Protect your system from internal & external security vulnerabilities
Solaris security broadly falls under two groups – one is where the system is accessible using local area network/vlan and it has to be secured against unauthorized access. Second is system is accessible over the Internet to a number of persons and it has to be protected against unauthorized access using network or security loopholes.
This document details some of the focus areas for security and provides suggestions to make it strong.
Solaris installation poses a challenges to the new Solaris sysadmins who have never done the installation of Solaris before . Though the installation itself is simple and straight forward but doing it the first time comes with its own anxiety associated with unexplored and unknown things .
Booting problems poses serious challenge to the system administrators as system is down and no one can use it . This article tries to cover some of the general booting problems and their possible solutions to enable understand the problem cause and bring the system up very quickly.
Following are some of the booting issues ,error messages their meaning and possible solutions discussed in this article.
Understanding the booting process is important in the sense that you can get a clear idea when a system faces a booting problem if you are familiar with the booting sequence and steps involved. You can thereby isolate a booting phase and quickly resolve the issues.
DNS Server Setup & Configuration in Unix
Domain name services resolves names to the ip addresses of clients and vice verse. Domain name system provides a convenient way of finding computer systems in network based on its name and ip address . With increased internet usage and globalization of companies setting up of DNS servers has become a major responsibility of system administrators worldwide .
vxassist utility in veritas volume manager is used to create volumes, add mirrors and logs to existing volumes, extend and shrink existing volumes, provides for the migration of data from a specified set of disks, and provides facilities for the on-line back up of existing volumes.
The default behavior of vxassist is to create volumes in the rootdg diskgroup if diskgroup is not specified . The default length is taken as number of blocks but this can be specified in Kilobytes or Megabytes or Gigabytes.
DNS troubleshooting , this article describes some of the common dns problems and their solutions.
First phase of article describes dns errors relating to configuration , server setup and its basic functionality . Second phase talks about the nslookup related errors when the dns servers seems to be working correctly but names resolution fail .
This document is primarily written with reference to Solaris performance monitoring and tuning but these tools are available in other Unix variants & Linux also with slight syntax difference.
iostat , vmstat and netstat are three most commonly used tools for performance monitoring . These comes built in with the operating system and are easy to use .iostat stands for input output statistics and reports statistics for i/o devices such as disk drives . vmstat gives the statistics for virtual Memory and netstat gives the network statistics .
Following pages describes these tools and their usage for performance monitoring explains their syntax , examples and explanantion of results and solution for the common problems.
iostat – Input Output statistics
iostat reports terminal and disk I/O activity and CPU utilization. The first line of output is for the time period since boot & each subsequent line is for the prior interval . Kernel maintains a number of counters to keep track of the values.
iostat’s activity class options default to tdc (terminal, disk, and CPU). If any other option/s are specified, this default is completely overridden i.e. iostat -d will report only statistics about the disks.
Basic synctax is iostat interval count
option – let you specify the device for which information is needed like disk , cpu or terminal. (-d , -c , -t or -tdc ) . x options gives the extended statistics .
interval – is time period in seconds between two samples . iostat 4 will give data at each 4 seconds interval.
count – is the number of times the data is needed . iostat 4 5 will give data at 4 seconds interval 5 times
$ iostat -xtc 5 2 extended disk statistics tty cpu disk r/s w/s Kr/s Kw/s wait actv svc_t %w %b tin tout us sy wt id sd0 2.6 3.0 20.7 22.7 0.1 0.2 59.2 6 19 0 84 3 85 11 0 sd1 4.2 1.0 33.5 8.0 0.0 0.2 47.2 2 23 sd2 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0 sd3 10.2 1.6 51.4 12.8 0.1 0.3 31.2 3 31 The fields have the following meanings: disk name of the disk r/s reads per second w/s writes per second Kr/s kilobytes read per second Kw/s kilobytes written per second wait average number of transactions waiting for service (Q length) actv average number of transactions actively being serviced (removed from the queue but not yet completed) %w percent of time there are transactions waiting for service (queue non-empty) %b percent of time the disk is busy (transactions in progress)
iostat Results and Solutions
The values to look from the iostat output are:
* Reads/writes per second (r/s , w/s)
* Percentage busy (%b)
* Service time (svc_t)
If a disk shows consistently high reads/writes along with , the percentage busy (%b) of the disks is greater than 5 percent, and the average service time (svc_t) is greater than 30 milliseconds, then one of the following action needs to be taken
- Tune the application to use disk i/o more efficiently by modifying the disk queries and using available cache facilities of application servers .
- Spread the file system of the disk on to two or more disk using disk striping feature of volume manager /disksuite etc.
- Increase the system parameter values for inode cache , ufs_ninode , which is Number of inodes to be held in memory. Inodes are cached globally (for UFS), not on a per-file system basis
- Move the file system to another faster disk /controller or replace existing disk/controller to a faster one.
fsck, similar to chkdsk in windows, checks and repairs the file system in Unix & Linux operating systems. Learn about fsck modes, phases & fsck errors messages
fsck, File System Consistency checK, is a system utility in Unix, Linux and other Unix like systems for checking and repairing file system inconsistencies.
File system can become inconsistent due to several reasons and the most common is abnormal shutdown due to hardware failure, power failure or switching off the system without proper shutdown. Due to these reasons the superblock in a file system is not updated and has mismatched information relating to system data blocks, free blocks and inodes.
fsck in Linux
fsck in this document is refered with reference to ufs file system but it can be used in Linux systems as
fsck -t ext2 /dev/sda3
it returns with any of the followig code
0 – No errors
1 – File system errors corrected
2 – System should be rebooted
4 – File system errors left uncorrected
8 – Operational error
16 – Usage or syntax error
32 – Fsck canceled by user request
128 – Shared library error
fsck checks the file systems defined in /etc/fstab in Linux and /etc/vfstab in Unix systems