Solved: How to enable auditing of zones from Global Zone in a Solaris10 Server

Auditing is a good way to keep logs of all the activities happening in your Solaris server. In this post we will see how to enable auditing of both global and local zones and store the logs of all in a single file in global zone.

1) In the global zone create a new FS of 20GB and mount it.

mkdir /var/audit/gaudit
mount /dev/md/dsk/d100 /var/audit/gaudit
chmod -R 750 /var/audit/gaudit

2) Modify /etc/security/audit_control and add "lo,ex" before flags and naflags as below.

vi audit_control
#
# Copyright (c) 1988 by Sun Microsystems, Inc.
#
# ident "@(#)audit_control.txt 1.4 00/07/17 SMI"
#
dir:/var/audit/gaudit
flags:lo,ex
minfree:20
naflags:lo,ex

3) Modify /etc/security/audit_startup and add +argv and +zonename entries as described below. This entry will create audit logs for all zones in /var/audit/gaudit .

vi audit_startup
#! /bin/sh
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)audit_startup.txt 1.1 04/06/04 SMI"

/usr/bin/echo "Starting BSM services."
/usr/sbin/auditconfig -setpolicy +cnt
/usr/sbin/auditconfig -conf
/usr/sbin/auditconfig -aconf
/usr/sbin/auditconfig -setpolicy +argv
/usr/sbin/auditconfig -setpolicy +zonename
#

4) Copy audit_control file to /etc/security of each zone or loopback mount them in each zone.

5) Once all the zones are configured enable the audit service by running /etc/security/bsmconv. This will require reboot of system.

6) Check audit logs in /var/audit/gaudit using

auditreduce 20170709091522.not_terminated.solaris1 | praudit

7) For checking logs of a specific zone follow below

root@solaris1 # auditreduce -z zone1 20170709091522.not_terminated.solaris1 | praudit
file,2017-07-09 16:26:00.000 +02:00,
zone,zone1
header,160,2,execve(2),,solaris1,2017-07-09 16:26:00.697 +02:00
path,/usr/sbin/ping
attribute,104555,root,bin,85,200509,0
exec_args,2,ping,127.0.0.1
subject,root,root,root,root,root,2164,2187,0 0 0.0.0.0
return,success,0
zone,zone1
file,2017-07-09 16:26:00.000 +02:00,
root@solaris1 #
Posted by No comments:
Labels: , , , , , ,

Solved: How to take XSCF snapshot of M-Series server running Solaris

In this post we will see how to take XSCF snapshot of an M-Series server

Save snapshot on different server

  • First create a user "test" in OS of server in which you want to save snapshot.
  • Next login to XSCF of server whose snapshot you want to take.
  • Take snapshot by giving IP of destination server on which you want to save the data using the below syntax. 
    snapshot -LF -t username@serverip:/full_path_to_data_location -k download

Here is an example. We created test user in 192.168.99.10 destination server, and snapshot will be saved in it's /var/tmp directory.

XSCF> snapshot -LF -t test@192.168.99.10:/var/tmp -k download

Save snapshot on same server.

If you want to save snapshot on same server of which you are collecting snapshot use below steps.

  • Login to XSCF and check the DSCP config to know the IP of each domain.
XSCF> showdscp

DSCP Configuration:

Network: 10.1.1.0
Netmask: 255.255.255.0

Location Address
---------- ---------
XSCF 10.1.1.1
Domain #00 10.1.1.2
Domain #01 10.1.1.3
Domain #02 10.1.1.4
Domain #03 10.1.1.5
  • Check the running domain
XSCF> showdomainstatus -a
DID Domain Status
00 Running
01 -
02 -
03 -
  • Ping to ensure you can connect to the network 
    XSCF> ping 10.1.1.2

PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=2.1 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=2.0 ms
  • Take snapshot after creating a user on the OS. 
    XSCF> snapshot -LF -t test@10.1.1.2:/var/tmp -k download
Posted by No comments:
Labels: , , , ,

Solved: How to scan new LUNs in Redhat Linux

In this post  we will discuss how to scan new LUNs allocated by storage team to a Redhat Linux system.
There are two ways of scanning the LUNs
Method 1:-
Find how many SCSI bus controllers you have

  • Go to directory /sys/class/scsi_host/  and list it’s contents.

cd /sys/class/scsi_host/ 
[root@scsi_host]# ls
host0 host1 host2
[root@scsi_host]#
  • Here we can see we have three SCSI bus controllers. So in below command replace hostX with these directory names.
Run the Command ,
echo "- - -" > /sys/class/scsi_host/hostX/scan 
[root@cloudvedas]# echo "- - -" > /sys/class/scsi_host/host0/scan
[root@cloudvedas]# echo "- - -" > /sys/class/scsi_host/host1/scan
[root@cloudvedas]# echo "- - -" > /sys/class/scsi_host/host2/scan
[root@cloudvedas]# echo "- - -" > /sys/class/scsi_host/host3/scan
TIP:- Here the “- – -” denotes CxTxDx i.e. Channel(controller) , Target ID and Disk or LUN number. This is asked in Linux Admin Interviews also.
  • Repeat the above step for all three directories.
If you have FC HBA in the system you can follow the steps as below:-
  • First check number of FC controllers in your system
#ls /sys/class/fc_hosthost0 host1 host2
  • To scan FC LUNs execute commands as
echo "1" > /sys/class/fc_host/host0/issue_lip
echo "1" > /sys/class/fc_host/host1/issue_lip
echo "1" > /sys/class/fc_host/host2/issue_lip

Tip :- Here echo “1” operation performs a Loop Initialization Protocol (LIP) and then scans the interconnect and causes the SCSI layer to be updated to reflect the devices currently on the bus. A LIP is, essentially, a bus reset,  and will cause device addition and removal. This procedure is necessary to configure a new SCSI target on a Fibre Channel interconnect. Bear in mind that issue_lip is an asynchronous operation.


    

  • Verify if the new disk is visible now
    • 



fdisk -l |egrep '^Disk' |egrep -v 'dm-'

Method 2 :-


    

  • Next method is to scan using SG3 utility. You can install it using
    • 



yum install sg3_utils


    

  • Once installed  run the command
    • 



/usr/bin/rescan-scsi-bus.sh










Posted by






No comments:
  













Labels:
,
,
,
,
,
,
,
,
,
,

























Solved: How to add swap space in Redhat or Ubuntu Linux










In this post  we will see how we can add a file as swap space in Linux. Same steps are to be followed for Redhat and Ubuntu Linux.

Type the following command to create 100MB swap file (1024 * 100MB = 102400 block size):


dd if=/dev/zero of=/swap1 bs=1024 count=102400

Secure swap file

Setup correct file permission for security reasons, enter:


# sudo chown root:root /swap1# sudo chmod 0600 /swap1

Set up a Linux swap area

Type the following command to set up a Linux swap area in a file:


# sudo mkswap /swap1

Activate /swap1 swap space :


# sudo swapon /swap1

Update /etc/fstab file to make it persistent across reboot.


vi /etc/fstab

Add the following line in file:


/swap1 swap swap defaults 0 0

To check if the swap file is added or not

Type the following swapon command:


#sudo swapon -sFilename Type Size Used Priority/dev/dm-0 partition 839676 0 -1/swap1 file 102396 0 -2

It should show you the new file.

If you want add a logical volume for swap please refer how to add LV for swap .









Posted by






No comments:
  













Labels:
,
,
,
,
,
,
,
,

























How to add logical volume for swap in Redhat Linux










In our last post we have seen how to add a file for swap space.

In this post we will see how to add a LVM2 Logical Volume as swap.

Here we have a VG name VG1 in which we will create a volume LV1 of 1GB.


# lvcreate VG1 -n LV1 -L 1G

Format the new swap space using mkswap:


# mkswap /dev/VG1/LV1

Update /etc/fstab file with below entry:


# /dev/VG1/LV1 swap swap defaults 0 0

Enable the extended logical volume:


# swapon -v /dev/VG1/LV1










Posted by






No comments:
  













Labels:
,
,
,
,
,
,
,

















        

      









Subscribe to:
Posts (Atom)