Solaris Tips

Solaris 10 Tips

Misc.

df -h : Gives "Human readable" output for "df".
df -Z : Also shows what a zone has mounted.
df -hZ : Both.
df -hZ | sed 1d | sed -e 's/%//' | awk '{if ($5 > 90) print $6}' : Get filesystems that are over 90% used.

ls -lh : Gives "Human readable" for filesizes - much easier to read.
ls -lb : Shows any "hidden/control" characters in a file name.

cat

cat -vet FILE : Print out a file, interpreting tabs, control chars, end-of-lines. (like a "set list" in vi)

BAD filename

ls -lib #get the first field (inum - indode) of the bad filenam.e
find . -mount -inum XXXX -ok mv {} myfile \; #moves the inode XXX in the particular mount/filesystem to myfile (prompts).

New Zone commands (not exhaustive)

zlogin i.e. zlogin ZONENAME, zlogin -C ZONENAME
zoneadm i.e. zoneadm list, zoneadm list -civ, zoneadm -z ZONENAME boot
zonecfg Setup a zone
zonename (gives "global" if global, otherwise gives zone "hostname")

Zone aware commands (not exhaustive)

ps -Z
df -Z
ifconfig -aZ (lists only "global" used interfaces, ignores zone specific)

Services (replaces /etc/rc?.d/* files)

svcs
svcs -a #default
svcs -H -o state ssaprod #only print state
svcs -l network/smtp:sendmail #list details about it
svcs -D milestone/multi-user #what is dependent on it
svcs -d milestone/multi-user:default #what it is dependent on
svcs -p ssaprod #list running process for service
svcs -xv
svcs -xv nfs/server #state (uptime), man and log file location
svcs | grep online #list services with online states
svcs | grep -v online #list services that are not online

svcadm enable SERVICE
svcadm -t enable SERVICE #temporarily start - not persistent with reboot
svcadm disable SERVICE
svcadm restart SERVICE

svccfg
svccfg -s ssaprod #interactive modification
svccfg -s $APP listprop #list properties
svccfg import /var/tmp/dump.xml
svccfg export dumpadm >/tmp/dump.xml
svccfg delete network/inetd-upgrade:default

svcprop network/inetd:default
svcprop -p general/enabled network/inetd:default
svcprop -p stop/exec network/inetd:default
svcprop -p ttymon system/console-login

IPfilter Firewall software

ipf: /etc/ipf/ipf.conf

ipfstat -t

ipfstat -hio

ipfstat -hi

ipfstat -ho

ipfstat -s

ipmon -a

ipf -f /etc/ipf/ipf.conf

ipf -T list

To setup logging: (setup "log" in the ipf.conf)

/etc/syslog.conf

local0.debug [TAB} /var/log/ipflog

svcadm restart system-log

To start ipfilter for the first time

svcadm enable pfil

svcadm enable ipfilter

init 6

IPFILTER Docs

http://docs.sun.com/app/docs/doc/816-4554/6maoq025a?a=view

http://www.obfuscation.org/ipf/ipf-howto.html

http://daemons.net/~matty/articles/solaris.ipfilter.html

BART - Basic Audit Reporting Tool

bart create -n > bart-`hostname`-`date '+%m-%d-%y'`
touch /etc/passwd
bart create -n > bart-`hostname`-`date '+%m-%d-%y'`b
bart compare bart-monolyth-07-04-05 bart-monolyth-07-04-05b

To assert some control over BART we can leverage BART rules. A rules file is just what it sounds like, a listing of rules by which BART should conform. A simple example of a rules file would be:

# Global Attributes

CHECK all

IGNORE dirmtime

# Check /etc and /usr

/etc

/usr

CHECK

# Check /var but ignore filesizes and mod time (logs)

/var

IGNORE size mtime