Solved: How to create a soft link in Linux or Solaris

In this post we will see how to create a softlink.
Execute the below command to create a softlink.

[root@cloudvedas ~]# ln -s /usr/interface/HB0 CLV

So now when you list using  “ls -l”  the softlink thus created will look like.

[root@cloudvedas ~]# ls -llrwxrwxrwx. 1 root root 18 Aug 8 23:16 CLV -> /usr/interface/HB0[root@cloudvedas ~]#

Try going inside the link and list the contents.

[root@cloudvedas ~]# cd CLV[root@cloudvedas CLV]# lscloud1 cloud2 cloud3[root@cloudvedas CLV]#

You can see the contents of /usr/interface/HB0 directory.

Solved: How to create a flar image in Solaris and restore it forrecovery

Flar image is a good way to recover your system from crashes. In this post we will see how to create a flar image and use it for recovery of the system.
Flar Creation

• It is recommended that you create flar image in single user mode. Shutdown server and boot it in single user.

#init 0ok>boot -s

• In this example, the FLAR image will be stored to a directory under /flash. The FLAR image will be named recovery_image.flar .

flarcreate -n my_bkp_image1 -c -S -R / -x /flash /flash/recovery_image.flar

• Once the flar image is created. Copy it to your repository system. Here we are using NFS.

cp -p /flash/recovery_image.flar /net/FLAR_recovery/recovery_image.flar

Flar Restoration

• To restore a flar image start the boot process.
• You can boot server either with Solaris CD/DVD or Network
• Go to the ok prompt and run one of the below command:-

For booting the boot media (installation CD/DVD). ok> boot cdromIf you want to boot from network do. 

ok> boot net

• Provide the network, date/time, and password information for the system.
• Once you reach the “Solaris Interactive Installation” part, select “Flash”.
• Provide the path to the system with location of the FLAR image:
  /net/FLAR_recovery/recovery_image.flar
• Select the correct Retrieval Method (HTTP, FTP, NFS) to locate the FLAR image.
• At the Disk Selection screen, select the disk where the FLAR image is to be installed.
• Choose not to preserve existing data.(Be sure you want to restore on selected disk)
• At the File System and Disk Layout screen, select Customize to edit the disk slices to input the values of the disk partition table from the original disk.
• Once the system is rebooted the recovery is complete.

What are the maximum number of usable partitions in a disk in Linux

Linux can generally have two types of Disks. IDE and SCSI.
IDE
By convention, IDE drives will be given device names /dev/hda to /dev/hdd. Hard Drive A (/dev/hda) is the first drive and Hard Drive C (/dev/hdc) is the third.
A typical PC has two IDE controllers, each of which can have two drives connected to it. For example, /dev/hda is the first drive (master) on the first IDE controller and /dev/hdd is the second (slave) drive on the second controller (the fourth IDE drive in the computer).
Maximum usable partitions 63 for IDE disks.
SCSI
SCSI drives follow a similar pattern; They are represented by ‘sd’ instead of ‘hd’. The first partition of the second SCSI drive would therefore be /dev/sdb1.
Maximum usable partitions 15 for SCSI disks.
A partition is labeled to host a certain kind of file system (not to be confused with a volume label). Such a file system could be the linux standard ext2 file system or linux swap space, or even foreign file systems like (Microsoft) NTFS or (Sun) UFS. There is a numerical code associated with each partition type. For example, the code for ext2 is 0x83 and linux swap is 0x82.
To see a list of partition types and their codes, execute /sbin/sfdisk -T

Solved: How to cap memory on a Solaris 10 zone.

If you want to cap the usage of memory for a zone, follow below steps:-

Here we will ensure that zone(zcldvdas) doesn't use more than 3072mb memory.

# zonecfg -z zcldvdas

zonecfg:zcldvdas> add capped-memory

zonecfg:zcldvdas:capped-memory> set physical=3072m

zonecfg:zcldvdas:capped-memory> end

zonecfg:zcldvdas> verify

zonecfg:zcldvdas> commit

zonecfg:zcldvdas> exit

Now if you want to dedicate  3072mb memory to a zone so that it's always available only to this zone. Follow below steps:-

# zonecfg -z zcldvdas

zonecfg:zcldvdas> add capped-memory

zonecfg:zcldvdas:capped-memory> set locked=3072m

zonecfg:zcldvdas:capped-memory> end

zonecfg:zcldvdas> verify

zonecfg:zcldvdas> commit

zonecfg:zcldvdas> exit

You can also use a combination of physical and locked to assign max and min memory to a zone.

In the next example we are assigning maximum memory the zone can use as 3072mb while minimum 1024mb which should always be available to zone.

# zonecfg -z zcldvdas

zonecfg:zcldvdas> add capped-memory

zonecfg:zcldvdas:capped-memory> set physical=3072m

zonecfg:zcldvdas:capped-memory> set locked=1024m

zonecfg:zcldvdas:capped-memory> end

zonecfg:zcldvdas> verify

zonecfg:zcldvdas> commit

zonecfg:zcldvdas> exit

This change will be effective after reboot of the local zone.

zoneadm -z zcldvdas reboot

From Solaris10u4 onwards you can cap the memory online also using rcapadm.

rcapadm -z zcldvdas -m 3G

But remember the changes made my rcapadm are not persistent across reboot so you will still have to make the entry in zonecfg as discussed above.

You can view the set memory using rcapstat from Global Zone.

rcapstat -z 2 5

From local zone you can check this with prtconf.

prtconf -vp | grep Mem

Solved: How to enable auditing of zones from Global Zone in a Solaris10 Server

Auditing is a good way to keep logs of all the activities happening in your Solaris server. In this post we will see how to enable auditing of both global and local zones and store the logs of all in a single file in global zone.

1) In the global zone create a new FS of 20GB and mount it.

mkdir /var/audit/gaudit
mount /dev/md/dsk/d100 /var/audit/gaudit
chmod -R 750 /var/audit/gaudit

2) Modify /etc/security/audit_control and add "lo,ex" before flags and naflags as below.

vi audit_control
#
# Copyright (c) 1988 by Sun Microsystems, Inc.
#
# ident "@(#)audit_control.txt 1.4 00/07/17 SMI"
#
dir:/var/audit/gaudit
flags:lo,ex
minfree:20
naflags:lo,ex

3) Modify /etc/security/audit_startup and add +argv and +zonename entries as described below. This entry will create audit logs for all zones in /var/audit/gaudit .

vi audit_startup
#! /bin/sh
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)audit_startup.txt 1.1 04/06/04 SMI"

/usr/bin/echo "Starting BSM services."
/usr/sbin/auditconfig -setpolicy +cnt
/usr/sbin/auditconfig -conf
/usr/sbin/auditconfig -aconf
/usr/sbin/auditconfig -setpolicy +argv
/usr/sbin/auditconfig -setpolicy +zonename
#

4) Copy audit_control file to /etc/security of each zone or loopback mount them in each zone.

5) Once all the zones are configured enable the audit service by running /etc/security/bsmconv. This will require reboot of system.

6) Check audit logs in /var/audit/gaudit using

auditreduce 20170709091522.not_terminated.solaris1 | praudit

7) For checking logs of a specific zone follow below

root@solaris1 # auditreduce -z zone1 20170709091522.not_terminated.solaris1 | praudit
file,2017-07-09 16:26:00.000 +02:00,
zone,zone1
header,160,2,execve(2),,solaris1,2017-07-09 16:26:00.697 +02:00
path,/usr/sbin/ping
attribute,104555,root,bin,85,200509,0
exec_args,2,ping,127.0.0.1
subject,root,root,root,root,root,2164,2187,0 0 0.0.0.0
return,success,0
zone,zone1
file,2017-07-09 16:26:00.000 +02:00,
root@solaris1 #