/inittab, /etc/ttytab, and /etc/ttys.
  9. Start Up Scripts Any special scripts that get started at boot time should be kept in another area. These files would usually reside in the /etc/init.d or /etc/rc#.d directories.

How to find and trace open ports in unix

Listing all the preocess ids:

# /usr/bin/ps -ef | sed 1d | awk ‘{print $2}’

Mapping the files to ports using the PID:

# /usr/proc/bin/pfiles 2>/dev/null | /usr/xpg4/bin/grep
or
# /usr/bin/ps -o pid -o args -p | sed 1d

Mapping the sockname to port using the port number:

# for i in `ps -e|awk ‘{print $1}’`; do echo $i; pfiles $i 2>/dev/null | grep ‘port: 1521’; done
or
# pfiles -F /proc/* | nawk ‘/^[0-9]+/ { proc=$2} ; /[s]ockname: AF_INET/ { print proc “n ” $0 }’

There were two explanations why “lsof” did not show, what was expected:

1) One thing that might prevent lsof to print all, is if the ports are controlled by inetd or some such (i.e. there is nothing actively listening on them until you try talking to them).

Also, try telneting to the port and then run lsof while the telnet session is connected.

2) On Solaris 10, using “lsof -i” to show mapping of processes to TCP ports incorrectly shows all processes that have socket open as using port 65535, for example:

sshd 8304 root 8u IPv4 0x60008cdac0 0t0 TCP *:65535
(LISTEN)
sendmail 1446 root 5u IPv4 0x60007ebbe00 0t0 TCP *:65535
(LISTEN)

This is a known bug in lsof that can _not_ be fixed because of differences between Solaris 10 and previous versions. So the useful “lsof -i :” is now not useful.

Collecting Unix System Information

At the very least, collect the following information for each system that you have:
1. Hostname:
% hostname
2. Hostname aliases:
% grep `hostname` /etc/hosts | awk ‘{ print $3 }’
3. Host network addresses:
% grep `hostname` /etc/hosts | awk ‘{ print $1 }’
4.   Host ID:
% hostid
5. System serial number:
On the back of most all computers.
6. Manufacturer of the system’s hardware:
On the front of most computers
7. System model name:
On the front of most computers
8. CPU type:
% uname -a
9. Application architecture:
% uname -a
10.   Kernel architecture:
% uname -a
11.  Amount of main memory:
Can be found at boot time
% dmesg
12.  Operating system name:
% uname -a
13.  Operating system version:
% uname -a
14.  Kernel version:
% uname -a
15.  Disk configuration:
% df

b2blog/evo_hitlog’ is marked as crashed and should be repaired(Errno=145)

This is the error I got yesterday:

—————————————-
MySQL error!

Table ‘./b2blog/evo_hitlog’ is marked as crashed and should be repaired(Errno=145)
—————————————-

 

Easily fixed though.

Logged in through SSH
Went to mySQL
Executed the command “repair table evo_hitlog;”

or

You can login to your webhosting Cpanel and go to databses and run “Repair DB”.

All Fixed. Hope it wasn’t a hacking attempt…

 

>

OpenSolaris COMSTAR

Installation

1. Install COMSTAR Server Utilities

# pkg install storage-server

# pkg install SUNWiscsi

2. Disable iscsitgt and physical:nwam Service – itadm gets confused with multiple physical instances; this

assumes not using nwam.

# svcadm disable iscsitgt

# svccfg delete svc:/network/physical:nwam

3. Reboot Server

# shutdown -i6 -g0 -y

4. Enable stmf service

# svcadm enable stmf

# svcadm enable -r svc:/network/iscsi/target:default

 

Simple Setup An iSCSI LUN

 

1. Create a ZFS Volume

# zfs create -V SIZE pool/volume

2. Configure iSCSI Target and LUN

# sbdadm create-lu /dev/zvol/rdsk/pool/volume

# stmfadm add-view <GUID>

## Create a send-target target ###

# itadm create-tpg nge1 10.1.15.20

# itadm create-target -t nge1

##################################

## OR

## Create a target for static assignment ##

# itadm create-target

###########################################

Walkthrough of iSCSI LUN Example

# zpool create npool disk1

# zfs create npool/iscsitgt

# zfs create -V 10g npool/iscsitgt/vdisk_dom1

# sbdadm create-lu /dev/zvol/rdsk/npool/iscsitgt/vdisk_dom1

Created the following LU:

GUID

DATA SIZE

SOURCE

—————–  ——————-  ———-

600144f0c312030000004a366cee0001 19327287296

/dev/zvol/rdsk/npool/iscsitgt/vdisk_dom1

# stmfadm add-view 600144f0c312030000004a366cee0001

# itadm create-target

Target iqn.1986-03.com.sun:02:

278f5072-6662-e976-cc95-8116fd42c2c2 successfully created

 

Linux Install & configure Squid in three easy steps

  1. Squid configuration so that it will act as a transparent proxy

     

  2. Iptables configuration

    • Configure system as router
    • Forward all http requests to 3128 (DNAT)
  3. Run scripts and start squid service

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:


acl all src 10.1.51.66 10.1.51.89 10.1.51.95 10.1.51.225
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid

 

Where,

  • acl all src 10.0.51.66  : Access control list, only allow LAN computers to use squid
  • http_access allow localhost: Squid access to LAN and localhost ACL only
  • http_access allow all: — same as above —

Here is the complete listing of squid.conf for your reference grep will remove all comments and sed will remove all empty lines:

# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'

 

Iptables configuration

 

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 10.0.50.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Linux add a swap file

You need to use dd command to create swapfile. Next you need to use mkswap command to set up a Linux swap area on a device or in a file.

 

a) Login as the root user

 

b) Type following command to create 512MB swap file (1024 * 1024MB = 1048576 block size):
# dd if=/dev/zero of=/swapfile1 bs=1024 count=1048576

 

c) Set up a Linux swap area:
# mkswap /swapfile

 

d) Activate /swapfile1 swap space immediately:
# swapon /swapfile

 

e) To activate /swapfile1 after Linux system reboot, add entry to /etc/fstab file. Open this file using text editor such as vi:
# vi /etc/fstab

 

Append following line:
/swapfile swap swap defaults 0 0

 

So next time Linux comes up after reboot, it enables the new swap file for you automatically.

 

g) How do I verify swap is activated or not?
Simply use free command:
$ free -m

How to configure a VMware ESX / ESXi host with a QLogic HBA to boot from SAN in a CLARiiON environment

How to configure a VMware ESX / ESXi host with a QLogic HBA to boot from SAN in a CLARiiON environment

Solution:

This procedure explains how to configure the QLogic HBA to boot ESX/ESXi from SAN. The procedure involves enabling the QLogic HBA BIOS, enabling the selectable boot, and selecting the boot LUN.

Procedure:

1. While booting the server, press Ctrl+Q to enter the Fast!UTIL configuration utility.

2. Perform the appropriate action depending on the number of HBAs.

Option Description
One HBA If you have only one host bus adapter (HBA), the Fast!UTIL Options page appears. Skip to Step 3.
Multiple HBAs If you have more than one HBA, select the HBA manually.

1. In the Select Host Adapter page, use the arrow keys to position the cursor on the appropriate HBA.

2. Press Enter.

3. In the Fast!UTIL Options page, select Configuration Settings and press Enter.

4. In the Configuration Settings page, select Adapter Settings and press Enter.

5. Set the BIOS to search for SCSI devices.

a. In the Host Adapter Settings page, select Host Adapter BIOS.

b. Press Enter to toggle the value to Enabled.

c. Press Esc to exit.

6. Enable the selectable boot.

a. Select Selectable Boot Settings and press Enter.

b. In the Selectable Boot Settings page, select Selectable Boot.

c. Press Enter to toggle the value to Enabled.

7. Use the cursor keys to select the Boot Port Name entry in the list of storage processors (SPs) and press Enter to open the Select Fibre Channel Device screen.

8. Use the cursor keys to select the specific SP and press Enter.

If you are using an active-passive storage array, the selected SP must be on the preferred (active) path to the boot LUN. If you are not sure which SP is on the active path, use your storage array management software to find out. The target IDs are created by the BIOS and might change with each reboot.

9. Perform the appropriate action depending on the number of LUNs attached to the SP.

Option Description
One LUN The LUN is selected as the boot LUN. You do not need to enter the Select LUN screen.
Multiple LUNs Select LUN screen opens. Use the cursor to select the boot LUN, then press Enter.