.hushlogin: if time new /etc/motd, not read motd timex and sar ntpupdate setclock crle library path/developer environment settings dircmp dir1 dir2 #diff on dirs fstat & lofs & fuser change the time of a file: touch to set the time of a file: touch -t YYMMDDhhmm file fuser -cu MTPT fuser -cuk MTPT fuser -cuk `tty` fuser -cuk /dev/pts/# cpio o - out to tape i - in from tape B - blk size c - ascii compatability find . -print | cpio -ocvB > /dev/rmt0 cpio -ivcB < /dev/rmt0 SOLARIS init states: 0,S,1,2,3,5,6 /etc/init.d /etc/rcX.d /sbin/rcX 0-halt 1-single no FS S-single w/ some FS 2-no NFS 3-NFS 4-na 5-power off 6-reboot to initdef ok> boot [device] [-VALUE] a - ask for boot dev and other items r - reconfig v - verbose s - single user ok> boot net:rarp halt=init 0 reboot=shutdown -i6 shutdown -y shutdown -g X (grace period in seconds) shutdown -i X (init state) shutdown -y -i 6 -g 0 admintool #basic tool solstice #network and more swmtool #sw admin fruadm, prtfru #print FRU hardware stuff SUNWfruid fmadm faulty #list failures fmdump -v -u #list details of a failure fmadm repair #remove a failure from the list (after h/w fix) fmadm reset cpumem-diagnosis fmadm reset cpumem-retire fmadm reset eft fmadm reset io-retire cd /var/fm/fmd; rm e* f* c*/eft/* r*/* #clear ereports and resource cache eject [cdrom, floppy] mount -o ro -F hsfs /dev/c0t6d0s2 /cdrom rdate aset # Automated Security Enhancement Tool for FS permissions /etc/skel /etc/default /etc/logindevperm #default permissions on some devices /etc/dfs/dfstab #replaces /etc/exports /etc/vfstab #replaces /etc/fstab patches: /var/sadm/patches installpatches patchadd patchrm y2k - www.sun.com/y2000 get tar of SunScan normal - sunsolve.sun.com showrev ~= uname uname -X #show like showrev patchadd -p || showrev -p #installed patches pkginfo pkgrm pkgadd pkgadd -d /cdrom/Product . SUNWxxx SUNWyyyy pkgadd -d product pkgadd -d . pkgadd -d . PRODUCT pkgadd -d . ./PRODUCT.pkg pkgadd -d ./PRODUCT.pkg PRODUCT pkgadd - no questions / non-interactive: create a file called: /var/tmp/admin mail= conflict=nocheck setuid=nocheck action=nocheck partial=nocheck instance=overwrite idepend=nocheck rdepend=nocheck space=check pkgadd -a /var/tmp/admin -d `pwd` pkgchk all use: /var/adm/install/contents, /var/sadm, /opt/PKGNAME/bin /opt/bin, /var/opt/PKGNAME, /etc/opt/PKGNAME to list|check all installed pkgs: cd /var/sadm/pkg; pkg[info,chk] * to list all possible pkgs cd /cdrom/so*/s0/So*/Product [u]mountall [-l] -l #if yes in /etc/vfstab -r remote -F nfs config is replaced by: modunload, modload, add_drv, remdrv modinfo lists currently loaded mods /usr/sbin/installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk \ /dev/rdsk/c1t0d0s0 ------------------------- #bootblock only dd if=/dev/rdsk/c0t0d0s0 of=/var/tmp/from_boot.blk bs=1b skip=1 \ count=15 conv=sync cmp var/tmp/from_boot.blk /usr/platform/`uname -i`/lib/fs/ufs/bootblk file #label and bootblock dd if=/dev/rdsk/c0t0d0s0 of=/var/tmp/from_label bs=1b count=16 conv=sync ------------------------- DEVICES /dev/[r]dsk/c0t0d0s0 c - controller t - physical bus target d - devices (usually 0) s - slice 0-7 (a-h) /dev/sr0 is the CDROM c partition (linked to dsk/c0t6d0s2) /dev/dsk/c0t6d0s0 is the CDROM /dev/[r]diskette REMOVEABLE MEDIA FS /cdrom/CDROMNAME /floppy/FLOPPYNAME W/O FS /vol/dev/aliases/cdrom0 /vol/dev/aliases/floppy0 /vol/dsk /dev/rmt/8hn is nrmt8 /dev/rmt/0 is rst0 rmmount, volcancel, volcheck, volmissing, vold /etc/vold.conf, /etc/rmmount.conf /vmunix is now /unix mt offline|rewoffl # many new options dkinfo -> prtvtoc devinfo -> sysdef -d fstyp sparc format -e #for USB and other disk types format < /dev/null x86 pre 10 format -e sol 10 format -e rmformat -l #list removeable devices rmformat -s #create slices rmformat -F #use only on a USB diskette fdisk -B xxxxp0 fdisk -w xxxxp0 sysdef [-d] prtconf [-vp] /usr/platform/uname -m/sbin/prtdiag [-v #gives errors] psradm, psrinfo & mpstat iostat -xtnc #perf iostat -xnz #perf iostat -DMnpxz #perf iostat -Een #disk types iostat -Dmpz -l 3 -T d # T is timestamp iostat -Dmrpz -l 3 -T d # T is timestamp ndd -get /dev/ip ip_addrs_per_if VALUE VALUE: def 256, max is 80000 ndd /dev/arp \? ndd /dev/ip \? ndd /dev/tcp \? ndd /dev/udp \? ndd -set /dev/eri instance 0 ndd /dev/eri link_status #0 == down, 1== up ndd /dev/eri \? netstat -k #kernel stats netstat -k interface #kernel stats netstat -i INTERVAL LVM MD - meta data newfs /dev/md/rdsk/d42 fsck /dev/vx/rdsk/apps/logvol mount /dev/md/dsk/d42 /MTPT metareplace -e d0 #replace a disk drive that has been swapped network /etc/inet/hosts /etc/nodename /etc/hostname.xxy #ethernet device snoop - look at network packets # get cisco blade/port for interface snoop -x0 -c1 -d ce8 multicast not broadcast greater 200 | grep \/ snoop -d hme0 broadcast snoop -v -d hme0 broadcast snoop -V -d hme0 somehost snoop -d hme0 -o /tmp/snoop 192.168.2.3 control-c snoop -i /tmp/snoop -V | egrep -iv 'nfs|ack|ftp' swap: -l #512 blks -s #1024 blks: real+swap mkfile to make swapfile, then swap -a useradd -u 999 -g 10 -d /home/username -s /bin/ksh username ufsdump | ufsrestore ufsdump 0f - /a | (cd /mnt;ufsrestore -rvf -) tar cvf - ./dir | (cd /somedir; tar xpf -) tar cvf - ./dir | gzip -c > /somewhere/somefile.gz ncheck /dev/rdsk/xxxx | grep inode #find all files hardlinked to file /etc/system - rstchown=0 #allow non-root chown man zsh | col -x -b #like deroff # file usage report fusage man1 - user man1M - sys adm man2 - system calls man3 - library man4 - file formats man5 - headers, tables, macros man7 - special files man9* - DDI/DKI man -a #displays mans that match man -l #lists mans that match man -F #search all dirs until file is found df -t (show totals) df -F type (tmpfs, nfs, ufs, vxfs) df -k kB du -r (show things needing repair) initialize a system (new IP, hostname, subnet, time, language, nameserver) sys-unconfig => reboot => sysidtool printers /etc/printers.conf #replaces /etc/printcap /etc/lp #config files /usr/share/lib/terminfo /usr/lib/lp #filters /usr/lp/logs /var/spool/lp $PRINTER || $LPDEST $HOME/.printers # _default: some_name filep postprint lpsched lpadmin,admintool,lpusers,lpmove,lpforms lpshut,lpsched,lpset,lp,printtool lpstat, accept,cancel,reject,enable,disable solaris 2.8: use printmgr instead of admintool /etc/init.d/lp [start,stop] at, atq, at -r job SAF: Service Access Facility (serial devices) replaces /etc/ttytab sacadm ttyadm pmadm nlsadmin syncstat dtconfig -reset uptime last 3 fields (5s, 10s, 15s) display-value = (run queue size) / (# of cpus) /var/spool/mail is now /var/mail termcap is now terminfo no /RFS truss COMMAND appcert, appcheck, apptrace: new is solcat and lincat /usr/proc/bin/--- ptree, pmap, ... ldd COMMAND #list dynamically link libraries for binary pmap -x : shows memory usage pmap -S : shows SWAP memory usage Psuedo FS CACHEFS - CDROM performance enhancer PROCFS - /proc FDFS - open file using file descriptors FIFOFS - pipe files for that give processes common access to data NAMEFS - STREAMS SWAPFS - default swap device when systems boots - can create more /opt - optional s/w, if not own FS, may be linked to /usr/opt /vol - for volume management daemon, vold and volfs ff /dev/rdsk/c0t13d0s1 /etc/opt/licenses: lmcksum, lmdiag, lmdown, lmhostid, lminstall, lmremove, lmreread, lmstat, lmswitch, lmver adb -k /dev/ksyms /dev/mem iscda unix.3 vmcore.3 iscda /dev/ksyms /dev/mem $c an adb miscellaneous command which dumps the stack backtrace with one line per call $r registers - g7 is failing thread threadnum$ your-output-file Examples: iscda unix.3 vmcore.3 iscda /dev/ksyms /dev/mem crash, dbx, dis, file, kdbx|kadb, nm, od, string, what Solaris 8 mdb(1) replaces adb(1) and crash(1M) mdb modules in /usr/lib/mdb, /usr/platform/lib/mdb etc mdb can use adb macros #get kernel symbols /usr/ccs/bin/nm /kernel/genunix /platform/sun4u/kernel/unix kstat, sysdef | grep param, mdb, ndd kstat -p -c net kstat -n vm kstat -n segmap kstat -n var kstat -n system_misc INTERFACE="$(netstat -i | grep $(hostname)| awk '{print $1}' | sort -u)" for INT in $INTERFACE do K_INT=$(echo $INT | sed -e 's/[a-z]*/&:/') kstat $K_INT done trapstat sysdef -i | grep KERNEL-PARAMS pbind, psrset psradm, psrinfo Prorcess by cpu: dispadmin, pbind, priocntl, mpstat, sundiag, sar, sag sag xterm -t TS=`date +%H:%M` sar -o /tmp/tempfile 60 15 TE=`date +%H:%M` sag -f /tmp/tempfile -s $TS -e $TE -y "r+w/s[dsk]" psrinfo - cpu info psradm - turn on/off a cpu NFS share -F nfs -o ro,anon=0 /cdrom/cdrom0 dfshares, shareall, unshareall, dfmounts, share whodo, who, w, who am i which, what, whatis, whereis finger -i, id [-ap], logins -[a,d,m,p] graphics X86 kdmconfig SPARC m64config -propt fbconfig fbconfig -gui (need dcmtool download from sun) fbconfig front-end to others (m64config) fbconfig -dev /dev/fbs/m640 -help fbconfig -dev /dev/fbs/m640 -default fbconfig -dev /dev/fbs/m640 -prtconf fbconfig -dev /dev/fbs/m640 -propt fbconfig -dev /dev/fbs/m640 -depth 32 -res 1280x1024x76 VXFS modload /kernel/fs/vxfs df -F vxfs To make a disk resemble another's partitions prtvtoc device > somefile fmthard -s somefile device To make a system disk mirror useable by VM if main disk fails use-nvramrc?=true 2.6 isalist psrset optisa sysinfo prtconf -vp | grep banner-name # gives real type sendmail mconnect host telnet host 25 2.7-2.8 dumpadm savecore -L plimit PID pgrep name pkill name truss [-pid XXX | cmd ] truss -u (user space) truss -f (follow forks) truss -pid XXXX (PID to truss) 32/64 bit kernel: isalist, isainfo -v, isainfo -kv boot kernel/unix #32 bit kernel boot kernel/sparcv9/unix #64 bit kernel vmstat -S show swapping vmstat -p show paging in 2.8 with new columns passwd: pwconv - conistency between passwd&shadow passwd: passmgmt (chfn) passwd: pwck PS ps -c PRI 0-59 job class time shareing low TS,IA 60-99 sys daemon systems med SYS 100-159 job class real time high ??? processes: ps -cafel ps -cafely ps -elf ps -elc ps -efZ (for all zones by zones) prstat -a (like top) sdtprocess se pea.se se peac.se se peer.se se pry.se se ps-ax.se se ps-p.se se pwatch.se /usr/ucb/ps auxww **OR** /usr/proc/bin/pargs PID ================================================================================ logadm ## log history rotation for test.log /var/log/history/test.log/test.log.gz -N -A 30d -P 'Fri Jul 21 22:05:28 2006' -g staff -m 664 -o adm -p now ## log rotation for test.log /var/log/test.log -C 3 -E 'mv $file /var/log/history/test.log/test.log.gz' -P 'Fri Jul 21 22:05:28 2006' -b 'echo EOF >> /var/log/test.log' -g staff -m 664 -o adm -p now -z 0 Solaris 10 has a handy way of rotating logs, and works fairly well for keeping history as well. Here are a couple rules, the bottom one for a working log rotation, and the top one for rotating and managing the zipped history of that same log. It works best to have the history managed first, hence the order of the rules. Here is a brief explanation of syntax, starting at the TOP. /var/log/history/test.log/test.log.gz: is the rule name. This is the rule name. I could have called it "carl", but this works better for me. -N: don't print any errors if the log doesn't exist. -A 30d: Removes logs that are from After 30 days. This entry can also include m for months, w for weeks, or even y for years -P 'Fri Jul ...': records a timestamp that the last rotation was made. We don't worry about this. It is done by logadm. -g staff: The group to assign to the new log file. The default is the current group, so this is really just a security feature. -m 644: The octal permissions to assign the new file. The default is the current permissions. Also a security feature. -o adm: The owner to assign to the new log file. The default is the current owner. Also a security feature. -p now: Rotate the log "now" This gives rotation control to cron, instead of using the time period feature. Other options are either a number followed by: y=years m=months (30 days) w=weeks d=days h=hours -or- the keyword "never" to force no log rotation. Additional flags in the bottom rule: -C 3: only keep a count of 3 old log files. (0, 1, and 2) -E 'mv $file /var/log/hist...': instead of removing an expired log, do the cmd in single quotes. -b 'echo EOF >> /var/log/...': append EOF to the log file before rotating I have noticed that if the log file is NULL, logadm will rotate anyway, but not create a new log. It then effectively overwrites the old logs with whatever was in log.0, one at a time. This solves that problem. A bit kludgey, but what the hey! -z 0: compress the old log files, and only keep the current working file uncompressed. Numbers other than 0 indicate the number of old logs to keep uncompressed for easy viewing. Here is what happens: 1. The top rule checks for /var/log/history/test.log/test.log.gz 2. copies it to test.log.gz.0 3. creates a null file called test.log.gz 4. changes the owner and group of the file to adm:staff 5. changes the permissions of the file to 664 6. checks to see if any of the logs are now 30 days old, and if they any are, removes them. 1. The bottom rule checks for /var/log/test.log 2. appends "EOF" to the file 3. copies it to test.log.0 4. gzips new file 5. creates a null file called test.log 6. changes the owner and group of the file to adm:staff 7. changes the permissions of the file to 664 8. checks to see if there are now more than 3 old log files, and if any are, execute the supplied command to copy the file to /var/log/history/test.log/test.log.gz ================================================================================ elfdump -e /bin/ls elfdump -c /bin/ls LD_DEBUG=help date whois domainname whois.internic.net whois.networksolutions.com www.webmagic.com/whois/index.html www.alldomains.com www.allwhois.com whois cheetah.bakercomputeranddata.com whois -h whois.networksolutions.com bakercomputeranddata.com cksum, sum, md5-sparc /bin/login MD5 (/bin/login) = a7dedb8fec4133725f2332b04a7b41b6 You can copy this and paste it to http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl then hit "Submit." nslookup -type=MX bakercomputeranddata.com nslookup -type=SOA bakercomputeranddata.com nslookup -q=SOA bakercomputeranddata.com mhn - display/list/store/cache MIME mail messages How do I untar a file with absolute paths to a relative location? Method 1 (user): /usr/bin/pax -r -s ',^/,,' -f file.tar Method 2 (root): /usr/bin/cp /usr/sbin/static/tar /tmp /usr/bin/dd if=file.tar | /usr/bin/chroot /tmp ./tar xf - kstat, prstat, busstat, cpustat, lockstat, cpc, cpustat, cputrack, psrset, proc lockstat -i 971 sleep 300 > lock.out.$$ lockstat -Ii 971 sleep 300 > lock.out.$$ lockstat -kIi 971 sleep 300 > lock.out.$$ busstat -w ac,pic0=clock_cycles,pic1=mem_bank0_rds 2 100 busstat -r sbus0 1 100 busstat -w ac0,pic0=clock_cycles,pic1=mem_bank0_rds \ -w ac0,pic0=addr_pkts,pic1=data_pkts \ -r ac1 2 trapstat 3 trapstat -t 3 # see how many TLB misses there are cputrack -N 20 -c pic0=DC_access,pic1=DC_miss -p 19849 #yes | rm -i * #yes n | rm -i * start a network in single-user: /etc/rc2.d/[S69inet, S72inetsvc] start set hidden chars in a file: cat -vet filename install - touch /etc/notrouter IPMP if_mpadmin, /etc/opt/SUNWconn/bin/nettr.sh cd /etc/opt/SUNWconn/bin/nettr -conf touch /etc/notrouter The in.mpathd daemon is started by the svc:network/net-init SMF service: # grep in[.]mpathd /lib/svc/method/net-init /usr/bin/pgrep -x -u 0 in.mpathd >/dev/null 2>&1 || /usr/lib/inet/in.mpathd -a [root@mysrv-other1]# more hostname* 3.20.67.194 - hostname mysrv 3.20.67.195 - virtual mysrv-ipmp-f1 3.20.67.196 - virtual mysrv-ipmp-f2 :::::::::::::: hostname.ce1 :::::::::::::: mysrv-ipmp-f1 netmask + broadcast + group mysrv-other up \ addif mysrv deprecated netmask + broadcast + -failover up :::::::::::::: hostname.ce2 :::::::::::::: mysrv-ipmp-f2 netmask + broadcast + group mysrv-other up \ deprecated -failover standby up :::::::::::::: hostname.dman0 :::::::::::::: 10.2.1.2 netmask + broadcast + private up :::::::::::::: /etc/hostname.ce0 :::::::::::::: myhost-ce0 netmask + broadcast + group production deprecated -failover \ up addif myhost netmask + broadcast + failover up :::::::::::::: /etc/hostname.ce3 :::::::::::::: myhost-ce3 netmask + broadcast + group production deprecated -failover \ up addif myhost-dum netmask + broadcast + failover up #test IPMP #detach infc if_mpadm -d hme0 #restore/reattach infc if_mpadm -r hme0 Trunking cd /etc/opt/SUNWconn/bin/nettr vi nettr.conf # added entries Look at local (non-NFS) mounts only: find . ! -local -prune -o -print Look at only mount point and not cross-mount points: find . -mount -name blah cfsadmin -l CACHEFS nfsstat -m chroot /newrootdir /bin/ksh can't boot from boot-device? then see if diag is true, then set diag-device to boot-device values Projects/Workload Manager /etc/project #can be in NIS or LDAP /var/svc/manifest/site must make FSS active dispadmin -d FSS ps -cafe ps -ae -o pid,user,taskid,project,comm prctl -n project.cpu-shares -f -v 30 -i project proj1 prctl -n project.cpu-shares -f -v 50 -i project proj2 projmod -sK "project.cpu-shares=(priviledged,30,none)" proj1 projmod -sK "project.cpu-shares=(priviledged,50,none)" proj2 cat /etc/project prctl -n project.cpu-shares -i project proj2 newtask -p proj1 SOMECMD prstat -J #processes and projects projadd, projmod, projdel, projects, newtask rlimit prctl rctladm id|useradd -p ipcs -J pgrep|pkill -J -T pgrep -fl pattern poolbind|prctl|priocntl -i PROJECT (nice replaced by priocntl) prstat -j -J -k -T prstat -J #processes and projects prstat -m #microstates prstat -t #user summary prstat -l #user summary prstat -mL pooladm,poolcfg,poold,poolbind,poolstat /var/log/pool/poold /etc/pooladm.conf lofiadm - mount an image (CD) and work with it like a filesystem mount -o forcedirectio /dev/dsk... /mnt directiostat 3 command | xargs -n1 command2 ifconfig hme0:1 unplumb OR ifconfig hme0 removeif x.x.x.x ================================================================================ Solaris 10 ================================================================================ ZONES ps -elZ zonecfg (only from global) zoneadm zlogin ZONE zonename (lists zonename for a zone, lists "global" when in the global) zoneadmd prstat|ipcs -Z -z ps [-o ZONE] [-o ZONEID ....] pgrep|pkill|ipcrm|ppriv -z df|ifconfig -Z poolbind|priocntl|renice -i coreadm %z #added --------------------------------------------------------------- Process Tracing/ System Stats debugging -abitrace trace ABI interfaces -dtrace trace the world -mdb debug/control processes -truss trace functions and system calls System stats -acctcom process accounting -busstat Bus hardware counters -cpustat CPU hardware counters -iostat IO & NFS statistics -kstat display kernel statistics -mpstat processor statistics -netstat network statistics -nfsstat nfs server stats -sar kitchen sink utility -vmstat virtual memory stats Process control -pgrep grep for processes -pkill kill processes list -pstop stop processes -prun start processes -prctl view/set process resources -pwait wait for process -preap reap a zombie process Process stats -cputrack - per-processor hw counters -pargs process arguments -pflags process flags -pcred process credentials -pldd process's library dependencies -psig process signal disposition -pstack process stack dump -pmap process memory map -pfiles open files and names -prstat process statistics -ptree process tree -ptime process microstate times -pwdx process working directory Kernel Tracing/ debugging - dtrace trace and monitor kernel - lockstat monitor locking statistics - lockstat -k profile kernel - mdb debug live and kernel cores --------------------------------------------------------------- BART - Basic Audit Reporting Tool bart create -n > bart-`hostname`-`date '+%m-%d-%y'` touch /etc/passwd bart create -n > bart-`hostname`-`date '+%m-%d-%y'`b bart compare -p bart-monolyth-07-04-05 bart-monolyth-07-04-05b To assert some control over BART we can leverage BART rules. A rules file is just what it sounds like, a listing of rules by which BART should conform. A simple example of a rules file would be: # Global Attributes CHECK all IGNORE dirmtime # Check /etc and /usr /etc /usr CHECK # Check /var but ignore filesizes and mod time (logs) /var IGNORE size mtime --------------------------------------------------------------- Oracle /etc/system values now automatically set in sol 10 (and dynamically increase as needed) But, if you need to change them, you can use the "old" name in /etc/system or use projects (suggested). projmod -sK "project.max-shm-memory=(priviledged,2g,deny)" group.dba projmod -sK "project.max-shm-memory=(priviledged,2g,deny)" oralce-proj Solaris 10 Param Oracle-lvl Sol-Def Resource-Control-Name semsys:seminfo_semmni 100 128 project.max-sem-ids semsys:seminfo_semmns 1024 obsolete semsys:seminfo_semmsl 256 512 project.max-sem-nsems shmssy:shminfo_shmmax 1/4 phys RAM project.max-shm-memory shmsys:shminfo_shmmin 1 obsolete shmsys:shminfo_shmmni 100 128 project.max-shm-ids shmsys:shminfo_shmseg 10 obsolete #setting and view semaphores set shmsys:shminfo_shmmni = 4096 * default sol 10: set to 128 *project.max-shm-ids = 4096 set semsys:seminfo_semmni = 512 * default sol 10: set to 128 *project.max-sem-ids = 512 modload -p sys/shmsys modload -p sys/semsys sysdev -i prctl $$ NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT process.max-port-events privileged 65.5K - deny - system 2.15G max deny - process.max-msg-messages privileged 8.19K - deny - system 4.29G max deny - process.max-msg-qbytes privileged 64.0KB - deny - system 16.0EB max deny - process.max-sem-ops privileged 512 - deny - system 2.15G max deny - process.max-sem-nsems privileged 512 - deny - system 32.8K max deny - process.max-address-space privileged 16.0EB max deny - system 16.0EB max deny - process.max-file-descriptor privileged 1.02K - deny - system 2.15G max deny - process.max-core-size privileged 8.00EB max deny - system 8.00EB max deny - process.max-stack-size basic 10.0MB - deny 912 privileged 125TB - deny - system 125TB max deny - process.max-data-size privileged 16.0EB max deny - system 16.0EB max deny - process.max-file-size privileged 8.00EB max deny,signal=XFSZ - system 8.00EB max deny - process.max-cpu-time privileged 18.4Es inf signal=XCPU - system 18.4Es inf none - task.max-cpu-time system 18.4Es inf none - task.max-lwps system 2.15G max deny - project.max-contracts privileged 10.0K - deny - system 2.15G max deny - project.max-device-locked-memory privileged 255MB - deny - system 16.0EB max deny - project.max-port-ids privileged 8.19K - deny - system 65.5K max deny - project.max-shm-memory privileged 32.0GB - deny - system 16.0EB max deny - project.max-shm-ids privileged 4.10K - deny - system 16.8M max deny - project.max-msg-ids privileged 128 - deny - system 16.8M max deny - project.max-sem-ids privileged 512 - deny - system 16.8M max deny - project.max-crypto-memory privileged 1022MB - deny - system 16.0EB max deny - project.max-tasks system 2.15G max deny - project.max-lwps system 2.15G max deny - project.cpu-shares privileged 1 - none - system 65.5K max none - zone.max-lwps system 2.15G max deny - zone.cpu-shares privileged 1 - none - system 65.5K max none - ================================================================================ dtrace Setting dtrace privileges Add a line for your user in /etc/user_attr: rmc::::defaultpriv=dtrace_kernel,basic,proc_owner,dtrace_proc #get number of system calls dtrace -n 'syscall:::entry { @scalls[probefunc] = count() }' ^C #get pagein counts dtrace -n pgin {@[execname] = count()} ^C #get vminfo stats on "soffice.bin" dtrace -P vminfo/execname == "soffice.bin"/{@[probename] = count()} ^C #!/usr/sbin/dtrace -Fs syscall::fork1:entry / pid == $target / { self->trace = 1; } fbt::: / self->trace / {} syscall::fork1:return / pid == $target / { self->trace = 0; exit(0); } C code calling fork() D script to generate kernel trace ./watchfork.d //watching for fork(2) #!/usr/sbin/dtrace -qs syscall::forkall:entry { @fall[execname] = count(); } syscall::fork1:entry { @f1[execname] = count(); } syscall::vfork:entry { @vf[execname] = count(); } dtrace:::END { printf("forkall\n"); printa(@fall); printf("fork1\n"); printa(@f1); printf("vfork\n"); printa(@vf); } dtrace -s ./whoexec.d //watch exec(2) #pragma D option quiet proc:::exec { self->parent = execname; } proc:::exec-success /self->parent != NULL/ { @[self->parent, execname] = count(); self->parent = NULL; } proc:::exec-failure /self->parent != NULL/ { self->parent = NULL; } END { printf("%-20s %-20s %s\n", "WHO", "WHAT", "COUNT"); printa("%-20s %-20s %@d\n", @); } # dtrace -s ./iotrace #pragma D option quiet BEGIN { printf("%10s %58s %2s %8s\n", "DEVICE", "FILE", "RW", "Size"); } io:::start { printf("%10s %58s %2s %8d\n", args[1]->dev_statname, args[2]->fi_pathname, args[0]->b_flags & B_READ ? "R" : "W", args[0]->b_bcount); } Filesystem kbytes used avail capacity Mounted on /dev/md/dsk/d10 5165838 2828444 2285736 56% / /devices 0 0 0 0% /devices ctfs 0 0 0 0% /system/contract proc 0 0 0 0% /proc mnttab 0 0 0 0% /etc/mnttab swap 15191336 920 15190416 1% /etc/svc/volatile objfs 0 0 0 0% /system/object fd 0 0 0 0% /dev/fd /dev/md/dsk/d13 4133838 221616 3870884 6% /var swap 524288 0 524288 0% /tmp swap 15190448 32 15190416 1% /var/run ================================================================================ x86, x64 ================================================================================ LINUX lxrun CMD ================================================================================ Address Space Linear memory range visible to a program, that the instructions of the program can directly load and store. Each Solaris process has an address space; the Solaris kernel also has it's own address space. Virtual Memory Illusion of real memory within an address space. Physical Memory Real memory (e.g. RAM) Mapping A memory relationship between the address space and an object managed by the virtual memory system. Segment A co-managed set of similar mappings within an address space. Text Mapping The mapping containing the programs instructions and read-only objects. Data Mapping The mapping containing the programs initialized data Heap A mapping used to contain the programs heap (malloc'd) space Stack A mapping used to hold the programs stack Page A linear chunk of memory managed by the virtual memory system VNODE A file-system independant file object within the Solaris kernel Backing Store The storage medium used to hold a page of virtual memory while it is not backed by physical memory Paging The action of moving a page to or from it's backing store Swapping The action of swapping an entire address space to/from the swap device Swap Space A storage device used as the backing store for anonymous pages. Scanning The action of the virtual memory system takes when looking for memory which can be freed up for use by other subsystems. Named Pages Pages which are mappings of an object in the file system. Anonymous Memory Pages which do not have a named backing store Protection A set of booleans to describe if a program is allowed to read, write or execute instructions within a page or mapping. ISM Intimate Shared Memory - A type of System V shared memory optimized for sharing between many processes DISM Pageable ISM NUMA Non-uniform memory architecture - a term used to describe a machine with differing processor-memory latencies. Lgroup A locallity group - a grouping of processors and physical memory which share similar memory latencies MMU The hardware functional unit in the microprocessor used to dynamically translate virtual addresses into physical addresses. HAT The Hardware Address Translation Layer - the Solaris layer which manages the translation of virtual addresses to physical addresses TTE Translation Table Entry - The UltraSPARC hardware's table entry which holds the data for virtual to physical translation TLB Translation Lookaside Buffer - the hardware's cache of virtual address translations Page Size The translation size for each entry in the TLB TSB Translation Software Buffer - UltraSPARC's software cache of ttes, used for lookup when a translation is not found in the TLB -------------------------------------------------- Scanning Parameters Parameter Description Min Default ( Solaris 8) lotsfree 512K 1/64 th of memory starts stealing anonymous memory pages desfree minfree ½ of lotsfee scanner is started at 100 times/second minfree ½ of desfree start scanning every time a new page is created throttlefree minfree page_create routine makes the caller wait until free pages are available fastscan slowscan minimum of 64MB/s or ½ memory size scan rate (pages per second) when free memory = minfree slowscan 100 scan rate (pages per second) when free memory = lotsfree maxpgio ~60 60 or 90 pages per spindle max number of pages per second that the swap device can handle hand-spreadpages 1 fastscan number of pages between the front hand (clearing) and back hand (checking) min_percent_cpu 4% (~1 clock tick) (cont'd) of a single CPU CPU usage when free memory is at lotsfree VM CHANGES in 8/9/10 Free memory now contains file system cache Higher free memory vmstat 'free' column is meaningful Easier visibility for memory shortages Scan rates != 0 - Memory shortage Correct Defaults No tuning required delete all /etc/system VM parameters! ================================================================================ Enable DISK Multipathing (MPXIO) vi /kernel/drv/fp.conf (was: /kernel/drv/scsi_vhci.conf) stmsboot -e #enable MPXIO stmsboot -d #disable MPXIO stmsboot -u #update vfstab and dumpadm stmsboot -l #list wostmsboot -e stmsboot -L unchanged #list wostmsboot -e cfgadm -o show_SCSI_LUN -al cfgadm -o show_FCP_dev -al luxadm -e dump_map /devices/pci@23d,600000/SUNW,qlc@1/fp@0,0 ================================================================================ swap - /tmp tmpfs - yes size=2000M ================================================================================ Sudo Logging touch /var/adm/sudolog vi /etc/syslog.conf and put the following line at the bottom of the file. Then save the file and quit. # # NOTE: use **** TABS **** and NOT spaces between the fields # local2.info /var/adm/sudolog Also change for sylog logging to a syslog server *.info;*.err;kern.notice;auth.notice @syslogsvr ================================================================================ metaset SVM disksuite kenapps04g:global# ps -ef | grep meta root 423 317 0 15:16:01 ? 0:00 /usr/sbin/rpc.metad root 22671 20772 0 15:32:40 pts/2 0:00 grep meta kenapps04g:global# /usr/sbin/rpc.metamhd kenapps04g:global# svcs | grep meta online 15:14:57 svc:/system/metainit:default online 15:15:58 svc:/network/rpc/meta:default online 15:32:21 svc:/network/rpc/metamed:default online 15:32:27 svc:/network/rpc/metamh:default kenapps04g:global# grep sysadm /etc/group sysadmin::14:root kenapps04g:global# grep fus /etc/system set ip:do_tcp_fusion = 0x0 metaset -s ssaprod -h kenapps01g metaset -s ssaprod -h kenapps02g metaset -s ssaprod -h kenapps03g metaset -s ssaprod -a /dev/dsk/c2t5006048ACCB53A97d8 metaset -s ssaprod -a /dev/dsk/c2t5006048ACCB53A97d9 metaset -s ssaprod -a /dev/dsk/c2t5006048ACCB53A97d10 metainit -s ssaprod d90 1 1 c2t5006048ACCB53A97d11s0 metaclear -s ssaprod d90 metaset -s ssaprod -d /dev/dsk/c2t5006048ACCB53A97d11 Metaset... kenapps01g# metaset Set name = ssaprod, Set number = 1 Host Owner kenapps01g Yes kenapps02g kenapps03g Drive Dbase /dev/dsk/c2t5006048ACCB53A97d8 Yes /dev/dsk/c2t5006048ACCB53A97d9 Yes /dev/dsk/c2t5006048ACCB53A97d10 Yes kenapps01g# "release" a metaset from ownership on a host metaset -s ssaprod -r To OWN on another host...(TAKE metaset) metaset -s ssaprod -t To remove/purge/destroy a metaset metaset -s ssaprod -P ================================================================================ Clean up wtmp cp /dev/null /var/adm/wtmp OR To edit the /var/adm/wtmp file, first copy the file temporarily with the following command: /usr/sbin/acct/fwtmp < /var/adm/wtmp >/tmp/out Edit the /tmp/out file to remove unwanted entries then replace the original file with the following command: /usr/sbin/acct/fwtmp -ic < /tmp/out > /var/adm/wtmp ================================================================================ serial numbers in PROM - use SUNWsneep (sneep -s SERIALNUM) ================================================================================ flar from a 6500 called somserver to a 15k domain, 8 cpu, called somserver /server_config/flar/somserver-05-25.flarZ flarcreate -n somserver -R /net/somserver/ -c somserver-04-22.flarZ Read files from flar 1. Split the Flash Archive into the cookie, identification, and archive files. flar split -f flash_archive.flar 2. Extract the file(s) from the cpio archive. cpio -idv var/adm/messages < archive ------------------------------------------------------------------------------- non-15K edit /etc/inetd.conf and /etc/inet/ipsecinit.conf comment out sun-dr lines and reboot ================================================================================ Steps to burn a CD/DVD in Solaris 1. Create a temporary directory. 2. Copy the files you want to burn to CD/DVD to this temporary directory. 3. Make an iso image out of it. 4. Mount the iso image (to make sure that it works) 5. Now insert the CD/DVD media in the drive and burn the data onto it. Example: 1. bash#> mkdir ./temp_dir 2. bash#> cp /my_dir_path/myfiles ./temp_dir 3. bash#> mkisofs -J -R -o /my_dir_path/my_files.iso ./temp_dir 4. bash#> lofiadm -a /my_dir_path/my_files.iso /dev/lofi/1 bash#> mount -F hsfs /dev/lofi/1 /mnt 5. bash#> cd /usb bash#> cdrw -i /my_dir_path/my_files.iso Looking for CD devices... Initializing device...done. Preparing to write DVD Writing track 1...done. Finalizing (Can take several minutes)...done. ================================================================================ ICMP /usr/include/netinet/ip_icmp.h ================================================================================ Configuring Static Routes on the Command Line The route command enables manual manipulation of the routing table. The route command can be used to add, remove, and change routing table entries. The route command uses sub-commands to perform its tasks. To add routes to the routing table, you use the route add command. Its basic format is: route add destination gateway The destination can be a host, a network, or a default route. For example, to add a static route to the 192.168.3.0 network with the sys31ext system as the gateway, type the command: # route add net 192.168.3.0 sys31ext add net 192.168.3.0: gateway sys31ext # To add a static route to the sys24 host with the sys21ext system as the gateway, type the command: # route add host sys24 sys21ext add host sys24: gateway sys21ext # To add a default route with the instructor system as its gateway, type the command: # route add default instructor add default: gateway instructor # To delete a route, you use the route delete command. Its basic format is: route delete destination gateway For example, to delete the route to the host sys24 using the gateway sys21ext, type the command: # route delete sys24 sys21ext delete host sys24: gateway sys21ext # To retrieve information about a specific route, use the route get command. For example, to retrieve information about the default route, type the following command: # route get default route to: default destination: default mask: default gateway: instructor interface: hme0 flags: recvpipe sendpipe ssthresh rtt,ms rttvar,ms hopcount mtu expire 0 0 0 0 0 0 1500 0 # To change the routing table, use the route change command. For example, to change the default route from instructor to sys41, type a command similar to the following: # route change default sys41 change net default: gateway sys41 # To continuously report any changes to the routing table, route look-up misses, or suspected network partitionings, use the route monitor command. For example, when a route is deleted, to receive the following output, type the route monitor command: # route monitor got message of size 124 RTM_DELETE: Delete Route: len 124, pid: 633, seq 1, errno 0, flags: locks: inits: sockaddrs: 192.168.3.0 sys11ext 255.255.255.0 Configuring Static Routes on the Command Line (continued) To flush (remove) the routing table of all gateway entries, use the route flush command. For example: # route flush 192.168.9 sys13 done two sys13 done two sys11ext done default 172.20.4.248 done # To cause the routing table to flush before the remaining options are evaluated, use the flush option in combination with other options. For example, to flush the routing table of gateways and to add a route to the 192.168.2.0 network, type a command similar to the following: # route -f add net 192.168.2.0 sys21ext add net 192.168.2.0: gateway sys21ext # To add a route manually to the multicast address range of 224-239, type the command: # route add 224.0/4 "uname -n" Note: You can find the command syntax in the /lib/svc/method/net-svc SMF method file. To define a route that uses a specific netmask to support a network, use the -netmask option with the route command. For example, to add a route to the 192.168.3.0 network that uses a netmask of 255.255.255.224, type the command: # route add net 192.168.3.0 sys31ext -netmask 255.255.255.224 add net 192.168.3.0: gateway sys31ext # To achieve the same results in a more concise way, specify the length of the subnet mask after the destination. For example, enter: 192.168.3.0/27 The 255.255.255.224 netmask for the 192.168.3.0 network is 11111111.11111111.11111111.11100000 in binary format. There are 27 ones (1s) in the binary netmask, hence the /27 after the network address. A command similar to the following is identical to the command in the preceding example: # route add net 192.168.3.0/27 sys31ext add net 192.168.3.0/27: gateway sys31ext # Note: The in.routed process does not detect any routing table changes that are performed by other programs on the machine, for example, routes that are added, deleted, or flushed as a result of the route command. Therefore, do not perform these types of changes while the in.routed process is running. Instead, shut down the in.routed process, make the required changes, and then restart the in.routed process. This ensures that the in.routed process learns of any changes. Network names can also be used to define routes. To add a route to the two network, defined in the /etc/inet/networks file, type a command similar to the following: # route add net two 192.168.30.31 add net two: gateway 192.168.30.31 # Note: Use of the metric argument in the route command is no longer supported. self check Configuring Dynamic Routing The in.routed Daemon RIPv1 and RIPv2 are implemented by the /usr/sbin/in.routed daemon. The /usr/sbin/in.routed daemon causes a system to broadcast its own routing information if IP forwarding and IP routing are enabled by the routeadm command. A router sends routing information to the networks to which it is directly connected every 30 seconds. You cannot change this time interval. If RIPv2 multicasts are being processed, only those hosts listening for the RIPv2 multicast address process the information. If RIPv1 broadcasts are being processed, all hosts receive the information, but only those hosts that run the in.routed daemon use the information. Routers and non-routers run the in.routed daemon. The in.routed daemon is started at boot time if the ipv4-routing option is specifically enabled by using the routeadm command, or if the /etc/defaultrouter file is empty or does not exist. Stopping and Starting the in.routed Daemon The in.routed daemon can be stopped and started on the command line by using the routeadm command. The routeadm command is used to control whether a system runs the in.routed routing daemon and whether a system forwards IP packets between networks. To view the current configuration, type the routeadm command with no arguments: # routeadm Configuration Current Current Option Configuration System State IPv4 forwarding default (disabled) disabled IPv4 routing default (enabled) enabled IPv6 forwarding default (disabled) disabled IPv6 routing default (disabled) disabled IPv4 routing daemon "/usr/sbin/in.routed" IPv4 routing daemon args "" IPv4 routing daemon stop "kill -TERM &backquot;cat /var/tmp/in.routed.pid&backquot;" IPv6 routing daemon "/usr/lib/inet/in.ripngd" IPv6 routing daemon args "-s" IPv6 routing daemon stop "kill -TERM &backquot;cat /var/tmp/in.ripngd.pid&backquot;" # To stop the in.routed daemon, type the command: # routeadm -u -d ipv4-routing # To start the in.routed daemon, type the command: # routeadm -u -e ipv4-routing # The -d option changes the contents of the /etc/inet/routing.conf file to list the argument as disabled explicitly. The -e option changes the contents of the /etc/inet/routing.conf file to list the argument as enabled explicitly. The -u option updates the system's current configuration by using the contents of the /etc/inet/routing.conf file. Note: Using the routeadm command without the -u option causes the configuration to be changed in the /etc/inet/routing.conf file, but does not change the current configuration of the system. To cause the system to revert to default behavior at system boot (start the in.routed daemon unless the /etc/defaultrouter file is not empty), type the command: # routeadm -r ipv4-routing # Configuring Dynamic Routing ICMP Redirects ICMP provides control and error messages. ICMP on a router or gateway attempts to send reports of problems to the original source if an IP datagram cannot be delivered for some reason. ICMP datagrams are always encapsulated in IP. ICMP redirects occur when a system uses more than one default route. If the router determines a more efficient route, or if there is only one way to forward the datagram, it redirects the datagram using the better or only route and reports that route to the sender. The Demo shows an ICMP redirect process where the sys21 system needs to communicate with the server1 system and has a default route of sys11. The information does reach the server1 system and the sys11 system sends an ICMP redirect to the sys21 system, telling it that the best route to the server1 system is through the instructor system. The sending system's routing table is updated with the new information. The drawback to this method of routing is that for every ICMP redirect, there is a separate entry in the sending system's routing table. This action can lead to a large routing table. However, this method of routing also ensures that the datagrams that are going to all reachable hosts are taking the shortest route. Caution: An attacker might forge redirect errors to install false routes, which might initiate a denial of service attack if the newly specified router is not a router at all. There are rules governing valid redirect errors, all of which can be spoofed easily. Use this ndd command to ignore IPv4 ICMP redirect errors: ndd -set /dev/ip ip_ignore_redirect 1. Refer to the Sun BluePrintsTM document Solaris Operating Environment Network Settings for Security, available at: http://www.sun.com/solutions/blueprints/1200/network-updt1.pdf. Introducing CIDR Operation of CIDR CIDR uses classless addresses. Netmasks are referred to as network prefixes and are used to create networks of varying sizes. The network prefix is expressed in the following notation: X.X.X.X/Y. The value Y is an integer value that specifies the number of 1s in the netmask. For example, using /18 is equivalent to a netmask of 255.255.192.0. The first 18 bits identify the network, and the remaining 14 bits identify the host. The image shows an example of a CIDR prefix. CIDR Prefix: The context describes the graphic. This use of variable length subnet masks means making efficient use of network address space by supernetting or subnetting. Supernetting is the combining of two or more contiguous network addresses. For example, 192.168.2/24 (11000000.10101000.00000010, 0xffffff00, or 255.255.255.0) and 192.168.3/24 (11000000.10101000.00000011, 0xffffff00, or 255.255.255.0) can be supernetted by using a prefix of /23 (11000000.10101000.0000001X, 0xfffffe00, or 255.255.254.0). The systems on the supernetted networks must all use the following in order to properly communicate without a router: * Network address - 192.168.2.0/23 * Broadcast address - 192.168.3.255 Valid host addresses for this supernetted network range from 192.168.2.1-192.168.3.254 (510 addresses). The 192.168.2.255 and 192.168.3.0 addresses are valid host addresses, but they are not used in the Solaris 10 OS. Following is an example that configures an interface on this supernetted network: View example A CIDR and VLSM aware routing protocol, such as RIPv2, must be used on the router that connects this supernetted network to other networks. Subnetting is the application of a netmask on an IP address to divide the network up into smaller pieces. CIDR and VLSM permit a portion of the IP address space to be divided into successively smaller pieces. For example, an Internet service provider (ISP) could be allocated blocks of address space, which they then assign in subset address blocks to smaller ISPs. These smaller ISPs can then supply an even smaller subset of addresses to a customer or private organization. CIDR and VLSM make this aggregation and subdivision of address space possible. The routing table entry for each ISP or organization reflects the first address in the block assigned to it, for example, 204.106.8.0/22, even though there can be additional network addresses that are associated with the block. A range of CIDR addresses is known as a CIDR block. This support of network addresses eliminates the number of entries required in the backbone routing tables. Consider an ISP that requires IP addresses for 1000 clients. Based on 254 clients per Class C network, the ISP requires four Class C networks. You can supernet four Class C networks, for example: * 204.106.8.0 * 204.106.9.0 * 204.106.10.0 * 204.106.11.0 The image shows the network addresses that can result from applying different network prefixes. An Example of a CIDR Prefix: The content describes the graphic. It can be seen from The image that the four networks being considered have identical values in their first 22 bits. Therefore, if you consider the first 22 bits only of an address on any of these networks to represent the network portion of the address, every address on the four networks has the same network address. The networks can therefore be supernetted and a single route can be used to reach all four networks. The image shows an example of supernetting. Supernetting Example: The context describes the graphic. An ISP who is given a block of supernetted addresses can then divide the range into different sized blocks to suit the needs of their customers, while minimizing the number of routing table entries required. Routing at Boot Time The behavior of a Solaris 10 system in regard to route configuration is different to previous versions of the Solaris OS. The /etc/inet/routing.conf file contains two options regarding route configuration on a Solaris 10 system: ipv4-routing and ipv4-forwarding. The ipv4-routing option refers to whether a system will start the in.routed daemon. The ipv4-forwarding option refers to whether a system will be configured to forward packets between networks. When a system boots, the system first checks the contents of the /etc/inet/routing.conf file. If the ipv4-routing or ipv4-forwarding options are set explicitly to either enabled or disabled, the setting is applied. If either option has not been set explicitly, then the system determines whether or not to enable or disable each option. IPv4 routing is disabled if the /etc/defaultrouter file is not empty. If the /etc/defaultrouter file is not present, or is empty, IPv4 routing is enabled (the in.routed daemon is started). IPv4 forwarding is disabled by default and must be enabled explicitly by using the routeadm command. The image shows how the /lib/svc/method/net-init method configures a system for IPv4 forwarding and routing. To configure a Solaris OS system as a router without rebooting, complete the following steps: 1. Verify that the /etc/hostname.interface and the /etc/inet/hosts files are configured properly. 2. Do one of the following: * Turn on IP forwarding on all of the interfaces: # routeadm -u -e ipv4-forwarding * Turn on IP forwarding for specific interfaces: # ifconfig specific_interface router * Stop and restart the in.routed daemon: # routeadm -u -d ipv4-routing # routeadm -u -e ipv4-routing # The system now functions as a router. A multihomed host is a system with two or more physical network interfaces that does not forward IP datagrams between the networks to which it is attached. In the Solaris 10 OS, all systems with two or more physical network interfaces are multihomed hosts by default. To create a multihomed host, complete the steps in the process. Disabling IP forwarding stops a router from forwarding packets between the networks to which it is connected. To initialize a non-router, use the routeadm command to disable IP forwarding on all interfaces by typing the following command: # routeadm -u -d ipv4_forwarding ================================================================================ sparc sun4v sun4u sun4m sun4d sun4c Solaris_10 (starting with the Solaris 10 1/06 OS) Solaris_9 Solaris_8 Solaris_7 Solaris_2.6 i386 i86pc Solaris_10 Solaris_9 Solaris_8 Solaris_7 Solaris_2.6 Note The sun-4c architecture is not supported in the Solaris 8, Solaris 9, or Solaris 10 releases. The sun-4d architecture is not supported in the Solaris 9 and Solaris 10 releases. The sun-4m architecture is not supported in the Solaris 10 release. ================================================================================ disable nscd (name services host cache daemon) editing /etc/nscd.conf: enable-cache hosts no or svcadm disable name-service-cache ================================================================================ cdrecord to burn CD/DVD cdrecord -scanbus /etc/default/cdrecord mkisofs ================================================================================ LSI raidctl raidctl -l #status raidctl -l 2 #status raidctl -c c1t0d0 c1t1d0 #create 1 volume (mirror) raidctl -S c1t0d0 #status of volume raidctl -d c1t0d0 #delete volume If trying to mirror OS, then you may have to boot of CD/DVD, escape to shell, then run the mirror command Replaces device with "virtual" device (volume name, default of first device used) and removes disk2/second-device (will not see it in format/iostat anymore) ================================================================================ STK /usr/StorMan/arcconf getconfig 1 al ================================================================================ rsync -avz -e ssh --delete /u01 remotesystem:/u01 REMOTESERVER=servername REPDIR=/tsm/drfiles /usr/bin/rsync -avz -e ssh --delete $REPDIR/recplans $REMOTESERVER:$REPDIR ================================================================================ #backup the FS ufsdump *OR* some backup s/w #increase the size of the partition format *OR* prtvtoc|fmthard #to see the possible size newfs -N /dev/md/dsk/d100 *OR* devinfo -p /dev/rdsk/CTD #total number of blocks #grow the FS #front-end script (recommended) growfs -M /test /dev/md/rdsk/d100 growfs -M /test /dev/rdsk/c0t1d0s4 #manual (no front-end script) Unmounted filesystem (not /, /usr, /var) /usr/lib/fs/ufs/mkfs -G rawdevice newsize Mounted filesytem (not /, /usr, /var) /usr/lib/fs/ufs/mkfs -G -M mountpoint rawdevice newsize ================================================================================ mail attachements: mutt -s "subject" -a file.tar user@gmail.com uuencode (infile) (extract-file-name) > (output file) uuencode maymap maymap > maymap.enc uuencode maymap.enc ================================================================================