Wednesday, December 4, 2013

How to get an ILOM Commmnad Line Console

I had an issue the other day on an Oracle x86 blade server. I wanted to access the the system command line system console on a x86 blade. There are two ways to access the console on a ILOM. You can use the Java web console or the command line console. Now on the SPARC systems could always use both consoles, but the x86 servers could only use the Java web console.  So we where forced to web console on the x86 servers. I could just use the ILOM's Java web console, but not all servers have a web browser and Java installed. Below, I have posted my notes on how to make the command line console work for the x86 ILOM.

Run the eeprom command to see your current settings.  If the console setting is set to text then you must change it to ttya.
root@earth> eeprom
ata-dma-enabled=1
atapi-cd-dma-enabled=0
ttyb-rts-dtr-off=false
ttyb-ignore-cd=true
ttya-rts-dtr-off=false
ttya-ignore-cd=true
ttyb-mode=9600,8,n,1,-
ttya-mode=9600,8,n,1,-
lba-access-ok=1
prealloc-chunk-size=0x2000
keyboard-layout=US-English
console=text

Change the setting with the command below.
root@earth> eeprom console=ttya

The server must be rebooted for the change to take affect.

After the reboot test to see if it works.
root@earth> ssh root@ILOM
-> start /SP/console


Reference
Document ID 1448462.1 on the Oracle Support Site.
My Oracle Support
 

Monday, November 25, 2013

Installing Firefox on Solaris (Update III)

These are my updated notes on how to install Firefox on a Solaris 10 server. In this installment, I will go over two different ways to install Firefox. I will be using the files found at the Mozilla website, which just started hosting these files. To check out my previous posts on installing Firefox please check out at the bottom of this post.

The files on the Mozilla site, are the same files that can be found at Sunfreeware.com or UNIXpackages.com. The only issue with getting Firefox from this site is that it is not actually from them. They go out of there way to say this on there site and I quote; "They are the ONLY packages in our repository that are not compiled by us, and were contributed by External Offshore developers in East Asia". The README file on the site says that they where contributed by Oracle Solaris Desktop Beijing Team. I checked with the local Oracle reps in the area and they can't confirm that install files are from Oracle. Anyway if this is not an issue for you then follow the instructions below to install Firefox.

Get the Files
Use the links below to download the files needed for this how to.
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.0esr/contrib/solaris_pkgadd/
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.0esr/contrib/solaris_tarball/

We will use the files below to install Firefox.
firefox-24.1.1esr.en-US.solaris-10-fcs-sparc.tar.bz2
firefox-24.1.1esr.en-US.solaris-10-fcs-sparc-pkg.bz2

Install Firefox from a tar file.
One advantage of installing Firefox with a tar file is that you can install Firefox almost anywhere.  Run the following commands to install Firefox.
root@earth> mv firefox-* /usr/lib/
root@earth> cd /usr/lib
root@earth> bzip2 -cd firefox-24.1.0esr.en-US.solaris-10-fcs-sparc.tar.bz2 | tar xvf - root@earth> ln -s /usr/lib/firefox/firefox /usr/bin/firefox

Start Firefox.
root@earth> firefox

Install Firefox from a package.
root@earth> bzip2 -d firefox-24.0esr.en-US.solaris-10-fcs-sparc-pkg.bz2
root@earth> pkgadd -d ./firefox-24.0esr.en-US.solaris-10-fcs-sparc-pkg

The following packages are available:
   1  SFWatk           ATK - Accesibility Toolkit Libraries
                       (sparc) 1.24.0,REV=110.0.4.2009.02.26.22.56
   2  SFWcairo        Vector graphics library
                       (sparc) 1.8.4,REV=110.0.4.2009.02.26.23.05
   3  SFWfirefox     Mozilla Firefox Web browser
                       (sparc) 24.1.0esr,REV=110.0.4.2013.10.24.13.53
   4  SFWglib2       Low level core compatibility library for GTK+ and GNOME
                      (sparc) 2.18.3,REV=110.0.4.2009.02.27.14.31
   5  SFWgtk2        GTK+ - GIMP Toolkit Library for creation of graphical user interfaces
                      (sparc) 2.14.5,REV=110.0.4.2011.05.26.09.57
   6  SFWpango      Library for layout and rendering of internationalized text
                      (sparc) 1.22.3,REV=110.0.4.2009.02.26.23.21
   7  SFWpixman    Vector graphics library
                      (sparc) 0.12.0,REV=110.0.4.2009.02.26.23.01

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
You can install all the packages listed above or just the Firefox package (SFWfirefox). Firefox will be installed at /opt/sfw/lib/firefox. The install process will link the Firefox exacuteable to /usr/local/bin/firefox. Start firefox as shown below.
root@earth> firefox
If Firefox doesn't start then I would make sure that /usr/local/bin in your path.

My Other Firefox posts.
Installing Firefox on a Solaris server
Installing Firefox on Solaris (Update)
Installing Firefox on Solaris (Update II)




Friday, November 8, 2013

Firefox won't run

This is quick fix for getting Firefox to run, when it says it is already running. How this only seems to happen if you have your home directory mounted across all your computers. The picture below is the error you normally get when your have this problem.



One way to fix this is to delete the lock file.
root@earth> rm ~/.mozzilla/firefox/*.default/lock

You can also use profiles to get past this error. I would suggest you create a different profile for each computer you use Firefox on. Run the command below to get the Pop-up GUI for selecting the profile, as show below. From here you can create a profile to use, if you need one.

root@earth> firefox -p



If you already have profile, then run the command firefox -p with the profiles name at the end.
root@earth> firefox -p profilename


Please feel free to add an comments below If I have missed something.

Wednesday, November 6, 2013

Replace drives on a StoreEdge 6130 & 6140

These are my notes on how to replace a hard drive for a StorEdge 6130 and 6140.


Add disk space from 6130 or 6140 array (host initiator already exists)
1.      Log onto the host and note the existing disks with “format”.
2.      Log onto the StorageTek Common Array Manager via web browser.  URL – https://server:6789   root login.
3.      Expand the 6130 or 6140 array, based on the system requiring space.
4.      Click on the Volumes tab and click on New.
5.      Select the Storage Pool. Click Next.
6.      Select “Storage Selected Automatically by CAM”
7.      Name the new volume and complete the Size section as needed.  Click Next.
8.      Select “Map to an Existing Host/Host Group or the Default Storage Domain.  Click Next.
9.      Select the host.  Click Next.
10.  Review the information.  Click Finish.  Configuration will take a minute or two.
11.  Repeat step 4 thru 10, if additional disk space is required.
12.  Log onto the host and note the existing disks.
13.  If the newly created disk(s) are not listed, run “devfsadm” or “cfgadm –al”.
14.  Create a new zpool with “zpool create  
15.  Create a filesystem on the new zpool with  “zfs create /file system”
16.  Set a mount point for the new file system “zfs set mountpoint=

Download Java in MOS

Oracle offers patches for their software products through My Oracle Support (MOS). The issue is the way Oracle handles Java patches. If you don't have a software contact, then Oracle will not let you directly download the latest Java patch. This can be extremely frustrating, given the fact that the patch is part of both the CPU patchset and 10 Recommend patchset, for Solaris 10. Also if you have a Premier Hardware Support contract, then you get software support for the Solaris operating system. So why Oracle makes it hard is beyond me.

If you don't have a Software support contract then you can't download Java as a Java patch. You can however download a Java patch as system patch. It is actually the same patch ether way. So what matters is the approach you use to get the patch. Follow the steps below to download the latest Java patch as a system patch.

Fig. 1 - Patch Search
Steps
1) Login  to MOS.

2) Go to the Patches and Upgrade tab.

3) Choose the Product or Family (Advanced).
At this point you should be at figure 1.


Fig. 2 - Example of processor types
4) For the Product field input Solaris Operating System.

5) For the Release drop down menu. Pick the Solaris Operating system version you need.
Look at figure 2 as an example.

6) For the next drop down choose Platform.

Fig. 3 - Example of finished search fields
7) For the next drop down pick the Solaris Operating system processor  type you need.

8) Then choose Description.

9) type in javase in the last box.

10) Check the Exclude Superseded patches

At this point your search should look like figure 3.

I hope this helps you out.
You can also use this method to download other patches form Oracle such as OpenSSL.
If you have any comments please post them below.

Friday, November 1, 2013

Show Faulted Hardware in ILOM

Here, I will go over my notes on how to identify and clear hardware faults, in an ILOM (Integrated Lights Out Manager). On this page I will use the example of a chassis fan module error. If you follow my notes and the error clears Then you didn't have a real issue. On the other hand, If after following my notes you can't clear the error. Then you have a real hardware issue. You can't clear errors if the error is still an issue.

This is how you login to the command line interface for the ILOM.
man@earth> ssh root@ilom

The command below is one way to show system faults. The only target you should see is shell. If you see anything other then shell it is a fault. In the example below, the ILOM shows a bad system fan. Shown as 0 (/SYS/FMO).
--> show /SP/faultmgmt

/SP/faultmgmt
     Targets:
          shell
          0 (/SYS/FM0)

      Properties:

      Commands:
          cd
          show

Using the show faulty command is anther way to see the system faults. This command shows a lot more detail. If you have a support contract with Oracle, you will want to paste the output of this command into the ticket, you submit to MOS. The show faulty command can be used without any paths, which will be extra useful if are coming in from a chassis ILOM.
--> show faulty
Target                    | Property                   | Value
-----------------------+--------------------------+---------------------------------
/SP/faultmgmt/0    | fru                            | /SYS/FM0
/SP/faultmgmt/0/   | class                         | fault.chassis.device.fan.fail
faults/0                  |                                  |
/SP/faultmgmt/0/   | sunw-msg-id            | SPX86-8X00-33
faults/0                  |                                  |
/SP/faultmgmt/0/   | component               | /SYS/FM0
faults/0                   |                                 |
/SP/faultmgmt/0/   | uuid                          | 8692c3e4-G481-635e-f8e2-f3f215d1
faults/0                   |                                 | 13f0
/SP/faultmgmt/0/   | timestamp                | 2013-10-02/12:10:43
faults/0                   |                                 |
/SP/faultmgmt/0/   | detector                   | /SYS/FM0/ERR
faults/0                   |                                  |
/SP/faultmgmt/0/   | product_serial_number | 1203FMM107
faults/0                   |                                  |

The command below shows the event log, which will also contain the system hardware errors.
--> show /SP/logs/event/list

To clear the hardware fault from the logs run the command below.
--> show /SP/logs/event/ clear=true

Run this command to clear the fan error.
--> set /SYS/FM0 clear_fault_action=true
Try to clear the hardware fault. If the hardware is really having an issue, the hardware fault will come back. In about a minute or less. If you can't clear the error and you have a support contract then this is when you summit your ticket.

If you have any questions or I missed something let me know.

Friday, October 25, 2013

Installing Firefox on Solaris (Update II)

This part three of my "How to Install Firefox" series of posts. Please read the other Firefox posts linked to at the bottom of this post, for additional information. This post is an update on the Firefox situation on Solaris.

The Oracle Security Blog, posted on October 13, 2013, the long awaited patch for Firefox. You will need a MOS (My Oracle Support) login to download the patches though. Patch 145080-13 for SPARC and patch 145081-12 for X86 will upgrade Firefox to 10.0.12 ESR. This is pathetic considering that at the time I'm writing this, Firefox is at version 24.0. Mozilla doesn't even support Firefox 10 ESR anymore. So why is Oracle giving us this now? Most operating systems are using Firefox 17 ESR right now and they will soon be moving to version 24 ESR. On top of that, Oracle's security blog also doesn't address any of the security vulnerabilities for 2013.

Note - Mozilla doesn't offer Firefox install packages for Solaris.

Current Mozilla supported versions
  • Firefox 17.0.9 ESR
  • Firefox 24.0
  • Firefox 24.0 ESR
Now on the install on Firefox.
The package Solaris uses for the Firefox install is SUNWfirefox. Run the command below to make sure that package is installed. There may be other Firefox related packages, that's OK.
root@earth> pkginfo -l | grep firefox
PKGINST: SUNWfirefox
PKGINST: SUNWfirefoxl10n-es-ES
PKGINST: SUNWfirefox-devel

If the package is not installed then you will have to install it. Unfortunately it installs Firefox 3, so you need to patch it right away. As I mentioned above the patch will update Firefox to 10.0.12. If this is the 1st patch to be applied to Firefox it may take some time, this is normal. In the example below we are installing the SPARC patch.

root@earth> mv 145080-13 /tmp
root@earth> unzip 145080-13
root@earth> pkgadd 145080-13

And you're done. Test the application. If your previous version of Firefox was not part of a package, but instead was install using a tar file then you will have to delete it from the server. I have instructions on how to do that in my 1st post on how to install Firefox.

Info
I have removed Firefox from my server at work because I don't think it is secure on Solaris 10. I am instead using Firefox on Linux server, until Oracle gets their act together. I have heard that Oracle will be releasing FireFox 17 ESR soon. The only problem is, Firefox is only coming to Solaris 11 and not Solaris 10. You can still get Firefox at SunFreeware.com or UNIXpackages.comwhich are the same people. The only issue with getting Firefox from there site is that it is not actually from them. They go out of there way to say this on there site and I quote; "They are the ONLY packages in our repository that are not compiled by us, and were contributed by External Offshore developers in East Asia"

Links to my other Firefox install posts
Installing Firefox on Solaris
Installing Firefox on Solaris (Update)
Installing Firefox on Solaris (Update III)

If you have any comments or question please post them below.


Thursday, October 24, 2013

Access the Java Control Panel

Finding the Java Control Panel in Windows is easy. Now try finding it on a UNIX based system, not so easy. Below are my notes on accessing the Java Control Panel for both Oracle Java and IBM Java.





Sun/Oracle
/usr/java/jdk1.7.0_21/bin/ControlPanel

IBM
/usr/bin/java -viewer

If you have something to please post a comment below.


Wednesday, October 23, 2013

Checking for HTTP

I often need to check what version of Apache HTTP server is running in our environment. I also need to check for what modules are installed. The examples are form a Solaris 10 server and can be applied to any UNIX based operating system, like Linux.

The command below is the basic command for checking the HTTP version.
man@earth> httpd -v

It is best to run the find command. This way you can find any instaces on HTTP as well as any embedded versions that may be hiding on the server.
root@earth> find / -name httpd -type f 2>/dev/null
/usr/local/apache2/bin/httpd

Then to check the version run the following command.
man@earth> /usr/local/apache2/bin/httpd -v
Server version: Apache/2.2.25 (Unix)
Server built: Jul 31 2013 23:39:37

Below is the command for checking what modules are installed.
man@earth> httpd -M


Other sites with info on this.
www.cyberciti.biz
nixcraft.com

Related posts
Version index

Tuesday, October 22, 2013

Get the OpenSSL version

I often have to check which versions of applications we have installed our servers. Below I have post the method of checking the version of OpenSSL installed on a server. The command below should work with any UNIX based operating system. I might even work on Windows.

man@earth> openssl version -a

To find the non system or embedded versions you will have to run the find command. Shown below.

root@earth> find / -name openssl -type f 2>/dev/null


I hope this helps someone

Monday, October 21, 2013

My BASH Promt

Below are my notes on how I like my BASH prompt setup. This prompt has two lines which I find helps to break up the commands from the output. The second line also gives more room for long commands and helps prevent the line from wrapping over top of the prompt. I also update the title bar on the terminal or xterm with the hostname and current working directory. I find this helpful because this way I will always know who I am on the system, what server I'm logged into and what directory I'm in without typing any commands.

earth:~
man@earth

Cut and paste the line below into your terminal or add in to your .profile file. If you like my prompt.
export PS1="\[\e]2;\h:\w \a\[\e[0;31m\]\u\[\e[0m\]@\e[0;32m\h\e[0;34m\]\n<\[\e[0m\] "

If you have any suggestions or questions post them below.

Friday, September 6, 2013

How to setup SSH Keys

This is a guide on setting up SSH Keys for a UNIX based account. What are SSH keys you ask? They are means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. SSH Keys are considered more secure than using passwords to access systems, because user accounts are authenticated by the server without ever having to send your password over the network. If the passwords are not transmitted then they can't be intercepted.
This guide is not for installing or setting up a SSH server. You must have SSH running on your servers in order to get your SSH keys to work. All the examples are take from a Solaris 10 (SPARC) server. This guide should as work on any UNIX based operating system like Linux, BSD and the Mac.

Create you key pair
The ssh-keygen command will generate a public and private keypair. The keys will be stored at ~/.ssh.The basic command looks like this: ssh-keygen -t [dsa|rsa]  The -t sets the type of keys used. In the example below I create a rsa key pair.
man@earth> ssh-keygen -t rsa
Enter file in which to save the key (/home/man/.ssh/id_rsa): Press [Enter] key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/man/.ssh/id_rsa.
Your public key has been saved in /home/man/.ssh/id_rsa.pub.
The key fingerprint is:dfhjodfnk
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01

Make sure you don't use a blank passphrase. Doing this is very insecure. Having a blank passphrase defeats the purpose of having having the extra security of a key exchange setup. It is also import to never give out your private key, which also compromises security of your account.

Copy public key
Copy you public key to the authorized_keys file on the remote server.
man@earth> scp ~/.ssh/id_rsa.pub moon:~/.ssh/authorized_keys

If your home directory automounts across a lot of servers. You can copy it over with the cat command.
man@earth> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Setup Agent
At this point, when you login you get prompted for a passphase. To stop this from happening you need to setup a SSH agent. Run the command below and type in your passphare when prompted.
man@earth> eval `ssh-agent`
man@earth> ssh-add
Enter passphrase for /home/man/.ssh/id_rsa:
Identity added: /home/vivek/.ssh/id_dsa (/home/man/.ssh/id_rsa)

There are other ways to set up the agent such as using the gnome GUI for example. Unfortunately that only works if your running a gnome desktop. If your a VNC user, you should start your VNC server session after starting your agent in the same terminal. This way all your terminals launched in your VNC session, will use the same agent.

One issue with agents is that sometimes you end up running a lot of agents. Run the command below and kill any agents that you are not using, as a good practice.
man@earth> ps -ef | grep agent

References
g-loaded.eu
Symantec: SSH and ssh-agent

If you have any questions or comments please post below.

Thursday, September 5, 2013

Faster Solaris 10 Zone Creation

These are my notes on a faster way creating Solaris 10 zones. If you're not familiar with Solaris 10 zones might I suggest you first read my notes on creating Solaris 10 zones. These notes will go over making a whole root zone with a shared network interface. For the purpose of this guide. We will use the hostname, earth for our Global zone (host). We will create a zone named moon.

Create the zone
root@earth> zonecfg -z moon "create -b; set zonepath=/export/zones/test; set autoboot=true; add net; set physical=e1000g0; set address=10.1.1.232/24; end; verify; commit; exit"

Alternately you can put all the sub-commands into a file.

Install zone
root@earth> zoneadm -z moon  install
A ZFS file system has been created for this zone.
Preparing to install zone moon.
Creating list of files to copy from the global zone.
Copying 82181 files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize 783 packages on the zone.
Initialized 783 packages on zone.
Zone moon is initialized.
Installation of 1 packages was skipped.
The file contains a log of the zone installation.

Check the zone (Optional)
root@earth> zoneadm list -cv
ID NAME     STATUS      PATH                            BRAND      IP
0   global        running        /                                 native          shared
-    moon        installed       /export/zones/moon     native          shared

Make an answer file
You must create the sysidcfg configuration file and put it in the zone's /etc directory. For example: /export/zones/moon/root/etc/. This must be done after the zone install but before the you boot the zone. Below is an example of a sysiccfg that worked for my setup.

system_locale=en_US
timezone=US/Eastern
terminal=vt100
timeserver=localhost
root_password=$1$w/3YH4kq$R3Tk2lHWRIL2FiiJ2eJqQ1
network_interface=PRIMARY {hostname=moon
                     default_route=NONE
                     ip_address=10.1.1.232
                     netmask=255.255.254.0
                     protocol_ipv6=no}
nfs4_domain=sun
security_policy=NONE
name_service=NONE


Get remote console on the zone
Run this command in a different terminal.
root@earth> zlogin -C moon
Note -C option gives you a persistent console. To get back to the global zone type .~

Boot the zone
root@earth> zoneadm -z moon boot
After you run the command above, look at the other terminal where you ran zlogin. You should see the zone booting up. After the zone boots up, you should see a login prompt. If instead the setup process starts up, then there is an error with the sysidcfg file. I that case you will have to delete you zone. Check out my notes on how to uninstall and delete a zone. If there are no issues then your done.

I hope this was helpful to someone. If you have any questions or comments please post them below.

Related posts on this blog:
Creating Solaris 10 zones
Uninstall and delete a zone

Thursday, August 1, 2013

Java PATH need to run the ILOM Remote console

From time to time there is something you only set once. For example Oracle's Integrated Lights Out Manager (ILOM) has a web interface. Which has remote console feature. This feature uses Java running in a web browser. The first time it asks for the path to launch the program . Below I have displayed  the path the Java needs for the remote console feature.


For UNIX & Linux computers:  /usr/bin/javaws
For Windows computers: C:\Program Files\Java\jre\bin\javaws 

I hope this helps someone.

Wednesday, July 31, 2013

Free System Administration Training

I recently attended some free online training from Oracle. Oracle called the training event Virtual SysAdmin Day.  I thought the training was really good. So I'm posting links to the training so maybe you can also benefit from the training as well.

Link to training from the Oracle Virtual SysAdmin Day.
http://www.oracle.com/us/dm/11551-wwmk13049569mpp141c003-oem-1980042.html

Solaris resources
https://blogs.oracle.com/solaris/
http://www.youtube.com/oraclesolaris

Oracle Linux resources
https://blogs.oracle.com/linux/
http://www.youtube.com/oraclelinuxchannel

Oracle Virtualization  resources
https://blogs.oracle.com/virtualization/
http://www.youtube.com/user/OracleVirtualization


I hope someone finds this useful.

Thursday, July 25, 2013

Adding, Deleting or Changing a Group in UNIX

This is a little how to on creating, deleting or modifying a group on a UNIX based computer.

root@earth> /usr/sbin/groupadd -g # groupname
If you us -g the option, you will be able to set the GID for the group. If the GID is not set then the OS will choose one.

To delete a group.
root@earth> /usr/sbin/groupdel groupname

To change a group
root@earth> /usr/sbin/groupdel -g # -n newgroupname groupname
Use the -g option to change the group gid and use -n to change the name of the group.

Use these commands only for local accounts. If a network nameservice or directory server is running then use that service instead.


Wednesday, May 1, 2013

Getting NetBackup 7.5 files for install

We just upgraded our NetBackup from 7.1 to 7.5. These are my notes on upgrading our UNIX and Linux clients.

Go to https://fileconnect.symantec.com and download the required files. You will need to enter a serial number to get access to the files. As seen to the right.

After you download the files you will have to join them together before you can do a install.


Unix joining instructions:
cat "NB_CLT_7.5.0.4-tar-split.1of3" "NB_CLT_7.5.0.4-tar-split.2of3" "NB_CLT_7.5.0.4-tar-split.3of3" > "NB_CLT_7.5.0.4.tar"

now you are ready to begin the install.

Installing Sudo on Solaris 10

These are the notes on installing sudo on Solaris 10. In order to install sudo you will also need to install some dependencies. I have listed the needed packages below.

Packages
Package Name Application Description
SMCsudo sudo Provides limited super user privileges
SMClintl libintl GNU locale utilities, libintl.so.2
SMCliconv libiconv GNU iconv library, libiconv.so.2
SMCzlib zlib Zlib data compression library, libz.so.1
SMClgcc libgcc The GNU Compiler Collection, libgcc_s.so.1

Installing the packages
mv filename /tmp
cd /tmp
gunzip filename
pkgadd -d filename

Links to where you can get the packages.
www.sufreeware.com
  unixpackages.com paid site, the paid version of sunfreeware.

Tuesday, April 30, 2013

Add Zone Function to Solaris 10 Core build

These are my notes on adding the zone functionality to Solaris. Solaris 10 comes with six Software Groups. The Software Groups are, from lowest to highest, Reduced network Support, Core System Support, End User, Developer, Entire and Entire Plus OEM.

I installed Solaris 10 at the Core level. When I tried to install a zone it couldn't find the zonecfg command. This is because the packages needed to support zones are not install at this level. Below are the packages I install to in order to get zone functionality on my Solaris 10 server.

SUNWzoneu
SUNWzoner
SUNWpoolr
SUNWluzone
SUNWluu
SUNWlur
SUNWlucfg

Thursday, April 25, 2013

Bash Shortcut keys

I found this little reference chart on the short cut keys in BASH. These short cut keys allow for command line editing. I for example use Ctrl + A all the time to edit the line.


Ctrl + A Go to the beginning of the line you are currently typing on
Ctrl + E Go to the end of the line you are currently typing on
Ctrl + L            Clears the Screen, similar to the clear command
Ctrl + U Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + H Same as backspace
Ctrl + R Let’s you search through previously used commands
Ctrl + C Kill whatever you are running
Ctrl + D Exit the current shell
Ctrl + Z Puts whatever you are running into a suspended background process. fg restores it.
Ctrl + W Delete the word before the cursor
Ctrl + K Clear the line after the cursor
Ctrl + X Then Backspace clear the line before the cursor
Ctrl + T Swap the last two characters before the cursor
Esc + L Changes to upper case
Esc + U Changes to lower case
Esc + T Swap the last two words before the cursor
Alt + F Move cursor forward one word on the current line
Alt + B Move cursor backward one word on the current line
Tab Auto-complete files and folder names

Referance:
http://www.howtogeek.com/howto/ubuntu/keyboard-shortcuts-for-bash-command-shell-for-ubuntu-debian-suse-redhat-linux-etc/
I found this chart at the link above.

Monday, April 22, 2013

Mount an ISO in Solaris 10

Sometime I run into an issue were I need to install a program and the only installer I can find is on a CD or DVD. Unfortunately most servers don't have CD/DVD players. I can usually download the media, in the form of an ISO from the vender website. Then the issue is how do I get the application out of the ISO if you don't have a CD or DVD drive. Luckily for me, most UNIX based Operating Systems can mount a ISO. In much the same way you would mount an NFS (Network File System) or other external volumes, like a CD/DVD drive. As the title suggests this How-to will focus on doing this on a Solaris 10 server.

Mounting an ISO

# lofiadm -a /path/to/cd.iso
/dev/lofi/1

Now you can mount the ISO. # mount -o ro -F hsfs /dev/lofi/1 /mnt

Unmount and detach the images

# umount /mnt
# lofiadm -d /dev/lofi/1

Useful links
http://www.cyberciti.biz/faq/howto-mount-sun-solaris-cd-iso-image/
http://bradthemad.org/tech/notes/solaris_mount_iso.php

Monday, April 15, 2013

Make Firefox load ILOM pages, Part III

This yet anther way to make Firefox load the ILOM web interface properly. Posted below is a script my co-worker wrote. Basically it adds the content to the userContent.css file via this script. This way you don't have to edit the file manually, like you had to in my other post "Make Firefaox load ILOM pages".




export PROFILE_IDZ=$(grep Path= $HOME/.mozilla/firefox/profiles.ini | awk -F={`print $2`})
export FILE4FIXZ-"~/.mozilla/firefox/${PROFILE_IDZ}/chrome"

mkdir -p ${FILE4FIXZ}
touch ${FILE4FIXZ}/userContent.css

echo "@media print {" > ${FILE4FIXZ}/userContent.css
echo "}" >> ${FILE4FIXZ}/userContent.css
echo " " >>  ${FILE4FIXZ}/userContent.css
echo "@namespace url (https:www.w3.org/1999/xhtml);" >>  ${FILE4FIXZ}/userContent.css
echo "#mainpage { visibility: visible !important; }" >>  ${FILE4FIXZ}/userContent.css

cat  ${FILE4FIXZ}/userContent.css


If you have comments please post below.

Thursday, April 11, 2013

Script for checking accounts

In a perfect world all user accounts are centrally managed by a directory server such as NIS, LDAP or Active Directory. Unfortunately not all servers use accounts that are centrally managed or there are some servers that are set aside, as stand alone servers. It a can be a real pain to find out your account's password expired. Then be forced to change it before you can login. So I wrote this is a little script because I need to know when my passwords are about to expire. This way I can change my passwords on all the servers, before they expire.

I have three different operating systems at work so of course they all do this differently. In this how to I will be using examples from Solaris 10, RHEL 5 (Red Hat Enterprise Linux) and SLES 11 (SUSE Linux Enterprise Server). I created a different file, containing the server names, for each OS.

The script below logs into each server listed in the server-sol file and runs the passwd -s command and prints the output on the screen. It then runs the change -l command on the Linux servers. SUSE needs elevated privileges to run the change -l, so I add sudo to the line. The line where you see the echo statement, prints the server's name indented and in bold.

man@earth>cat check-login2
for s in `cat server-sol`
do echo -e "\e[1m $s \033[0m "
ssh -q $s sudo passwd -s man
done
for r in `cat server-rhel`
do echo -e "\e[1m $r \033[0m "
ssh -q $r chage -l man
done
for sles in `cat server-suse`
do echo -e "\e[1m $sles \033[0m "
ssh -q $sles sudo chage -l man
done

Examples of out from script on the different OS versions.
man@earth>./check-login2
   solaris-server
rich PS 04/03/13 7 56 7
   rhel-server
Last password change : Apr 03, 2013
Password expires : May 29, 2013
Password inactive : never
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 56
Number of days of warning before password expires : 7
   sles-server
Minimum: 1
Maximum: 60
Warning: 7
Inactive: 35
Last Change: Apr 03, 2013
Password Expires: Jun 02, 2013
Password Inactive: Jul 07, 2013
Account Expires: Never

As you can see there is a difference in the output each OS gives you. If you have any comments or questions please post them below.

Friday, March 29, 2013

Installing Firefox on Solaris (Update)

On this post I'm going over how to install Firefox on Solaris 10. This is an update from one of my earlier posts. The reason for this update is because there has been some changes on how you get Firefox. The place where Mozilla would point it's uses to download Firefox was the OpenSolaris.org website. Oracle took down the OpenSolaris.org website on March 23 2013. As my old instructions used a different install process, I felt I needed to rewrite this how-to.


The other main place to get Firefox is at SunFreeware.com or UNIXpackages.com, which are the same people. The only issue with getting Firefox from there site is that it is not actually from them. They go out of there way to say this on there site and I quote; "They are the ONLY packages in our repository that are not compiled by us, and were contributed by External Offshore developers in East Asia". The quote used to say "contributed by developers in Beijing China", apparently someone complained and a change was made. With all the hacking allegations concerning China you may not not want to get Firefox from them.

The other places that host Solaris software or packages is blastwave and OpenCSW.org. Blastwave is now a dead project and OpenCSW.org doesn't have Firefox in their package list.

Now I have some good news and some bad news. Good news Oracle is now providing patches and/or packages for Firefox. The bad news is that they are not keeping up with the Firefox versions from Mozilla. Not to mention the CVE vulnerabilities that are coming out.

Below I list two places to get Firefox from Oracle. You will need a Oracle Support login to download the files. The 2nd link lets you see the 3rd party patches that are available before you need to login to Oracle. You can get newer versions of Firefox, then what is linked to below, by putting in a ticket (SR) to your MOS (My Oracle Support) account.
Oracle Support document 1448883.1
Third Party Software in Oracle Products webpage.

The main package for Firefox is SUNWfirefox. There are a few additional Firefox packages that you might have installed on your sever. To see what Firefox related packages are on your server run the command below.
# pkginfo -l | grep firefox
PKGINST: SUNWfirefox
PKGINST: SUNWfirefoxl10n-es-ES
PKGINST: SUNWfirefox-devel

To see a complete list of Solaris 10 packages click here.

Oracle has provided the following patches for Firefox: 145080-11 (x86) & 145080-12 (SPARC). Applying this patch may take a little longer then what you are used too but, it will upgrade Firefox from 3.X to Firefox 10.0.7. # mv 145080-12.zip /tmp
# unzip 145080-12.zip
# patchadd 145080-12

Congrats you have install the ESR version Firefox on Solaris 10. Oracle also has an updated version of Firefox for Solaris 11, coming soon.

My Other Firefox posts.
Installing Firefox on a Solaris server
Installing Firefox on Solaris (Update II)
Installing Firefox on Solaris (Update III)

If you have anything to add please post below.

Thursday, March 28, 2013

Change the ILOM IP address

From time to time I have to change the IP addresses on the ILOM (Integrated Lights Out Manager). So I decided to post my notes on how to do this and maybe someone will find it useful. There is also anther older hardware manger called ALOM (Advanced Lights Out Manager), this not the same. They both the provide console access to your server. For these don't know, console access is when you get remote access to a server, as if you where right next to it. So basically you see everything as if you where physically there. Note that this post changes the IP address for the MGT (management) port. This doesn't change the servers IP address for the OS installed on the hardware.

If this is the first time anyone has logged in then the ILOM will be set to the defaults. The default username is root and the default password is changeme.
# ssh root@server-ILOM
Are you sure you want to continue connecting (yes/no)? yes
Password:

For most severs with ILOM just put in the commands like you see below in the example. -> cd SP/network
-> set pendingipaddress=10.1.0.10
-> set pendingipgatway=0.0.0.0
-> set pendingipnetmask=255.0.0.0
-> set pendingipdiscovery=static
-> set commitpending=true

To check you work or see what your IP settings are, type ls or use the command below
You can see your IP address from any place in the ILOM by running the command below. -> show /SP/network 
To change the IP address of the chassis or CMM that hold the blade servers. Login and go to /CMM/network like in the example below and run the same commands as above. -> cd CMM/network
You can change the IP to the blades from the chassis ILOM as well. -> cd CH/BL#/SP/network

If you have any comments or questions please post them below.

Friday, March 1, 2013

How to set up SHA-256 or SHA-512 hashing

These are my notes on how to setup better password hashing on your Solaris 10 servers. To make your servers more secure, you will want to use SHA-256 or SHA-512 password hashing. Many old servers use a weaker hash by default. In the example below user1 is using the MD5 hash and user2 is using the SHA-512 hash. As you can see, the hash for user2 is using is much longer. The fact that it is longer makes the hash more secure.

user1:$1$QNhPL6JG$fISdvRQdpXSj1seOcYoSk.
user2:$6$GptKlbR1$3Qjb5HBh.2R87N8RkvxWYnpHETXfVCeOEgQTs5EXBs6o9nb6z2tHkqalNt1H2ZI5dicCFkUnRRgWFW65CUOBF0

In /etc/security/policy.conf make sure the following setting is set.
CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6

In /etc/security/policy.conf change the following lines to what you see below. #CRYPT_ALGORITHMS_DEPRECATE=__UNIX__
CRYPT_DEFAULTS=6


In /etc/security/crypt.conf you should see the following lines at the end. If there not there, then you most likely don't have this patch 140905-02 installed. If you have a Oracle Support contract you can download it from My Oracle Support.
5 crypt_sha256.so.1
6 crypt_sha512.so.1


I got the info about the missing patch from a post I made at the Oracle Communities forum. Below, I have posted a link to my post.
https://communities.oracle.com/portal

To see what hash your users are using look at your /etc/shadow file. If the users hash starts with $5 or $6 than they are using SHA-256 or SHA-512. After you make the changes above the users will need to reset there password. You will need to use the -d with the passwd command to delete the users password hash. If this is not done the account will continue to use the old hash. On Linux machines you don't need to run the passwd -d command.

passwd -d user1
passwd: password information changed for user1
passwd user1
New Password:
Re-enter new Password:
passwd: password successfully changed for user1


I hope this helps some one out.