Tuesday, September 24, 2013

Solaris 10 - Notes

SunOS Relase 5.10 Version
            Solaris 10 1/06 s10x_u1wos_19a x86
Oracle Solaris 10 9/10 s10x_u9wos_14a x86
Oracle Solaris 10 8/11 s10x_u10wos_17b x86 - Generic_147441-01 64bit
Oracle Solaris 10 1/13 s10x_u11wos_24a x86 - sol-10-u11-ga-x86-dvd.iso / sol-10-u11-companion-ga.iso

Solaris 10     03/05
Solaris 10 update 1     01/06
Solaris 10 update 2     06/06
Solaris 10 update 3     11/06
Solaris 10 update 4     08/07
Solaris 10 update 5     05/08
Solaris 10 update 6     10/08
Solaris 10 update 7     5/09
Solaris 10 update 8     10/09
Solaris 10 update 9     09/10
Solaris 10 update 10     08/11
Solaris 10 update 11     01/13

After the Solaris installation finished you got to modify these things.

1. Login with 'root' user

2.To create group and user account:
#groupadd -g 500 unixmin
#useradd -u 500 -g unixmin -d /export/home/zawhtet -m -s /usr/bin/bash -c "Zaw Htet" zawhtet
#passwd zawhtet

3.Create no login user for Services (Optional)
#groupadd -g 501 squid
#useradd -u 501 -g squid -s /usr/bin/false -c "Squid Admin" squid

4.To change the login name and home directory for - user2 (new) to user1 (old).
#usermod -m -d /export/home/user1 -l user1 user2

For Testing, create user2 first,
#useradd -u 503 -g unixmin -d /export/home/user2 -m -s /usr/bin/bash -c "User 2" user2
Then modify, user2 login name and home directory become user1
#usermod -m -d /export/home/user1 -l user1 user2

Note: Even we modified the user's home directory and login name, User2 name still remains/ also put the account to random group.

#cat /etc/passwd
user1:x:503:500:User 2:/export/home/user1:/usr/bin/bash

5.Deleting User Accounts
#userdel  user1  - to remove the user1 account
#userdel -r user1 - This command also remove the user's Home Directory

6.Deleting Group
cat /etc/group

7.When we first login to terminal, you will see that you got "/bin/sh"
#echo $SHELL

Note: When you edit the file even with root account you will get Read-Only message
If you want to save after you open file with Vi editor use ':wq!'

bash-3.00# whereis bash
bash: /usr/bin/bash /usr/man/man1/bash.1

8.If you want to set root or your user account, permanently login to bash shell
vi  /etc/passwd
change to

9. Create '.bash_profile' file under '/' then copy to /root (#cp   .*   /root)
vi .bash_profile
export PATH=$PATH:/usr/sfw/bin/:/opt/sfw/bin/:/opt/sfw/squid/$:/root/moshell:/usr/dt/bin:/opt/CTXSmf/bin:/opt/CTXSmf/sbin:/usr/apache2/bin
export PS1='[\u@\h \W]\$ '
export HISTSIZE=5000
alias ls='ls -l'
alias netstat='netstat -an |grep LISTEN'
alias h='history'
alias lsd='ls -ACF \!* | more'
alias lsl='ls -alh | less'
alias lst='ls -alt \!* | more'
alias plm='ps -elf | more'
alias plg='ps -elf | grep "\!*" | sort -n +3 -4'
alias psm='ps -ef | more'
alias psg='ps -ef | grep "\!*" | sort -n +1 -2'

10.refresh the profile with logout
source ~root/.bash_profile
.  ~root/.bash_profile
#env or  set 
#echo $PATH

11.Make root account to login to his home directory
vi  /etc/passwd
change to

12.Make SSH login permission to root user
vi  /etc/ssh/sshd_config
PermitRootLogin  yes

13.Restart SSH service
#svcadm enable ssh
#svcadm refresh ssh
#svcs -a | grep ssh
#netstat -an | grep LISTEN

14.IPFilter for Solaris Firewall
svcadm enable ipfilter
svcs -a|grep pfil
/usr/share/ipfilter/examples. Just copy one of them over /etc/ipf/ipf.conf

#ipf  -Fa  -f  /etc/ipf/ipf.conf
pass in all
pass out all

routeadm -u -e ipv4-forwarding 

vi  /etc/ipf/ipf.conf

pass in quick on lo0 all
pass out quick on lo0 all
block in log on e1000g0 all
block out log on e1000g0 all
pass out quick on e1000g0 proto tcp/udp from any to any keep state
pass out quick on e1000g0 proto icmp all keep state
pass in quick on e1000g0 proto icmp all keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state
pass in quick proto udp from any to any port = 67 keep state

# Allow all traffic on loopback
pass in quick on lo0 all
pass out quick on lo0 all
# Public Network.   Block everything not explicitly allowed.
block in log on e1000g0 all
block out log on e1000g0 all

# Allow all connection out from this computer
pass out quick on e1000g0 proto tcp/udp from any to any keep state

# Allow pings out
pass out quick on e1000g0 proto icmp all keep state

# Allow pings in
pass in quick on e1000g0 proto icmp all keep state

# Allow ssh connection on port 22 to Laptop(
pass in quick proto tcp from to port=22 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state

-bash-3.00# cat reloadipf.sh
# Last Modified On: 25-FEB-2006

# Script to reload the IFP
ipf -Fa -f /etc/ipf/ipf.conf

ipf -E  : Enable ipfilter when running for the   first time.(Needed for ipf on Tru64)
ipf -f /etc/ipf/ipf.conf  : Load rules in /etc/ipf/ipf.conf file into the active firewall.
ipf -Fa -f /etc/ipf/ipf.conf : Flush all rules, then load rules in /etc/ipf/ipf.conf   into active firwall.
ipf -Fi  : Flush all input rules.
ipf -I -f /etc/ipf/ipf.conf : Load rules in /etc/ipf/ipf.conf file into inactive firewall.
ipf -V  : Show version info and active list.
ipf -s  : Swap active and inactive firewalls.
ipfstat  : Show summary
ipfstat -i : Show input list
ipfstat -o : Show output list
ipfstat -hio : Show hits against all rules
ipfstat -t -T 5 : Monitor the state table and refresh every 5 seconds.   Output is similiar to 'top' monitoring the process table.
ipmon -s S : Watch state table.
ipmon -sn : Write logged entries to syslog, and convert back   to hostnames and servicenames.
ipmon -s [file] : Write logged entries to some file.
ipmon -Ds : Run ipmon as a daemon, and log to default location.  (/var/adm/messages for Solaris) (/var/log/syslog for Tru64)

15. Solaris 10 Static IP Configuration
svcadm  restart network/physical

16. Solaris 10 Dynamic IP Configuration, make sure following files are blank
svcadm  restart network/physical

#/usr/sbin/netservices    limited

17. Check Port Open  status
#netstat -n -f inet 
#netstat –anf  inet -P tcp
#netstat -anf  inet –P udp
#netstat   -nr
lsof  -i   TCP
lsof  -I  TCP  | grep LISTEN

18. Package management
If you want to add more Solaris packages from DVD, after you installed the Solaris
first insert the DVD and mount the DVD by

Remount volume manager
#/etc/init.d/volmgt stop
#/etc/init.d/volmgt start
# ls /cdrom/cdrom0
# cd /cdrom/cdrom0/Solaris_10/Product

or mount manually from
#mount -F  hsfs  /dev/dsk/c0t0d0p0   /mnt

19.mount ISO file
#lofiadm -a /tmp/companion-sparc-sol10.iso /dev/lofi/1
#mount -F hsfs -o ro /dev/lofi/1 /mnt

20. CD Burning
#cdrw -l
Looking for CD devices...
    Node            Connected Device            Device type
 /dev/rdsk/c2t0d0s2   | MATSHITA DVD-RAM UJ-845S  D200 | CD Reader/Writer
#cdrw -d c2t0d0s2 -i companion-sparc-sol10.iso

21. Package installation
#ls  /mnt/Solaris_10/Product
Solaris Packages start with 'SUNW*'

If you want to add one package
#pkgadd  -d  .  SUNWbash
Normally these packages install to '/usr/sfw'

Or you want to manually download bz2 package from internet and install like this
bunzip2 firefox-24.0.en-US.solaris-10-fcs-i386-pkg.bz2
pkgadd -d firefox-24.0.en-US.solaris-10-fcs-i386-pkg

Decompress tar.gz file
#gunzip   vmware-solaris-tools.tar.gz   |tar    -xv
#tar  xvf   vmware-solaris-tools.tar.gz
#gunzip -c NTXNxge-2.10-solaris10-i386.tar.gz | tar xvf -

If your package is in .bz2 format then first uncompress it using bunzip2 command:
#bunzip2 Packagname.bz2

Install package:
#pkgadd –d Packagname
Note .bz2 extension will automatically removed by first command.
For example if your package name is SFWqt.bz2

#buzip2 SFWqt.bz2
#pkgadd –d SFWqt

Add Packages from DVD to /var/spool/pkg
#Pkgadd    -d    /cdrom/sol_10_910_x86/Solaris_10/Product/     -s /var/spool/pkg/     SUNWgtar
#pkgadd  SUNWgtar
#pkgadd –d     /path/to/cdrom/Product    SUNWjaf     SUNWjato    SUNWjmail
#pkginfo -l | grep wget
#pkginfo -l SUNWwgetu

#gunzip lsof_1106-4.80-sol10-sparc-local.gz
#pkgadd -d lsof_1106-4.80-sol10-sparc-local or *.pkg

If gunzip cannot run add the variable path to

For installing all the packages, create an install administration file such as:
 # cat /var/tmp/admin
#pkgadd -a /var/tmp/admin -d /cdrom/cdrom/Solaris_Software_Companion/Solaris_i386/

Download zipped ISO from http://www.sun.com/software/solaris/freeware/
# unzip sol-10-u8-companion-ga-iso.zip
# lofiadm -a `pwd`/sol-10-u8-companion-ga.iso
# mount -oro -Fhsfs /dev/lofi/1 /mnt
# /bin/yes | pkgadd -d /mnt/Solaris_Software_Companion/Solaris_sparc/Packages all
# pkgrm SFWvnc
# umount /mnt
# lofiadm -d `pwd`/sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga-iso.zip

22.To remove package

23.System Info Commands

#cat /etc/release
#uname -a
#prtconf  | grep -i memory
#psrinfo -pv
#isainfo -bv
#date '+DateTime: %m.%d.%y @ %H:%M:%S'
date mmddHHMMccyy
date  091810022013  
#ps -ef
#ps -U root
#tty / w
#pgrep sshd  
#pgrep -o sshd
#pgrep -o sshd 
#pkill (PID) or sshd
#pwdx (PID) - Lists the working directories of process
#svcs -o FMRI,DESC 

24.KDE Login after intallation from Companion DVD

25.To disable the GUI login Solaris
First login with ssh and Kill desktop login
#/usr/dt/bin/dtconfig -kill
#/usr/dt/bin/dtconfig -d
#/usr/dt/bin/dtconfig -e
#/usr/dt/bin/dtconfig -reset
#/usr/dt/bin/dtconfig -inetd

26.Static Routing (-p) option for permanent route
#route -p add -net
                              Network         Gateway
add net gateway
add persistent net gateway

The above created route would still appear the same in a listing of the
routing table, however, you may notice that there is a secondary line
of output upon creating the route:

add persistent net gateway

This simply means that the 'route' command updated config file
/etc/inet/static_routes.  By default, this file will not exist until
a static route is created via 'route -p' or you create it.  Before
getting to contents, the following are the ownership / permissions set
to the file by 'route':

#ls -l /etc/inet/static_routes
-rw-r--r--   1 root     root          45 Oct  6 13:35 /etc/inet/static_routes
And now, the contents, which are effectively the arguments to 'route add':

#cat /etc/inet/static_routes

# File generated by route(1M) - do not edit.

Yes, I know it says do not edit, though in checking out the source of
'route' via opensolaris.org, it doesn't appear that manual editing
is an issue.  Finally, Solaris has a native, standardized means of
configuring persistent static routes.

Additionally, to remove a static route, delete it from
/etc/inet/static_routes and remove via 'route' or simply use the following
'route' command:

#route -p delete -net

27.Bind DNS Server Solaris

#pkginfo -x |grep -i bind
SUNWbind                          BIND DNS Name server and tools
SUNWbindr                         BIND Name server Manifest

#pkgchk -l SUNWbind (Client & Server Utilities)
#pkgchk -l SUNWbindr | grep -i pathname | less

#dig linuxcbt.com ns

#ls -l /usr/sbin/named

#ls -l /usr/sbin/in.named

#ls -ltr /var/named

#vi /etc/named.conf 

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        listen-on port 53 {;; };
        allow-query { localhost;; };
        forwarders {;; };
        recursion yes;
        max-cache-size 100m;
        cleaning-interval 60;

zone "." {
        type hint;
        file "named.root";

zone "mmx.com" {
        type master;
        file "db.mmx.com";
        allow-update { none; };

zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.127.0.0";

zone "100.168.192.in-addr.arpa" {
        type master;
        file "db.192.168.100";
        allow-update { none; };

@ is a variable which indicates the name of the zone as configured in /etc/named.conf

vi   /var/named/db.127.0.0
$TTL 28800
@ IN SOA  ns1.mmx.com.  zawhtet.mmx.com. (
    2013100301 ; serial number yyyymmdd01
     7200 ; Refresh Interval
    3600 ; Retry Interval
    86400 ; Expiry
    600 )  ; Minimum TTL
    NS    ns1.
1  IN    PTR   localhost.mmx.com.

vi   /var/named/db.192.168.100
$TTL 28800
@ IN SOA  ns1.mmx.com.  zawhtet.mmx.com. (
    2013100301 ; serial number yyyymmdd01
     7200 ; Refresh Interval
    3600 ; Retry Interval
    86400 ; Expiry
    600 )  ; Minimum TTL
    NS    ns1.
89  IN    PTR   ns1.

vi  /var/named/db.mmx.com
$TTL 28800
@ IN SOA  ns1.mmx.com.  zawhtet.mmx.com. (
    2013100301 ; serial number yyyymmdd01
     7200 ; Refresh Interval
    3600 ; Retry Interval
    86400 ; Expiry
    600 )  ; Minimum TTL
    NS    ns1.
    IN  MX  10 ns1.mmx.com.

ns1 IN  A
www    CNAME  ns1.mmx.com.

#svcadm enable / restart dns/server
#dig @localhost ns1.mmx.com
#svcs -l dns/server
#dig @localhost ns1.mmx.com
#dig @localhost msn.com
#dig @localhost www.mmx.com
#named-checkconf -z /etc/named.conf
#svcs  -a \*dns\*

Slave DNS Server

Copy following files to slave server:

1. /var/named/db.127.0.0 - Houses reverse, loopback zone info
2. /var/named/named.root - root hints
3. /etc/named.conf

cd /var/named

scp db.127.0.0 db.cache /etc/named.conf

On Slave DNS Server

cp /root/db.*  /var/named
cp /root/named.conf /etc

vi /etc/named.conf 

options {
    directory "/var/named";
    allow-query { localhost;; };

zone "." {
    type hint;
    file "named.root";

zone "mmx.com" {
    type slave;
    file "db.mmx.com";
    masters {; };

zone "0.0.127.in-addr.arpa" {
    type master;
    file "db.127.0.0";

zone "1.168.192.in-addr.arpa" {
    type slave;
    file "db.192.168.1";
    masters {; };

4. After synchronized with Master server

db.mmx.com - will download to /var/named on Slave DNS Server.

28. Install and Configure dhcp server from console

#pkginfo | grep DHCP

If it is not installed then install it from solaris CD
# pkgadd  -d . SUNWdhc*

#which dhcpmgr

no   dhcpmgr in /usr/bin /usr/sbin /usr/sfw/bin /opt/sfw/bin /usr/dt/bin

#/usr/sadm/admin/bin/dhcpmgr & (Everyone can configure DHCP Server from GUI)


If there's no DHCP manager . let's configure it

#ifconfig -a
#netstat -rn
Then create dhcp database

#dhcpconfig  -D -r SUNWfiles -p /var/dhcp/ -a; -d mmx.com -l 86400

(Note: - DNS Server / mmx.com = domain / Lease time = 86400)


#dhcpconfig  -D -r SUNWfiles -p /var/dhcp/

Created DHCP configuration file.
Created dhcptab.
Added "Locale" macro to dhcptab.
Added server macro to dhcptab - solaris-1.
DHCP server started.

#svcs -a | grep dhcp
online         18:57:30 svc:/network/dhcp-server:default

#dhtadm -P

Now configure network and IP

#dhcpconfig -N -m -t
(Note: = Gateway)

#pntadm -P

#dhcpconfig --help

#pntadm -r SUNWfiles -p /var/dhcp/ -A
#pntadm -r SUNWfiles -p /var/dhcp/ -A
#pntadm -r SUNWfiles -p /var/dhcp/ -A
#pntadm -r SUNWfiles -p /var/dhcp/ -A


#pntadm  -A –f  MANUAL -i 01001BFC92BC10 -m -y

#pntadm -P

#pntadm -L

#dhtadm -P

#svcadm restart dhcp-server

#svcs -a | grep dhcp

find  /usr/ -name in.dhcp

#/usr/lib/inet/in.dhcpd -i e1000g0 -d -v

#pntadm -P

If a DHCP server is already configured, you can unconfigure it by using the
dhcpconfig command with the unconfigure flag. For example:

# dhcpconfig -Ux


netstat -a - return all protocols for all address families (TCP/UDP/Unix)
netstat -an - 'n' disable name resolution
netstat -i - State of Interfaces
netstat -in - show state of interface and disable name resolution
netstat -m - return streams (TCP) statistics
netstat -p - net to media info (MAC /layer-2 info) similar to run 'arp'
netstat -P tcp / udp
netstat -rn - return routing table
netstat -D - Check DHCP configuration
netstat -an -f inet - IPv4 info
netstat -an -f inet6 - IPv6
netstat -an -f unix - Unix domain sockets
netstat -an -f inet -P tcp - IPv4 Active TCP Connection
netstat -an -f inet -P udp - IPv4 Active UDP Connection
netstat -ant  | grep  :22  (Linux box)

Network Configuration

1. On Solaris Machine, login with root user then check the network interface status

#dladm show-dev  - check network interface
#dladm show-link - connected interfaces

#ifconfig -a
#ifconfig e1000g0

#svcs -a | grep physical
#svcs -a | grep loopback

2. if your system don't have hostname yet, you can add by

echo "solaris-1" > /etc/nodename

3. you can add static IP address via

echo "" > /etc/hostname.e1000g0

echo "" > /etc/hostname.iprb0

4. Add the domain name 'example.com'
 echo "example.com" > /etc/defaultdomain

5. Add Networks or netmasks
echo "" > /etc/inet/netmasks

6. Add your hostname to hosts file
Hosts - /etc/hosts = /etc/inet/hosts  solaris-1.example.com solaris-1

7. Add DNS Server IP address
echo "nameserver" > /etc/resolv.conf

8. vi  /etc/defaultrouter,,

Name service config file - /etc/nsswitch.conf

[root@solaris-1 /]# ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
        inet netmask ff000000
e1000g0: flags=1004843 mtu 1500 index 2
        inet netmask ffff0000 broadcast
        ether 8:0:27:72:1f:c5

[root@solaris-1 /]# dladm show-link
e1000g0         type: non-vlan  mtu: 1500       device: e1000g0

[root@solaris-1 /]# dladm show-dev
e1000g0         link: up        speed: 1000  Mbps       duplex: full

[root@solaris-1 /]#ifconfig e1000g0 dhcp status

#ps -ef | grep -i agent  

#echo  "" > hostname.e1000g0 && echo $?
#echo  "solaris-1" > /etc/nodename

Plumb/enable the iprb0 100Mb/s interface
#ifconfig iprb0 plumb up - enable the interface
#ifconfig iprb0 netmask - this will enable Layer-3 IPv4 address
#ifconfig iprb0 unplumb down - disable the interface

1. echo "" > /etc/hostname.iprb0
2. create entry in /etc/hosts
3. echo "" > /etc/inet/netmasks

#ifconfig iprb0 up && ifconfig iprb0
#ifconfig iprb0 down && ifconfig iprb0

e1000g0 (physical interface) - apache website)
          Apache Website)
          (Use for SSH)


ifconfig e1000g0 addif (RFC-1918 - defaults /24)

This will automatically create an 'e1000g0:1' interface

#ifconfig e1000g0:1 up && ifconfig -a

1. vi /etc/hostname.e1000g0:1 -
2. vi /etc/hostname.e1000g0:2 -
3. vi /etc/hostname.iprb0:1 -
4. update /etc/hosts

#ifconfig e1000g0 removeif
#ifconfig iprb0 removeif


1. DNS
2. Passwd /etc/passwd,/etc/shadow,/etc/group
3. protocols /etc/inet/protocols
4. ethers or mac-to-IP mappings

Add swap partition on system

swap -l - list available swap devices and / or swap files

swap -s - lists swap space including physical memory in 1024byte increments

#mkfile - creates zero-filled swap file
#swap -a - activates the swap file

#mkfile 512m  /media/swap2 - creates swap file
#mkfile 1024m  /media/swap3 - creates swap file
#mkfile 2048m /dev/dsk/c0t2d0s0 - creates swap files

#swap -a /media/swap2 - activates swap file
#swap -a /media/swap3 - activates swap file
#swap -a /dev/dsk/c0t2d0s0 - activates swap file

vi /etc/vfstab
/media/swap2  -  -  swap - no -

swap -d /media/swap2 - removes swap space from kernel - does not remove the file

Check Free Memory

#vmstat 1 2 | tail -1 | awk '{printf "%d%s\n", ($5*4)/1024, "MB" }'

#top -h -d 1

#vmstat 5 10

#mpstat 10 60

#prstat -a -s size

#echo ::memstat | mdb -k

Kernel: memory used for non-pageable kernel allocations

Anon: anonymous memory (process heaps, stack, share memory mappings, etc. etc.)

Exec and libs: memory used for mapped files like executables and libraries

Page cache: amount of unmapped page cache including data stored in /tmp

Free (cachelist): amount of page cache on free list, majority used by file system caches

Free (freelist): amount of memory that is actually really free

#prstat -Z

#kstat zfs::arcstats:size

#kstat -p -c misc -m cpu_stat

#kstat -T d -p :::physmem :::pp_kernel zfs:::size :::pagesfree 1 3

No comments: