Tuesday, September 30, 2008

Regaining root's password

1) Boot from a cd-rom or a bootable Tape.

2) Press F5 or 5.

3) Select option 3 from installation and maintanance menu: Start maintanance menu for system recovery.

4) Follow the option to activate the root vg and obtain the shell.

5) Once a shell is available then run the passwd command to reset the password for root.

6) sync

7) Reboot the system.

REMOVING UNWANTED FILES

Removing Obsolete Files

Occasionally, you need to remove unwanted and unneeded files from your system. AIX provides you with the skulker command, which allows you to automatically track and remove obsolete files. This facilityworks on candidate files located in the /tmp directory, executable a.out files, core files, and ed.hup files.

To run the skulker command, type
# skulker -p

You can automate the skulker command by setting up the cron facility to perform this task regularly.






Removing Unowned Files

When a user ID is removed, that user’s files then have no owner assigned to them. To identify files that have no owner, you can use the find command as follows:
# find / -nouser -ls

After identifying files that have no owners, determine whether the files are needed. If they are needed, assign them to a different user. Otherwise, you can remove those files from the system.





Managing Unauthorized Remote Host Access

Some programs use the .rhosts file to gain access to a system. In some cases, access can be granted to unauthenticated users. To avoid this situation, remove the .rhosts file from your system.
For HACMP clusters, .rhosts files are required. Instead of removing them from these configurations, set the permissions to 600 and assign ownership of the files to root.system.

To find .rhosts files, run the following command:
# find / -name .rhosts -ls






Monitoring Executable Files

To monitor the activity of critical executable files, you need a good understanding of how these files are being used. The executable files that you need to monitor are those that are owned by root and have either their SUID or SGID bits set.
After carefully monitoring these files during normal system activity, you can generate a report that includes a list of files that are normally executed. You can then contrast that report with subsequent reports that show new files with these attributes that were set without your knowledge. To create the baseline report, run the following commands:
# find / -perm -4000 -user 0 -ls
# find / -perm -2000 -user 0 -ls

Monday, September 29, 2008

Changing the CDE login screen

This security issue also affects the Common Desktop Environment (CDE) users. The CDE login screen also displays, by default, the host name and the operating system version. To prevent this information frombeing displayed, edit the /usr/dt/config/$LANG/Xresources file, where $LANG refers to the local language installed on your machine.

In the Example assuming that $LANG is set to C, copy this file into /etc/dt/config/C/Xresources. Next, open the /usr/dt/config/C/Xresources file and edit it to remove welcome messages that include the host name and operating system version.

Securing unattended Terminals

Always lock your terminal when it is not being attended to prevent unauthorized access. Leaving system terminals unsecure poses a potential security hazard. To lock your terminal, use the lock command.

Changing the login screen welcome message

To prevent displaying certain information on login screens, edit the herald parameter in the
/etc/security/login.cfg file. The default herald contains the welcome message that displays with your login prompt. To change this parameter, you can either use the chsec command or edit the file directly.
The following example uses the chsec command to change the default herald parameter:
# chsec -f /etc/security/login.cfg -a default -herald "Unauthorized use of this system is Prohibited.\n\nlogin: "

To edit the file directly, open the /etc/security/login.cfg file and update the herald parameter as follows:
default:
herald ="Unauthorized use of this system is prohibited\n\nlogin:"
sak_enable = false
logintimes =
logindisable = 0
logininterval = 0
loginreenable = 0
logindelay = 0

Friday, September 26, 2008

ssh without password

This Procedure for do the ssh for without asking password only for One server
a@A:~> ssh-keygen -t rsa
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):a@A:~> ssh b@localhost mkdir -p .sshb@localhost's password:
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:a@A:~> cat .ssh/id_rsa.pub ssh b@B 'cat >> .ssh/authorized_keys'b@B's password:
From now on you can log into B as b from A as a without password:a@A:~> ssh b@B hostnameB
=====================================================================================

Login in ServerA
Go to Home dircetory of user.
scp /home/oracle/.ssh/id_rsa.pub ServerB:/home/oracle/.ssh/authorized_keys
Then you will able to login without asking password to SerevrB.
You can login ServerB
run the command
ssh-keygen -t rsa
scp /home/oracle/.ssh/id_rsa.pub ServerA:/home/oracle/.ssh/authorized_keys
Then you will able to login without asking password to SerevrA

File Systems

# File Systems Types:
JFS, EJFS, NFS, CD-ROM File systems
# File Systems Structure:
1. Superblock ==> it contains control information about file systems such as a) Size of the file systems b) Name of the file systems c) The System log device d) The version number e) The number of inodes f) List of free inodes and data-bocks g) Date and time of creation of file system and also file system state.
IMP: Corruption of data may render the file system unusable. This is wny system keeps a second copy of superblock on logical block 31.

2. Allocation Group ==> it consists of inodes and it corresponding data blocks. An allocation group spans multiple adjacent disk blocks and it improves the speed of i/o operation. Booth jfs and jfs2 file systems use allocation group.

3. Inodes ===> it contains control information about file such as a) Type, Size, Owner, and the date and time when the file was created, modified, last accessed. b) it also contains the pointers to data blocks that store the actula data of file. Every File has a corresponding inode. c) The jfs restricts all file systems to 16 MB inodes.
4. Data Blocks ==> it stores the actucal data of the file or pointers to other data blocks. Default value for disk block size is 4 kb.
5. Fragments ===> Fragments of logical blocks can be used to support files smaller than the standard size of the logical boock ( 4 kb ). This rules applies only to last block of a file smaller than 32 kb.




############### File Systems Differences ########################################

Function JFS JFS2
Architectural maximum file system size 1 TB 4 PB
Architectural maximum file size 64 GB 4 PB
No of inodes Fixed, set at Dynamic system creation
Inode size 128 bytes 512 bytes
Fragment size 512 512
Block size 4096 4096
Directory organization Linear B-tree
Compression Yes No
Default ownership at creation sys.sys root.system
SGID of default file mode SGID=on SGID=off
Quotas Yes Yes



####################### Example of file system creation #####################################################
Creating file systems without specifying logical volumes
# lsvg -l testvg
testvg:LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT
# crfs -v jfs -g testvg -a size=10M -m /fs1
Based on the parameters chosen, the new /fs1 JFS file systemis limited to a maximum size of 134217728 (512 byte blocks)New File System size is 262144
# crfs -v jfs2 -g testvg -a size=10M -p ro -m /fs2
File system created successfully.130864 kilobytes total disk space.New File System size is 262144

# lsvg -l testvg
testvg:LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINTloglv00 jfslog 1 1 1 closed/syncd N/Alv00 jfs 1 1 1 closed/syncd /fs1loglv01 jfs2log 1 1 1 closed/syncd N/Afslv00 jfs2 1 1 1 closed/syncd /fs2
# lslv lv00
LOGICAL VOLUME: lv00 VOLUME GROUP: testvgLV IDENTIFIER: 00c478de00004c0000000107d96de510.2 PERMISSION:read/writeVG STATE: active/complete LV STATE: closed/syncdTYPE: jfs WRITE VERIFY: offMAX LPs: 512 PP SIZE: 128 megabyte(s)COPIES: 1 SCHED POLICY: parallelLPs: 1 PPs: 1STALE PPs: 0 BB POLICY: relocatableINTER-POLICY: minimum RELOCATABLE: yesINTRA-POLICY: middle UPPER BOUND: 32MOUNT POINT: /fs1 LABEL: /fs1MIRROR WRITE CONSISTENCY: on/ACTIVEEACH LP COPY ON A SEPARATE PV ?: yesSerialize IO ?: NO
# lslv fslv00
LOGICAL VOLUME: fslv00 VOLUME GROUP: testvgLV IDENTIFIER: 00c478de00004c0000000107d96de510.4 PERMISSION:read/writeVG STATE: active/complete LV STATE: closed/syncdTYPE: jfs2 WRITE VERIFY: offMAX LPs: 512 PP SIZE: 128 megabyte(s)COPIES: 1 SCHED POLICY: parallelLPs: 1 PPs: 1STALE PPs: 0 BB POLICY: relocatableINTER-POLICY: minimum RELOCATABLE: yesINTRA-POLICY: middle UPPER BOUND: 32MOUNT POINT: /fs2 LABEL: /fs2MIRROR WRITE CONSISTENCY: on/ACTIVEEACH LP COPY ON A SEPARATE PV ?: yesSerialize IO ?: NO
# cat /etc/filesystemsgrep -ip fs1
/fs1:dev = /dev/lv00 vfs = jfslog = /dev/loglv00mount = falseaccount = false




# Mount -a ===> mount all the file systems


# mount ===> Disply mounted file systems
# mount node mounted mounted over vfs date options-------- --------------- --------------- ------ ------------ ---------------/dev/hd4 / jfs2 Nov 27 12:36 rw,log=/dev/hd8/dev/hd2 /usr jfs2 Nov 27 12:36 rw,log=/dev/hd8/dev/hd9var /var jfs2 Nov 27 12:36 rw,log=/dev/hd8/dev/hd3 /tmp jfs2 Nov 27 12:36 rw,log=/dev/hd8/dev/hd1 /home jfs2 Nov 27 12:36 rw,log=/dev/hd8/proc /proc procfs Nov 27 12:36 rw/dev/hd10opt /opt jfs2 Nov 27 12:36 rw,log=/dev/hd8/dev/testlv /test jfs2 Nov 28 19:54



# lsfs ===> Shows the characteristics of a file systems
# rmfs ===> removes the file systems
# lsvg -l testvg
testvg:LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINTloglv00 jfslog 1 1 1 closed/syncd N/Alv00 jfs 1 1 1 closed/syncd /fs1loglv01 jfs2log 1 1 1 open/syncd N/Afslv00 jfs2 1 1 1 closed/syncd /fs2testlv jfs2 1 1 1 open/syncd /test

########################### Removing the file Systems ###############################################################
# rmfs /test
rmfs: 0506-921 /test is currently mounted.
# umount /test
# rmfs /test
rmlv: Logical volume testlv is removed.
# lsvg -l testvg
testvg:LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINTloglv00 jfslog 1 1 1 closed/syncd N/Alv00 jfs 1 1 1 closed/syncd /fs1loglv01 jfs2log 1 1 1 closed/syncd N/Afslv00 jfs2 1 1 1 closed/syncd /fs2
# cat /etc/filesystemsgrep test#

###### Changing the attributes of file systems ####################################
# chfs -a size=250M -p rw /fs2
Filesystem size changed to 524288

# fsck ===> Checks the Systems consistency and interactively repairs the file systems. Always run the fsck command on the mounted file systems.

################ if 1st superblock corrupted then how to recover #############################################
If you receive one of the following errors from the fsck or mount commands, theproblem may be a corrupted superblock:
fsck: Not an AIX3 file systemfsck: Not an AIXV3 file systemfsck: Not an AIX4 file systemfsck: Not an AIXV4 file systemfsck: Not a recognized file system typemount: invalid argument
The problem can be resolved by restoring the backup of the superblock over theprimary superblock using one of the following commands:
# dd count=1 bs=4k skip=31 seek=1 if=/dev/lv00 of=/dev/lv00



############ Not able to umount the file systems ###############################
# Files are open within a file system. Close these files before the file system can be unmounted. The fuser command is often the best way to determine the process IDs for all processes that have open references within a specified file system. The process having an open reference can be killed by using the kill command and the unmount can be accomplished.
# If the file system is still busy and not getting unmounted, this could be due to a kernel extension that is loaded, but exists within the source file system. The fuser command will not show these kinds of references, because a user process is not involved. However, the genkex command will report on all loaded kernel extensions.

# find /home -type d -exec fuser -u {} \;/home:/home/lost+found:/home/guest:/home/kenzie: 3548c(kenzie)

How to set up a quota

######### Procedure to set up the disk quota ############################
To set up the disk quota system, use the following procedure:
1. Log in with root authority.
2. Determine which file systems require quotas.
3. Use the chfs command to include the userquota and groupquota quota configuration attributes in the /etc/filesystems file.
The following example uses the chfs command to enable user quotas on the /home file system:
# chfs -a "quota = userquota" /home
To enable both user and group quotas on the /home file system, type:
# chfs -a "quota = userquota,groupquota" /home
The corresponding entry in the /etc/filesystems file is displayed as follows:
/home: dev = /dev/hd1 vfs = jfs log = /dev/hd8 mount = true check = true quota = userquota,groupquota options = rw
4. The following example uses the chfs command to establish user and group quotas for the /home file system and names the myquota.user and myquota.group quota files:
# chfs -a "userquota = /home/myquota.user" -a "groupquota = /home/myquota.group" /home
# The following example entry shows quota limits for the gpsilva user:
Quotas for user gpsilva:
/home: blocks in use: 30, limits (soft = 100, hard = 150) inodes in use: 73, limits (soft = 200, hard = 250)
This user has used 30 KB of the maximum 100 KB of disk space. Of the maximum 200 files, gpsilva has created 73. This user has buffers of 50 KB of disk space and 50 files that can be allocated to temporary storage.
5. To duplicate the quotas established for user gpsilva for user tneiva, type:
# edquota -p gpsilva tneiva
6. Enable the quota system with the quotaon command. The quotaon command enables quotas for a specified file system or for all file systems with quotas (as indicated in the /etc/filesystems file) when used with the -a flag.
7. Use the quotacheck command to check the consistency of the quota files against actual disk usage.
# very IMP
To enable this check and to turn on quotas during system startup, add the following lines at the end of the /etc/rc file:
echo " Enabling filesystem quotas "
/usr/sbin/quotacheck -a /usr/sbin/quotaon -a


########## Some examples #################
There are related commands, namely the edquota command, quotacheckcommand, and repquota command.
The following examples show the commands in typical uses:
1. To enable user quotas for the /usr/Tivoli/tsm/server/db file system,
# quotaon -u /usr/Tivoli/tsm/server/db
2. To disable user and group quotas for all file systems in the /etc/filesystems and print a message, enter:
# quotaoff -v -a
3. To display your quotas as user neivac, type:
$ quota
The system displays the following information:
User quotas for user neivac (uid 502):
Filesystem blocks quota limit grace Files quota limit grace
/u 20 55 60 20 60 65
4. To display quotas as the root user for user gpsilva, type:
quota -u gpsilva
The system displays the following information:
User quotas for user gpsilva (uid 2702):
Filesystem blocks quota limit grace files quota limit grace
/u 48 50 60 7 60 60


# To disable the quota use the command
# quotaoff -a ===> it disables the quota for all file systems.
# quotaoff -u username ===> it disables the quota for the users.
# Quotaoff -g groupname ===> it disables the quota for the groups.

Nfs configuration and Auto mount

Server Side.
We want to mount the /backup NFS directory from 10.0.128.114 to 10.0.252.88 server
# mknfsexp -d /backup -t ro -h 10.0.252.88-----------------------------------------------------------------------------------------------------------------
Client Side
# mknfsmnt -f /backup1 -d /backup -h 10.0.128.114
The above command mount the /backup to /backup1 on 10.0.252.88 server




############### Using AutoFS to automatically mount a file system #############

AutoFS relies on the use of the automount command to propagate the automatic mount configuration information to the AutoFS kernel extension and start the automountd daemon. Through this configuration propagation, the extension automatically and transparently mounts file systems whenever a file or a directory within that file system is opened. The extension informs the automountd daemon of mount and unmount requests, and the automountd daemon actually performs the requested service.
Because the name-to-location binding is dynamic within the automountd daemon, updates to a Network Information Service (NIS) map used by the automountd daemon are transparent to the user. Also, there is no need to premount shared file systems for applications that have hard-coded references to files and directories, nor is there a need to maintain records of which hosts must be mounted for particular applications.

AutoFS allows file systems to be mounted as needed. With this method of mounting directories, all file systems do not need to be mounted all of the time; only those being used are mounted.

For example, to mount an NFS directory automatically:
Verify that the NFS server has exported the directory by entering:

# showmount -e ServerName

where ServerName is the name of the NFS server. This command displays the names of the Directories currently exported from the NFS server.
Create an AutoFS master file and map file. AutoFS mounts and unmounts the directories specified in these map files.

For example, suppose you want AutoFS to mount the /local/dir1 and /local/dir2 directories as needed from the serve1 server onto the /remote/dir1 and /remote/dir2 directories, respectively. The auto_master file entry would be as follows:


/remote /tmp/mount.map
The /tmp/mount.map file entry would be as follows:

dir1 -rw serve1:/local/dir1dir2 -rw serve1:/local/dir2


Ensure that the AutoFS kernel extension is loaded and the automountd daemon is running.
This can be accomplished in two ways: Using the automount command: Issue

/usr/bin/automount -v.
Using SRC: Issue lssrc -s automountd. If the automountd subsystem is not running, issue

startsrc -s automountd.


Note: Starting the automountd daemon with the startsrc command will ignore any changes that have been made to the auto_master file.
To stop the automount daemon, issue the stopsrc -s automountd command. If, for some reason, the automountd daemon was started without the use of SRC, issue:

kill automountd_PID

where automountd_PID is the process ID of the automountd daemon. (Running the ps -e command displays the process ID of the automountd daemon.) The kill command sends a SIGTERM signal to the automountd daemon

A script which is used to recove a rootvg when rootvg failed

# cat rvgrecover
VG=rootvg
PV=hdisk0
cp /etc/objrepos/CuAt /etc/objrepos/CuAt.orig cp /etc/objrepos/CuDep /etc/objrepos/CuDep.orig cp /etc/objrepos/CuDv /etc/objrepos/CuDv.orig cp /etc/objrepos/CuDvDr /etc/objrepos/CuDvDr.orig
lqueryvg -Lp hdisk0 awk '{print $2}'while read LVname;
do
odmdelete -q "name=$LVname" -o CuAt
odmdelete -q "name=$LVname" -o CuDv
odmdelete -q "name=$LVname" -o CuDvDr
done
odmdelete -q "name=$VG" -o CuAt
odmdelete -q "parent=$VG" -o CuDv
odmdelete -q "name=$VG" CuDep
odmdelete -q "dependency=$VG" -o CuDep
odmdelete -q "value1=10" -o CuDvDr
odmdelete -q "value3=$VG" -o CuDvDr
importvg -y $VG $PV #Ignore lvaryoffvg errors
varyonvg $VG

How to remove a tape Drive from a lpar

To remove Tape Drive :

Step 1 )
Go to Lpar to whom its assigned
a) rmdev –dl rmt0
b) lsdev –Cl cd0 –F Parent
ide0
c) lsslot –c slot –l ide0
slot no T12 pci2 ide0
d) rmdev –l pci2 –R ( R – to remove child process too)
cd0 defined
ide0 defined
pci2 defined
or
e) rmdev –l pci2
f) rmdev –l ide0

Go to Lpar right clik on particular lpar à Dynamic logical partitionà Physical adaptor resource à remove Select the slot T12 and clik OK

How to add a new machine into Nim

Prequiest are
The disk should not be mirrored.
You should must be knowing the IP address of the enthernet port of the server which u will be giving to the server.
We need to make one Master and others as there Clients .
Required to set the ip address of the master server and the ulimits . Step that needs to be followed at the Master end are as follows :
Step 1) Insert cd1 of the os base cd and run nim_master_setup command .
It will take time and automaically configure the required setup , it will rake nearly 5-10 mins to complete .
Step 2) Type vi /etc/host ......in this add the entire of your client machines .
ie . you need u need to give ip address and the host name .
Step 3) Once this is done then run smitty nim command
A: Select Perform Nim Administration Task .
(1) Manage Machine . * define Machine ..........in this u will need to give the hostname of ur client machine . (then press esc+3)
(2) Manage Network Install Resource Allocation .
* Allocate Network Install Resources ..........in this it will show u host name of master and clients , need to select client . .............once u have selected client machine it will show u the list of the thigs that will be install , need to select all the things (3) Perform Operations on Machine . * Select
This complete all the settings that needs to be do on the Master Server .
Step that needs to be followed at the Client end are as follows :
Step 1) Boot the client server in SMS menu select the 2 option ie Remote IPL
Step 2) Give ip address , subnet mask , host name of the client machine.
Step 3) Make sure that protocal used is normal instead of IEEE802.1 .
Step 4) The spanning tree should be not seleceted ie it should be off .
Step 5) It will give u option to test ur ping select that and check it the output will be ping sucessfull .
Step 6) Press X and logout of the SMS menu the installation will start and it will take nearly 15-20 for the installation to be complete .
This complete all the settings that needs to be do on the Client Server .
And this complete NIM installation .

Important Notes while working on AIX

Important Notes while working in AIX


Note1- To Check Serial port connectivity (for HACMP), connect serial cable between two systems:-

On one server run
# cat < /dev/tty1

On second server run
# ls > /dev/tty1

Note2- Below is the steps / tips to keep in mind while calculating space in KB (512 or 1024):-

While calculating bytes for increase and decrease file system size, first check it is in 512KB blocks or 1024KB blocks.

Calculations-
Increase file system size in MB-
Formula- “MB to increase * 1024 = Value Multiply by 2 + Current bytes” = Total file system size in MB.
(Note- You have to multiply by two only when the existing file system is in 512KB Blocks and not requires to multiply when it is already in 1024KB Blocks)

Increase file system size in GB-
Formula- “GB to increase * 1024 * 1024 = Value Multiply by 2 + Current bytes” = Total file system size in GB.
(Note- You have to multiply by two only when the existing file system is in 512KB Blocks and not requires to multiply when it is already in 1024KB Blocks)

Note3- While restoring the mksysb in other machine, we can change the attributes in bosinst.data file, that is backed up with mksysb. Like- #vi bosinst.data

Note4- To identify the type of system hardware capability you have, either 32-bit or 64-bit, execute the bootinfo -y command. If the command returns a 32, you cannot use the 64-bit kernel.

Note5- The AIX 5L operating system previously contained both a uniprocessor and a multiprocessor 32-bit kernel. Effective with AIX 5L Version 5.3, the operating system supports only the multiprocessor kernel, regardless of the number of physical processors.

Note6- Types of VG’s and limitations.

Note7- To set any command to run by default during system boot, add the command in /etc/rc file.
For example- We can add the commands in rc file /usr/bin/quotacheck –a and /usr/bin/quotaon –a.

Note8- The default signal sending by kill command is terminate signal - “SIGTERM”, Signal no. 15. The signal names are listed in /usr/include/sys/signal.h.

Note9- Most common SIGNALS used by kill command are-
15- SIGTERM (Terminate) (Default)
9- SIGKILL (KILL)
18- SIGTSTP (STOP)

Note10- Svmon command display the current state of virtual memory in nine different parts-
1. global
2. user
3. command
4. class
5. tier
6. process
7. segment
8. detailed segment
9. frame

The flags and detailed information can be found at web site- http://publib.boulder.ibm.com/infocenter/pseries/index.jsp.

Note11- Startsrc, stopsrc and refresh command sends request to SRC to start, stop or refresh the sub-system, group of subsystems or subserver.

Note12- Zombie processes display as when listed by the ps command.

Note13- By using CTRL-C function in running command, you can cancel the whole process.

Note14- By using CTRL-Z function in running command, it will stop the process immediately.

Note15- The wildcard characters are- asterisk (*) and question mark (?).
Where, The metacharacters are- open and close square brackets ([ ]), hyphen (-), and exclamation mark (!).

Note16- When using smit menu for configuration, the wildcards meaning are-
* - Means mandatory things you have to select while using SMIT.
# - Numeric parameter.
+ - List of options available, can check with drop down menu.
/ - Full path is required.

Note17- In AIX5L AIX print subsystem is already configured. To enable System V Printing subsystem in AIXL, you have to installed the packages from AIX base CD.

Note18- Smitty installp command stores information if maintenance, removal and installation of packages in /var/adm/sw/installp.log, and some detailed information in $HOME/smit.log and $HOME/smit.script.

Note19- By default, when the instfix command is run from the command line, the command uses stdout and stderr for reporting. If you want to generate an installation report, you will need to redirect the output.
For example:
#instfix -aik IY73748 > /tmp/instfix.out 2> /tmp/instfix.err

Note20- Types of AIX Installations and difference between them-
New and complete overwrite
Preservation and
Migration

The difference is-

Note21- Default IP’s for HMC Ports on server are-
HMC Port1- 192.168.2.147
HMC Port2- 192.168.3.147
These IP’s are default for new p-series server until change.

Note22- Authentication for server HMC port is-
User – admin
Password- password
This is default until changed.

Note23- Default IP for HMC’s Ethernet port is-
eth0- 192.168.3.143

Note24- User name and password for HMC system login is-
User- hmcroot
Pass- abc123
This is default comes with system until changed.

Note25- Default IP for IBM SAN Switch management port is-
Management port- 10.77.77.77
This is default comes with all switches until changed.

Note26- Default IP’s for SAN Storage (DS4300) management ports are-
Controller A management port- 192.168.128.101
Controller B management port- 192.168.128.102
Subnet mask- 255.255.255.0
This is default comes with storage DS4300 until changes.

Note27- System booting modes are-
Normal mode
System management services (SMS)
Maintenance mode
Diagnostics

Note28- 32767 Users can connect with AIX server at single time.

Note29- First 512 bytes in hdd reserved for VGDA and Quoram.

Note30- CAPP EL4 is for SSL in AIX and TCB – Trusted computing base, it is for security reasons, we can restore some important files with tcbck commands.

Note31- Crontab command uses the following format-

minutes hours day-of-month monthly weekday “command”
0 to 59 0 to 23 1 to 31 1 to 12 0 to 6
(0 for Sunday)

For every we can use wildcard- *.

Note32- File /etc/environment is to set the basic environments for the system.

Note33- System is using following file sequence when user logged in the system:-


/etc/motd (Global, for all users)
/etc/profile (Global environments for all users)



$HOME/.profile (Single user wise environment settings)



$HOME/.hashlogin (If this file is created, message from motd will be hidden)


Note33- To clear the wall and console messages, use “esc+ctrl+l” key.

Note34- In HACMP, minimum nodes capacity is 2 and maximum is 32.

Note35- Four different types of hardware platform (Architectures) are-

RS6k: RS6000 (MCA-based uni-processor models)
RS6kSMP: RS6000 SMP (MCA-based symmetric multiprocessor models)
RSPC: ISA-bus models
CHRP: Common hardware reference platform (PCI-bus models)

Note36- Format for the date command is:-

mmddHHMMccyy, where mm-Month, dd-day, HH-Hour, MM-Minutes, and ccyy is for century and year.

Note37- Logical track group (LTG) size is the maximum allowed transfer size for an I/O
disk operation.

Note38- While working with errpt commands, these things are required to keep in mind-

Classes: General source of the error, the possible error classes are:

H Hardware.
S Software.
O Informational messages.
U Undetermined.

Type: Severity of the error that has occurred. The following types of errors are possible-
PEND The loss of availability of a device or component is imminent.

PERF The performance of the device or component has degraded to below an acceptable level.

PERM A condition that could not be recovered from. Error types with this value are usually the most severe errors and are more likely to mean that you have a defective hardware device or software module. Error types other than PERM usually do not indicate a defect, but they are recorded so that they can be analyzed by the diagnostics
programs.

TEMP A condition that was recovered from after a number of unsuccessful attempts. This error type is also used to record informational entries, such as data transfer statistics for DASD devices.

UNKN It is not possible to determine the severity of the error.

INFO The error log entry is informational and was not the result of an error.

Note39- While taking backup of rootvg or uservg, it will take only filesystem that is mounted, unmounted file systems and raw devices will not include in vg backup.

Note40- Spilliting a VG means to divide the mirrored VG in to two VG’s. We can give the new VG name in splitvg command. The pv for splitvg will show as snapshot pv. To rejoin the vg, can use the command – joinvg VGNAME.

Note41- Types of devices in UNIX are-

Block device: Block device is a structured random access device. Buffering is used to provide a block-at-a-time method of access. Usually only disk file systems.

Character (raw) device: Character (raw) device is a sequential, stream-oriented device which provides no buffering.

Tips- Most block devices also have an equivalent character device. For example, /dev/hd1 provides buffered access to a logical volume whereas /dev/rhd1 provides raw access to the same logical volume.

Tips- To identify the block and character device, we can see the difference between them with #ls –l /dev command, in the beginning of device file, it will show b letter for block device and c for character device.

Some of the commonly used block and character devices in system are-

Examples of block devices:
cd0 CD-ROM
fd0, fd0l, fd0h Diskette
hd1, lv00 Logical Volume
hdisk0 Physical Volume

Examples of character (raw) devices:
console, lft, tty0 Terminal
lp0 Printer
rmt0 Tape Drive
tok0, ent0 Adapter
kmem, mem, null Memory
rfd0, rfd0l, rfd0h Diskette
rhd1, rlv00 Logical Volume
rhdisk0 Physical Volume

Major and minor numbers: Major number refers to the software section of code in the kernel which handles that type of device, and the minor number to the particular device of that type.

Note42-
SRC: The System resource controller provides a set of commands to make it easier for the administrator to control subsystems.

Subsystem, Subserver and group of Subsystems: A subsystem is a program (or a set of related programs) designed to perform a function. This can be further divided into subservers. Some subsystem have subservers. Subservers are similar to daemons. SRC was designed to minimize the need for user intervention since it provides control of individual subsystem or groups of subsystems with a few commands.

Example: The tcp/ip group contains a subsystem, inetd, that has several subservers, for example ftp and telnet.

Note43-
VGDA: The Volume Group Descriptor Area (VGDA) is an area of disk, at least one per
PV, containing information for the entire VG. It contains administrative information about the volume group (for example, a list of all logical volume entries, a list of all the physical volume entries and so forth). There is usually one VGDA per physical volume. The exceptions are when there is a volume group of only either one or two.
In exception case, If VG contain only one hdd, there will be two VGDAs and if VG contain two hdd, then total VGDA’s will be 3, two VGDAs one disk and one VGDA on second disk.

Quorum: There must be a quorum (quorum meaning in dictionary is - minimum number of members that must be present to constitute a valid meeting) of VGDAs available to activate the volume group and make it available for use (varyonvg). A quorum of VGDA copies is needed to ensure the data integrity of management data that describes the logical and physical volumes in the volume group. A quorum is equal to 51% or more of the VGDAs available.

Tips: A system administrator can force a volume group to varyon without a quorum. This is not recommended and should only be done in an emergency.

Note44- For starting subsystems and subservers automatically while machine booting, edit file /etc/rc.tcpip and remove the hash mark from particular stanza.

Note45- Password to go in SMS menu -
Password- admin
This is default until changed.

Note46- Two types of modes available to set securities on files and directories. There are-


1. Symbolic mode
2. Numeric or absolute mode


1. Symbolic mode:
To specify a mode in symbolic form, you must specify three sets of flags.

The first set of flags specifies who is granted or denied the specified permissions,
as follows:
u File owner.
g Group and extended ACL entries pertaining to the file's group.
o All others.
a User, group, and all others. The a flag has the same effect as specifying the ugo flags together. If none of these flags are specified, the default is the a flag and the file creation mask.

(umask) is applied.

Tip: Do not separate flags with spaces.

The second set of flags specifies whether the permissions are to be removed, applied, or set:
- Removes specified permissions.
+ Applies specified permissions.
= Clears the selected permission field and sets it to the permission specified. If you do not specify a permission following =, the chmod command removes all permissions from the selected field.

The third set of flags specifies the permissions that are to be removed, applied, or set:
r Read permission.
w Write permission.
x Execute permission for files; search permission for directories.
X Execute permission for files if the current (unmodified) mode bits have at least one of the user, group, or other execute bits set. The X flag is ignored if the File parameter is specified and none of the execute bits are set in the current mode bits.

These flags set the search permissions for directories:
S Set-user-ID-on-execution permission if the u flag is specified or implied. Set-group-ID-on-execution permission if the g flag is specified or implied.
t For directories, indicates that only file owners can link or unlink files in the specified directory. For files, sets the save-text attribute.


2. Numeric or absolute mode:
The chmod command also permits you to use octal notation for the mode. The
numeric mode is the sum of one or more of the following values:

4000 Sets user ID on execution.
2000 Sets group ID on execution.
1000 Sets the link permission to directories or sets the save-text attribute for files.
0400 Permits read by owner.
0200 Permits write by owner.
0100 Permits execute or search by owner.
0040 Permits read by group.
0020 Permits write by group.
0010 Permits execute or search by group.
0004 Permits read by others.
0002 Permits write by others.
0001 Permits execute or search by others.

Note47- During system boot, fsck command will by default scan and fix if any errors found for four file systems, these are-

/
/usr
/var
/tmp.

Note48- By default devices / logical volumes are created in rootvg while installing new system with AIX-

LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT
hd5 boot 1 2 2 closed/syncd N/A
hd6 paging 4 8 2 open/syncd N/A
hd8 jfs2log 1 2 2 open/syncd N/A
hd4 jfs2 1 2 2 open/syncd /
hd2 jfs2 9 18 2 open/syncd /usr
hd9var jfs2 1 2 2 open/syncd /var
hd3 jfs2 1 2 2 open/syncd /tmp
hd1 jfs2 1 2 2 open/syncd /home
hd10opt jfs2 1 2 2 open/syncd /opt

Note49- To go in SMS menu while system startup, press “1” and to select factory default bootlist press “5”.

Vmstat o/p

vmstat - Report virtual memory statistics Summary of overall system usage vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity.
The first report produced gives averages since the last reboot. Addi- tional reports give information on a sampling period of length delay. The process and memory reports are instantaneous in either case.
Example : To see usage averaged over 5-second intervals - but display only 8 lines
# vmstat 5 8
procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 0 0 0 0 207904 5760 20524 0 0 86 30 117 47 1 2 96 0 0 0 0 207904 5776 20524 0 0 0 5 103 12 0 0 100 0 0 0 0 207904 5780 20524 0 0 0 1 108 26 0 0 100 0 0 0 0 207904 5780 20524 0 0 0 1 106 19 0 0 100 0 0 0 0 207904 5792 20524 0 0 0 5 112 33 0 0 100 0 0 0 0 207904 5796 20524 0 0 0 7 108 19 0 0 100 0 0 0 0 207904 5808 20524 0 0 0 4 108 24 0 0 100 0 0 0 0 207904 5808 20524 0 0 0 1 107 22 0 0 100
The Table show 6 categories of information on the first line and furtherdetails of each of the major fields
FIELD DESCRIPTIONS Procs - The number of processes and their types
r: The number of processes waiting for run time. b: The number of processes in uninterruptable sleep,which means they are waiting on a resource w: The number of processes swapped out but otherwise ready to run
Memory - Info about physical memory and swap space
swpd: the amount of virtual memory used (kB). free: the amount of idle [free] physical memory (kB). buff: the amount of memory used as buffers (kB). cache: virtual memory that's cached
Swap - Amount of swapping si: Amount of memory swapped in from disk (kB/s). so: Amount of memory swapped to disk (kB/s).
Note : Higher numbers here indicate too much swapping IO - Info about input and output
bi: Blocks sent to a block device (blocks/s). bo: Blocks received from a block device (blocks/s).
Note : Higher numbers here indicate too much disk activity
System - Information about the system
in: The number of interrupts per second, including the clock. cs: The number of context switches per second. i.e. the number of times the kernel changes which process is running
CPU These are percentages of total CPU time used us: % of time used by User process - user time sy: % of time used by system processes - system time id: % of time the CPU was idle - idle time
All linux blocks are currently 1k, except for CD-ROM blocks which are 2k.
See : /proc/meminfo /proc/stat