SunOS Relase 5.10 Version
Solaris 10 1/06 s10x_u1wos_19a x86
Oracle Solaris 10 9/10 s10x_u9wos_14a x86
Solaris 10 03/05
Solaris 10 update 1 01/06
Solaris 10 update 2 06/06
Solaris 10 update 3 11/06
Solaris 10 update 4 08/07
Solaris 10 update 5 05/08
Solaris 10 update 6 10/08
Solaris 10 update 7 5/09
Solaris 10 update 8 10/09
Solaris 10 update 9 09/10
1. Login with 'root' user
2.To create group and user account:
#groupadd -g 500 unixmin
#useradd -u 500 -g unixmin -d /export/home/zawhtet -m -s /usr/bin/bash -c "Zaw Htet" zawhtet
#passwd zawhtet
3.Create no login user for Services (Optional)
#groupadd -g 501 squid
#useradd -u 501 -g squid -s /usr/bin/false -c "Squid Admin" squid
4.To change the login name and home directory for - user2 (new) to user1 (old).
#usermod -m -d /export/home/user1 -l user1 user2
Then modify, user2 login name and home directory become user1
#usermod -m -d /export/home/user1 -l user1 user2
Note: Even we modified the user's home directory and login name, User2 name still remains/ also put the account to random group.
#cat /etc/passwd
user1:x:503:500:User 2:/export/home/user1:/usr/bin/bash
5.Deleting User Accounts
#userdel user1 - to remove the user1 account
#userdel -r user1 - This command also remove the user's Home Directory
6.Deleting Group
#groupdel
cat /etc/group
7.When we first login to terminal, you will see that you got "/bin/sh"
#echo $SHELL
/bin/sh
#bash
bash-3.00$
bash-3.00# whereis bash
bash: /usr/bin/bash /usr/man/man1/bash.1
8.If you want to set root or your user account, permanently login to bash shell
vi /etc/passwd
root:x:0:0:Super-User:/:/bin/sh
change to
root:x:0:0:Super-User:/:/bin/bash
9. Create '.bash_profile' file under '/' then copy to /root (#cp .* /root)
vi .bash_profile
export PATH=$PATH:/usr/sfw/bin/:/opt/sfw/bin/:/opt/sfw/squid/$:/root/moshell:/usr/dt/bin:/opt/CTXSmf/bin:/opt/CTXSmf/sbin:/usr/apache2/bin
export PS1='[\u@\h \W]\$ '
export HISTSIZE=5000
alias ls='ls -l'
alias netstat='netstat -an |grep LISTEN'
alias h='history'
alias lsd='ls -ACF \!* | more'
alias lsl='ls -alh | less'
alias lst='ls -alt \!* | more'
alias plm='ps -elf | more'
alias plg='ps -elf | grep "\!*" | sort -n +3 -4'
alias psm='ps -ef | more'
alias psg='ps -ef | grep "\!*" | sort -n +1 -2'
10.refresh the profile with logout
source ~root/.bash_profile
. ~root/.bash_profile
#env or set
#echo $PATH
/usr/sbin:/usr/bin:/usr/sfw/bin/
#export
11.Make root account to login to his home directory
vi /etc/passwd
root:x:0:0:Super-User:/:/bin/bash
change to
root:x:0:0:Super-User:/root:/bin/bash
12.Make SSH login permission to root user
vi /etc/ssh/sshd_config
PermitRootLogin yes
13.Restart SSH service
#svcadm enable ssh
#svcadm refresh ssh
#svcs -a | grep ssh
#netstat -an | grep LISTEN
14.IPFilter for Solaris Firewall
svcadm enable ipfilter
svcs -a|grep pfil
/usr/share/ipfilter/examples. Just copy one of them over /etc/ipf/ipf.conf
#ipf -Fa -f /etc/ipf/ipf.conf
pass in all
pass out all
routeadm -u -e ipv4-forwarding
vi /etc/ipf/ipf.conf
pass in quick on lo0 all
pass out quick on lo0 all
block in log on e1000g0 all
block out log on e1000g0 all
pass out quick on e1000g0 proto tcp/udp from any to any keep state
pass out quick on e1000g0 proto icmp all keep state
pass in quick on e1000g0 proto icmp all keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state
pass in quick proto udp from any to any port = 67 keep state
# Allow all traffic on loopback
pass in quick on lo0 all
pass out quick on lo0 all
# Public Network. Block everything not explicitly allowed.
block in log on e1000g0 all
block out log on e1000g0 all
# Allow all connection out from this computer
pass out quick on e1000g0 proto tcp/udp from any to any keep state
# Allow pings out
pass out quick on e1000g0 proto icmp all keep state
# Allow pings in
pass in quick on e1000g0 proto icmp all keep state
# Allow ssh connection on port 22 to Laptop(192.168.0.1)
pass in quick proto tcp from 192.168.0.1 to 192.168.0.254 port=22 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state
-bash-3.00# cat reloadipf.sh
#!/bin/sh
# Last Modified On: 25-FEB-2006
# Script to reload the IFP
ipf -Fa -f /etc/ipf/ipf.conf
-bash-3.00#
ipf -E : Enable ipfilter when running for the first time.(Needed for ipf on Tru64)
ipf -f /etc/ipf/ipf.conf : Load rules in /etc/ipf/ipf.conf file into the active firewall.
ipf -Fa -f /etc/ipf/ipf.conf : Flush all rules, then load rules in /etc/ipf/ipf.conf into active firwall.
ipf -Fi : Flush all input rules.
ipf -I -f /etc/ipf/ipf.conf : Load rules in /etc/ipf/ipf.conf file into inactive firewall.
ipf -V : Show version info and active list.
ipf -s : Swap active and inactive firewalls.
ipfstat : Show summary
ipfstat -i : Show input list
ipfstat -o : Show output list
ipfstat -hio : Show hits against all rules
ipfstat -t -T 5 : Monitor the state table and refresh every 5 seconds. Output is similiar to 'top' monitoring the process table.
ipmon -s S : Watch state table.
ipmon -sn : Write logged entries to syslog, and convert back to hostnames and servicenames.
ipmon -s [file] : Write logged entries to some file.
ipmon -Ds : Run ipmon as a daemon, and log to default location. (/var/adm/messages for Solaris) (/var/log/syslog for Tru64)
/etc/hosts
/etc/inet/hosts
/etc/hostname.e1000g0
/etc/inet/ipnodes
/etc/inet/netmasks
/etc/defaultdomain
/etc/defaultrouter
/etc/resolv.conf
svcadm restart network/physical
16. Solaris 10 Dynamic IP Configuration, make sure following files are blank
/etc/hostname.e1000g0
/etc/dhcp.e1000g0
/etc/defaultrouter
svcadm restart network/physical
#/usr/sbin/netservices limited
17. Check Port Open status
#netstat -n -f inet
#netstat –anf inet -P tcp
#netstat -anf inet –P udp
#netstat -nr
lsof -i TCP
lsof -I TCP | grep LISTEN
18. Package management
If you want to add more Solaris packages from DVD, after you installed the Solaris
first insert the DVD and mount the DVD by
#/etc/init.d/volmgt start
# cd /cdrom/cdrom0/Solaris_10/Product
or mount manually from
#mount -F hsfs /dev/dsk/c0t0d0p0 /mnt
19.mount ISO file
#lofiadm -a /tmp/companion-sparc-sol10.iso /dev/lofi/1
#mount -F hsfs -o ro /dev/lofi/1 /mnt
20. CD Burning
#cdrw -l
Looking for CD devices...
Node Connected Device Device type
----------------------+--------------------------------+-----------------
/dev/rdsk/c2t0d0s2 | MATSHITA DVD-RAM UJ-845S D200 | CD Reader/Writer
#cdrw -d c2t0d0s2 -i companion-sparc-sol10.iso
21. Package installation
#ls /mnt/Solaris_10/Product
Solaris Packages start with 'SUNW*'
Normally these packages install to '/usr/sfw'
Or you want to manually download bz2 package from internet and install like this
bunzip2 firefox-24.0.en-US.solaris-10-fcs-i386-pkg.bz2
pkgadd -d firefox-24.0.en-US.solaris-10-fcs-i386-pkg
#tar xvf vmware-solaris-tools.tar.gz
#gunzip -c NTXNxge-2.10-solaris10-i386.tar.gz | tar xvf -
Note .bz2 extension will automatically removed by first command.
For example if your package name is SFWqt.bz2
#buzip2 SFWqt.bz2
#pkgadd –d SFWqt
#pkgadd SUNWgtar
#pkgadd –d /path/to/cdrom/Product SUNWjaf SUNWjato SUNWjmail
#pkginfo -l | grep wget
#pkginfo -l SUNWwgetu
#gunzip lsof_1106-4.80-sol10-sparc-local.gz
#pkgadd -d lsof_1106-4.80-sol10-sparc-local or *.pkg
/usr/local/lib
/usr/local/man
mail=
conflict=nocheck
setuid=nocheck
action=nocheck
partial=nocheck
instance=overwrite
idepend=nocheck
rdepend=nocheck
space=check
#pkgadd -a /var/tmp/admin -d /cdrom/cdrom/Solaris_Software_Companion/Solaris_i386/
Download zipped ISO from http://www.sun.com/software/solaris/freeware/
# unzip sol-10-u8-companion-ga-iso.zip
# lofiadm -a `pwd`/sol-10-u8-companion-ga.iso
# mount -oro -Fhsfs /dev/lofi/1 /mnt
# /bin/yes | pkgadd -d /mnt/Solaris_Software_Companion/Solaris_sparc/Packages all
# pkgrm SFWvnc
# umount /mnt
# lofiadm -d `pwd`/sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga-iso.zip
22.To remove package
#pkgrm
23.System Info Commands
#cat /etc/release
#showrev
#uname -a
#prtconf | grep -i memory
#psrinfo
#psrinfo -pv
#isainfo -bv
#isalist
#date '+DateTime: %m.%d.%y @ %H:%M:%S'
date mmddHHMMccyy
date 091810022013
#ps -ef
#ps -U root
#tty / w
#pgrep sshd
#pgrep -o sshd
#pgrep -o sshd
#pkill (PID) or sshd
#pwdx (PID) - Lists the working directories of process
#prstat
#svcs -o FMRI,DESC
24.KDE Login after intallation from Companion DVD
#/opt/sfw/kde/dtlogin/install-dtlogin
25.To disable the GUI login Solaris
First login with ssh and Kill desktop login
#/usr/dt/bin/dtconfig -kill
#/usr/dt/bin/dtconfig -d
#/usr/dt/bin/dtconfig -e
#/usr/dt/bin/dtconfig -reset
#/usr/dt/bin/dtconfig -inetd
26.Static Routing (-p) option for permanent route
#route -p add -net 192.168.2.0 192.168.1.2 255.255.255.0
Network Gateway
add net 192.168.2.0: gateway 192.168.1.254
add persistent net 192.168.2.0: gateway 192.168.1.254
The above created route would still appear the same in a listing of the
routing table, however, you may notice that there is a secondary line
of output upon creating the route:
This simply means that the 'route' command updated config file
/etc/inet/static_routes. By default, this file will not exist until
a static route is created via 'route -p' or you create it. Before
getting to contents, the following are the ownership / permissions set
to the file by 'route':
#ls -l /etc/inet/static_routes
-rw-r--r-- 1 root root 45 Oct 6 13:35 /etc/inet/static_routes
And now, the contents, which are effectively the arguments to 'route add':
# File generated by route(1M) - do not edit.
-net 192.168.2.0 192.168.1.2 255.255.255.0
Yes, I know it says do not edit, though in checking out the source of
'route' via opensolaris.org, it doesn't appear that manual editing
is an issue. Finally, Solaris has a native, standardized means of
configuring persistent static routes.
Additionally, to remove a static route, delete it from
/etc/inet/static_routes and remove via 'route' or simply use the following
'route' command:
#route -p delete -net 192.168.2.0 192.168.1.2 255.255.255.0
27.Bind DNS Server Solaris
#pkginfo -x |grep -i bind
SUNWbind BIND DNS Name server and tools
SUNWbindr BIND Name server Manifest
#pkgchk -l SUNWbind (Client & Server Utilities)
#pkgchk -l SUNWbindr | grep -i pathname | less
#dig linuxcbt.com ns
#ls -l /usr/sbin/named
#ls -l /usr/sbin/in.named
#ls -ltr /var/named
#vi /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 127.0.0.1; 192.168.100.103; };
allow-query { localhost; 192.168.100.0/24; };
forwarders { 192.168.100.254; 8.8.8.8; };
recursion yes;
max-cache-size 100m;
cleaning-interval 60;
};
zone "." {
type hint;
file "named.root";
};
zone "mmx.com" {
type master;
file "db.mmx.com";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};
zone "100.168.192.in-addr.arpa" {
type master;
file "db.192.168.100";
allow-update { none; };
};
@ is a variable which indicates the name of the zone as configured in /etc/named.conf
@ IN SOA ns1.mmx.com. zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 ) ; Minimum TTL
NS ns1.
1 IN PTR localhost.mmx.com.
@ IN SOA ns1.mmx.com. zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 ) ; Minimum TTL
NS ns1.
89 IN PTR ns1.
@ IN SOA ns1.mmx.com. zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 ) ; Minimum TTL
NS ns1.
IN MX 10 ns1.mmx.com.
ns1 IN A 192.168.100.89
www CNAME ns1.mmx.com.
#svcadm enable / restart dns/server
#dig @localhost ns1.mmx.com
#svcs -l dns/server
#dig @localhost ns1.mmx.com
#dig @localhost msn.com
#dig @localhost www.mmx.com
#named-checkconf -z /etc/named.conf
#svcs -a \*dns\*
1. /var/named/db.127.0.0 - Houses reverse, loopback zone info
2. /var/named/named.root - root hints
3. /etc/named.conf
cd /var/named
scp db.127.0.0 db.cache /etc/named.conf 192.168.100.2:/root
cp /root/db.* /var/named
cp /root/named.conf /etc
vi /etc/named.conf
options {
directory "/var/named";
allow-query { localhost; 192.168.100.0/24; };
};
zone "." {
type hint;
file "named.root";
};
zone "mmx.com" {
type slave;
file "db.mmx.com";
masters { 192.168.100.89; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "db.192.168.1";
masters { 192.168.100.89; };
};
4. After synchronized with Master server
db.mmx.com - will download to /var/named on Slave DNS Server.
28. Install and Configure dhcp server from console
#pkginfo | grep DHCP
If it is not installed then install it from solaris CD
# pkgadd -d . SUNWdhc*
#which dhcpmgr
no dhcpmgr in /usr/bin /usr/sbin /usr/sfw/bin /opt/sfw/bin /usr/dt/bin
#/usr/sadm/admin/bin/dhcpmgr & (Everyone can configure DHCP Server from GUI)
#dhtadm
#ifconfig -a
#netstat -rn
Then create dhcp database
#dhcpconfig -D -r SUNWfiles -p /var/dhcp/ -a 192.168.1.4;8.8.8.8 -d mmx.com -l 86400
(Note: 192.168.1.4 - DNS Server / mmx.com = domain / Lease time = 86400)
or
#dhcpconfig -D -r SUNWfiles -p /var/dhcp/
Created DHCP configuration file.
Created dhcptab.
Added "Locale" macro to dhcptab.
Added server macro to dhcptab - solaris-1.
DHCP server started.
#svcs -a | grep dhcp
online 18:57:30 svc:/network/dhcp-server:default
#dhtadm -P
#dhcpconfig -N 192.168.1.0 -m 255.255.255.240 -t 192.168.1.1
(Note: 192.168.1.1 = Gateway)
#pntadm -P 192.168.1.0
#dhcpconfig --help
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.7 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.8 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.9 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.10 192.168.1.0
#pntadm -A 192.168.1.7 –f MANUAL -i 01001BFC92BC10 -m 192.168.1.0 -y 192.168.1.0
#pntadm -P 192.168.1.0
#pntadm -L
#dhtadm -P
#svcadm restart dhcp-server
#svcs -a | grep dhcp
find /usr/ -name in.dhcp
#/usr/lib/inet/in.dhcpd -i e1000g0 -d -v
#pntadm -P 192.168.1.0
If a DHCP server is already configured, you can unconfigure it by using the
dhcpconfig command with the unconfigure flag. For example:
# dhcpconfig -Ux
netstat -a - return all protocols for all address families (TCP/UDP/Unix)
netstat -an - 'n' disable name resolution
netstat -i - State of Interfaces
netstat -in - show state of interface and disable name resolution
netstat -m - return streams (TCP) statistics
netstat -p - net to media info (MAC /layer-2 info) similar to run 'arp'
netstat -P tcp / udp
netstat -rn - return routing table
netstat -D - Check DHCP configuration
netstat -an -f inet - IPv4 info
netstat -an -f inet6 - IPv6
netstat -an -f unix - Unix domain sockets
netstat -an -f inet -P tcp - IPv4 Active TCP Connection
netstat -an -f inet -P udp - IPv4 Active UDP Connection
netstat -ant | grep :22 (Linux box)
1. On Solaris Machine, login with root user then check the network interface status
#dladm show-dev - check network interface
#dladm show-link - connected interfaces
#ifconfig -a
#ifconfig e1000g0
#svcs -a | grep physical
#svcs -a | grep loopback
2. if your system don't have hostname yet, you can add by
echo "solaris-1" > /etc/nodename
3. you can add static IP address via
echo "192.168.100.166" > /etc/hostname.e1000g0
echo "172.16.20.20" > /etc/hostname.iprb0
4. Add the domain name 'example.com'
echo "example.com" > /etc/defaultdomain
5. Add Networks or netmasks
echo "192.168.100.0 255.255.255.0" > /etc/inet/netmasks
6. Add your hostname to hosts file
Hosts - /etc/hosts = /etc/inet/hosts
192.168.100.166 solaris-1.example.com solaris-1
7. Add DNS Server IP address
echo "nameserver 192.168.100.254" > /etc/resolv.conf
8. vi /etc/defaultrouter
192.168.100.254, 172.16.1.1, 192.168.1.1
Name service config file - /etc/nsswitch.conf
[root@solaris-1 /]# ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843 mtu 1500 index 2
inet 192.168.100.166 netmask ffff0000 broadcast 192.168.255.255
ether 8:0:27:72:1f:c5
[root@solaris-1 /]# dladm show-link
e1000g0 type: non-vlan mtu: 1500 device: e1000g0
[root@solaris-1 /]# dladm show-dev
e1000g0 link: up speed: 1000 Mbps duplex: full
[root@solaris-1 /]#ifconfig e1000g0 dhcp status
#ps -ef | grep -i agent
/sbin/dhcpagent
#echo "192.168.100.166" > hostname.e1000g0 && echo $?
#echo "solaris-1" > /etc/nodename
Plumb/enable the iprb0 100Mb/s interface
#ifconfig iprb0 plumb up - enable the interface
#ifconfig iprb0 172.16.20.10 netmask 255.255.255.0 - this will enable Layer-3 IPv4 address
#ifconfig iprb0 unplumb down - disable the interface
1. echo "172.16.20.10" > /etc/hostname.iprb0
2. create entry in /etc/hosts
3. echo "172.16.20.0 255.255.255.0" > /etc/inet/netmasks
#ifconfig iprb0 up && ifconfig iprb0
#ifconfig iprb0 down && ifconfig iprb0
e1000g0 (physical interface) - 192.168.1.50(primary apache website)
192.168.1.51(Secondary Apache Website)
192.168.1.52 (Use for SSH)
iprb0
iprb1
ifconfig e1000g0 addif 192.168.1.51 (RFC-1918 - defaults /24)
This will automatically create an 'e1000g0:1' interface
#ifconfig e1000g0:1 up && ifconfig -a
1. vi /etc/hostname.e1000g0:1 - 192.168.1.51
2. vi /etc/hostname.e1000g0:2 - 192.168.1.52
3. vi /etc/hostname.iprb0:1 - 172.16.20.11
4. update /etc/hosts
#ifconfig e1000g0 removeif 192.168.100.232
#ifconfig iprb0 removeif 172.16.20.20
/etc/nsswitch.conf
1. DNS
2. Passwd /etc/passwd,/etc/shadow,/etc/group
3. protocols /etc/inet/protocols
4. ethers or mac-to-IP mappings
swap -l - list available swap devices and / or swap files
/dev/dsk/c0t0d0s1
swap -s - lists swap space including physical memory in 1024byte increments
#mkfile - creates zero-filled swap file
#swap -a - activates the swap file
#mkfile 512m /media/swap2 - creates swap file
#mkfile 1024m /media/swap3 - creates swap file
#mkfile 2048m /dev/dsk/c0t2d0s0 - creates swap files
#swap -a /media/swap2 - activates swap file
#swap -a /media/swap3 - activates swap file
#swap -a /dev/dsk/c0t2d0s0 - activates swap file
vi /etc/vfstab
/media/swap2 - - swap - no -
swap -d /media/swap2 - removes swap space from kernel - does not remove the file
Check Free Memory
#vmstat 1 2 | tail -1 | awk '{printf "%d%s\n", ($5*4)/1024, "MB" }'
#top -h -d 1
#vmstat 5 10
#mpstat 10 60
#prstat -a -s size
#echo ::memstat | mdb -k
Kernel: memory used for non-pageable kernel allocations
Anon: anonymous memory (process heaps, stack, share memory mappings, etc. etc.)
Exec and libs: memory used for mapped files like executables and libraries
Page cache: amount of unmapped page cache including data stored in /tmp
Free (cachelist): amount of page cache on free list, majority used by file system caches
Free (freelist): amount of memory that is actually really free
#prstat -Z
#kstat zfs::arcstats:size
#kstat -p -c misc -m cpu_stat
#kstat -T d -p :::physmem :::pp_kernel zfs:::size :::pagesfree 1 3
Solaris 10 1/06 s10x_u1wos_19a x86
Oracle Solaris 10 9/10 s10x_u9wos_14a x86
Oracle Solaris 10 8/11 s10x_u10wos_17b x86 - Generic_147441-01 64bit
Oracle Solaris 10 1/13 s10x_u11wos_24a x86 - sol-10-u11-ga-x86-dvd.iso / sol-10-u11-companion-ga.isoSolaris 10 03/05
Solaris 10 update 1 01/06
Solaris 10 update 2 06/06
Solaris 10 update 3 11/06
Solaris 10 update 4 08/07
Solaris 10 update 5 05/08
Solaris 10 update 6 10/08
Solaris 10 update 7 5/09
Solaris 10 update 8 10/09
Solaris 10 update 9 09/10
Solaris 10 update 10 08/11
sol-10-u10-ga2-sparc-dvd.iso
sol-10-u10-ga2-x86-dvd.iso
sol-10-u10-ga2-x86-lsimega-dvd.iso
Solaris 10 update 11 01/13 sol-10-u10-ga2-sparc-dvd.iso
sol-10-u10-ga2-x86-dvd.iso
sol-10-u10-ga2-x86-lsimega-dvd.iso
After the Solaris installation finished you got to modify these things.
1. Login with 'root' user
2.To create group and user account:
#groupadd -g 500 unixmin
#useradd -u 500 -g unixmin -d /export/home/zawhtet -m -s /usr/bin/bash -c "Zaw Htet" zawhtet
#passwd zawhtet
3.Create no login user for Services (Optional)
#groupadd -g 501 squid
#useradd -u 501 -g squid -s /usr/bin/false -c "Squid Admin" squid
4.To change the login name and home directory for - user2 (new) to user1 (old).
#usermod -m -d /export/home/user1 -l user1 user2
For Testing, create user2 first,
#useradd -u 503 -g unixmin -d /export/home/user2 -m -s /usr/bin/bash -c "User 2" user2Then modify, user2 login name and home directory become user1
#usermod -m -d /export/home/user1 -l user1 user2
Note: Even we modified the user's home directory and login name, User2 name still remains/ also put the account to random group.
#cat /etc/passwd
user1:x:503:500:User 2:/export/home/user1:/usr/bin/bash
5.Deleting User Accounts
#userdel user1 - to remove the user1 account
#userdel -r user1 - This command also remove the user's Home Directory
6.Deleting Group
#groupdel
cat /etc/group
7.When we first login to terminal, you will see that you got "/bin/sh"
#echo $SHELL
/bin/sh
#bash
bash-3.00$
Note: When you edit the file even with root account you will get Read-Only message
If you want to save after you open file with Vi editor use ':wq!'
bash: /usr/bin/bash /usr/man/man1/bash.1
8.If you want to set root or your user account, permanently login to bash shell
vi /etc/passwd
root:x:0:0:Super-User:/:/bin/sh
change to
root:x:0:0:Super-User:/:/bin/bash
9. Create '.bash_profile' file under '/' then copy to /root (#cp .* /root)
vi .bash_profile
export PATH=$PATH:/usr/sfw/bin/:/opt/sfw/bin/:/opt/sfw/squid/$:/root/moshell:/usr/dt/bin:/opt/CTXSmf/bin:/opt/CTXSmf/sbin:/usr/apache2/bin
export PS1='[\u@\h \W]\$ '
export HISTSIZE=5000
alias ls='ls -l'
alias netstat='netstat -an |grep LISTEN'
alias h='history'
alias lsd='ls -ACF \!* | more'
alias lsl='ls -alh | less'
alias lst='ls -alt \!* | more'
alias plm='ps -elf | more'
alias plg='ps -elf | grep "\!*" | sort -n +3 -4'
alias psm='ps -ef | more'
alias psg='ps -ef | grep "\!*" | sort -n +1 -2'
10.refresh the profile with logout
source ~root/.bash_profile
. ~root/.bash_profile
#env or set
#echo $PATH
/usr/sbin:/usr/bin:/usr/sfw/bin/
#export
11.Make root account to login to his home directory
vi /etc/passwd
root:x:0:0:Super-User:/:/bin/bash
change to
root:x:0:0:Super-User:/root:/bin/bash
12.Make SSH login permission to root user
vi /etc/ssh/sshd_config
PermitRootLogin yes
13.Restart SSH service
#svcadm enable ssh
#svcadm refresh ssh
#svcs -a | grep ssh
#netstat -an | grep LISTEN
14.IPFilter for Solaris Firewall
svcadm enable ipfilter
svcs -a|grep pfil
/usr/share/ipfilter/examples. Just copy one of them over /etc/ipf/ipf.conf
#ipf -Fa -f /etc/ipf/ipf.conf
pass in all
pass out all
routeadm -u -e ipv4-forwarding
vi /etc/ipf/ipf.conf
pass in quick on lo0 all
pass out quick on lo0 all
block in log on e1000g0 all
block out log on e1000g0 all
pass out quick on e1000g0 proto tcp/udp from any to any keep state
pass out quick on e1000g0 proto icmp all keep state
pass in quick on e1000g0 proto icmp all keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state
pass in quick proto udp from any to any port = 67 keep state
# Allow all traffic on loopback
pass in quick on lo0 all
pass out quick on lo0 all
# Public Network. Block everything not explicitly allowed.
block in log on e1000g0 all
block out log on e1000g0 all
# Allow all connection out from this computer
pass out quick on e1000g0 proto tcp/udp from any to any keep state
# Allow pings out
pass out quick on e1000g0 proto icmp all keep state
# Allow pings in
pass in quick on e1000g0 proto icmp all keep state
# Allow ssh connection on port 22 to Laptop(192.168.0.1)
pass in quick proto tcp from 192.168.0.1 to 192.168.0.254 port=22 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state
-bash-3.00# cat reloadipf.sh
#!/bin/sh
# Last Modified On: 25-FEB-2006
# Script to reload the IFP
ipf -Fa -f /etc/ipf/ipf.conf
-bash-3.00#
ipf -E : Enable ipfilter when running for the first time.(Needed for ipf on Tru64)
ipf -f /etc/ipf/ipf.conf : Load rules in /etc/ipf/ipf.conf file into the active firewall.
ipf -Fa -f /etc/ipf/ipf.conf : Flush all rules, then load rules in /etc/ipf/ipf.conf into active firwall.
ipf -Fi : Flush all input rules.
ipf -I -f /etc/ipf/ipf.conf : Load rules in /etc/ipf/ipf.conf file into inactive firewall.
ipf -V : Show version info and active list.
ipf -s : Swap active and inactive firewalls.
ipfstat : Show summary
ipfstat -i : Show input list
ipfstat -o : Show output list
ipfstat -hio : Show hits against all rules
ipfstat -t -T 5 : Monitor the state table and refresh every 5 seconds. Output is similiar to 'top' monitoring the process table.
ipmon -s S : Watch state table.
ipmon -sn : Write logged entries to syslog, and convert back to hostnames and servicenames.
ipmon -s [file] : Write logged entries to some file.
ipmon -Ds : Run ipmon as a daemon, and log to default location. (/var/adm/messages for Solaris) (/var/log/syslog for Tru64)
15. Solaris 10 Static IP Configuration
/etc/nodename/etc/hosts
/etc/inet/hosts
/etc/hostname.e1000g0
/etc/inet/ipnodes
/etc/inet/netmasks
/etc/defaultdomain
/etc/defaultrouter
/etc/resolv.conf
svcadm restart network/physical
16. Solaris 10 Dynamic IP Configuration, make sure following files are blank
/etc/hostname.e1000g0
/etc/dhcp.e1000g0
/etc/defaultrouter
svcadm restart network/physical
#/usr/sbin/netservices limited
17. Check Port Open status
#netstat -n -f inet
#netstat –anf inet -P tcp
#netstat -anf inet –P udp
#netstat -nr
lsof -i TCP
lsof -I TCP | grep LISTEN
18. Package management
If you want to add more Solaris packages from DVD, after you installed the Solaris
first insert the DVD and mount the DVD by
Remount volume manager
#/etc/init.d/volmgt stop#/etc/init.d/volmgt start
check
# ls /cdrom/cdrom0# cd /cdrom/cdrom0/Solaris_10/Product
or mount manually from
#mount -F hsfs /dev/dsk/c0t0d0p0 /mnt
19.mount ISO file
#lofiadm -a /tmp/companion-sparc-sol10.iso /dev/lofi/1
#mount -F hsfs -o ro /dev/lofi/1 /mnt
20. CD Burning
#cdrw -l
Looking for CD devices...
Node Connected Device Device type
----------------------+--------------------------------+-----------------
/dev/rdsk/c2t0d0s2 | MATSHITA DVD-RAM UJ-845S D200 | CD Reader/Writer
#cdrw -d c2t0d0s2 -i companion-sparc-sol10.iso
21. Package installation
#ls /mnt/Solaris_10/Product
Solaris Packages start with 'SUNW*'
If you want to add one package
#pkgadd -d . SUNWbashNormally these packages install to '/usr/sfw'
Or you want to manually download bz2 package from internet and install like this
bunzip2 firefox-24.0.en-US.solaris-10-fcs-i386-pkg.bz2
pkgadd -d firefox-24.0.en-US.solaris-10-fcs-i386-pkg
Decompress tar.gz file
#gunzip vmware-solaris-tools.tar.gz |tar -xv#tar xvf vmware-solaris-tools.tar.gz
#gunzip -c NTXNxge-2.10-solaris10-i386.tar.gz | tar xvf -
If your package is in .bz2 format then first uncompress it using bunzip2 command:
#bunzip2 Packagname.bz2
Install package:
#pkgadd –d PackagnameNote .bz2 extension will automatically removed by first command.
For example if your package name is SFWqt.bz2
#buzip2 SFWqt.bz2
#pkgadd –d SFWqt
Add Packages from DVD to /var/spool/pkg
#Pkgadd -d /cdrom/sol_10_910_x86/Solaris_10/Product/ -s /var/spool/pkg/ SUNWgtar#pkgadd SUNWgtar
#pkgadd –d /path/to/cdrom/Product SUNWjaf SUNWjato SUNWjmail
#pkginfo -l | grep wget
#pkginfo -l SUNWwgetu
#gunzip lsof_1106-4.80-sol10-sparc-local.gz
#pkgadd -d lsof_1106-4.80-sol10-sparc-local or *.pkg
If gunzip cannot run add the variable path to
/usr/local/bin/usr/local/lib
/usr/local/man
For installing all the packages, create an install administration file such as:
# cat /var/tmp/adminmail=
conflict=nocheck
setuid=nocheck
action=nocheck
partial=nocheck
instance=overwrite
idepend=nocheck
rdepend=nocheck
space=check
#pkgadd -a /var/tmp/admin -d /cdrom/cdrom/Solaris_Software_Companion/Solaris_i386/
Download zipped ISO from http://www.sun.com/software/solaris/freeware/
# unzip sol-10-u8-companion-ga-iso.zip
# lofiadm -a `pwd`/sol-10-u8-companion-ga.iso
# mount -oro -Fhsfs /dev/lofi/1 /mnt
# /bin/yes | pkgadd -d /mnt/Solaris_Software_Companion/Solaris_sparc/Packages all
# pkgrm SFWvnc
# umount /mnt
# lofiadm -d `pwd`/sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga-iso.zip
22.To remove package
#pkgrm
23.System Info Commands
#cat /etc/release
#showrev
#uname -a
#prtconf | grep -i memory
#psrinfo
#psrinfo -pv
#isainfo -bv
#isalist
#date '+DateTime: %m.%d.%y @ %H:%M:%S'
date mmddHHMMccyy
date 091810022013
#ps -ef
#ps -U root
#tty / w
#pgrep sshd
#pgrep -o sshd
#pgrep -o sshd
#pkill (PID) or sshd
#pwdx (PID) - Lists the working directories of process
#prstat
#svcs -o FMRI,DESC
24.KDE Login after intallation from Companion DVD
#/opt/sfw/kde/dtlogin/install-dtlogin
25.To disable the GUI login Solaris
First login with ssh and Kill desktop login
#/usr/dt/bin/dtconfig -kill
#/usr/dt/bin/dtconfig -d
#/usr/dt/bin/dtconfig -e
#/usr/dt/bin/dtconfig -reset
#/usr/dt/bin/dtconfig -inetd
26.Static Routing (-p) option for permanent route
#route -p add -net 192.168.2.0 192.168.1.2 255.255.255.0
Network Gateway
add net 192.168.2.0: gateway 192.168.1.254
add persistent net 192.168.2.0: gateway 192.168.1.254
The above created route would still appear the same in a listing of the
routing table, however, you may notice that there is a secondary line
of output upon creating the route:
add persistent net 192.168.2.0: gateway 192.168.1.254
This simply means that the 'route' command updated config file
/etc/inet/static_routes. By default, this file will not exist until
a static route is created via 'route -p' or you create it. Before
getting to contents, the following are the ownership / permissions set
to the file by 'route':
#ls -l /etc/inet/static_routes
-rw-r--r-- 1 root root 45 Oct 6 13:35 /etc/inet/static_routes
And now, the contents, which are effectively the arguments to 'route add':
#cat /etc/inet/static_routes
# File generated by route(1M) - do not edit.
-net 192.168.2.0 192.168.1.2 255.255.255.0
Yes, I know it says do not edit, though in checking out the source of
'route' via opensolaris.org, it doesn't appear that manual editing
is an issue. Finally, Solaris has a native, standardized means of
configuring persistent static routes.
/etc/inet/static_routes and remove via 'route' or simply use the following
'route' command:
#route -p delete -net 192.168.2.0 192.168.1.2 255.255.255.0
27.Bind DNS Server Solaris
#pkginfo -x |grep -i bind
SUNWbind BIND DNS Name server and tools
SUNWbindr BIND Name server Manifest
#pkgchk -l SUNWbind (Client & Server Utilities)
#pkgchk -l SUNWbindr | grep -i pathname | less
#dig linuxcbt.com ns
#ls -l /usr/sbin/named
#ls -l /usr/sbin/in.named
#ls -ltr /var/named
#vi /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 127.0.0.1; 192.168.100.103; };
allow-query { localhost; 192.168.100.0/24; };
forwarders { 192.168.100.254; 8.8.8.8; };
recursion yes;
max-cache-size 100m;
cleaning-interval 60;
};
zone "." {
type hint;
file "named.root";
};
zone "mmx.com" {
type master;
file "db.mmx.com";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};
zone "100.168.192.in-addr.arpa" {
type master;
file "db.192.168.100";
allow-update { none; };
};
@ is a variable which indicates the name of the zone as configured in /etc/named.conf
vi /var/named/db.127.0.0
$TTL 28800@ IN SOA ns1.mmx.com. zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 ) ; Minimum TTL
NS ns1.
1 IN PTR localhost.mmx.com.
vi /var/named/db.192.168.100
$TTL 28800@ IN SOA ns1.mmx.com. zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 ) ; Minimum TTL
NS ns1.
89 IN PTR ns1.
vi /var/named/db.mmx.com
$TTL 28800@ IN SOA ns1.mmx.com. zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 ) ; Minimum TTL
NS ns1.
IN MX 10 ns1.mmx.com.
ns1 IN A 192.168.100.89
www CNAME ns1.mmx.com.
#svcadm enable / restart dns/server
#dig @localhost ns1.mmx.com
#svcs -l dns/server
#dig @localhost ns1.mmx.com
#dig @localhost msn.com
#dig @localhost www.mmx.com
#named-checkconf -z /etc/named.conf
#svcs -a \*dns\*
Slave DNS Server
Copy following files to slave server:
1. /var/named/db.127.0.0 - Houses reverse, loopback zone info
2. /var/named/named.root - root hints
3. /etc/named.conf
cd /var/named
scp db.127.0.0 db.cache /etc/named.conf 192.168.100.2:/root
On Slave DNS Server
cp /root/db.* /var/named
cp /root/named.conf /etc
vi /etc/named.conf
options {
directory "/var/named";
allow-query { localhost; 192.168.100.0/24; };
};
zone "." {
type hint;
file "named.root";
};
zone "mmx.com" {
type slave;
file "db.mmx.com";
masters { 192.168.100.89; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "db.192.168.1";
masters { 192.168.100.89; };
};
4. After synchronized with Master server
db.mmx.com - will download to /var/named on Slave DNS Server.
28. Install and Configure dhcp server from console
#pkginfo | grep DHCP
If it is not installed then install it from solaris CD
# pkgadd -d . SUNWdhc*
#which dhcpmgr
no dhcpmgr in /usr/bin /usr/sbin /usr/sfw/bin /opt/sfw/bin /usr/dt/bin
#/usr/sadm/admin/bin/dhcpmgr & (Everyone can configure DHCP Server from GUI)
#dhtadm
If there's no DHCP manager . let's configure it
#ifconfig -a
#netstat -rn
Then create dhcp database
#dhcpconfig -D -r SUNWfiles -p /var/dhcp/ -a 192.168.1.4;8.8.8.8 -d mmx.com -l 86400
(Note: 192.168.1.4 - DNS Server / mmx.com = domain / Lease time = 86400)
or
#dhcpconfig -D -r SUNWfiles -p /var/dhcp/
Created DHCP configuration file.
Created dhcptab.
Added "Locale" macro to dhcptab.
Added server macro to dhcptab - solaris-1.
DHCP server started.
#svcs -a | grep dhcp
online 18:57:30 svc:/network/dhcp-server:default
#dhtadm -P
Now configure network and IP
#dhcpconfig -N 192.168.1.0 -m 255.255.255.240 -t 192.168.1.1
(Note: 192.168.1.1 = Gateway)
#pntadm -P 192.168.1.0
#dhcpconfig --help
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.7 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.8 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.9 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.10 192.168.1.0
Or
#pntadm -A 192.168.1.7 –f MANUAL -i 01001BFC92BC10 -m 192.168.1.0 -y 192.168.1.0
#pntadm -P 192.168.1.0
#pntadm -L
#dhtadm -P
#svcadm restart dhcp-server
#svcs -a | grep dhcp
find /usr/ -name in.dhcp
#/usr/lib/inet/in.dhcpd -i e1000g0 -d -v
#pntadm -P 192.168.1.0
If a DHCP server is already configured, you can unconfigure it by using the
dhcpconfig command with the unconfigure flag. For example:
# dhcpconfig -Ux
NETSTAT
netstat -a - return all protocols for all address families (TCP/UDP/Unix)
netstat -an - 'n' disable name resolution
netstat -i - State of Interfaces
netstat -in - show state of interface and disable name resolution
netstat -m - return streams (TCP) statistics
netstat -p - net to media info (MAC /layer-2 info) similar to run 'arp'
netstat -P tcp / udp
netstat -rn - return routing table
netstat -D - Check DHCP configuration
netstat -an -f inet - IPv4 info
netstat -an -f inet6 - IPv6
netstat -an -f unix - Unix domain sockets
netstat -an -f inet -P tcp - IPv4 Active TCP Connection
netstat -an -f inet -P udp - IPv4 Active UDP Connection
netstat -ant | grep :22 (Linux box)
Network Configuration
1. On Solaris Machine, login with root user then check the network interface status
#dladm show-dev - check network interface
#dladm show-link - connected interfaces
#ifconfig -a
#ifconfig e1000g0
#svcs -a | grep physical
#svcs -a | grep loopback
2. if your system don't have hostname yet, you can add by
echo "solaris-1" > /etc/nodename
3. you can add static IP address via
echo "192.168.100.166" > /etc/hostname.e1000g0
echo "172.16.20.20" > /etc/hostname.iprb0
4. Add the domain name 'example.com'
echo "example.com" > /etc/defaultdomain
5. Add Networks or netmasks
echo "192.168.100.0 255.255.255.0" > /etc/inet/netmasks
6. Add your hostname to hosts file
Hosts - /etc/hosts = /etc/inet/hosts
192.168.100.166 solaris-1.example.com solaris-1
7. Add DNS Server IP address
echo "nameserver 192.168.100.254" > /etc/resolv.conf
8. vi /etc/defaultrouter
192.168.100.254, 172.16.1.1, 192.168.1.1
Name service config file - /etc/nsswitch.conf
[root@solaris-1 /]# ifconfig -a
lo0: flags=2001000849
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843
inet 192.168.100.166 netmask ffff0000 broadcast 192.168.255.255
ether 8:0:27:72:1f:c5
[root@solaris-1 /]# dladm show-link
e1000g0 type: non-vlan mtu: 1500 device: e1000g0
[root@solaris-1 /]# dladm show-dev
e1000g0 link: up speed: 1000 Mbps duplex: full
[root@solaris-1 /]#ifconfig e1000g0 dhcp status
#ps -ef | grep -i agent
#echo "192.168.100.166" > hostname.e1000g0 && echo $?
#echo "solaris-1" > /etc/nodename
Plumb/enable the iprb0 100Mb/s interface
#ifconfig iprb0 plumb up - enable the interface
#ifconfig iprb0 172.16.20.10 netmask 255.255.255.0 - this will enable Layer-3 IPv4 address
#ifconfig iprb0 unplumb down - disable the interface
1. echo "172.16.20.10" > /etc/hostname.iprb0
2. create entry in /etc/hosts
3. echo "172.16.20.0 255.255.255.0" > /etc/inet/netmasks
#ifconfig iprb0 up && ifconfig iprb0
#ifconfig iprb0 down && ifconfig iprb0
e1000g0 (physical interface) - 192.168.1.50(primary apache website)
192.168.1.51(Secondary Apache Website)
192.168.1.52 (Use for SSH)
iprb0
iprb1
ifconfig e1000g0 addif 192.168.1.51 (RFC-1918 - defaults /24)
This will automatically create an 'e1000g0:1' interface
#ifconfig e1000g0:1 up && ifconfig -a
1. vi /etc/hostname.e1000g0:1 - 192.168.1.51
2. vi /etc/hostname.e1000g0:2 - 192.168.1.52
3. vi /etc/hostname.iprb0:1 - 172.16.20.11
4. update /etc/hosts
#ifconfig e1000g0 removeif 192.168.100.232
#ifconfig iprb0 removeif 172.16.20.20
/etc/nsswitch.conf
1. DNS
2. Passwd /etc/passwd,/etc/shadow,/etc/group
3. protocols /etc/inet/protocols
4. ethers or mac-to-IP mappings
Add swap partition on system
swap -l - list available swap devices and / or swap files
/dev/dsk/c0t0d0s1
swap -s - lists swap space including physical memory in 1024byte increments
#mkfile - creates zero-filled swap file
#swap -a - activates the swap file
#mkfile 512m /media/swap2 - creates swap file
#mkfile 1024m /media/swap3 - creates swap file
#mkfile 2048m /dev/dsk/c0t2d0s0 - creates swap files
#swap -a /media/swap2 - activates swap file
#swap -a /media/swap3 - activates swap file
#swap -a /dev/dsk/c0t2d0s0 - activates swap file
vi /etc/vfstab
/media/swap2 - - swap - no -
swap -d /media/swap2 - removes swap space from kernel - does not remove the file
Check Free Memory
#vmstat 1 2 | tail -1 | awk '{printf "%d%s\n", ($5*4)/1024, "MB" }'
#top -h -d 1
#vmstat 5 10
#mpstat 10 60
#prstat -a -s size
#echo ::memstat | mdb -k
Kernel: memory used for non-pageable kernel allocations
Anon: anonymous memory (process heaps, stack, share memory mappings, etc. etc.)
Exec and libs: memory used for mapped files like executables and libraries
Page cache: amount of unmapped page cache including data stored in /tmp
Free (cachelist): amount of page cache on free list, majority used by file system caches
Free (freelist): amount of memory that is actually really free
#prstat -Z
#kstat zfs::arcstats:size
#kstat -p -c misc -m cpu_stat
#kstat -T d -p :::physmem :::pp_kernel zfs:::size :::pagesfree 1 3
No comments:
Post a Comment