Administer printers check the status of printers Sun solaris:-
Check the status of printers is a step performed after setting up print server and print client.It is an important printer administration task that require information about the status of the LP print service or a specific printer.
If we need to determine which printers are available for use we may need to know the characteristics of those printers.The command lpstat is used to obtain status information about the LP print service or a specific printer offered by the service.
$ lpstat [-d] [-p printer-name] [-D] [-l] [ -o list] [-t]
where the options are listed as follows :
-d – shows the system’s default printer
-D – shows the description of the printer specified by the printer-name. This is usually used with -p option
-l – shows the characteristics of the printer specified by the printername
-o list – displays the status of the output requests specified by the list. It is a intermix of printer names, class names, request ID’s. If we don’t specify the list, status of all requests is displayed
-p printer-name – Showws whether the printer specified by the printername is active or idle, when the printer was enabled or disabled, whether the printer is accepting print requests. We can specify multiple printer names in a comma seperated list , space seperated list enclosed in quotation marks. If we don’t specify a printer, status of all printers is displayed
-t – shows information about the LP print service. It includes the status of all printers, including whether they are active and whether they are accepting print requests.
lpstat command can be used to determine the status of a print request, a printer, many other aspects of print service such as print scheduler.
Autofs Creating Direct Map Sun Solaris:-
Autofs – Creating a Direct Map involves the following steps.
What is a direst map in autofs?
A direct map lists a set of unrelated mountpoints that might be spread out across the file system. A complete path is listed in the map as a mount point (/usr/local/bin).
/etc/auto_direct map lists the following :
/usr/man -ro ronald:/usr/man helen:/usr/man news2:/usr/man
Follow the steps given below to create a direct map
1) Add the following entry in the master map file called /etc/auto_master :
2) Create teh direct map file called /etc/auto_direct with the following entry :
3) As we’re modifying a direct map, we must run automount to reload the AutoFS tables as follows :
If we’ve access to /usr/local directory, the NFS mount point is established by using the direct map we’ve set up.
4) List the contents of /usr/local :
# ls /usr/local
Adding run control script Solaris Sun solaris :-
dding a run control script involves the following steps :
1) Log in as normal user and become the root user/super user (# prompt)
2) Add the script to the /etc/init.d directory :
# cp filename /etc/init.d
# cd /etc/init.d
# chmod 744 filename
# chown root:sys filename – change the user and group permissions (user:group)
3) Create links to appropriate rc.d directory
# ln filename /etc/rc2.d/S — startup script
# ln filename /etc/rc.d/K — kill/stop script
4) Use the ls command to verify that the links have been created for the script int he specified directories.
# ls -li /etc/init.d/ /etc/rc?.d/[SK]*
Sun SolarisBooting the x86 client:-
Sun Solaris Booting the x86 client involves the following steps
1) Enter the system BIOS (Basic Input Output System) by typing the appropriate keystrokes
2) Configure the BIOS to boot from the network
3) Adjust the boot device priority list, if present, so that a network boot is attempted first
4) Exit the system BIOS
The system will boot from network and should prompt for installation we want to run. Choose the installation type and proceed further.
File System Parameters Solaris:-
Sun Solaris File System Parameters/custom file system parameters are given below :
1) Logical block size – It is the size of the blocks that the UNIX kernel uses to read or write files
2) Fragment Size – As files are created or expanded they are allocated disk space in either full logical blocks or portions of logical blocks called fragments. When disk space is needed to hold data for a file, full blocks are allocated first and then one or more fragments of a block are allocated. For small files allocation begins with fragments.
3) Minimum free space – It is the percentage of the total disk space held in reserve when we create the file system
4) Optimization type – It is either space or time. When we select space optimization, disk blocks are allocated to minimize fragmentation and optimize disk use. When we select time optimization, disk blocks are allocated as quickly as possible, with less emphasis on their placement. With enough free space, the disk blocks can be allocated effectively with minimal fragmentation. Time is the default
5) Number of inodes and bytes per inode – Number of inodes determine the number of files we can have in the file system because each file has one inode. The number of bytes per inode determines the total number of inodes created when file system is made( total size of the file sytem/number of bytes per inode)
SMC Usage Tool solaris GUI Tool
SMC Usage Tool is a gUI tool in solaris 10 OS used to display information about currently mounted file system,mount point,disk space allocation,disk space usage,availability.Being a GUI tool we can launch the smc tool from CLI as follows
#smc & – This will initiate smc as a background process
We can also launch the tool using the following navigation :
In left navigation pane select This Computer->Storage Icon->Mount And Shares icon
This will prompt us to enter root password. Now select the usage icon.
Setting Indirect Map Solaris
An autofs file is called a map. Autofs service helps mount and unmount filesystems in client on a dynamic basis. A map can be master map,direct map,indirectmap,special map
What is an indirect map?
An indirect map lists the mount points as relative path names.To establish a mount point on the client relative path is used.
Unix File /etc/hosts.equiv File Security Threat:-
One system can login to another system as a remote system using rlogin,ssh etc./etc/hosts.equiv file has entries – list of trusted hosts that are permitted to do remote login into this host. The entries can be hostnams or hostname tab seperated username. When username is specified only that user can access the system.
If we specify a + in /etc/hosts.equiv file then all the remote systems are truated and given access which is a security flaw.
.rhosts and /etc/hosts.equiv always pose a security threat.
So it is a better practice to use ssh(secure shell)
Sun Solaris pax (Portable Archive Interchange) Command :
Sun Solaris pax (Portable Archive Interchange) Command is used to read and write to the members of the archive file, make a list of the members of an archive file, copy directory hierarchies.Archive formats supported include :
2) tar (extended tar)
pax mode options — mode and options are optional parameters
mode specifies the mode in which pax command operates. It may be,
1) Read mode (-r)
2) Write Mode (-w)
3) Copy Mode (-rw)
4) Not specified
Solaris dfshares command :
Sun Solaris (solaris 10) – dfshares command displays information about the shared resources that are available to the host from an NFS server.
We can view the shared file systems on a remote NFS server by using the dfshares command as follows :
# dfshares new-server
If no server name is specified, all the resources currently being shared on the local host are displayed.
We can find information about shared resources in the file /etc/dfs/sharetab . This file contains list of resources currently being shared.
Solaris Running a command in a zone:
Sun Solaris (Solaris 10) – Running a command in a zone can be performed in an interactive and non -interactive fashion.In interactive emthod, an user assumes a super user role, uses zlogin and executes the command. The user uses exit to quit the session.Commands can be executed in non-interactive fashion as follows :
1) Log in as root user
$ su – root
2) Check the hostname
# hostname — lets say O/P be test
3) Log into the zone and run commands in a non -interactive fashion
# zlogin testloginzone zonename
testloginzone — O/P
4) Now check the hostname
# hostname — O/P is the same (test)
/etc/nsswitch.conf,Co-ordiacting use of Naming Services in Sun Solaris 10:-
Sun solaris operating system supports more than one naming service.We can use one or more than one naming service.We may find one naming service to be appropriate for one kind of information and another to be appropriate for another kind of information.To enable the client to get specific network information from the correct naming service, we (system administrator) must maintain “Name Service Switch File”.
Name Service Switch File — /etc/nsswitch.conf
Each entry in /etc/nsswitch.conf lists a specific type of available information.
Information includes :
It also provides information on source from which this information can be obtained.By looking into this file, a client can retrieve different pieces of needed information from one or more sources.Information about one or more sources can be obtained by one or more entries in the file.
Example : Host name from NIS table, password from a local file in the directory /etc
Zombie Process,Zombie Process In UNIX/LINUX/Sun Solaris/IBM AIX:-
Zombie Process in UNIX/LINUX/Sun Solaris/IBM AIX is recognized by the state Z.It doesn’t use CPU resources.It still uses space in the process table.It is a dead process whose parent did not clean up after it and it is still occupying space in the process table.
They are defunct processes that are automatically removed when a system reboots.Keeping OS and applications up to date and with latest patches prevents zombie processes.By properly using wait() call in parent process will prevent zombie processes.
SIGCHLD is teh signal sent by child to parent upon task completion and parent kills child(proper termination).
kill -18 PID – Kills childs process.
fssnap is a solaris command that is used to perform backup of a file system that is in mount state and in multi-user mode.
fssnap -F ufs -o backing-store=’/location’ sourcefilesystem(eg:/home/data)
The above command creates a backing-store file in the location specified. The backing-store file can also be abbreviated as bs.The command mentioned above creates a virtual device /dev/fssnap/0 (block virtual device).After the above command is executed /dev/rfssnap/0 (raw virtual device) is created.
The backing-store file is created in location specified as snapshot0.The backing-store file is a point in time copy of the source file-system.The bs file grows as the activity in source file system grows. As source is copied block-by-block to bs file, the more teh activity on file system, more will be the expansion of backing store file.
We can limit the size of the backing-store file as follows:
fssnap -F ufs -0 maxsize=value,bs=’/location’ /sourcefs
The command will restrict the size of the backing-store file to value specified above.When there is no room for backing-store file to grow, backup will fail.Information about this can be obtained from /var/adm/messages file.After creating the backing-store file (snapshot0), it can be backed up to tape as follows :
ufsdump 0ucf /dev/rmt/0 /dev/fssnap/0
Distributed File Systems,Network-based File Systems,Solaris distributed File system:-
Distributed File Systems/ Network-based File Systems are used to store data that can be accessed across systems over a network.
The files could be stored on a system called as server, can be accessed from other systems over the network.
NFS (Network File System) Version4 (V4) is supported in Solaris 10.
It improves security by integrating file access, file locking, mount protocols into a single unified protocol.
Checking Users No passwords Solaris:-
Checking For users with no passwords is an essential function of system administrator.Now-a-days InfoSec team is vested with the responsibility of formulating documents to determine the security level of an organization, steps needed to achieve the security.We should monitor user logins to ensure that their passwords are secure.A potential problem is for users with blank password ( users with carriage return as password/no password at all).
When a account doesn’t have a password, we don’t get the password prompt. We simply enter the username and we login.It is mandatory to check for users with no passwords.
1) Log in and become superuser/root user
$ su – root
2) Use logins command to get details on account without any password.
# logins -p
Monitoring User Activity Sun Solaris:-
Monitoring a user’s activity is an essential job role of a system administrator.User’s activity can be monitored only by assuming superuser/ root user role.
1) Log in as user and perform a su to become superuser
$ su – root
2) Display a user’s login status by using the command logins
# logins -x -l
For monitoring a user by name helen, issue :
# logins -x -l helen
We obtain information regarding the user as follows :
The primary group to which the user belongs to (This is GID number specified in /etc/passwd entry)
The comment field in /etc/passwd (if any)
The user’s home directory
The user’s default login shell
Password aging information – last date the password was changed, number of days required between changes, number of days allowed before a change is required, warning period.
Password aging is an essential standard recommendation from SOX (Sarbanes Oxley) and is mandate.