Sun OS Classic Command
Solaris 系统维护命令大全
1、查看机型:SUn的小型机的机型都在面板上写着有,如NETRA T 1125,
还有比如utra 5,utra 10等等。
2、查看cpu个数 (错误,不正确,因为sun中的top命令不能完全看到所有的cpu情况,与HP用法也不一样)
#top
CPU states: 99.3% idle, 0.1% user, 0.6% kernel, 0.0% iowait, 0.0% swap
表示只有一个cpu
正确方法:
用dmesg |grep cpu
便可以看到正确的 cpu个数了。
3、查看内存
#dmesg |grep mem
mem = 2097152K (0x80000000)
avail mem = 2087739392
4、查看磁盘的个数
#vxdisk list
DEVICE TYPE DISK GROUP STATUS
c0t0d0s2 sliced - - error
c0t0d0s7 simple c0t0d0s7 rootdg online
c1t0d0s2 sliced - - online
c1t1d0s2 sliced smpdg2 smpdg online
c1t2d0s2 sliced smpdbdg1 smpdbdg online
c2t0d0s2 sliced - - online
c2t1d0s2 sliced smpdg1 smpdg online
c2t2d0s2 sliced smpdbdg2 smpdbdg online
5、如何查看文件系统
#df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0t0d0s0 4032142 1050675 2941146 27% /
/proc 0 0 0 0% /proc
fd 0 0 0 0% /dev/fd
/dev/dsk/c0t0d0s6 7304977 29 7231899 1% /home
/dev/dsk/c0t0d0s5 4032142 402929 3588892 11% /opt
swap 3418392 32 3418360 1% /tmp
/vol/dev/dsk/c0t6d0/informix
201730 201730 0 100% /cdrom/informix
/dev/vx/dsk/smpdg/smpdg-stat
1055 9 941 1% /smpwork
/dev/vx/dsk/smpdg/lv_smp
17336570 128079 17035126 1% /sms
6、查看卷组、逻辑卷的位置
#cd /dev/vx/dsk/
比如smpdg等等都在该目录下了,然后再进入某个卷组目录就可以看到该卷组下
面的逻辑卷了。
7、如何创建卷组、逻辑卷、文件系统
A、创建smpdg逻辑卷组(假设现在是将c1t1d0 和c1t2d0两块物理磁盘来创建smcpdg逻辑卷组)
vxdisksetup -i c1t1d0 (格式化物理磁盘)
vxdisksetup -i c2t1d0
vxdg init smpdg smpdg1=c2t1d0 (将物理磁盘加入到逻辑卷组smpdg)
vxdg -g smpdg adddisk smpdg2=c1t1d0
然后再来创建逻辑卷、文件系统
vxassist -g smpdg -U fsgen make lv_smp 17200m layout=nolog smpdg1
vxassist -g smpdg mirror lv_smp layout=nostripe smpdg2
newfs -C -f /dev/vx/rdsk/smpdg/lv_smp
假设现在的一台机器上挂接到/sms
mkdir /sms
chown smp:smp /sms
vxvol -g smpdg startall
mount /dev/vx/dsk/smpdg/lv_smp /sms
umount /sms
vxvol -g smpdg stopall
vxdg deport smpdg
然后再在第二台机器上挂接到/sms
mkdir /sms
chown smp:smp /sms
vxdg import smpdg
vxvol -g smpdg startall
newfs -C -f /dev/vx/rdsk/smpdg/lv_smp
mount /dev/vx/dsk/smpdg/lv_smp /sms
umount /sms
备注:以上是创建一个共享的文件系统
往往由于smpdg要分配给某一个应用来使用,所以需要再来创建一个个逻辑机运行
时挂接的文件系统:
vxassist -g smpdg -U fsgen make smpdg-stat 2m layout=nolog smpdg1
vxassist -g smpdg mirror smpdg-stat layout=nostripe smpdg2
newfs /dev/vx/rdsk/smpdg/smpdg-stat
B、创建smpdbdg逻辑卷组
创建卷组:
vxdisksetup -i c1t2d0
vxdisksetup -i c2t2d0
vxdg init smpdbdg smpdbdg1=c1t2d0
vxdg -g smpdbdg adddisk smpdbdg2=c2t2d0
vxassist -g smpdbdg -U fsgen make smpdbdg-stat 2m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror smpdbdg-stat layout=nostripe smpdbdg2
newfs /dev/vx/rdsk/smpdbdg/smpdbdg-stat
创建逻辑卷:
vxassist -g smpdbdg -U gen make lv_rootdbs 128m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_rootdbs layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_logdbs 300m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_logdbs layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_phydbs 100m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_phydbs layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_tempdbs 1000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_tempdbs layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_svcchunk1 2000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_svcchunk1 layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_svcchunk2 2000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_svcchunk2 layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_svcchunk3 2000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_svcchunk3 layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_recchunk1 2000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_recchunk1 layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_recchunk2 2000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_recchunk2 layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_recchunk3 2000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_recchunk3 layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_recchunk4 2000m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_recchunk4 layout=nostripe smpdbdg2
vxassist -g smpdbdg -U gen make lv_recchunk5 1700m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_recchunk5 layout=nostripe smpdbdg2
C、附逻辑卷的属性
vxedit -g smpdg -v set user=smp group=smp lv_smp
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_rootdbs
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_logdbs
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_phydbs
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_tempdbs
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_svcchunk1
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_svcchunk2
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_svcchunk3
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk1
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk2
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk3
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk4
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_recchunk5
备注:在SUN的机器中在给逻辑卷付属性的时候,等于用chown、chmod来作。
其实也就是去激活和倒出的过程,然后再来对物理磁盘重新格式化就完了。
vxvol -g smpdbdg stopall
vxdg deport smpdbdg
vxdisksetup -i c1t0d0
vxdisksetup -i c2t1d0
......
这样做了之后就不会再有/dev/vx/smpdbdg目录了。
9、如何建立共享卷组
在第一台机器上先建立卷组,假设已经建设好卷组smpdg,现在要在第二台机器上建立共享卷组smpdg,
则先在的一台机器上将smpdg去激活、并且倒出smpdg:
smcp01>vxvol -g smpdg stopall
smcp01>vxdg deport smpdg
再来在第二台机器上激活、导入smpdg:
smcp02>vxdg import smpdg
smcp02>vxvol -g smpdg startall
切换后对用以下三个命令进行查看是否切换成功:
vxdg list //用于查看逻辑卷组的信息
vxdisk list //用于查物理磁盘的信息
vxprint -vt //用于查看所有卷的信息
10、如何查看磁盘的大小
#format
然后选择盘的代号,回车进入下一级菜单,再选inquiry,就得到该盘的大小信
息,比如:
Vendor: FUJITSU
Product: MAN3184M SUN18G
Revision: 1502
注意:format是一个功能强大的磁盘诊断工具。
方法二:
#cd /opt/SUNWexplo/bin/
运行explorer得到磁盘的信息包,是一个目录,进入该目录,就发现有一个
disks目录,进入该目录发现有一个diskinfo文件,用如下命令看各个磁盘
的大小:
1: c0t0d0 FUJITSU MAJ3182M SUN18G 0804 0041P90050##
2: c1t0d0 SEAGATE ST318203LSUN18G 034A 0025H54125##
3: c1t1d0 SEAGATE ST318203LSUN18G 034A 0026H70087##
4: c1t2d0 FUJITSU MAJ3182M SUN18G 0804 0046P66422##
5: c2t0d0 SEAGATE ST318203LSUN18G 034A 0026G30220##
6: c2t1d0 SEAGATE ST318203LSUN18G 034A 0026H59041##
7: c2t2d0 FUJITSU MAJ3182M SUN18G 0804 0051P91980##
8: ses0 SYMBIOS D1000 2 O8# SAF-
9: ses1 SYMBIOS D1000 2 O8# SAF-
11、查看informix的版本
#su - informix
informix>onstat -
这样可以看到informix的版本。
12、收集信息的工具
#cd /opt/SUNWexplo/bin/explorer
#explorer
运行之后得到一个文件夹和该文件夹的压缩包*.gz。我们可以进入该
结果文件夹,在该文件夹中有各种需要查看的信息。
13、双机的脚本文件
#cd /opt/SUNWcluster/ha/smpwork
在ha下面有双机应用的文件夹,如smpwork,在该文件夹下面又有各种
双机应用的配置文件。
14、双机的维护命令集
首先在节点smcp01机上启动cluster:
# scadmin startcluster smcp01 smcp
然后在节点smcp02机上将本节点启动:
# scadmin startnode
启动后观察cluster状态的命令是 :
# hastat //该命令可以显示cluster、节点、
逻辑机和Data service的状态,以及一些历史运行信息。
# get_node_status //该命令可以显示所在节点的节点号、公用网卡的状态等信息。
录到SMCP主机(注意应使用SMCP的逻辑机地址)
% telnet smcpwork
在SMCP主机上设置环境变量DISPLAY
% setenv DISPLAY ip:0.0
在本地终端中执行
% xhost +
手工启动OAM
% oam&
以OAM操作员登录
分别在两个节点smcp01机和smcp02机上执行:
# scadmin stopnode
该命令使当前所在节点停止在cluster中运行,而且在两个节点上要分别执行该命令。
例如将smcpwork切换到节点smcp02上运行可以输入:
#scadmin switch smcp smcp02 smcpwork
例如将querywork切换到节点smcp02上运行可以输入:
#haswitch smcp02 querywork
hareg命令通过以下开关参数将Data service注册和激活
-r 将指定的Data service注册到cluster中
-u 将指定的Data service从cluster中取消注册
-y 激活指定的Data service,使其状态为On
-Y 激活cluster中所有的Data service,使其状态为On
-n 去激活指定的Data service,使其状态为Off
-N 去激活cluster中所有的Data service,使其状态为Off
hareg不带任何参数时可以查看所有Data service的当前状态
Data service只有在注册到cluster中之后,才会具有On或者Off的状态,
处于On状态的Data service可以正常的对外提供服务,
而处于Off状态的Data service是停止对外服务的。如果Data service被取消了注册,
必须重新注册才能在cluster中运行起来。当然,使用hareg命令的前提是cluster
已经启动并正常运行。
从图形化的本地终端(假设其IP地址为ip0)中以root用户的身份登录到SMCP主机
(假设其IP地址为ip1):
在本地终端中执行
% xhost +
% telnet ip1
再在SMCP主机上设置环境变量DISPLAY
# DISPLAY =ip1:0.0
# export DISPLAY
# vxva
smcp01>vxvol -g smpdg stopall
smcp01>vxdg deport smpdg
smcp02>vxdg import smpdg
smcp02>vxvol -g smpdg startall
A、网络资源的配置
SUN Netra T 1125 共有4 个网卡:hme0 ,hme1 ,hme2和hme3 。
hme0和hme1 是SUN 服务器与公网通信的主备用网卡,只需要一个IP 地址;
hme2和hme3 作为双机之间心跳检测用,也需要配置一个IP 地址。
另外,TELLIN SMP 对外使用的是一个浮动的IP 地址,与数据IP 在同一网段,
此地址由SUN 的双机软件SUN Cluster进行管理。
1)如何修改IP地址和主机名
IP地址涉及的文件有:
/etc/hosts (change the IP address)
/etc/netmasks (if subnetting)
/etc/defaultrouter (to specify the new gateway for this subnet)
/etc/hosts (change to the new hostname)
/etc/nodename (change to the new hostname)
/etc/hostname.<interface> (where <interface> is the name of the primary
interface for this system, i.e hostname.hme0 or hostname.le0.
Change to the new hostname.)
/etc/net/ticlts/hosts (change both columns to the new hostname)
/etc/net/ticots/hosts (change both coluums to the new hostname)
/etc/net/ticotsord/hosts (change both columns to the new hostname)
改完上述文件之后推荐重起一下机器。
2)如何配置hme0、hme1两块网卡的主备关系
只要给hme0配置地址就够了。
然后会再后面的双机配置中执行下面的命令建立逻辑机的时候会创建出这种关系来。
#scconf smcp -L smcpwork -n smcp01,smcp02 -g smcpdg -i hme0,hme0,smcpwork -m
3) 配置NAFO (Network Adapter Fail Over)
/opt/SUNWpnm/bin/pnmset <Enter>
以下显示相关信息
In the following, you will be prompted to do
configuration for network adapter failover
do you want to continue ... [y/n]: y <Enter>
How many NAFO backup groups on the host [1]:<Enter>
Enter backup group number [0]:<Enter>
Please enter all network adapters under nafo0
hme0 hme1 <Enter>
The following test will evaluate the correctness
of the customer NAFO configuration...
name duplication test passed
Check nafo0... < 20 seconds
hme0 is active
remote address = 129.9.168.101
test hme1 wait...
nafo0 test passed 本信息表明通过测试
注意:
NAFO配置时对网线的要求较高,有时要做多次才能成功。
B、配置双机
双机配置的一般过程是,先启动双机系统,在一个节点上配置cluster和包,
检查无误后,使配置生效,然后就可以进行相应操作。
注意:
使用双机前,需要检查 smcpdg,querydg 的状态。执行如下步骤:
(1) 在两个节点分别执行:
# vxdg list
应该只看到 rootdg ,不能看到 smcpdg 和 querydg。
(2) 如果上以步操作看到 smcpdg 或 querydg,需要检查IDS是否在运行(Online)。
如果在运行,先终止IDS运行,然后使用 vxdg deport 放弃对 Disk Group 的控制。
====================
双机配置的一般过程是,先启动双机系统,在一个节点上配置cluster和包,检查无误后,使配置生效,然后就可以进行相应操作。
注意:
使用双机前,需要检查 smcpdg, querydg 的状态。执行如下步骤:
在两个节点分别执行:
# vxdg list
应该只看到 rootdg ,不能看到 smcpdg 和 querydg。
如果上以步操作看到 smcpdg 或 querydg,需要检查IDS是否在运行(Online)。如果在运行,先终止IDS运行,然后使用 vxdg deport 放弃对 Disk Group 的控制。
对双机系统进行配置
在1号机运行#scadmin startcluster smcp01 smcp。
待1号机双机软件起来之后,在2号机运行#scadmin startnode,将其作为节点加入双机
对双机系统上逻辑机的配置
逻辑机与应用程序对应,是双机系统管理应用程序的方式,每个逻辑机在双机系统上只对外提供一个IP地址。
================================================
(2)配置cluster
仅仅在一台主机上运行
#scconf iin -L scpwork -n smcp02,smcp01 -g scpdg -i hme0,hme0,scpwork -m
注意:
该命令格式为:
scconf <cluster name> -L <logical hostname> -n <node1 name>, <node2 name>
-g <disk group name> -i <node1公网网口1> <node2公网网口1> <logical hostname>
-m
其中<node1 name> <node2 name>的顺序决定了该逻辑机在node1 上是主用,在node2上是备用。
备注:这里的逻辑机的主机名对应的浮动IP地址必须要在/etc/hosts文件中配置。
在每台机器上都要建立管理文件系统
# scconf iin -F scpwork scpdg
注意:
该命令格式为:
scconf <cluster name> -F <logical hostname> <disk group name>
在 2 号机上运行配置逻辑主机querywork
#scconf iin -L smpwork -n smcp01,smcp02 -g smpdg -i hme0,hme0,smpwork -m
建立管理文件系统
# scconf iin -F querywork querydg
注册双机
hereg -u querywork
query.register
hereg -u smcpwork
smcp.register
C、配置应用程序
/etc/opt/SUNWcluster/conf目录
可以通过ccd.datatbase和smcp.cdb两个文件查看双机基本配置和cluster的信息,
不要去手工改动这些文件,让系统去维护它们。
其中ccd.database有专门的守护进程维持该文件在两节点上的一致。
/opt/SUNWcluster/ha目录
该目录下包含了smcp和query两个子目录。smcp目录存放smcp部分的Data service
相关的配置文件和执行脚本,其中smcp.config文件记录了smcpwork的基本配置,
smcp.register用来注册smcpwork,其它的文件是启动、停止和监测smcpwork的运行脚本。
query目录存放query部分的Data service相关的配置文件和执行脚本,其中query.config
文件记录querywork的基本配置,query.register用来注册querywork,其它文件
是必需的运行脚本。 在把这两个Data service加入cluster时,必须分别通过hareg
命令来进行注册,这些步骤已在安装时通过执行smcp.register和query.register完成。
备注:再conf目录下的文件ccd.database如果两台机器不一致的话,就会导致双机不能
正常的切换。
D、双机配置的检验
(2) 等待主机双机软件运行起来后在备机上运行
#scadmin startnode
(3) 在两台主机运行df -k 及ifconfig -a检验是否有错,运行hastat查看HA状态,
可看到hme0捆绑了smcp,query 应用的浮动IP:
hme0 .... 129.9.168.101
hme0:1 .... 129.9.168.120
hme0:2 .... 129.9.168.140
(4) 用haswitch命令进行切换实验,将逻辑主机smcpwork 由物理主机smcp01上切换到物理主机smcp02上。
# haswitch smcp02 smcpwork
要查看是否切换成功,则有以下方法:
在主机 smcp02上用df -k查看磁盘资源。如果显示信息有以下内容,则说明切换成功:
/dev/vx/dsk/smcpdg/smcpdg-stat
在主机 smcp02上用 ifconfig -a 查看 ip 地址,若逻辑主机smcpwork的IP地址129.9.169.120
此时已绑定在hme0网卡(即公网的主网卡)上,则说明切换成功。
(5) 将/opt/SUNWcluster/bin/xps_check覆盖该目录下的db_check
用get_node_status检验双机的状态
smcp02>get_node_status
sc: included in running cluster
node id: 1
membership: 0 1
interconnect0: selected
interconnect1: up
vm_type: vxvm
vm: up
db: up
17、SUN Netra T 1125头次安装的时候如何来设置Terminal Concentrator。
=====================================
在TELLIN SMP 的SUN Netra T1125 标准配置中,主机为不带显示卡和显示器的SUN 服务器,
因此使用终端集线器将两台主机上控制台(Console)信号接出到监控台上显示。由于在
Solaris没有启动前,无法对主机进行控制,必须先设置终端集线器。如果Terminal Concentrator
(简称TC)已经设置好,则可以不用重设。
下面给出终端集线器的配置步骤。终端集线器一经配置完成就无须每次开机后再次配置,
以下的配置过程假设 TC 的IP 地址为 129.9.168.23,子网掩码为 255.255.255.0。
(1) 用一台Sun工作站,用RS232玆J45电缆连接主机的串口A和终端集线器的 端口1。
在工作站/etc/remote文件中加上:
a:dv=/dev/term/a:br 9600:el=^C^S^Q^U^D:ie=%$e=^D:el=^C^S^Q^U^D:ie=%$e=^D:
(2) 在ROOT用户下键入: tip a
(3) 正确连接终端集线器和公网
(4) 将终端集线器上电
(5) 按一下终端集线器的Test键,Test指示灯亮并进入测试模式。注意:应当在电源灯亮后立即按
Test键,不能等到其进入正常运行态,相当于计算机中按“DEL”进入设置状态。
完成测试后,正确的各指示灯状态如表2-2所示。
表2-2 终端集线器的指示灯
灯名 Power Unit Net Attn Load Active
颜色 Green Green Green Amber Green Green
状态 ON ON ON OFF OFF 慢闪
(6) 在SUN工作站上将出现monitor::提示符,使用addr命令配置TC的IP和子网屏蔽码
monitor:: addr <Enter>
输入IP: 129.9.168.23
输入子网屏蔽码: 255.255.255.0
(7) 退出tip应用程序
在monitor::提示符下:
monitor:: boot <Enter>
monitor:: ~.
( 关掉终端集线器电源并重新开机,若用PC机 能 telnet 上去,
即验证了上述配置的正确性。此时对终端集线器的各端口进行配置:
telnet 129.9.168.23 <Enter>
Trying 129.9.168.23...
Connected to 129.9.168.23.
Escape character is '^]'.<Enter>
Enter Annex port name or number: cli <Enter>
annex: su <Enter>(切换到超级用户状态)
Password: 此处键入TC的IP地址
annex admin <Enter>
Annex administration MICRO-XL-UX R7.0.1, 8 ports
admin : set port=1-8 type dial_in imask_7bits Y <Enter>
You may need to reset the appropriate port, Annex subsystem or
reboot the Annex for changes to take effect.
admin : set port=2-7 mode slave <Enter>
You may need to reset the appropriate port, Annex subsystem or
reboot the Annex for changes to take effect.
admin : quit <Enter>
annex boot <Enter>
bootfile: <Enter>
warning:
*** Annex (129.9.168.23) shutdown message from port v1 ***
Annex (129.9.168.23) going down IMMEDIATELY
Connection closed by foreign host.w
安装完毕,撤消1口的串口线。
以上操作过程中可键入“?”或“help"出现帮助,在当前工作站上,
可用使用PC机的超级终端等程序对TC进行设置。
用一下命令查看物理磁盘是分配给哪个逻辑卷组。
#vxdisk list
DEVICE TYPE DISK GROUP STATUS
c0t0d0s2 sliced - - error
c0t0d0s7 simple c0t0d0s7 rootdg online
c0t8d0s2 sliced - - error
c1t1d0s2 sliced c1t1d0 smcpdg online
c1t2d0s2 sliced - - online
c1t3d0s2 sliced c1t3d0 smcpdg online
c1t4d0s2 sliced - - online
c1t6d0s2 sliced - - online
c2t1d0s2 sliced c2t1d0 smcpdg online
c2t2d0s2 sliced - - online
c2t3d0s2 sliced c2t3d0 smcpdg online
c2t4d0s2 sliced - - online
c2t6d0s2 sliced - - online
19、SUN的小型机的内核参数的修改/etc/system
set shmsys:shminfo_shmmax=268435456
set semsys:seminfo_semmni=4096
set semsys:seminfo_semmns=4096
set semsys:seminfo_semmnu=4096
set semsys:seminfo_semume=64
set semsys:seminfo_semmsl=100
set shmsys:shminfo_shmmin=100
set shmsys:shminfo_shmmni=100
set shmsys:shminfo_shmseg=100
20、SUN双机运行的日志
cluster日志记在 var/adm/messaage 中,如果cluster运行中出现故障,
我们可以查看该文件以帮助定位问题。另外,注意观察控制台屏幕上的消息。
cluster运行时的错误和告警信息,包括定时监测的结果,通常会实时的显示到控制台上。
21、如何使用光驱
A、如何利用光驱启动或者安装
先在主机上同时按住stop和A键,即是:stop+A,这样进入OK命令环境;
再在OK状态下输入boot cdrom则可以进入光盘启动了。
B、如何读光驱的内容
将光盘塞入光驱中,会自动挂接的
df -k看看光盘挂接在哪个目录下面了,
然后进入该目录就可以访问到光盘中的内容了。
22、如何使用终端集线器对SUN双机进行console的功能访问
修改/etc/default/login文件
将CONSOLE=/dev/console一行修改为
CONSOLE=/dev/console
否则只能通过TC来登录主机,其它方式无法登录。
23、关闭主机的命令
#shutdown --
假设两台机器smcp01和smcp02,只有在第二台机器上才有磁带机,
那么第一台机器要通过如下的方式来使用第二台机器的磁带机:
写:
#tar cvf - /tmp/yqx | rsh smcp02 dd of=/dev/rmt/0m
如果执行不成功则先设置:
#obs=20b (20个block)
读:
#rsh smcp02 dd if=/dev/rmt/0m | tar tvf -
如果执行不成功,就先设置:
#bs=20b
25、如何查看当前的网络子网、网络的掩码是多少
1)查看子网
#netstat -in
查看hme0对应的:
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
hme0 1500 172.0.8.0 172.0.8.68 3430395 0 1134355 0 0 0
可知子网就是172.0.8.0
2)查看掩码
查看/etc/netmasks就可以了
3)查看地址
#ifconfig -a
或者查看/etc/hostname.hme0
注意:有些机器上的网卡的物理名字是le0。
26、如何从cluster中删除一个逻辑机呢?
1)先将逻辑机上的应用进行去注册
hareg -n scpwork;
hareg -u scpwork;
2)再将应用从逻辑机上删除
scconf tellincluster(cluster名) -s -r scpserv(应用名) scpwork(逻辑机名)
3)最后将逻辑机从cluster中删除
方法一)用scinstall来选择菜单change/logic hosts/remove 来删除
方法二)直接用命令scconf iin -L scpwork -r
备注:用scinstall命令可以查看到所有的关于sun双机配置的信息。
27、sun的逻辑卷组、逻辑卷的创建总结步骤
SUN:Volumn manager 简称VM,在此环境下永久性修改smcpdg/querydg等磁盘卷组的用户属性及
读写权限的时候,不能用chown和chmod来修改的,只能用vxedit来修改。
补充:
初始化物理磁盘:vxdisksetup -i c1t2d0
vxdisksetup -i c2t2d0
创建卷组: vxdg init smpdbdg smpdbdg1=c1t2d0
vxdg -g smpdbdg adddisk smpdbdg2=c2t2d0
创建卷组挂接的文件系统:
vxassist -g smpdbdg -U fsgen make smpdbdg-stat 2m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror smpdbdg-stat layout=nostripe smpdbdg2
newfs /dev/vx/rdsk/smpdbdg/smpdbdg-stat
创建逻辑卷:
vxassist -g smpdbdg -U gen make lv_rootdbs 128m layout=nolog smpdbdg1
vxassist -g smpdbdg mirror lv_rootdbs layout=nostripe smpdbdg2
修改卷组权限:
vxedit -g smpdg -v set user=smp group=smp lv_smp
vxedit -g smpdbdg -v set user=informix group=informix mode=660 lv_rootdbs
查看卷组激活情况:vxdg list
导入卷组:vxdg import smcpdg
激活卷组:vxvol -g smcpdg start all
去激活卷组:vxvol -g smcpdg stop all
28、sun双机配置时关于自动启动双机的配置
为了保证SMCP双机在异常情况下可以在双机重新启动后自动拉起cluster,
SUN机型:把双机系统的自启动脚本S99startcluster拷贝
到系统的/etc/rc3.d目录下。此脚本包含下述内容,
其中通常需要根据现场情况进行修改的项目有:
LOCALNODENAME、 REMOTENODENAME、 CLUSTERNAME
if [ $LOCALNODENAME = "smcp01" ]; then
REMOTENODENAME="smcp02"
# LOCALID=0
# REMOTEID=1
else
REMOTENODENAME="smcp01"
# LOCALID=1
# REMOTEID=0
fi
CLUSTERNAME=smcp-cluster
29、sun的总段上乱码的处理
当在终端窗口上进行输入字符的时候,出现了乱码的时候,这个时候有
两种解决办法:
1)敲打del
2) Ctrl + <---BkSp(向左的删除键)
30、查看一个逻辑卷组下面有哪些物理磁盘
root@smp2 # vxdg list smpdbdg
Group: smpdbdg
dgid: 1035450560.1072.smp2
import-id: 0.1071
flags:
copies: nconfig=default nlog=default
config: seqno=0.1027 permlen=3447 free=3445 templen=2 loglen=522
config disk c1t0d0s2 copy 1 len=3447 state=clean online
log disk c1t0d0s2 copy 1 len=522
#scinstall
命令可以进行一系列的sun双机的维护,如:
Assuming a default cluster name of smp
Checking on installed package state
....................
1) Install/Upgrade - Install or Upgrade Server
Packages or Install Client Packages.
2) Remove - Remove Server or Client Packages.
3) Change - Modify cluster or data service configuration
4) Verify - Verify installed package sets.
5) List - List installed package sets.
7) Help - The help screen for this menu.
Please choose one of the menu items: [7]:
vxedit -g scpdbdg -fr rm 逻辑卷名
33、关于SUN小型机中创建用户注意
有时候创建好用户了之后,我们又会将它删除,正确的操作应该是userdel 用户名来删除。
但是有时候可能会被工程师直接从/etc/passwd中删除,这个时候如果再来用useradd添加同名用户的时候,
系统会提示添加失败,这个时候必须要注意将/etc/shadow文件中的该用户的配置行也要删除,删除以后让
/etc/shadow文件和/etc/passwd文件中的用户保持一致,这样就又可以用useradd来添加了。
34、如何实现一个用户属于多个用户组呢?
35、查看swap空间
#swap -s
eg:
total: 76552k bytes allocated + 17184k reserved = 93736k used, 296608k available
Solaris 常用命令及例子
PID TTY TIME CMD
806 pts/3 0:00 ps
368 pts/3 0:00 sh
$ pflags 368
368: -sh
data model = _ILP32 flags = PR_ORPHAN
/1: flags = PR_PCINVAL
% pmap 823 //进程的地址空间分配,和需要执行的库
823: -csh
08043000 20K rw--- [ stack ]
08050000 128K r-x-- /usr/bin/csh
08070000 12K rwx-- /usr/bin/csh
08073000 68K rwx-- [ heap ]
DD9C0000 8K r-x-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
DD9D1000 4K rwx-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
DD9E0000 324K r-x-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2
DDA40000 8K rwx-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2
DDA60000 4K rwx-- [ anon ]
DDA70000 628K r-x-- /usr/lib/libc.so.1
DDB1D000 24K rwx-- /usr/lib/libc.so.1
DDB23000 4K rwx-- /usr/lib/libc.so.1
DDB30000 152K r-x-- /usr/lib/libcurses.so.1
DDB66000 28K rwx-- /usr/lib/libcurses.so.1
DDB6D000 8K rwx-- /usr/lib/libcurses.so.1
DDB80000 4K r-x-- /usr/lib/libdl.so.1
DDB90000 292K r-x-- /usr/lib/ld.so.1
DDBE9000 16K rwx-- /usr/lib/ld.so.1
DDBED000 8K rwx-- /usr/lib/ld.so.1
total 1740K
$ pldd 830 //与每个进程链接的动态库列表
830: -sh
/usr/lib/libgen.so.1
/usr/lib/libc.so.1
/usr/lib/libdl.so.1
/usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2
/usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
$ psig 830 //与进程相关的的信号列表
830: -sh
HUP caught done 0
INT caught 0x8059a30 0
QUIT caught 0x8059a30 0
ILL caught done 0
TRAP caught done 0
ABRT caught done 0
EMT caught done 0
FPE caught done 0
KILL default
BUS caught done 0
SEGV caught 0x8059f70 ONSTACK,SIGINFO
$ pstack 830 //以十六进制格式查看进程堆栈跟踪
830: -sh
ddacedf7 waitid (0, 353, 8047d40, 83)
ddaeeea7 _waitpid (353, 8047df8, 80) + 66
ddb30581 waitpid (353, 8047df8, 80) + 21
08062319 ???????? (8078c44)
08062cef postjob (353, 1) + ce
0805d1e9 execute (8079374, 0, 0) + 801
08055b61 ???????? (0)
080559b5 main (1, 8047eb4, 8047ebc) + 4d9
08055427 ???????? ()
$ pfiles 830 //每个进程所打开的所有文件
830: -sh
Current rlimit: 256 file descriptors
0: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2
O_RDWR
1: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2
O_RDWR
2: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2
O_RDWR
$ pwdx 830 //获取该进程当前的工作目录
830: /export/home/wing
$ ptree 830 //获父进程胱咏痰墓叵?
179 /usr/sbin/inetd -s
828 in.telnetd
830 -sh
854 ptree 830
lsof 工具-需下载安装,本身没有自带
软件管理
pkgadd
#pkgadd -d /tem softwarename
软件名gpw-6.94-sol8-intel-local.gz
#gunzip gpw-6.94-sol8-intel-local.gz
#head gpw-6.94-sol8-intel-local.gz //查看文件的版本信息
#pkgadd -d gpw-6.94-sol8-intel-local.gz
install
#install -c /opt/scripts -m 0755 -u bin -g sysadmin /tmp/setup_script
//目标路径 权限 用户 组 源路径
pkginfo
#pkginfo //安装了的软件包
pkgchk
#pkgchk pkginst //检查软件包的完整性
#pkgchk -f pkginst //处理软件包问题
#pkgchk -n pkginst //忽略包的不稳定性
#pkgchk -l -p /usr/bin/mydir //获取已安装文件的包属性
pkgrm
#pkgrm pkginst //删除软件包
#pkgrm pkginst1 pkginst2 //同时删除多个包
showrev
#showrev -p //显示已安装的补丁
patchadd
#patchadd patchname //安装补丁
#patchadd -M patch1 patch2 //同时安装多个补丁
#patchadd -d -R /export/mars /var/spool/patch/11102-12
//目的 源路径
//不允许对补丁安装进行现场恢复
补丁安装实例
2.6_Recommended.tar.z 补丁名
1
#df -k dir //查看该目录的大小
#tar xvf 2.6_Recommended.tar.z
#./install
参数 功能
-B 指定存储恢复现场信息的目录,而不是默认目录
-C 如果需要,指定需要打补丁的网络安装映象的路径
-d 不接受可恢复现场的补丁安装
-M 指定定位补丁的可选目录
-p 打印所有已安装的补丁列表
-u 不让文件安装生效
-R 为客户安装指定可选根目录
-S 从服务器为客户端安装补丁,客户机共享服务器操作系统目录
patchrm
#patchrm patchname // 删除补丁
#patchrm -C /export/solaris_2.9/tools/1065-15
//从客户端系统删除补丁
引导和启动过程、ok模式
#shutdown
#reboot
#init 0
#boot -r
ok setenv boot-device disk //将默认的启动设备改为disk
boot-device = disk
ok printenv boot-device //验正启动设备
boot-device disk disk
ok reset
ok watch-clock //测试时钟设备
ok boot -r //重新引导系统
ok boot net //从网络启动
ok boot cdrom //从光盘启动
ok boot floppy //从软盘启动
ok boot tape //从磁带引导系统
ok watch-net //检查网络是否联通
ok probe-scsi //检查系统检测出的所有磁盘设备,并得到可用的设备列表
ok banner //检测内存、系统固件的openboot版本信息
ok boot -s //进入单用户模式
#reboot -l -- -r //重新引导不在系统日记里记录
#shutdown - i 0 -g 120 -y
#sync;init 0
#traceroute www.abc.com
wall
#wall
init
#init q //重新初始化运行级别
#init 0 //硬件维护模式
#init 1 //单用户模式
#init 2 //NFS不可用
#init 3 //NFS可用
#init 4 //用户定义状态
#init 5 //关闭系统电源
#init 6 //挂起操作系统
#init s //进入管理状态
网络配置
etc/hostname.interface //是这块网卡的名字或机器的名字
# cat hostname.pcn0
wing
# cat hosts
#
# Internet host table
#
127.0.0.1 localhost
192.168.0.11 wing
# hostname
wing
# cat netmasks
192.168.0.0 255.255.255.0
#ifconfig le0 172.16.255.1 netmask 255.255.255.0
配置网络端口状态
#ifconfig le0 up/down
配置网络端口是否可用
#ifconfig le0 plumb/unplumb
#ifconfig -a 这个地址只有root用户使用时才显示。如果一个非root用户使用ifconfig命令,那么只有IP地址
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.10.25 netmask ffffff00 broadcast 192.168.10.255
ether 8:0:20:a2:11:de
#
#ifconfig le0 192.168.0.3 netmask 255.255.255.0 broadcast 192.168.0.255 up
banner
你也可以在系统还没有启动时在ok提示符下敲入banner来找到MAC地址,CPU 型号和频率。
ok banner
un Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), Keyboard Present
OpenBoot 3.1.1 64 MB memory installed, Serial #9361102.
Ethernet address 8:0:20:8e:d6:ce, HostID: 808ed6ce.
# arp -a //登陆用户
Net to Media Table: IPv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c
pcn0 wing 255.255.255.255 SP 00:0c:29:19:a1:54
pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
wing.telnet 192.168.0.1.1030 7168 0 66608 0 ESTABLISHED
wing.telnet 192.168.0.1.1032 6253 1 66608 0 ESTABLISHED
Active UNIX domain sockets
Address Type Vnode Conn Local Addr Remote Addr
df187cc0 stream-ord dee4c1c0 00000000 /tmp/.X11-unix/X0
df187de8 stream-ord 00000000 00000000
#
# netstat -r //查看路由表
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 wing U 1 3 pcn0
224.0.0.0 wing U 1 0 pcn0
default wing UG 1 0
localhost localhost UH 2 6 lo0
# netstat -g
Interface Group RefCnt
--------- -------------------- ------
lo0 224.0.0.1 1
pcn0 224.0.0.1 1
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c
pcn0 solaris9 255.255.255.255 SP 00:0c:29:80:4c:0a
pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
#
rawipInDatagrams = 0 rawipInErrors = 0
rawipInCksumErrs = 0 rawipOutDatagrams = 0
rawipOutErrors = 0
udpInDatagrams = 923 udpInErrors = 0
udpOutDatagrams = 928 udpOutErrors = 0
tcpRtoMax = 60000 tcpMaxConn = -1
tcpActiveOpens = 18 tcpPassiveOpens = 21
tcpAttemptFails = 0 tcpEstabResets = 0
tcpCurrEstab = 31 tcpOutSegs = 715
tcpOutDataSegs = 524 tcpOutDataBytes = 52210
tcpRetransSegs = 0 tcpRetransBytes = 0
tcpOutAck = 191 tcpOutAckDelayed = 90
tcpOutUrg = 0 tcpOutWinUpdate = 0
tcpOutWinProbe = 0 tcpOutControl = 47
tcpOutRsts = 0 tcpOutFastRetrans = 0
tcpInSegs = 925
tcpInAckSegs = 505 tcpInAckBytes = 52216
tcpInDupAck = 7 tcpInAckUnsent = 0
tcpInInorderSegs = 524 tcpInInorderBytes = 45645
tcpInUnorderSegs = 0 tcpInUnorderBytes = 0
tcpInDupSegs = 0 tcpInDupBytes = 0
tcpInPartDupSegs = 0 tcpInPartDupBytes = 0
tcpInPastWinSegs = 0 tcpInPastWinBytes = 0
tcpInWinProbe = 0 tcpInWinUpdate = 0
tcpInClosed = 0 tcpRttNoUpdate = 0
tcpRttUpdate = 497 tcpTimRetrans = 0
tcpTimRetransDrop = 0 tcpTimKeepalive = 0
tcpTimKeepaliveProbe= 0 tcpTimKeepaliveDrop = 0
tcpListenDrop = 0 tcpListenDropQ0 = 0
tcpHalfOpenDrop = 0 tcpOutSackRetrans = 0
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives = 422 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
ipForwDatagrams = 0 ipForwProhibits = 0
ipInUnknownProtos = 0 ipInDiscards = 0
ipInDelivers = 1832 ipOutRequests = 265
ipOutDiscards = 0 ipOutNoRoutes = 0
ipReasmTimeout = 60 ipReasmReqds = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
tcpInErrs = 0 udpNoPorts = 20
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipsecInSucceeded = 0
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 0 ipOutSwitchIPv6 = 8
IPv6 ipv6Forwarding = 2 ipv6DefaultHopLimit = 255
ipv6InReceives = 0 ipv6InHdrErrors = 0
ipv6InTooBigErrors = 0 ipv6InNoRoutes = 0
ipv6InAddrErrors = 0 ipv6InUnknownProtos = 0
ipv6InTruncatedPkts = 0 ipv6InDiscards = 0
ipv6InDelivers = 0 ipv6OutForwDatagrams= 0
ipv6OutRequests = 0 ipv6OutDiscards = 0
ipv6OutNoRoutes = 0 ipv6OutFragOKs = 0
ipv6OutFragFails = 0 ipv6OutFragCreates = 0
ipv6ReasmReqds = 0 ipv6ReasmOKs = 0
ipv6ReasmFails = 0 ipv6InMcastPkts = 0
ipv6OutMcastPkts = 0 ipv6ReasmDuplicates = 0
ipv6ReasmPartDups = 0 ipv6ForwProhibits = 0
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipv6InIPv4 = 0
ipv6OutIPv4 = 0 ipv6OutSwitchIPv4 = 0
ICMPv4 icmpInMsgs = 5 icmpInErrors = 0
icmpInCksumErrs = 0 icmpInUnknowns = 0
icmpInDestUnreachs = 5 icmpInTimeExcds = 0
icmpInParmProbs = 0 icmpInSrcQuenchs = 0
icmpInRedirects = 0 icmpInBadRedirects = 0
icmpInEchos = 0 icmpInEchoReps = 0
icmpInTimestamps = 0 icmpInTimestampReps = 0
icmpInAddrMasks = 0 icmpInAddrMaskReps = 0
icmpInFragNeeded = 0 icmpOutMsgs = 5
icmpOutDrops = 0 icmpOutErrors = 0
icmpOutDestUnreachs = 5 icmpOutTimeExcds = 0
icmpOutParmProbs = 0 icmpOutSrcQuenchs = 0
icmpOutRedirects = 0 icmpOutEchos = 0
icmpOutEchoReps = 0 icmpOutTimestamps = 0
icmpOutTimestampReps= 0 icmpOutAddrMasks = 0
icmpOutAddrMaskReps = 0 icmpOutFragNeeded = 0
icmpInOverflows = 0
ICMPv6 icmp6InMsgs = 0 icmp6InErrors = 0
icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0
icmp6InTimeExcds = 0 icmp6InParmProblems = 0
icmp6InPktTooBigs = 0 icmp6InEchos = 0
icmp6InEchoReplies = 0 icmp6InRouterSols = 0
icmp6InRouterAds = 0 icmp6InNeighborSols = 0
icmp6InNeighborAds = 0 icmp6InRedirects = 0
icmp6InBadRedirects = 0 icmp6InGroupQueries = 0
icmp6InGroupResps = 0 icmp6InGroupReds = 0
icmp6InOverflows = 0
icmp6OutMsgs = 0 icmp6OutErrors = 0
icmp6OutDestUnreachs= 0 icmp6OutAdminProhibs= 0
icmp6OutTimeExcds = 0 icmp6OutParmProblems= 0
icmp6OutPktTooBigs = 0 icmp6OutEchos = 0
icmp6OutEchoReplies = 0 icmp6OutRouterSols = 0
icmp6OutRouterAds = 0 icmp6OutNeighborSols= 0
icmp6OutNeighborAds = 0 icmp6OutRedirects = 0
icmp6OutGroupQueries= 0 icmp6OutGroupResps = 0
icmp6OutGroupReds = 0
IGMP:
0 messages received
0 messages received with too few bytes
0 messages received with bad checksum
0 membership queries received
0 membership queries received with invalid field(s)
0 membership reports received
0 membership reports received with invalid field(s)
0 membership reports received for groups to which we belong
0 membership reports sent
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 solaris9 U 1 1 pcn0
192.168.0.0 address2 U 1 0 pcn0:1
224.0.0.0 solaris9 U 1 0 pcn0
default 192.168.0.1 UG 1 0
localhost localhost UH 2 6 lo0
# netstat -rn
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.3 U 1 1 pcn0
192.168.0.0 192.168.0.5 U 1 0 pcn0:1
224.0.0.0 192.168.0.3 U 1 0 pcn0
default 192.168.0.1 UG 1 0
127.0.0.1 127.0.0.1 UH 2 6 lo0
#
input pcn0 output input (Total) output
packets errs packets errs colls packets errs packets errs colls
1187 0 1318 0 0 3699 0 3830 0 0
4 0 4 0 0 4 0 4 0 0
3 0 3 0 0 5 0 5 0 0
4 0 4 0 0 4 0 4 0 0
3 0 4 0 0 5 0 6 0 0
#
Using device /dev/pcn0 (promiscuous mode)
192.168.0.1 -> solaris9 TELNET C port=3013
solaris9 -> 192.168.0.1 TELNET R port=3013 Using device /dev/pc
192.168.0.1 -> solaris9 TELNET C port=3013
3 packets captured
#
Using device /dev/pcn0 (promiscuous mode)
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 1:43:41.42
ETHER: Packet size = 60 bytes
ETHER: Destination = 0:c:29:80:4c:a,
ETHER: Source = 0:3:f:fd:6d:c,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 40 bytes
IP: Identification = 1627
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 7320
IP: Source address = 192.168.0.1, 192.168.0.1
IP: Destination address = 192.168.0.3, solaris9
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 3013
TCP: Destination port = 23 (TELNET)
TCP: Sequence number = 769864152
TCP: Acknowledgement number = 52297913
TCP: Data offset = 20 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 17292
TCP: Checksum = 0x7b85
TCP: Urgent pointer = 0
TCP: No options
TCP:
TELNET: ----- TELNET: -----
TELNET:
TELNET: ""
TELNET:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 1:43:41.42
ETHER: Packet size = 97 bytes
ETHER: Destination = 0:3:f:fd:6d:c,
ETHER: Source = 0:c:29:80:4c:a,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 83 bytes
IP: Identification = 50744
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 60 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = f717
IP: Source address = 192.168.0.3, solaris9
IP: Destination address = 192.168.0.1, 192.168.0.1
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 23
TCP: Destination port = 3013
TCP: Sequence number = 52297913
TCP: Acknowledgement number = 769864152
TCP: Data offset = 20 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 64240
TCP: Checksum = 0xd1f6
TCP: Urgent pointer = 0
TCP: No options
TCP:
TELNET: ----- TELNET: -----
TELNET:
TELNET: "Using device /dev/pcn0 (promiscuous mode)\r\n"
TELNET:
2 packets captured
#
# snoop host1 host2
host1 -> host2 ICMP Echo request
host2 -> host1 ICMP Echo reply
使用snoop实用程序判定系统间实际上传送的什么信,判断网络畅通
# snoop -a dhcp
Snoop 的使用
Snoop 是Solaris 系统中自带的工具, 是一个用于显示网络通讯的程序, 它
可捕获IP 包并将其显示或保存到指定文件. (限超级用户使用snoop)
Snoop 可将捕获的包以一行的形式加以总结或用多行加以详细的描述(有
调用不同的参数-v -V来实现). 在总结方式下(-V ) , 将仅显示最高层的相关协
议, 例如一个NFS 包将仅显示NFS 信息, 其低层的RPC, UDP, IP, Ethernet 帧信息将不会显示, 但是当加上相应的参数(-v ), 这些信息都能被显示出来.
参数简介:
[ -a ] # Listen to packets on audio
[ -d device ] # settable to le?, ie?, bf?, tr?
[ -s snaplen ] # Truncate packets
[ -c count ] # Quit after count packets
[ -P ] # Turn OFF promiscuous mode
[ -D ] # Report dropped packets
[ -S ] # Report packet size
[ -i file ] # Read previously captured packets
[ -o file ] # Capture packets in file
[ -n file ] # Load addr-to-name table from file
[ -N ] # Create addr-to-name table
[ -t r|a|d ] # Time: Relative, Absolute or Delta
[ -v ] # Verbose packet display
[ -V ] # Show all summary lines
[ -p first[,last] ] # Select packet(s) to display
[ -x offset[,length] ] # Hex dump from offset for length
[ -C ] # Print packet filter code
由于snoop 的使用非常灵活, 希望能通过下面一些例子的学习来其常见用法.
1. 监听所有以本机为源和目的的包并将其显示出来.
# snoop
2. 监听所有以主机A为源和目的的包并将其显示出来. ( A为主机名, 下同)
- 2 -
# snoop A
3. 监听所有A和B之间的包并将其保存到文件file.
# snoop -o file A B
4. 显示文件file 中指定的包(99-108)
# snoop - i file -p 99,108
99 0.0027 boutique -> sunroof NFS C GETATTR FH=8E6C
100 0.0046 sunroof -> boutique NFS R GETATTR OK
101 0.0080 boutique -> sunroof NFS C RENAME FH=8E6C MTra00192
to .nfs08
102 0.0102 marmot -> viper NFS C LOOKUP FH=561E screen.r.13.i386
103 0.0072 viper -> marmot NFS R LOOKUP No such file or directory
104 0.0085 bugbomb -> sunroof
105 0.0005 kandinsky -> sparky RSTAT C Get Statistics
106 0.0004 beeblebrox -> sunroof NFS C GETATTR FH=0307
107 0.0021 sparky -> kandinsky RSTAT R
108 0.0073 office -> jeremiah NFS C READ FH=2584 at 40960 for 8192
5. 详细查看文件file 中第101 个包:
# snoop - i file - v -p101
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 101 arrived at 16:09:53.59
ETHER: Packet size = 210 bytes
ETHER: Destination = 8:0:20:1:3d:94, Sun
ETHER: Source = 8:0:69:1:5f:e, Silicon Graphics
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: ..0. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 196 bytes
IP: Identification 19846
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = more fragments
?
- 3 -
?
6. 查看主机A和主机B之间的NFS 包(命令中的and 和or 为相应的逻辑运
算)
# snoop - i file rpc nfs and A and B
1 0.0000 A -> B NFS C GETATTR FH=8E6C
2 0.0046 B -> A NFS R GETATTR OK
3 0.0080 A -> B NFS C RENAME FH=8E6C MTra00192 to .nfs08
7. 将这些符合条件的包保存到另一文件file2 中:
# snoop - i file -o file2 rpc nfs A B
8. 监听主机A和主机B间所有TCP 80 端口或UDP80端口的包
# snoop A and B and (tcp or udp) and port 80
9. 监听所有的广播包
# snoop broadcast
Using device /dev/hme (promiscuous mode)
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10. 监听所有的多播包, 并显示详细内容.
#snoop -v multicast
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 12:33:2.16
ETHER: Packet size = 69 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = 0:4:76:46:8f:50,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
- 4 -
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 55 bytes
IP: Identification = 14658
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ed38
IP: Source address = 10.10.10.50, 10.10.10.50
IP: Destination address = 255.255.255.255, BROADCAST
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 2541
UDP: Destination port = 177
UDP: Length = 35
UDP: Checksum = 8E35
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 12:33:12.16
ETHER: Packet size = 69 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = 0:4:76:46:8f:50,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 55 bytes
IP: Identification = 14985
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ebf1
IP: Source address = 10.10.10.50, 10.10.10.50
- 5 -
IP: Destination address = 255.255.255.255, BROADCAST
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 2541
UDP: Destination port = 177
UDP: Length = 35
UDP: Checksum = 8E35
UDP:
11.监听所有的NTP 协议包
# snoop |grep - i NTP
Using device /dev/hme (promiscuous mode)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:48:50 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:49:54 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:50:58 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:52:02 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:53:06 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:54:10 2002)
这里我们也可看到NTP server 每隔约一分钟即向多播地址广播一次.
date
# date
2003年10月12日 星期日 10时04分16秒 CST
(CST是Chinese Standard Time的缩写)
# date 10121003 设置时间为10月12日10时03分
设备管理
软盘
#volcheck
fdformat [-dDeEfHlLmMUqvx] [-b label] [-B filename] [-t dos-
type] [devname] //格式化
prtconf
# prtconf //配置信息
System Configuration: Sun Microsystems i86pc
Memory size: 128 Megabytes //内存
System Peripherals (Software Nodes):
i86pc
+boot (driver not attached)
memory (driver not attached)
aliases (driver not attached)
chosen (driver not attached)
i86pc-memory (driver not attached)
i86pc-mmu (driver not attached)
openprom (driver not attached)
options, instance #0
packages (driver not attached)
delayed-writes (driver not attached)
itu-props (driver not attached)
isa, instance #0
motherboard (driver not attached)
asy, instance #0
asy, instance #1
lp (driver not attached)
fdc, instance #0
fd, instance #0
fd, instance #1 (driver not attached)
i8042, instance #0
keyboard, instance #0
mouse, instance #0
PNP0C02 (driver not attached)
PNP0C02 (driver not attached)
PNP0C02 (driver not attached)
bios (driver not attached)
bios (driver not attached)
bios (driver not attached)
pci, instance #0
pci15ad,1976 (driver not attached)
pci8086,7191 (driver not attached)
pci15ad,1976 (driver not attached)
pci-ide, instance #0
ide, instance #0
cmdk, instance #0
ide, instance #1
sd, instance #0
pci15ad,1976, instance #0
pci15ad,1976 (driver not attached)
display, instance #0
pci1022,2000, instance #0
pci1274,1371 (driver not attached)
used-resources (driver not attached)
objmgr, instance #0
cpus (driver not attached)
cpu, instance #0 (driver not attached)
pseudo, instance #0
#
# prtconf | grep Memory //查看内存
Memory size: 128 Megabytes
arch
# arch -k //了解体系结构
i86pc
uname
# uname -m
i86pc
# uname
SunOS
# uname -a
SunOS wing 5.9 Generic_112234-03 i86pc i386 i86pc
eject
#eject floppy
eeprom
#eeprom selftest -#megs=64 //修改系统自检到的内存数
sysdef
#sysdef //更详细的体系机构
df
# df -k //显示当前所有已安装的文件系统上的文件数目和空闲块的数目
文件系统 千字节 用了 可用 容量 挂接在
/dev/dsk/c0d0s0 63127 36143 20672 64% /
/dev/dsk/c0d0s6 1201014 768820 372144 68% /usr
/proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
/dev/dsk/c0d0s3 55047 25258 24285 51% /var
swap 651040 24 651016 1% /var/run
swap 651016 0 651016 0% /tmp
/dev/dsk/c0d0s5 24239 15 21801 1% /opt
/dev/dsk/c0d0s7 2691830 122 2637872 1% /export/home
/dev/dsk/c0d0s1 462639 306816 109560 74% /usr/openwin
# df -a //打印所有文件系统的信息
/ (/dev/dsk/c0d0s0 ): 53968 块 30100 文件
/usr (/dev/dsk/c0d0s6 ): 864388 块 261705 文件
/proc (/proc ): 0 块 1878 文件
/etc/mnttab (mnttab ): 0 块 0 文件
/dev/fd (fd ): 0 块 0 文件
/var (/dev/dsk/c0d0s3 ): 59578 块 25450 文件
/var/run (swap ): 1
Solaris 系统安全实施总结(添加了ssh软件安装)
一、系统服务端口关闭
1、概述
a) 系统环境
SUN fire 280服务器,主要用途:WEB应用服务器+数据库服务器
b) SOLARIS系统有许多用不着的服务自动的处于使能状态。它们中可能存在的漏洞将使攻击者甚至不需要一个账户就能控制你的机器。关闭这些不需要的服务来保护系统。
2、实施步骤
a) 安装nmap扫描软件
b) 扫描整个系统
c) 确定要关闭的端口(只留telnet、ftp和Xwindows用到的端口)
3、实施过程
a) /etc/inetd.conf下面的端口关闭
只留telnet和ftp别的全部关闭
b) /etc/services下面的端口关闭 :只留telnet和ftp别的全部关闭
(要是觉得注释麻烦的话,作个备份,别的全部删除,只留下面俩行)
ftp 21/tcp
telnet 23/tcp
c) /etc/rc3.d下面的服务关闭
S开头的全部改为x开头
xS34dhcp
xS76snmpdx
xS80mipagent
xS15nfs.server
xS50apache
xS77dmi
d) /etc/rc2.d下面的服务关闭
# mv S70uucp xS70uucp
# mv S71ldap.client xS71ldap.client
# mv S72autoinstall xS72autoinstall
# mv S73cachefs.daemon xS73cachefs.daemon
# mv S73nfs.client xS73nfs.client
# mv S74autofs xS74autofs
# mv S74xntpd xS74xntpd
# mv S80lp xS80lp
# mv S94Wnn6 xS94Wnn6
e) 关闭Xwindows需要停止以下服务(为了便于调试,现在没有关闭Xwindows端口)
# mv S71rpc x S71rpc
# mv S99dtlogin xS99dtlogin
二、软件防火墙安装:
1、软件防火墙概述
a) 防火墙版本:tcp_wrappers-7.6
b) 安装目录:/usr/local/bin/tcpd
c) 软件说明:在默认情况下,Solaris允许所有的服务请求。用Tcp_Wrappers来保护服务器的安全,使其免受外部的攻击
2、安装过程
a) 下载软件:tcp_wrappers-7.6-sol8-sparc-local
b) 安装命令:
使用root权限:#pkgadd –d tcp_wrappers-7.6-sol8-sparc-local
3、策略制定
a) 策略说明
策略分为两部分,拒绝所有的telnet和ftp连接,对特定的IP地址和网段打开服务
b) 策略指定
拒绝:所有的连接
容许: IP地址:×××.×××. ×××.120(公司出口公网ip地址)
网段:192.0.0.(公司内网ip)
4、安全策略实施
a) 用root用户:
Vi hosts.deny
in.telnetd:ALL:DENY
in.ftpd:ALL:DENY
vi hosts.allow
in.telnetd:×××.×××. ×××.120 192.0.0.
in.ftpd: ×××. ×××. ×××.120 192.0.0.
5、安全测试
a) 从内网192.0.0.和×××. ×××. ×××.120可以telnet和ftp 系统。
b) 从外网别的ip地址不可以telnet和ftp系统。
c) 测试结果:防火墙运行正常
三、应用安全防护
1、oracle数据库安全防护
a) 密码策略
b) 数据库安全加强
2、BEA weblogic8.1安全防护
a) 密码加强
b) 应用安全加强
四、其他系统安全防护
1、防止堆栈缓冲益出安全策略
入侵者常常使用的一种利用系统漏洞的方式是堆栈溢出,他们在堆栈里巧妙地插入一段代码,利用它们的溢出来执行,以获得对系统的某种权限。要让你的系统在堆栈缓冲溢出攻击中更不易受侵害,你可以在/etc/system里加上如下语句:
set noexec_user_stack=1
set noexec_user_stack_log =1
第一句可以防止在堆栈中执行插入的代码,第二句则是在入侵者想运行exploit的时候会做记录。
2、给系统打补丁
Solaris系统也有它的漏洞,其中的一些从性质上来说是相当严重的。SUN公司长期向客户提供各种版本的最新补丁,放在 http://sunsolve.sun.com网站。可用#showrev –p命令检查系统已打的补丁或到/var/sadm/patch目录下查已打过的补丁号,用patchadd命令给系统打补丁。
现在系统补丁版本为:Generic_117350-02(最新补丁版本)
五、难点问题:
1、898端口关闭
898是smc服务器用的 ,如果你停了SMC就起不来了。 /etc/init.d/init.wbem这是它的脚本。
#cd /etc/rc2.d
#mv S90wbem xS90wbem
2、2201端口关闭
好像是日文字体启动,要是不使用日文,可以去掉。
#cd /etc/rc2.d
# mv S90loc.ja.cssd xS90loc.ja.cssd
六、ssh安装
1、软件防火墙概述
1)Ssh版本:3.2
2)下载网址: http://public.www.planetmirror.com/pub/ssh/
3)安装目录:/usr/local/sbin
3)软件说明:SSH的英文全称是Secure SHell。通过使用SSH,你可以把所有传输的数据进行加密,这样“中间人”这种攻击方式就不可能实现了,而且也能够防止DNS和IP欺骗。还有一个额外的好处就是传输的数据是经过压缩的,所以可以加快传输的速度。SSH有很多功能,它既可以代替telnet,又可以为ftp、pop、甚至ppp提供一个安全的“通道”。
2、安装过程
1)下载软件:ssh-3.2.0.tar.gz
2)安装命令:
使用root权限:
gzip -d ssh-3.2.0.tar.gz
tar -vxf ssh-3.2.0.tar
cd ssh*
./configure;make;make install(确保make、gcc目录在当前的环境变量中)
cd /usr/local/sbin
./sshd2 (启动进行测试)
ps -ef |grep sshd (检查是否启动成功)
4、自启动设置:
1)用root用户:
cd /etc/rc2.d
cp -p S60* S99sshd(copy一个现成的,省得设置权限之类的东东)
vi S99sshd (进入后删除所有的内容,我们要的只是现成的权限!)
#!/sbin/sh
if [ -x /usr/local/sbin/sshd ]; then
/usr/local/sbin/sshd
echo "sshd2 startup.."
fi
5、测试
从ssh客户端连接服务器,测试成功。
6、注意:
编译ssh-3.2.9报错,在solaris8上编译时,保*.so错误。
七、系统设置完成状况
1、调试已经完成:
1)使用ssh作为远程管理工具,关闭telnet、ftp
2)关闭X windows,关闭rpc和dtlogin
2、现在系统的所开端口状况,nmap扫描结果:
bash-2.03# nmap -P0 127.0.0.1
Starting nmap V. 2.54BETA28 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1547 ports scanned but not shown below are in state: closed)
22/tcp open ssh
Nmap run completed -- 1 IP address (1 host up) scanned in 50 seconds
bash-2.03#
