Sun OS Classic Command

Solaris 系统维护命令大全 

1、查看机型:SUn的小型机的机型都在面板上写着有,如NETRA T 1125

还有比如utra 5,utra 10等等。

2、查看cpu个数 (错误,不正确,因为sun中的top命令不能完全看到所有的cpu情况,与HP用法也不一样)

#top

CPU states: 99.3% idle, 0.1% user, 0.6% kernel, 0.0% iowait, 0.0% swap

表示只有一个cpu  

正确方法:

dmesg |grep cpu  

便可以看到正确的 cpu个数了。 

3、查看内存

#dmesg |grep mem

mem = 2097152K (0x80000000)

avail mem = 2087739392  

4、查看磁盘的个数

#vxdisk list

DEVICE TYPE DISK GROUP STATUS

c0t0d0s2 sliced - - error

c0t0d0s7 simple c0t0d0s7 rootdg online

c1t0d0s2 sliced - - online

c1t1d0s2 sliced smpdg2 smpdg online

c1t2d0s2 sliced smpdbdg1 smpdbdg online

c2t0d0s2 sliced - - online

c2t1d0s2 sliced smpdg1 smpdg online

c2t2d0s2 sliced smpdbdg2 smpdbdg online  

5、如何查看文件系统

#df -k

Filesystem kbytes used avail capacity Mounted on

/dev/dsk/c0t0d0s0 4032142 1050675 2941146 27% /

/proc 0 0 0 0% /proc

fd 0 0 0 0% /dev/fd

/dev/dsk/c0t0d0s6 7304977 29 7231899 1% /home

/dev/dsk/c0t0d0s5 4032142 402929 3588892 11% /opt

swap 3418392 32 3418360 1% /tmp

/vol/dev/dsk/c0t6d0/informix

201730 201730 0 100% /cdrom/informix

/dev/vx/dsk/smpdg/smpdg-stat

1055 9 941 1% /smpwork

/dev/vx/dsk/smpdg/lv_smp

17336570 128079 17035126 1% /sms  

6、查看卷组、逻辑卷的位置

#cd /dev/vx/dsk/

比如smpdg等等都在该目录下了,然后再进入某个卷组目录就可以看到该卷组下

面的逻辑卷了。

7、如何创建卷组、逻辑卷、文件系统

A、创建smpdg逻辑卷组(假设现在是将c1t1d0 c1t2d0两块物理磁盘来创建smcpdg逻辑卷组)

vxdisksetup -i c1t1d0 (格式化物理磁盘)

vxdisksetup -i c2t1d0

vxdg init smpdg smpdg1=c2t1d0 (将物理磁盘加入到逻辑卷组smpdg)

vxdg -g smpdg adddisk smpdg2=c1t1d0  

然后再来创建逻辑卷、文件系统

vxassist -g smpdg -U fsgen make lv_smp 17200m layout=nolog smpdg1

vxassist -g smpdg mirror lv_smp layout=nostripe smpdg2

newfs -C -f /dev/vx/rdsk/smpdg/lv_smp  

假设现在的一台机器上挂接到/sms

mkdir /sms

chown smp:smp /sms

vxvol -g smpdg startall

mount /dev/vx/dsk/smpdg/lv_smp /sms

umount /sms

vxvol -g smpdg stopall

vxdg deport smpdg  

然后再在第二台机器上挂接到/sms

mkdir /sms

chown smp:smp /sms

vxdg import smpdg

vxvol -g smpdg startall

newfs -C -f /dev/vx/rdsk/smpdg/lv_smp

mount /dev/vx/dsk/smpdg/lv_smp /sms

umount /sms  

备注:以上是创建一个共享的文件系统

往往由于smpdg要分配给某一个应用来使用,所以需要再来创建一个个逻辑机运行

时挂接的文件系统:

vxassist -g smpdg -U fsgen make smpdg-stat 2m layout=nolog smpdg1

vxassist -g smpdg mirror smpdg-stat layout=nostripe smpdg2

newfs /dev/vx/rdsk/smpdg/smpdg-stat  

B、创建smpdbdg逻辑卷组

创建卷组:

vxdisksetup -i c1t2d0

vxdisksetup -i c2t2d0

vxdg init smpdbdg smpdbdg1=c1t2d0

vxdg -g smpdbdg adddisk smpdbdg2=c2t2d0

vxassist -g smpdbdg -U fsgen make smpdbdg-stat 2m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror smpdbdg-stat layout=nostripe smpdbdg2

newfs /dev/vx/rdsk/smpdbdg/smpdbdg-stat

 

创建逻辑卷:

vxassist -g smpdbdg -U gen make lv_rootdbs 128m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_rootdbs layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_logdbs 300m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_logdbs layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_phydbs 100m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_phydbs layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_tempdbs 1000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_tempdbs layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_svcchunk1 2000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_svcchunk1 layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_svcchunk2 2000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_svcchunk2 layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_svcchunk3 2000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_svcchunk3 layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_recchunk1 2000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_recchunk1 layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_recchunk2 2000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_recchunk2 layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_recchunk3 2000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_recchunk3 layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_recchunk4 2000m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_recchunk4 layout=nostripe smpdbdg2

vxassist -g smpdbdg -U gen make lv_recchunk5 1700m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_recchunk5 layout=nostripe smpdbdg2

 

C、附逻辑卷的属性

vxedit -g smpdg -v set user=smp group=smp lv_smp

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_rootdbs

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_logdbs

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_phydbs

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_tempdbs

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_svcchunk1

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_svcchunk2

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_svcchunk3

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk1

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk2

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk3

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk4

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk5

 

备注:在SUN的机器中在给逻辑卷付属性的时候,等于用chownchmod来作。

  8、如何删除卷组

其实也就是去激活和倒出的过程,然后再来对物理磁盘重新格式化就完了。

vxvol -g smpdbdg stopall

vxdg deport smpdbdg

vxdisksetup -i c1t0d0

vxdisksetup -i c2t1d0

......

 

这样做了之后就不会再有/dev/vx/smpdbdg目录了。 

9、如何建立共享卷组

在第一台机器上先建立卷组,假设已经建设好卷组smpdg,现在要在第二台机器上建立共享卷组smpdg,

则先在的一台机器上将smpdg去激活、并且倒出smpdg

smcp01>vxvol -g smpdg stopall

smcp01>vxdg deport smpdg  

再来在第二台机器上激活、导入smpdg:

smcp02>vxdg import smpdg

smcp02>vxvol -g smpdg startall  

切换后对用以下三个命令进行查看是否切换成功:

vxdg list //用于查看逻辑卷组的信息

vxdisk list //用于查物理磁盘的信息

vxprint -vt //用于查看所有卷的信息

10、如何查看磁盘的大小

 方法一:

#format

然后选择盘的代号,回车进入下一级菜单,再选inquiry,就得到该盘的大小信

息,比如:

Vendor: FUJITSU

Product: MAN3184M SUN18G

Revision: 1502  

注意:format是一个功能强大的磁盘诊断工具。

方法二:

#cd /opt/SUNWexplo/bin/

运行explorer得到磁盘的信息包,是一个目录,进入该目录,就发现有一个

disks目录,进入该目录发现有一个diskinfo文件,用如下命令看各个磁盘

的大小:

 0: rmt/0ln HP C1537A L706 62########

1: c0t0d0 FUJITSU MAJ3182M SUN18G 0804 0041P90050##

2: c1t0d0 SEAGATE ST318203LSUN18G 034A 0025H54125##

3: c1t1d0 SEAGATE ST318203LSUN18G 034A 0026H70087##

4: c1t2d0 FUJITSU MAJ3182M SUN18G 0804 0046P66422##

5: c2t0d0 SEAGATE ST318203LSUN18G 034A 0026G30220##

6: c2t1d0 SEAGATE ST318203LSUN18G 034A 0026H59041##

7: c2t2d0 FUJITSU MAJ3182M SUN18G 0804 0051P91980##

8: ses0 SYMBIOS D1000 2 O8# SAF-

9: ses1 SYMBIOS D1000 2 O8# SAF-  

11、查看informix的版本

#su - informix

informix>onstat -

这样可以看到informix的版本。 

12、收集信息的工具

#cd /opt/SUNWexplo/bin/explorer

#explorer

运行之后得到一个文件夹和该文件夹的压缩包*.gz。我们可以进入该

结果文件夹,在该文件夹中有各种需要查看的信息。 

13、双机的脚本文件

#cd /opt/SUNWcluster/ha/smpwork

ha下面有双机应用的文件夹,如smpwork,在该文件夹下面又有各种

双机应用的配置文件。 

14、双机的维护命令集  

首先在节点smcp01机上启动cluster

# scadmin startcluster smcp01 smcp

然后在节点smcp02机上将本节点启动:

# scadmin startnode

启动后观察cluster状态的命令是

# hastat //该命令可以显示cluster、节点、

逻辑机和Data service的状态,以及一些历史运行信息。 

# get_node_status //该命令可以显示所在节点的节点号、公用网卡的状态等信息。

 从图形化的本地终端(假设其IP地址为ip)中以smcp用户的身份登

录到SMCP主机(注意应使用SMCP的逻辑机地址)

% telnet smcpwork

SMCP主机上设置环境变量DISPLAY

% setenv DISPLAY ip:0.0

在本地终端中执行

% xhost +

手工启动OAM

% oam&

OAM操作员登录 

分别在两个节点smcp01机和smcp02机上执行:

# scadmin stopnode

该命令使当前所在节点停止在cluster中运行,而且在两个节点上要分别执行该命令。  

例如将smcpwork切换到节点smcp02上运行可以输入:

#scadmin switch smcp smcp02 smcpwork

例如将querywork切换到节点smcp02上运行可以输入:

#haswitch smcp02 querywork  

hareg命令通过以下开关参数将Data service注册和激活

-r 将指定的Data service注册到cluster

-u 将指定的Data servicecluster中取消注册

-y 激活指定的Data service,使其状态为On

-Y 激活cluster中所有的Data service,使其状态为On

-n 去激活指定的Data service,使其状态为Off

-N 去激活cluster中所有的Data service,使其状态为Off

hareg不带任何参数时可以查看所有Data service的当前状态

Data service只有在注册到cluster中之后,才会具有On或者Off的状态,

处于On状态的Data service可以正常的对外提供服务,

而处于Off状态的Data service是停止对外服务的。如果Data service被取消了注册,

必须重新注册才能在cluster中运行起来。当然,使用hareg命令的前提是cluster

已经启动并正常运行。 

从图形化的本地终端(假设其IP地址为ip0)中以root用户的身份登录到SMCP主机

(假设其IP地址为ip1):

在本地终端中执行

% xhost +

% telnet ip1

再在SMCP主机上设置环境变量DISPLAY

# DISPLAY =ip1:0.0

# export DISPLAY

# vxva

 15、激活/去激活/导出/导入卷组

smcp01>vxvol -g smpdg stopall

smcp01>vxdg deport smpdg  

smcp02>vxdg import smpdg

smcp02>vxvol -g smpdg startall

 16SUN Netra T 1125双机配置的详细注解  

A、网络资源的配置

SUN Netra T 1125 共有4 个网卡:hme0 hme1 hme2hme3

hme0hme1 SUN 服务器与公网通信的主备用网卡,只需要一个IP 地址;

hme2hme3 作为双机之间心跳检测用,也需要配置一个IP 地址。

另外,TELLIN SMP 对外使用的是一个浮动的IP 地址,与数据IP 在同一网段,

此地址由SUN 的双机软件SUN Cluster进行管理。

 

1)如何修改IP地址和主机名  

IP地址涉及的文件有:

/etc/hosts (change the IP address)

/etc/netmasks (if subnetting)

/etc/defaultrouter (to specify the new gateway for this subnet)

 改变主机名涉及的文件有:

/etc/hosts (change to the new hostname)

/etc/nodename (change to the new hostname)

/etc/hostname.<interface> (where <interface> is the name of the primary

interface for this system, i.e hostname.hme0 or hostname.le0.

Change to the new hostname.)

/etc/net/ticlts/hosts (change both columns to the new hostname)

/etc/net/ticots/hosts (change both coluums to the new hostname)

/etc/net/ticotsord/hosts (change both columns to the new hostname)

改完上述文件之后推荐重起一下机器。  

2)如何配置hme0hme1两块网卡的主备关系 

只要给hme0配置地址就够了。

然后会再后面的双机配置中执行下面的命令建立逻辑机的时候会创建出这种关系来。

#scconf smcp -L smcpwork -n smcp01,smcp02 -g smcpdg -i hme0,hme0,smcpwork -m

 

3) 配置NAFO (Network Adapter Fail Over)

/opt/SUNWpnm/bin/pnmset <Enter>

以下显示相关信息

In the following, you will be prompted to do

configuration for network adapter failover

do you want to continue ... [y/n]: y <Enter>

How many NAFO backup groups on the host [1]:<Enter>

Enter backup group number [0]:<Enter>

Please enter all network adapters under nafo0

hme0 hme1 <Enter>

The following test will evaluate the correctness

of the customer NAFO configuration...

name duplication test passed

 

Check nafo0... < 20 seconds

hme0 is active

remote address = 129.9.168.101

test hme1 wait...

nafo0 test passed 本信息表明通过测试

注意:

NAFO配置时对网线的要求较高,有时要做多次才能成功。

B、配置双机

双机配置的一般过程是,先启动双机系统,在一个节点上配置cluster和包,

检查无误后,使配置生效,然后就可以进行相应操作。

注意:

使用双机前,需要检查 smcpdg,querydg 的状态。执行如下步骤:

(1) 在两个节点分别执行:

# vxdg list

应该只看到 rootdg ,不能看到 smcpdg querydg

(2) 如果上以步操作看到 smcpdg querydg,需要检查IDS是否在运行(Online)

如果在运行,先终止IDS运行,然后使用 vxdg deport 放弃对 Disk Group 的控制。

====================

 

双机配置的一般过程是,先启动双机系统,在一个节点上配置cluster和包,检查无误后,使配置生效,然后就可以进行相应操作。

注意:

使用双机前,需要检查 smcpdg querydg 的状态。执行如下步骤:

在两个节点分别执行:

# vxdg list

应该只看到 rootdg ,不能看到 smcpdg querydg

如果上以步操作看到 smcpdg querydg,需要检查IDS是否在运行(Online)。如果在运行,先终止IDS运行,然后使用 vxdg deport 放弃对 Disk Group 的控制。

 

对双机系统进行配置

1号机运行#scadmin startcluster smcp01 smcp

1号机双机软件起来之后,在2号机运行#scadmin startnode,将其作为节点加入双机

对双机系统上逻辑机的配置

逻辑机与应用程序对应,是双机系统管理应用程序的方式,每个逻辑机在双机系统上只对外提供一个IP地址。

================================================

(2)配置cluster

仅仅在一台主机上运行

#scconf iin -L scpwork -n smcp02,smcp01 -g scpdg -i hme0,hme0,scpwork -m

注意:

该命令格式为:

scconf <cluster name> -L <logical hostname> -n <node1 name>, <node2 name>

-g <disk group name> -i <node1公网网口1> <node2公网网口1> <logical hostname>

-m

其中<node1 name> <node2 name>的顺序决定了该逻辑机在node1 上是主用,在node2上是备用。  

备注:这里的逻辑机的主机名对应的浮动IP地址必须要在/etc/hosts文件中配置。 

在每台机器上都要建立管理文件系统

# scconf iin -F scpwork scpdg

注意:

该命令格式为:

scconf <cluster name> -F <logical hostname> <disk group name>  

2 号机上运行配置逻辑主机querywork

#scconf iin -L smpwork -n smcp01,smcp02 -g smpdg -i hme0,hme0,smpwork -m  

建立管理文件系统

# scconf iin -F querywork querydg  

注册双机

hereg -u querywork

query.register  

hereg -u smcpwork

smcp.register  

C、配置应用程序  

/etc/opt/SUNWcluster/conf目录

可以通过ccd.datatbasesmcp.cdb两个文件查看双机基本配置和cluster的信息,

不要去手工改动这些文件,让系统去维护它们。

其中ccd.database有专门的守护进程维持该文件在两节点上的一致。

 

/opt/SUNWcluster/ha目录

该目录下包含了smcpquery两个子目录。smcp目录存放smcp部分的Data service

相关的配置文件和执行脚本,其中smcp.config文件记录了smcpwork的基本配置,

smcp.register用来注册smcpwork,其它的文件是启动、停止和监测smcpwork的运行脚本。

query目录存放query部分的Data service相关的配置文件和执行脚本,其中query.config

文件记录querywork的基本配置,query.register用来注册querywork,其它文件

是必需的运行脚本。 在把这两个Data service加入cluster时,必须分别通过hareg

命令来进行注册,这些步骤已在安装时通过执行smcp.registerquery.register完成。 

备注:再conf目录下的文件ccd.database如果两台机器不一致的话,就会导致双机不能

正常的切换。 

D、双机配置的检验

 (1) 先在主机上运行#scadmin startcluster smcp01 smcp

(2) 等待主机双机软件运行起来后在备机上运行

#scadmin startnode

(3) 在两台主机运行df -k ifconfig -a检验是否有错,运行hastat查看HA状态,

可看到hme0捆绑了smcpquery 应用的浮动IP

hme0 .... 129.9.168.101

hme0:1 .... 129.9.168.120

hme0:2 .... 129.9.168.140

(4) haswitch命令进行切换实验,将逻辑主机smcpwork 由物理主机smcp01上切换到物理主机smcp02上。

# haswitch smcp02 smcpwork

要查看是否切换成功,则有以下方法:

在主机 smcp02上用df -k查看磁盘资源。如果显示信息有以下内容,则说明切换成功:

/dev/vx/dsk/smcpdg/smcpdg-stat

在主机 smcp02上用 ifconfig -a 查看 ip 地址,若逻辑主机smcpworkIP地址129.9.169.120

此时已绑定在hme0网卡(即公网的主网卡)上,则说明切换成功。

(5) /opt/SUNWcluster/bin/xps_check覆盖该目录下的db_check

get_node_status检验双机的状态

smcp02>get_node_status

sc: included in running cluster

node id: 1

membership: 0 1

interconnect0: selected

interconnect1: up

vm_type: vxvm

vm: up

db: up  

17SUN Netra T 1125头次安装的时候如何来设置Terminal Concentrator

 

=====================================

 

TELLIN SMP SUN Netra T1125 标准配置中,主机为不带显示卡和显示器的SUN 服务器,

因此使用终端集线器将两台主机上控制台(Console)信号接出到监控台上显示。由于在

Solaris没有启动前,无法对主机进行控制,必须先设置终端集线器。如果Terminal Concentrator

(简称TC)已经设置好,则可以不用重设。

下面给出终端集线器的配置步骤。终端集线器一经配置完成就无须每次开机后再次配置,

以下的配置过程假设 TC IP 地址为 129.9.168.23,子网掩码为 255.255.255.0

 

(1) 用一台Sun工作站,用RS232J45电缆连接主机的串口A和终端集线器的 端口1

在工作站/etc/remote文件中加上:

a:dv=/dev/term/a:br 9600:el=^C^S^Q^U^D:ie=%$e=^D:el=^C^S^Q^U^D:ie=%$e=^D:

(2) ROOT用户下键入: tip a

(3) 正确连接终端集线器和公网

(4) 将终端集线器上电

(5) 按一下终端集线器的Test键,Test指示灯亮并进入测试模式。注意:应当在电源灯亮后立即按

Test键,不能等到其进入正常运行态,相当于计算机中按“DEL”进入设置状态。

完成测试后,正确的各指示灯状态如表2-2所示。

2-2 终端集线器的指示灯

灯名 Power Unit Net Attn Load Active

颜色 Green Green Green Amber Green Green

状态 ON ON ON OFF OFF 慢闪  

(6) SUN工作站上将出现monitor::提示符,使用addr命令配置TCIP和子网屏蔽码

monitor:: addr <Enter>

输入IP 129.9.168.23

输入子网屏蔽码: 255.255.255.0

(7) 退出tip应用程序

monitor::提示符下:

monitor:: boot <Enter>

monitor:: ~.  

( 关掉终端集线器电源并重新开机,若用PC telnet 上去,

即验证了上述配置的正确性。此时对终端集线器的各端口进行配置:

telnet 129.9.168.23 <Enter>

Trying 129.9.168.23...

Connected to 129.9.168.23.

Escape character is '^]'.<Enter>

Enter Annex port name or number: cli <Enter>

annex: su <Enter>(切换到超级用户状态)

Password: 此处键入TCIP地址

annex admin <Enter>

Annex administration MICRO-XL-UX R7.0.1, 8 ports

admin : set port=1-8 type dial_in imask_7bits Y <Enter>

You may need to reset the appropriate port, Annex subsystem or

reboot the Annex for changes to take effect.

admin : set port=2-7 mode slave <Enter>

You may need to reset the appropriate port, Annex subsystem or

reboot the Annex for changes to take effect.

admin : quit <Enter>

annex boot <Enter>

bootfile: <Enter>

warning:

*** Annex (129.9.168.23) shutdown message from port v1 ***

Annex (129.9.168.23) going down IMMEDIATELY

Connection closed by foreign host.w

安装完毕,撤消1口的串口线。

以上操作过程中可键入“?”或“help"出现帮助,在当前工作站上,

可用使用PC机的超级终端等程序对TC进行设置。

 18、查看物理磁盘的信息

用一下命令查看物理磁盘是分配给哪个逻辑卷组。

 

#vxdisk list

DEVICE TYPE DISK GROUP STATUS

c0t0d0s2 sliced - - error

c0t0d0s7 simple c0t0d0s7 rootdg online

c0t8d0s2 sliced - - error

c1t1d0s2 sliced c1t1d0 smcpdg online

c1t2d0s2 sliced - - online

c1t3d0s2 sliced c1t3d0 smcpdg online

c1t4d0s2 sliced - - online

c1t6d0s2 sliced - - online

c2t1d0s2 sliced c2t1d0 smcpdg online

c2t2d0s2 sliced - - online

c2t3d0s2 sliced c2t3d0 smcpdg online

c2t4d0s2 sliced - - online

c2t6d0s2 sliced - - online  

19SUN的小型机的内核参数的修改/etc/system

set shmsys:shminfo_shmmax=268435456

set semsys:seminfo_semmni=4096

set semsys:seminfo_semmns=4096

set semsys:seminfo_semmnu=4096

set semsys:seminfo_semume=64

set semsys:seminfo_semmsl=100

set shmsys:shminfo_shmmin=100

set shmsys:shminfo_shmmni=100

set shmsys:shminfo_shmseg=100  

20SUN双机运行的日志

cluster日志记在 var/adm/messaage 中,如果cluster运行中出现故障,

我们可以查看该文件以帮助定位问题。另外,注意观察控制台屏幕上的消息。

cluster运行时的错误和告警信息,包括定时监测的结果,通常会实时的显示到控制台上。

 

21、如何使用光驱  

A、如何利用光驱启动或者安装

先在主机上同时按住stopA键,即是:stop+A,这样进入OK命令环境;  

再在OK状态下输入boot cdrom则可以进入光盘启动了。  

B、如何读光驱的内容 

将光盘塞入光驱中,会自动挂接的

df -k看看光盘挂接在哪个目录下面了,

然后进入该目录就可以访问到光盘中的内容了。  

22、如何使用终端集线器对SUN双机进行console的功能访问

修改/etc/default/login文件

CONSOLE=/dev/console一行修改为

CONSOLE=/dev/console

否则只能通过TC来登录主机,其它方式无法登录。  

23、关闭主机的命令

#shutdown --

 24、如何利用远程磁带机来备份文件

假设两台机器smcp01smcp02,只有在第二台机器上才有磁带机,

那么第一台机器要通过如下的方式来使用第二台机器的磁带机: 

写:

#tar cvf - /tmp/yqx | rsh smcp02 dd of=/dev/rmt/0m

如果执行不成功则先设置:

#obs=20b 20block

读:

#rsh smcp02 dd if=/dev/rmt/0m | tar tvf -

如果执行不成功,就先设置:

#bs=20b  

25、如何查看当前的网络子网、网络的掩码是多少

1)查看子网

#netstat -in

查看hme0对应的:

Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue

hme0 1500 172.0.8.0 172.0.8.68 3430395 0 1134355 0 0 0

可知子网就是172.0.8.0  

2)查看掩码

查看/etc/netmasks就可以了  

3)查看地址

#ifconfig -a

或者查看/etc/hostname.hme0  

注意:有些机器上的网卡的物理名字是le0 

26、如何从cluster中删除一个逻辑机呢?

1)先将逻辑机上的应用进行去注册

hareg -n scpwork;

hareg -u scpwork;

2)再将应用从逻辑机上删除

scconf tellinclustercluster名) -s -r scpserv(应用名) scpwork(逻辑机名)

3)最后将逻辑机从cluster中删除

方法一)用scinstall来选择菜单change/logic hosts/remove 来删除

方法二)直接用命令scconf iin -L scpwork -r

 

备注:用scinstall命令可以查看到所有的关于sun双机配置的信息。 

27sun的逻辑卷组、逻辑卷的创建总结步骤

SUNVolumn manager 简称VM,在此环境下永久性修改smcpdg/querydg等磁盘卷组的用户属性及

读写权限的时候,不能用chownchmod来修改的,只能用vxedit来修改。  

补充:

初始化物理磁盘:vxdisksetup -i c1t2d0

vxdisksetup -i c2t2d0

创建卷组: vxdg init smpdbdg smpdbdg1=c1t2d0

vxdg -g smpdbdg adddisk smpdbdg2=c2t2d0

创建卷组挂接的文件系统:

vxassist -g smpdbdg -U fsgen make smpdbdg-stat 2m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror smpdbdg-stat layout=nostripe smpdbdg2

newfs /dev/vx/rdsk/smpdbdg/smpdbdg-stat

创建逻辑卷:

vxassist -g smpdbdg -U gen make lv_rootdbs 128m layout=nolog smpdbdg1

vxassist -g smpdbdg mirror lv_rootdbs layout=nostripe smpdbdg2

修改卷组权限:

vxedit -g smpdg -v set user=smp group=smp lv_smp

vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_rootdbs

查看卷组激活情况:vxdg list

导入卷组:vxdg import smcpdg

激活卷组:vxvol -g smcpdg start all

去激活卷组:vxvol -g smcpdg stop all  

28sun双机配置时关于自动启动双机的配置  

为了保证SMCP双机在异常情况下可以在双机重新启动后自动拉起cluster 

SUN机型:把双机系统的自启动脚本S99startcluster拷贝

到系统的/etc/rc3.d目录下。此脚本包含下述内容,

其中通常需要根据现场情况进行修改的项目有:

LOCALNODENAME REMOTENODENAME CLUSTERNAME

if [ $LOCALNODENAME = "smcp01" ]; then

REMOTENODENAME="smcp02"

# LOCALID=0

# REMOTEID=1

else

REMOTENODENAME="smcp01"

# LOCALID=1

# REMOTEID=0

fi

CLUSTERNAME=smcp-cluster  

29sun的总段上乱码的处理

当在终端窗口上进行输入字符的时候,出现了乱码的时候,这个时候有

两种解决办法:

1)敲打del

2) Ctrl + <---BkSp(向左的删除键) 

30、查看一个逻辑卷组下面有哪些物理磁盘  

root@smp2 # vxdg list smpdbdg

Group: smpdbdg

dgid: 1035450560.1072.smp2

import-id: 0.1071

flags:

copies: nconfig=default nlog=default

config: seqno=0.1027 permlen=3447 free=3445 templen=2 loglen=522

config disk c1t0d0s2 copy 1 len=3447 state=clean online

log disk c1t0d0s2 copy 1 len=522

 30sun双机的维护命令

#scinstall

命令可以进行一系列的sun双机的维护,如:

Assuming a default cluster name of smp  

Checking on installed package state

....................

 ============ Main Menu =================  

1) Install/Upgrade - Install or Upgrade Server

Packages or Install Client Packages.

2) Remove - Remove Server or Client Packages.

3) Change - Modify cluster or data service configuration

4) Verify - Verify installed package sets.

5) List - List installed package sets.

 6) Quit - Quit this program.

7) Help - The help screen for this menu.  

Please choose one of the menu items: [7]:

 31、如何删除逻辑卷

vxedit -g scpdbdg -fr rm 逻辑卷名

 32、修改/etc/opt/SUNWcluster/conf/hanfs/vfstab.scpwork的文件系统  

33、关于SUN小型机中创建用户注意

有时候创建好用户了之后,我们又会将它删除,正确的操作应该是userdel 用户名来删除。

但是有时候可能会被工程师直接从/etc/passwd中删除,这个时候如果再来用useradd添加同名用户的时候,

系统会提示添加失败,这个时候必须要注意将/etc/shadow文件中的该用户的配置行也要删除,删除以后让

/etc/shadow文件和/etc/passwd文件中的用户保持一致,这样就又可以用useradd来添加了。 

34、如何实现一个用户属于多个用户组呢?  

35、查看swap空间

#swap -s

eg

total: 76552k bytes allocated + 17184k reserved = 93736k used, 296608k available

 Solaris 常用命令及例子

 roc工具

 $ ps

PID TTY TIME CMD

806 pts/3 0:00 ps

368 pts/3 0:00 sh

$ pflags 368

368: -sh

data model = _ILP32 flags = PR_ORPHAN

/1: flags = PR_PCINVAL

 

% pmap 823 //进程的地址空间分配,和需要执行的库

823: -csh

08043000 20K rw--- [ stack ]

08050000 128K r-x-- /usr/bin/csh

08070000 12K rwx-- /usr/bin/csh

08073000 68K rwx-- [ heap ]

DD9C0000 8K r-x-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2

DD9D1000 4K rwx-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2

DD9E0000 324K r-x-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2

DDA40000 8K rwx-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2

DDA60000 4K rwx-- [ anon ]

DDA70000 628K r-x-- /usr/lib/libc.so.1

DDB1D000 24K rwx-- /usr/lib/libc.so.1

DDB23000 4K rwx-- /usr/lib/libc.so.1

DDB30000 152K r-x-- /usr/lib/libcurses.so.1

DDB66000 28K rwx-- /usr/lib/libcurses.so.1

DDB6D000 8K rwx-- /usr/lib/libcurses.so.1

DDB80000 4K r-x-- /usr/lib/libdl.so.1

DDB90000 292K r-x-- /usr/lib/ld.so.1

DDBE9000 16K rwx-- /usr/lib/ld.so.1

DDBED000 8K rwx-- /usr/lib/ld.so.1

total 1740K

 

$ pldd 830 //与每个进程链接的动态库列表

830: -sh

/usr/lib/libgen.so.1

/usr/lib/libc.so.1

/usr/lib/libdl.so.1

/usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2

/usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2

 

$ psig 830 //与进程相关的的信号列表

830: -sh

HUP caught done 0

INT caught 0x8059a30 0

QUIT caught 0x8059a30 0

ILL caught done 0

TRAP caught done 0

ABRT caught done 0

EMT caught done 0

FPE caught done 0

KILL default

BUS caught done 0

SEGV caught 0x8059f70 ONSTACK,SIGINFO

 

$ pstack 830 //以十六进制格式查看进程堆栈跟踪

830: -sh

ddacedf7 waitid (0, 353, 8047d40, 83)

ddaeeea7 _waitpid (353, 8047df8, 80) + 66

ddb30581 waitpid (353, 8047df8, 80) + 21

08062319 ???????? (8078c44)

08062cef postjob (353, 1) + ce

0805d1e9 execute (8079374, 0, 0) + 801

08055b61 ???????? (0)

080559b5 main (1, 8047eb4, 8047ebc) + 4d9

08055427 ???????? ()

 

$ pfiles 830 //每个进程所打开的所有文件

830: -sh

Current rlimit: 256 file descriptors

0: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2

O_RDWR

1: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2

O_RDWR

2: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2

O_RDWR

 

$ pwdx 830 //获取该进程当前的工作目录

830: /export/home/wing

$ ptree 830 //获父进程胱咏痰墓叵?

179 /usr/sbin/inetd -s

828 in.telnetd

830 -sh

854 ptree 830  

lsof 工具-需下载安装,本身没有自带 

软件管理

pkgadd

#pkgadd -d /tem softwarename

软件名gpw-6.94-sol8-intel-local.gz

#gunzip gpw-6.94-sol8-intel-local.gz

#head gpw-6.94-sol8-intel-local.gz //查看文件的版本信息

#pkgadd -d gpw-6.94-sol8-intel-local.gz

install

#install -c /opt/scripts -m 0755 -u bin -g sysadmin /tmp/setup_script

//目标路径 权限 用户 源路径

pkginfo

#pkginfo //安装了的软件包

pkgchk

#pkgchk pkginst //检查软件包的完整性

#pkgchk -f pkginst //处理软件包问题

#pkgchk -n pkginst //忽略包的不稳定性

#pkgchk -l -p /usr/bin/mydir //获取已安装文件的包属性

pkgrm

#pkgrm pkginst //删除软件包

#pkgrm pkginst1 pkginst2 //同时删除多个包

showrev

#showrev -p //显示已安装的补丁  

patchadd

#patchadd patchname //安装补丁

#patchadd -M patch1 patch2 //同时安装多个补丁

#patchadd -d -R /export/mars /var/spool/patch/11102-12

//目的 源路径

//不允许对补丁安装进行现场恢复

 

补丁安装实例

2.6_Recommended.tar.z 补丁名

1

#df -k dir //查看该目录的大小

#tar xvf 2.6_Recommended.tar.z

#./install  

参数 功能

-B 指定存储恢复现场信息的目录,而不是默认目录

-C 如果需要,指定需要打补丁的网络安装映象的路径

-d 不接受可恢复现场的补丁安装

-M 指定定位补丁的可选目录

-p 打印所有已安装的补丁列表

-u 不让文件安装生效

-R 为客户安装指定可选根目录

-S 从服务器为客户端安装补丁,客户机共享服务器操作系统目录  

patchrm

#patchrm patchname // 删除补丁

#patchrm -C /export/solaris_2.9/tools/1065-15

//从客户端系统删除补丁 

引导和启动过程、ok模式

#shutdown

#reboot

#init 0

#boot -r  

ok setenv boot-device disk //将默认的启动设备改为disk

boot-device = disk

 

ok printenv boot-device //验正启动设备

boot-device disk disk  

ok reset

 ok test net //测试回路网络设备

ok watch-clock //测试时钟设备

ok boot -r //重新引导系统

ok boot net //从网络启动

ok boot cdrom //从光盘启动

ok boot floppy //从软盘启动

ok boot tape //从磁带引导系统

ok watch-net //检查网络是否联通

ok probe-scsi //检查系统检测出的所有磁盘设备,并得到可用的设备列表

ok banner //检测内存、系统固件的openboot版本信息

ok boot -s //进入单用户模式

#reboot -l -- -r //重新引导不在系统日记里记录

#shutdown - i 0 -g 120 -y

#sync;init 0

#traceroute www.abc.com  

wall

#wall  

init

#init q //重新初始化运行级别

#init 0 //硬件维护模式

#init 1 //单用户模式

#init 2 //NFS不可用

#init 3 //NFS可用

#init 4 //用户定义状态

#init 5 //关闭系统电源

#init 6 //挂起操作系统

#init s //进入管理状态  

网络配置  

etc/hostname.interface //是这块网卡的名字或机器的名字

# cat hostname.pcn0

wing  

# cat hosts

#

# Internet host table

#

127.0.0.1 localhost

192.168.0.11 wing

# hostname

wing  

# cat netmasks

192.168.0.0 255.255.255.0  

ifconfig le0 172.16.255.1 netmask 255.255.255.0  

配置网络端口状态

ifconfig le0 up/down

配置网络端口是否可用

ifconfig le0 plumb/unplumb

#ifconfig -a 这个地址只有root用户使用时才显示。如果一个非root用户使用ifconfig命令,那么只有IP地址

# ifconfig -a

lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1

inet 127.0.0.1 netmask ff000000

hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2

inet 192.168.10.25 netmask ffffff00 broadcast 192.168.10.255

ether 8:0:20:a2:11:de

 

#ifconfig le0 192.168.0.3 netmask 255.255.255.0 broadcast 192.168.0.255 up

banner

你也可以在系统还没有启动时在ok提示符下敲入banner来找到MAC地址,CPU 型号和频率。

ok banner  

un Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), Keyboard Present

OpenBoot 3.1.1 64 MB memory installed, Serial #9361102.

Ethernet address 8:0:20:8e:d6:ce, HostID: 808ed6ce.  

# arp -a //登陆用户 

Net to Media Table: IPv4

Device IP Address Mask Flags Phys Addr

------ -------------------- --------------- ----- ---------------

pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c

pcn0 wing 255.255.255.255 SP 00:0c:29:19:a1:54

pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00

 # netstat // 网络状态  

TCP: IPv4

Local Address Remote Address Swind Send-Q Rwind Recv-Q State

-------------------- -------------------- ----- ------ ----- ------ -------

wing.telnet 192.168.0.1.1030 7168 0 66608 0 ESTABLISHED

wing.telnet 192.168.0.1.1032 6253 1 66608 0 ESTABLISHED

 

Active UNIX domain sockets

Address Type Vnode Conn Local Addr Remote Addr

df187cc0 stream-ord dee4c1c0 00000000 /tmp/.X11-unix/X0

df187de8 stream-ord 00000000 00000000

#

# netstat -r //查看路由表

Routing Table: IPv4

Destination Gateway Flags Ref Use Interface

-------------------- -------------------- ----- ----- ------ ---------

192.168.0.0 wing U 1 3 pcn0

224.0.0.0 wing U 1 0 pcn0

default wing UG 1 0

localhost localhost UH 2 6 lo0

# netstat -g

 Group Memberships: IPv4

Interface Group RefCnt

--------- -------------------- ------

lo0 224.0.0.1 1

pcn0 224.0.0.1 1 

 # netstat -p

 Net to Media Table: IPv4

Device IP Address Mask Flags Phys Addr

------ -------------------- --------------- ----- ---------------

pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c

pcn0 solaris9 255.255.255.255 SP 00:0c:29:80:4c:0a

pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00

#

 # netstat -s

 RAWIP

rawipInDatagrams = 0 rawipInErrors = 0

rawipInCksumErrs = 0 rawipOutDatagrams = 0

rawipOutErrors = 0

 UDP

udpInDatagrams = 923 udpInErrors = 0

udpOutDatagrams = 928 udpOutErrors = 0

 TCP tcpRtoAlgorithm = 4 tcpRtoMin = 400

tcpRtoMax = 60000 tcpMaxConn = -1

tcpActiveOpens = 18 tcpPassiveOpens = 21

tcpAttemptFails = 0 tcpEstabResets = 0

tcpCurrEstab = 31 tcpOutSegs = 715

tcpOutDataSegs = 524 tcpOutDataBytes = 52210

tcpRetransSegs = 0 tcpRetransBytes = 0

tcpOutAck = 191 tcpOutAckDelayed = 90

tcpOutUrg = 0 tcpOutWinUpdate = 0

tcpOutWinProbe = 0 tcpOutControl = 47

tcpOutRsts = 0 tcpOutFastRetrans = 0

tcpInSegs = 925

tcpInAckSegs = 505 tcpInAckBytes = 52216

tcpInDupAck = 7 tcpInAckUnsent = 0

tcpInInorderSegs = 524 tcpInInorderBytes = 45645

tcpInUnorderSegs = 0 tcpInUnorderBytes = 0

tcpInDupSegs = 0 tcpInDupBytes = 0

tcpInPartDupSegs = 0 tcpInPartDupBytes = 0

tcpInPastWinSegs = 0 tcpInPastWinBytes = 0

tcpInWinProbe = 0 tcpInWinUpdate = 0

tcpInClosed = 0 tcpRttNoUpdate = 0

tcpRttUpdate = 497 tcpTimRetrans = 0

tcpTimRetransDrop = 0 tcpTimKeepalive = 0

tcpTimKeepaliveProbe= 0 tcpTimKeepaliveDrop = 0

tcpListenDrop = 0 tcpListenDropQ0 = 0

tcpHalfOpenDrop = 0 tcpOutSackRetrans = 0

 

IPv4 ipForwarding = 2 ipDefaultTTL = 255

ipInReceives = 422 ipInHdrErrors = 0

ipInAddrErrors = 0 ipInCksumErrs = 0

ipForwDatagrams = 0 ipForwProhibits = 0

ipInUnknownProtos = 0 ipInDiscards = 0

ipInDelivers = 1832 ipOutRequests = 265

ipOutDiscards = 0 ipOutNoRoutes = 0

ipReasmTimeout = 60 ipReasmReqds = 0

ipReasmOKs = 0 ipReasmFails = 0

ipReasmDuplicates = 0 ipReasmPartDups = 0

ipFragOKs = 0 ipFragFails = 0

ipFragCreates = 0 ipRoutingDiscards = 0

tcpInErrs = 0 udpNoPorts = 20

udpInCksumErrs = 0 udpInOverflows = 0

rawipInOverflows = 0 ipsecInSucceeded = 0

ipsecInFailed = 0 ipInIPv6 = 0

ipOutIPv6 = 0 ipOutSwitchIPv6 = 8

 

IPv6 ipv6Forwarding = 2 ipv6DefaultHopLimit = 255

ipv6InReceives = 0 ipv6InHdrErrors = 0

ipv6InTooBigErrors = 0 ipv6InNoRoutes = 0

ipv6InAddrErrors = 0 ipv6InUnknownProtos = 0

ipv6InTruncatedPkts = 0 ipv6InDiscards = 0

ipv6InDelivers = 0 ipv6OutForwDatagrams= 0

ipv6OutRequests = 0 ipv6OutDiscards = 0

ipv6OutNoRoutes = 0 ipv6OutFragOKs = 0

ipv6OutFragFails = 0 ipv6OutFragCreates = 0

ipv6ReasmReqds = 0 ipv6ReasmOKs = 0

ipv6ReasmFails = 0 ipv6InMcastPkts = 0

ipv6OutMcastPkts = 0 ipv6ReasmDuplicates = 0

ipv6ReasmPartDups = 0 ipv6ForwProhibits = 0

udpInCksumErrs = 0 udpInOverflows = 0

rawipInOverflows = 0 ipv6InIPv4 = 0

ipv6OutIPv4 = 0 ipv6OutSwitchIPv4 = 0

 

ICMPv4 icmpInMsgs = 5 icmpInErrors = 0

icmpInCksumErrs = 0 icmpInUnknowns = 0

icmpInDestUnreachs = 5 icmpInTimeExcds = 0

icmpInParmProbs = 0 icmpInSrcQuenchs = 0

icmpInRedirects = 0 icmpInBadRedirects = 0

icmpInEchos = 0 icmpInEchoReps = 0

icmpInTimestamps = 0 icmpInTimestampReps = 0

icmpInAddrMasks = 0 icmpInAddrMaskReps = 0

icmpInFragNeeded = 0 icmpOutMsgs = 5

icmpOutDrops = 0 icmpOutErrors = 0

icmpOutDestUnreachs = 5 icmpOutTimeExcds = 0

icmpOutParmProbs = 0 icmpOutSrcQuenchs = 0

icmpOutRedirects = 0 icmpOutEchos = 0

icmpOutEchoReps = 0 icmpOutTimestamps = 0

icmpOutTimestampReps= 0 icmpOutAddrMasks = 0

icmpOutAddrMaskReps = 0 icmpOutFragNeeded = 0

icmpInOverflows = 0

 

ICMPv6 icmp6InMsgs = 0 icmp6InErrors = 0

icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0

icmp6InTimeExcds = 0 icmp6InParmProblems = 0

icmp6InPktTooBigs = 0 icmp6InEchos = 0

icmp6InEchoReplies = 0 icmp6InRouterSols = 0

icmp6InRouterAds = 0 icmp6InNeighborSols = 0

icmp6InNeighborAds = 0 icmp6InRedirects = 0

icmp6InBadRedirects = 0 icmp6InGroupQueries = 0

icmp6InGroupResps = 0 icmp6InGroupReds = 0

icmp6InOverflows = 0

icmp6OutMsgs = 0 icmp6OutErrors = 0

icmp6OutDestUnreachs= 0 icmp6OutAdminProhibs= 0

icmp6OutTimeExcds = 0 icmp6OutParmProblems= 0

icmp6OutPktTooBigs = 0 icmp6OutEchos = 0

icmp6OutEchoReplies = 0 icmp6OutRouterSols = 0

icmp6OutRouterAds = 0 icmp6OutNeighborSols= 0

icmp6OutNeighborAds = 0 icmp6OutRedirects = 0

icmp6OutGroupQueries= 0 icmp6OutGroupResps = 0

icmp6OutGroupReds = 0

 

IGMP:

0 messages received

0 messages received with too few bytes

0 messages received with bad checksum

0 membership queries received

0 membership queries received with invalid field(s)

0 membership reports received

0 membership reports received with invalid field(s)

0 membership reports received for groups to which we belong

0 membership reports sent

 # netstat -M

 Virtual Interface Table is empty

 Multicast Forwarding Cache is empty

 #

 # netstat -r //网络接口状态

 Routing Table: IPv4

Destination Gateway Flags Ref Use Interface

-------------------- -------------------- ----- ----- ------ ---------

192.168.0.0 solaris9 U 1 1 pcn0

192.168.0.0 address2 U 1 0 pcn0:1

224.0.0.0 solaris9 U 1 0 pcn0

default 192.168.0.1 UG 1 0

localhost localhost UH 2 6 lo0

# netstat -rn

 Routing Table: IPv4

Destination Gateway Flags Ref Use Interface

-------------------- -------------------- ----- ----- ------ ---------

192.168.0.0 192.168.0.3 U 1 1 pcn0

192.168.0.0 192.168.0.5 U 1 0 pcn0:1

224.0.0.0 192.168.0.3 U 1 0 pcn0

default 192.168.0.1 UG 1 0

127.0.0.1 127.0.0.1 UH 2 6 lo0

#

 # netstat -i 1 5

input pcn0 output input (Total) output

packets errs packets errs colls packets errs packets errs colls

1187 0 1318 0 0 3699 0 3830 0 0

4 0 4 0 0 4 0 4 0 0

3 0 3 0 0 5 0 5 0 0

4 0 4 0 0 4 0 4 0 0

3 0 4 0 0 5 0 6 0 0

#

 snoop

 # snoop -c 3 //抓取3IP

Using device /dev/pcn0 (promiscuous mode)

192.168.0.1 -> solaris9 TELNET C port=3013

solaris9 -> 192.168.0.1 TELNET R port=3013 Using device /dev/pc

192.168.0.1 -> solaris9 TELNET C port=3013

3 packets captured

#

 # snoop -v -c 2 //抓取两个详细的IP包。

Using device /dev/pcn0 (promiscuous mode)

ETHER: ----- Ether Header -----

ETHER:

ETHER: Packet 1 arrived at 1:43:41.42

ETHER: Packet size = 60 bytes

ETHER: Destination = 0:c:29:80:4c:a,

ETHER: Source = 0:3:f:fd:6d:c,

ETHER: Ethertype = 0800 (IP)

ETHER:

IP: ----- IP Header -----

IP:

IP: Version = 4

IP: Header length = 20 bytes

IP: Type of service = 0x00

IP: xxx. .... = 0 (precedence)

IP: ...0 .... = normal delay

IP: .... 0... = normal throughput

IP: .... .0.. = normal reliability

IP: .... ..0. = not ECN capable transport

IP: .... ...0 = no ECN congestion experienced

IP: Total length = 40 bytes

IP: Identification = 1627

IP: Flags = 0x4

IP: .1.. .... = do not fragment

IP: ..0. .... = last fragment

IP: Fragment offset = 0 bytes

IP: Time to live = 128 seconds/hops

IP: Protocol = 6 (TCP)

IP: Header checksum = 7320

IP: Source address = 192.168.0.1, 192.168.0.1

IP: Destination address = 192.168.0.3, solaris9

IP: No options

IP:

TCP: ----- TCP Header -----

TCP:

TCP: Source port = 3013

TCP: Destination port = 23 (TELNET)

TCP: Sequence number = 769864152

TCP: Acknowledgement number = 52297913

TCP: Data offset = 20 bytes

TCP: Flags = 0x10

TCP: 0... .... = No ECN congestion window reduced

TCP: .0.. .... = No ECN echo

TCP: ..0. .... = No urgent pointer

TCP: ...1 .... = Acknowledgement

TCP: .... 0... = No push

TCP: .... .0.. = No reset

TCP: .... ..0. = No Syn

TCP: .... ...0 = No Fin

TCP: Window = 17292

TCP: Checksum = 0x7b85

TCP: Urgent pointer = 0

TCP: No options

TCP:

TELNET: ----- TELNET: -----

TELNET:

TELNET: ""

TELNET:

 

ETHER: ----- Ether Header -----

ETHER:

ETHER: Packet 2 arrived at 1:43:41.42

ETHER: Packet size = 97 bytes

ETHER: Destination = 0:3:f:fd:6d:c,

ETHER: Source = 0:c:29:80:4c:a,

ETHER: Ethertype = 0800 (IP)

ETHER:

IP: ----- IP Header -----

IP:

IP: Version = 4

IP: Header length = 20 bytes

IP: Type of service = 0x00

IP: xxx. .... = 0 (precedence)

IP: ...0 .... = normal delay

IP: .... 0... = normal throughput

IP: .... .0.. = normal reliability

IP: .... ..0. = not ECN capable transport

IP: .... ...0 = no ECN congestion experienced

IP: Total length = 83 bytes

IP: Identification = 50744

IP: Flags = 0x4

IP: .1.. .... = do not fragment

IP: ..0. .... = last fragment

IP: Fragment offset = 0 bytes

IP: Time to live = 60 seconds/hops

IP: Protocol = 6 (TCP)

IP: Header checksum = f717

IP: Source address = 192.168.0.3, solaris9

IP: Destination address = 192.168.0.1, 192.168.0.1

IP: No options

IP:

TCP: ----- TCP Header -----

TCP:

TCP: Source port = 23

TCP: Destination port = 3013

TCP: Sequence number = 52297913

TCP: Acknowledgement number = 769864152

TCP: Data offset = 20 bytes

TCP: Flags = 0x18

TCP: 0... .... = No ECN congestion window reduced

TCP: .0.. .... = No ECN echo

TCP: ..0. .... = No urgent pointer

TCP: ...1 .... = Acknowledgement

TCP: .... 1... = Push

TCP: .... .0.. = No reset

TCP: .... ..0. = No Syn

TCP: .... ...0 = No Fin

TCP: Window = 64240

TCP: Checksum = 0xd1f6

TCP: Urgent pointer = 0

TCP: No options

TCP:

TELNET: ----- TELNET: -----

TELNET:

TELNET: "Using device /dev/pcn0 (promiscuous mode)\r\n"

TELNET:

 

2 packets captured

#

# snoop host1 host2

host1 -> host2 ICMP Echo request

host2 -> host1 ICMP Echo reply

使用snoop实用程序判定系统间实际上传送的什么信,判断网络畅通

# snoop -a dhcp

Snoop 的使用

Snoop Solaris 系统中自带的工具, 是一个用于显示网络通讯的程序,

可捕获IP 包并将其显示或保存到指定文件. (限超级用户使用snoop)

Snoop 可将捕获的包以一行的形式加以总结或用多行加以详细的描述(

调用不同的参数-v -V来实现). 在总结方式下(-V ) , 将仅显示最高层的相关协

, 例如一个NFS 包将仅显示NFS 信息, 其低层的RPC, UDP, IP, Ethernet 帧信息将不会显示, 但是当加上相应的参数(-v ), 这些信息都能被显示出来.

参数简介:

[ -a ] # Listen to packets on audio

[ -d device ] # settable to le?, ie?, bf?, tr?

[ -s snaplen ] # Truncate packets

[ -c count ] # Quit after count packets

[ -P ] # Turn OFF promiscuous mode

[ -D ] # Report dropped packets

[ -S ] # Report packet size

[ -i file ] # Read previously captured packets

[ -o file ] # Capture packets in file

[ -n file ] # Load addr-to-name table from file

[ -N ] # Create addr-to-name table

[ -t r|a|d ] # Time: Relative, Absolute or Delta

[ -v ] # Verbose packet display

[ -V ] # Show all summary lines

[ -p first[,last] ] # Select packet(s) to display

[ -x offset[,length] ] # Hex dump from offset for length

[ -C ] # Print packet filter code

由于snoop 的使用非常灵活, 希望能通过下面一些例子的学习来其常见用法.

1. 监听所有以本机为源和目的的包并将其显示出来.

# snoop

2. 监听所有以主机A为源和目的的包并将其显示出来. ( A为主机名, 下同)

- 2 -

# snoop A

3. 监听所有AB之间的包并将其保存到文件file.

# snoop -o file A B

4. 显示文件file 中指定的包(99-108)

# snoop - i file -p 99,108

99 0.0027 boutique -> sunroof NFS C GETATTR FH=8E6C

100 0.0046 sunroof -> boutique NFS R GETATTR OK

101 0.0080 boutique -> sunroof NFS C RENAME FH=8E6C MTra00192

to .nfs08

102 0.0102 marmot -> viper NFS C LOOKUP FH=561E screen.r.13.i386

103 0.0072 viper -> marmot NFS R LOOKUP No such file or directory

104 0.0085 bugbomb -> sunroof RLOGIN C PORT=1023 h

105 0.0005 kandinsky -> sparky RSTAT C Get Statistics

106 0.0004 beeblebrox -> sunroof NFS C GETATTR FH=0307

107 0.0021 sparky -> kandinsky RSTAT R

108 0.0073 office -> jeremiah NFS C READ FH=2584 at 40960 for 8192

5. 详细查看文件file 中第101 个包:

# snoop - i file - v -p101

ETHER: ----- Ether Header -----

ETHER:

ETHER: Packet 101 arrived at 16:09:53.59

ETHER: Packet size = 210 bytes

ETHER: Destination = 8:0:20:1:3d:94, Sun

ETHER: Source = 8:0:69:1:5f:e, Silicon Graphics

ETHER: Ethertype = 0800 (IP)

ETHER:

IP: ----- IP Header -----

IP:

IP: Version = 4, header length = 20 bytes

IP: Type of service = 00

IP: ..0. .... = routine

IP: ...0 .... = normal delay

IP: .... 0... = normal throughput

IP: .... .0.. = normal reliability

IP: Total length = 196 bytes

IP: Identification 19846

IP: Flags = 0X

IP: .0.. .... = may fragment

IP: ..0. .... = more fragments

?

- 3 -

?

6. 查看主机A和主机B之间的NFS (命令中的and or 为相应的逻辑运

)

# snoop - i file rpc nfs and A and B

1 0.0000 A -> B NFS C GETATTR FH=8E6C

2 0.0046 B -> A NFS R GETATTR OK

3 0.0080 A -> B NFS C RENAME FH=8E6C MTra00192 to .nfs08

7. 将这些符合条件的包保存到另一文件file2 :

# snoop - i file -o file2 rpc nfs A B

8. 监听主机A和主机B间所有TCP 80 端口或UDP80端口的包

# snoop A and B and (tcp or udp) and port 80

9. 监听所有的广播包

# snoop broadcast

Using device /dev/hme (promiscuous mode)

10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35

10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35

10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35

10. 监听所有的多播包, 并显示详细内容.

#snoop -v multicast

ETHER: ----- Ether Header -----

ETHER:

ETHER: Packet 1 arrived at 12:33:2.16

ETHER: Packet size = 69 bytes

ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)

ETHER: Source = 0:4:76:46:8f:50,

ETHER: Ethertype = 0800 (IP)

ETHER:

IP: ----- IP Header -----

IP:

IP: Version = 4

IP: Header length = 20 bytes

IP: Type of service = 0x00

IP: xxx. .... = 0 (precedence)

IP: ...0 .... = normal delay

- 4 -

IP: .... 0... = normal throughput

IP: .... .0.. = normal reliability

IP: Total length = 55 bytes

IP: Identification = 14658

IP: Flags = 0x0

IP: .0.. .... = may fragment

IP: ..0. .... = last fragment

IP: Fragment offset = 0 bytes

IP: Time to live = 128 seconds/hops

IP: Protocol = 17 (UDP)

IP: Header checksum = ed38

IP: Source address = 10.10.10.50, 10.10.10.50

IP: Destination address = 255.255.255.255, BROADCAST

IP: No options

IP:

UDP: ----- UDP Header -----

UDP:

UDP: Source port = 2541

UDP: Destination port = 177

UDP: Length = 35

UDP: Checksum = 8E35

UDP:

ETHER: ----- Ether Header -----

ETHER:

ETHER: Packet 2 arrived at 12:33:12.16

ETHER: Packet size = 69 bytes

ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)

ETHER: Source = 0:4:76:46:8f:50,

ETHER: Ethertype = 0800 (IP)

ETHER:

IP: ----- IP Header -----

IP:

IP: Version = 4

IP: Header length = 20 bytes

IP: Type of service = 0x00

IP: xxx. .... = 0 (precedence)

IP: ...0 .... = normal delay

IP: .... 0... = normal throughput

IP: .... .0.. = normal reliability

IP: Total length = 55 bytes

IP: Identification = 14985

IP: Flags = 0x0

IP: .0.. .... = may fragment

IP: ..0. .... = last fragment

IP: Fragment offset = 0 bytes

IP: Time to live = 128 seconds/hops

IP: Protocol = 17 (UDP)

IP: Header checksum = ebf1

IP: Source address = 10.10.10.50, 10.10.10.50

- 5 -

IP: Destination address = 255.255.255.255, BROADCAST

IP: No options

IP:

UDP: ----- UDP Header -----

UDP:

UDP: Source port = 2541

UDP: Destination port = 177

UDP: Length = 35

UDP: Checksum = 8E35

UDP:

11.监听所有的NTP 协议包

# snoop |grep - i NTP

Using device /dev/hme (promiscuous mode)

ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:48:50 2002)

ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:49:54 2002)

ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:50:58 2002)

ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:52:02 2002)

ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:53:06 2002)

ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:54:10 2002)

这里我们也可看到NTP server 每隔约一分钟即向多播地址广播一次.

 

date

# date

20031012 星期日 100416 CST

CSTChinese Standard Time的缩写)

# date 10121003 设置时间为10121003

 

设备管理

 

软盘

#volcheck

fdformat [-dDeEfHlLmMUqvx] [-b label] [-B filename] [-t dos-

type] [devname] //格式化

 

prtconf

# prtconf //配置信息

System Configuration: Sun Microsystems i86pc

Memory size: 128 Megabytes //内存

System Peripherals (Software Nodes):

i86pc

+boot (driver not attached)

memory (driver not attached)

aliases (driver not attached)

chosen (driver not attached)

i86pc-memory (driver not attached)

i86pc-mmu (driver not attached)

openprom (driver not attached)

options, instance #0

packages (driver not attached)

delayed-writes (driver not attached)

itu-props (driver not attached)

isa, instance #0

motherboard (driver not attached)

asy, instance #0

asy, instance #1

lp (driver not attached)

fdc, instance #0

fd, instance #0

fd, instance #1 (driver not attached)

i8042, instance #0

keyboard, instance #0

mouse, instance #0

PNP0C02 (driver not attached)

PNP0C02 (driver not attached)

PNP0C02 (driver not attached)

bios (driver not attached)

bios (driver not attached)

bios (driver not attached)

pci, instance #0

pci15ad,1976 (driver not attached)

pci8086,7191 (driver not attached)

pci15ad,1976 (driver not attached)

pci-ide, instance #0

ide, instance #0

cmdk, instance #0

ide, instance #1

sd, instance #0

pci15ad,1976, instance #0

pci15ad,1976 (driver not attached)

display, instance #0

pci1022,2000, instance #0

pci1274,1371 (driver not attached)

used-resources (driver not attached)

objmgr, instance #0

cpus (driver not attached)

cpu, instance #0 (driver not attached)

pseudo, instance #0

#

# prtconf | grep Memory //查看内存

Memory size: 128 Megabytes

arch

# arch -k //了解体系结构

i86pc

uname

# uname -m

i86pc

# uname

SunOS

# uname -a

SunOS wing 5.9 Generic_112234-03 i86pc i386 i86pc

eject

#eject floppy

eeprom

#eeprom selftest -#megs=64 //修改系统自检到的内存数

sysdef

#sysdef //更详细的体系机构

df

# df -k //显示当前所有已安装的文件系统上的文件数目和空闲块的数目

文件系统 千字节 用了 可用 容量 挂接在

/dev/dsk/c0d0s0 63127 36143 20672 64% /

/dev/dsk/c0d0s6 1201014 768820 372144 68% /usr

/proc 0 0 0 0% /proc

mnttab 0 0 0 0% /etc/mnttab

fd 0 0 0 0% /dev/fd

/dev/dsk/c0d0s3 55047 25258 24285 51% /var

swap 651040 24 651016 1% /var/run

swap 651016 0 651016 0% /tmp

/dev/dsk/c0d0s5 24239 15 21801 1% /opt

/dev/dsk/c0d0s7 2691830 122 2637872 1% /export/home

/dev/dsk/c0d0s1 462639 306816 109560 74% /usr/openwin

# df -a //打印所有文件系统的信息

/ (/dev/dsk/c0d0s0 ): 53968 30100 文件

/usr (/dev/dsk/c0d0s6 ): 864388 261705 文件

/proc (/proc ): 0 1878 文件

/etc/mnttab (mnttab ): 0 0 文件

/dev/fd (fd ): 0 0 文件

/var (/dev/dsk/c0d0s3 ): 59578 25450 文件

/var/run (swap ): 1

Solaris 系统安全实施总结(添加了ssh软件安装)

 SUN 系统安全实施总结

一、系统服务端口关闭

1、概述

a) 系统环境

SUN fire 280服务器,主要用途:WEB应用服务器+数据库服务器

b) SOLARIS系统有许多用不着的服务自动的处于使能状态。它们中可能存在的漏洞将使攻击者甚至不需要一个账户就能控制你的机器。关闭这些不需要的服务来保护系统。

2、实施步骤

a) 安装nmap扫描软件

b) 扫描整个系统

c) 确定要关闭的端口(只留telnetftpXwindows用到的端口)

3、实施过程

a) /etc/inetd.conf下面的端口关闭

只留telnetftp别的全部关闭

b) /etc/services下面的端口关闭 :只留telnetftp别的全部关闭

(要是觉得注释麻烦的话,作个备份,别的全部删除,只留下面俩行)

ftp 21/tcp

telnet 23/tcp 

c) /etc/rc3.d下面的服务关闭

S开头的全部改为x开头

xS34dhcp

xS76snmpdx

xS80mipagent

xS15nfs.server

xS50apache

xS77dmi

d) /etc/rc2.d下面的服务关闭

# mv S70uucp xS70uucp

# mv S71ldap.client xS71ldap.client

# mv S72autoinstall xS72autoinstall

# mv S73cachefs.daemon xS73cachefs.daemon

# mv S73nfs.client xS73nfs.client

# mv S74autofs xS74autofs

# mv S74xntpd xS74xntpd

# mv S80lp xS80lp

# mv S94Wnn6 xS94Wnn6

e) 关闭Xwindows需要停止以下服务(为了便于调试,现在没有关闭Xwindows端口)

# mv S71rpc x S71rpc

# mv S99dtlogin xS99dtlogin

二、软件防火墙安装:

1、软件防火墙概述

a) 防火墙版本:tcp_wrappers-7.6

b) 安装目录:/usr/local/bin/tcpd

c) 软件说明:在默认情况下,Solaris允许所有的服务请求。用Tcp_Wrappers来保护服务器的安全,使其免受外部的攻击

2、安装过程

a) 下载软件:tcp_wrappers-7.6-sol8-sparc-local

b) 安装命令:

使用root权限:#pkgadd d tcp_wrappers-7.6-sol8-sparc-local

3、策略制定

a) 策略说明

策略分为两部分,拒绝所有的telnetftp连接,对特定的IP地址和网段打开服务

b) 策略指定

拒绝:所有的连接

容许: IP地址:×××.×××. ×××.120(公司出口公网ip地址)

网段:192.0.0.(公司内网ip

4、安全策略实施

a) root用户:

Vi hosts.deny

in.telnetd:ALL:DENY

in.ftpd:ALL:DENY

vi hosts.allow

in.telnetd:×××.×××. ×××.120 192.0.0.

in.ftpd: ×××. ×××. ×××.120 192.0.0.

5、安全测试

a) 从内网192.0.0.和×××. ×××. ×××.120可以telnetftp 系统。

b) 从外网别的ip地址不可以telnetftp系统。

c) 测试结果:防火墙运行正常

三、应用安全防护

1oracle数据库安全防护

a) 密码策略

b) 数据库安全加强

2BEA weblogic8.1安全防护

a) 密码加强

b) 应用安全加强

四、其他系统安全防护

1、防止堆栈缓冲益出安全策略

入侵者常常使用的一种利用系统漏洞的方式是堆栈溢出,他们在堆栈里巧妙地插入一段代码,利用它们的溢出来执行,以获得对系统的某种权限。要让你的系统在堆栈缓冲溢出攻击中更不易受侵害,你可以在/etc/system里加上如下语句:

set noexec_user_stack=1

set noexec_user_stack_log =1

第一句可以防止在堆栈中执行插入的代码,第二句则是在入侵者想运行exploit的时候会做记录。

2、给系统打补丁

Solaris系统也有它的漏洞,其中的一些从性质上来说是相当严重的。SUN公司长期向客户提供各种版本的最新补丁,放在 http://sunsolve.sun.com网站。可用#showrev p命令检查系统已打的补丁或到/var/sadm/patch目录下查已打过的补丁号,用patchadd命令给系统打补丁。

现在系统补丁版本为:Generic_117350-02(最新补丁版本)

五、难点问题:

1898端口关闭

898smc服务器用的 ,如果你停了SMC就起不来了。 /etc/init.d/init.wbem这是它的脚本。

#cd /etc/rc2.d

#mv S90wbem xS90wbem

22201端口关闭

好像是日文字体启动,要是不使用日文,可以去掉。

#cd /etc/rc2.d

# mv S90loc.ja.cssd xS90loc.ja.cssd

六、ssh安装

1、软件防火墙概述

1Ssh版本:3.2

2)下载网址: http://public.www.planetmirror.com/pub/ssh/

3)安装目录:/usr/local/sbin

3)软件说明:SSH的英文全称是Secure SHell。通过使用SSH,你可以把所有传输的数据进行加密,这样“中间人”这种攻击方式就不可能实现了,而且也能够防止DNSIP欺骗。还有一个额外的好处就是传输的数据是经过压缩的,所以可以加快传输的速度。SSH有很多功能,它既可以代替telnet,又可以为ftppop、甚至ppp提供一个安全的“通道”。

2、安装过程

1)下载软件:ssh-3.2.0.tar.gz

2)安装命令:

使用root权限:

gzip -d ssh-3.2.0.tar.gz

tar -vxf ssh-3.2.0.tar

cd ssh*

./configure;make;make install(确保makegcc目录在当前的环境变量中)

cd /usr/local/sbin

./sshd2 (启动进行测试)

ps -ef |grep sshd (检查是否启动成功)

4、自启动设置:

1)用root用户:

cd /etc/rc2.d

cp -p S60* S99sshdcopy一个现成的,省得设置权限之类的东东)

vi S99sshd (进入后删除所有的内容,我们要的只是现成的权限!)

#!/sbin/sh

if [ -x /usr/local/sbin/sshd ]; then

/usr/local/sbin/sshd

echo "sshd2 startup.."

fi

5、测试

ssh客户端连接服务器,测试成功。

6、注意:

编译ssh-3.2.9报错,在solaris8上编译时,保*.so错误。

七、系统设置完成状况

1、调试已经完成:

1)使用ssh作为远程管理工具,关闭telnetftp

2)关闭X windows,关闭rpcdtlogin

2、现在系统的所开端口状况,nmap扫描结果:

bash-2.03# nmap -P0 127.0.0.1

Starting nmap V. 2.54BETA28 ( www.insecure.org/nmap/ )

Interesting ports on localhost (127.0.0.1):

(The 1547 ports scanned but not shown below are in state: closed)

Port State Service

22/tcp open ssh

Nmap run completed -- 1 IP address (1 host up) scanned in 50 seconds

bash-2.03#

posted on 2008-06-11 08:49  巍巍边疆  阅读(1399)  评论(0编辑  收藏  举报