51. How to disable remote root login ?
When multiple users have root access to a system, a common security question is who logged in as root? One alternative is to disable remote logins for the root id (chuser -rlogin=false root). This forces users to first login in with their regular user id, then "su -" to root. All "su" activity is captured in /var/adm/sulog, thus answering the question of "who logged in as root."
Comment: In general it is a good practice to disable root remote access as it provides two layers of password protection.
----------------------------------------------------------------------------------------------------------------
52. Replacing a disk drive in AIX.
http://users.ca.astound.net/~baspence/AIXtip/download/failed_disk.pdf
----------------------------------------------------------------------------------------------------------------
53. How to enabling Non-root Users to Administer Passwords ?
The AIX pwdadm command can be used to offload password administration to non-root administrators. The pwdadm command allows the administrator to change anothers password, or force users to change their password at the next login. To enable a non-root administrator to use pwdadm, simply add their ID to the "security" group.
For more information: http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds4/pwdadm.htm
----------------------------------------------------------------------------------------------------------------
54. Fun with device locations
Here are a few commands to locate physical devices. These commands are useful in a partitioned environment where locations are virtual.
lsdev -Cc adapter -s pci - list all adapter slots lsdev -p adapter - lists devices owned by an adapter lsdev -Cl adapter -F parent lists the parent adapter for a device (like a disk drive) lsdev -Cl adapter - virtual device location (for LPARs) lscfg -vl adapter - actual device location So, for example, to locate the physical adapter connected to hdisk0:
# Identify the parent adapterlsdev -Cl hdisk0 -F parent
# Locate the parent adapter lscfg -vl parent
----------------------------------------------------------------------------------------------------------------
55. How to automate setting passwords ?
The "chpasswd" command is easier to use than "passwd" when setting a list of user passwords. It can be used from the command line or shell script. For example, to change passwords for users listed in a file, type the following
cat mypasswords chpasswd
Where the mypasswords file contains
user1:password1user2:password2......
For more information see the following URL
http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds1/chpasswd.htm
----------------------------------------------------------------------------------------------------------------
56. How to list files if 'ls' is missing or corrupt ?
echo *
----------------------------------------------------------------------------------------------------------------
57. How to change the timezone and language in /etc/environment ?
chtz (timezone eg GMT0BST)
chlang (language eg En_GB)
----------------------------------------------------------------------------------------------------------------
58. Find large files
How do you find really large files in a file system:
find . -size +1024 -xdev -exec ls -l {} \;
The -xdev flag is used to only search within the same file system, instead of traversing the full directory tree. The amount specified (1024) is in blocks of 512 bytes.
----------------------------------------------------------------------------------------------------------------
59. Montoring a system without logging in
Let's say you have a helpdesk, where they must be able to run a script under user-id root to check or monitor a system:
First, create a script, you wish your helpdesk to run.
Modify your /etc/inetd.conf file and add:
check stream tcp wait root /usr/local/bin/script.sh
where script.sh is the script you've written.
Modify your /etc/services file and add:
check 4321/tcp
You may change the portnumber to anything you like, as long as it's not in use.
Now, you may run:
telnet [system] 4321
and your script will be magically run and it's output displayed on your screen. If the output of the script isn't displayed on your screen very long, just put a sleep command at the end of your script.
----------------------------------------------------------------------------------------------------------------
60. Changing maxuproc requires a reboot?
When you change MAXUPROC (Maximum number of processes allowed per user), the smitty help panel will tell you that changes to this operating system parameter will take effect after the next system reboot.
This is wrong Help information. The change takes effect immediately, if MAXUPROC is increased. If it is decreased, then it will take effect after the next system reboot.
This help panel text from smitty will be changed in AIX 5.3. APAR IY52397.
----------------------------------------------------------------------------------------------------------------
61. Defunct processes
Defunct processes are commonly known as "zombies". You can't "kill" a zombie as it is already dead. Zombies are created when a process (typically a child process) terminates either abnormally or normally and it's spawning process (typically a parent process) does not "wait" for it (or has yet to "wait" for it) to return an exit status.
It should be noted that zombies DO NOT consume any system resources (except a process slot in the process table). They are there to stay until the server is rebooted.
Zombies commonly occur on programs that were (incompletely) ported from old BSD systems to modern SysV systems, because the semantics of signals and/or waiting is different between these two OS families.
------------------------------------------------------------------------------------------------
62. DLpar with DVD-ROM
Adding a DVD-ROM with DLpar is very easy. Removing however, can be somewhat more difficult, especially when you've run cfgmgr and devices have been configured.
This is how to remove it:
#rmdev -dl cd0
(Remove all cdrom devices found with lsdev -Cc cdrom)
#rmdev -dl ide0
Then remove the devices found with
# lsdev -C grep pci
All PCI devices still in use, can not be removed. The one not in use, is the PCI device where the DVD-ROM drive on was configured. You have to remove it before you can do a DLPAR remove operation on it.
Now do your DLPAR remove operation n HMC
------------------------------------------------------------------------------------------------
63. How do you send an attachment via mail from AIX ?
Uuencode is the answer:
uuencode [source-file] [filename].b64 mail -v -s "subject" [email-address]
For example:
# uuencode /etc/motd motd.b64 mail -v -s "Message of the day" email@hostname.comI
use the .b64 extension which gets recognized by Winzip. When you received your email in Outlook, you will have an attachment, which can be opened by Winzip.
------------------------------------------------------------------------------------------------
64. FTP umask
A way to change the default 027 umask of ftp is to change the entry in /etc/inetd.conf for ftpd:
ftp stream tcp6 nowait root /usr/sbin/ftpd -l -u 117
This will create files with umask 117 (mode 660).
Using the -l option will make sure the FTP sessions are logged to the syslogd. If you want to see these FTP messages in the syslogd output, then you should add in /etc/syslog.conf:
No comments:
Post a Comment