配置默认路由
运行时配置:(重启后无效)
# route add net default 192.168.1.1 1
最后一个“1”指定跳数。默认路由的跳数应该设定为1,因为服务器最先找的是网卡。
重启后生效的配置:
# vi /etc/defaultroute
192.168.1.1
在/etc/hosts中添加FQAN
# vi /etc/hosts
192.168.1.101 sunsrv01.domain.com sunsrv01 loghost
在/etc/hosts中添加完全的有资格的域名(Fully qualified domain name),可以避免sendmail报错。(我的无资格的域名是未知的(主机名);等待重试, My unqualified host name (hostname)unknown; sleeping for retry)
添加多个IP地址
5
# vi /etc/hosts
192.168.1.15 projqa
192.168.1.16 projdev
# vi hostname.eri0:1
projqa
# vi hostname.eri0:2
projdev
# ifconfig eri0:1 plumb
# ifconfig eri0:1 inet 192.168.1.15 broadcast 192.168.1.255 netmask 255.255.255.0 –
trailers
# ifconfig eri0:1 up
# ifconfig eri0:2 plumb
# ifconfig eri0:2 inet 192.168.1.16 broadcast 192.168.1.255 netmask 255.255.255.0 –
trailers
# ifconfig eri0:2 up
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4>; mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
eri0: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>; mtu 1500 index 2
inet 192.168.1.14 netmask ffffff00 broadcast 192.168.1.255
ether 0:3:ba:b:3:f5
eri0:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>; mtu 1500 index 2
inet 192.168.1.15 netmask ffffff00 broadcast 192.168.1.255
eri0:2: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>; mtu 1500 index 2
inet 192.168.1.16 netmask ffffff00 broadcast 192.168.1.255
配置重启后生效(注意:一定要确定网卡正确安装在服务器上)
hme, qfe & eri:
# vi /etc/system (ensure there are no blank lines)
* Force hme into 100 Mbps full duplex mode
set hme:hme_adv_100fdx_cap=1
* Don't negotiate operation mode with the network hub
set hme:hme_adv_autoneg_cap=0
* Force qfe into 100 Mbps full duplex mode
set qfe:qfe_adv_100fdx_cap=1
* Don't negotiate operation mode with the network hub
set qfe:qfe_adv_autoneg_cap=0
* Force eri into 100 Mbps full duplex mode
set eri:adv_100fdx_cap=1
* Don't negotiate operation mode with the network hub
set eri:adv_autoneg_cap=0
ce:
# vi /etc/rc2.d/S99net-tune
#!/sbin/sh
# Set NIC to 100 Mbps full duplex
ndd -set /dev/ce instance 0
ndd -set /dev/ce link_master 0
ndd -set /dev/ce adv_1000fdx_cap 0
ndd -set /dev/ce adv_1000hdx_cap 0
ndd -set /dev/ce adv_100fdx_cap 1
ndd -set /dev/ce adv_100hdx_cap 0
ndd -set /dev/ce adv_10fdx_cap 0
ndd -set /dev/ce adv_10hdx_cap 0
ndd -set /dev/ce adv_autoneg_cap 0
exit 0
# chmod 700 /etc/rc2.d/S99net-tune
确认配置参数:
hme, qfe and eri:
# ifconfig -a
ce:
# netstat -k ce0 | grep link_speed
link_speed 100 link_duplex 2 link_asmpause 0 link_pause 0
link_speed - speed in Mbps
link_duplex - 1 half duplex, 2 full duplex, 0 down作者: houji 时间: 2003-07-07 13:02 标题: Solaris_build_document文档翻译认领开始 安装根启动文件(Installed Root Startup Files)
# vi /etc/profile
if [ “$LOGINNAME” = “root” ]; then
PATH=/usr/sbin:/usr/bin:/usr/local/bin:/usr/ucb
HISTFILE=/.sh_history
HISTSIZE=200
MANPATH=/usr/share/man:/usr/local/man:/opt/VRTSvmsa/man:/opt/VRTSvxvm/man
EDITOR=vi
PS1=”ROOT@`/usr/ucb/hostname`# “
ENV=/.kshrc
umask 077
export PATH HISTFILE HISTSIZE MANPATH EDITOR PS1 ENV
fi
TERM=vt100
export TERM
logger –p local0.info “User $LOGNAME has logged in”
trap 2 3
# touch /.profile
# chmod 700 /.profile
# vi /.kshrc (执行korn shell时使用,首先读/.profile)
HNAME=`uname –n`
PS1=”$HNAME ”’$PWD’”>;”;export PS1
set –o vi
set –o noclobber
alias rm=’rm –i’
stty ease ^h
# chmod 700 /.kshrc
生成手册数据库(Create the man Datebase)
# catman –w
修改后,命令man –k允许用户使用关键字查找命令。作者: houji 时间: 2003-07-07 14:17 标题: Solaris_build_document文档翻译认领开始 生成E-mail别名
# vi /etc/aliases
# status sends to Administrator e-mail accounts
status: jsmith@domain.com,bsmith@domain.com
# monitor sends to Administrator e_mail accounts and cell phones
monitor:jsmith@domain.com,bsmith@domain.cm,6085551212@pagenet.net
# operations sends to the 24 hour operations staff
operationsperator@domain.com
# newaliases
/etc/mail.aliases: 6 aliases, longest 32 bytes, 170 bytes total
备注:确省时,本文档中的脚本将给status和 monitor邮件别名发通知。
给邮件服务器转发邮件
# vi /etc/mail/sendmail.cf
#DSmailhost.$m
DShostname.domain.com
使用邮件服务器的正式全名
生成Root用户的转发文件(create root’s .forward file)
# vi /.forward
status
所有的邮件将被转发到.forward文件指定的邮件账号,邮件服务器中不保留邮件。如果经中继转发给局域网邮件账号,在决定是否保留在服务器上前先通知管理员或用户。
产生主目录
#l ls –ld export
drwxrwxr-x 3 root sys 512 Aug 3 13:38 export/
# chmod 755 export
# cd /export
# mkdir home
# ls –ld /export/home
drwxr-x--- 4 root sys 52 Aug 3 13:39 export/home/
配置后允许sendmail使用用户的转发配置文件给局域网的用户发邮件。下面一节摘自sendmail的手册。
.forward 和:include:文件可以设置其他限制,同组和其他用户对这些文件和目录没有任何权限。
产生管理目录
# mkdir –p /var/adm/log/backup
# mkdir –p /var/adm/log/mon_perf
# mkdir –p /var/adm/log/perf_log
# mkdir –p /opt/admin/downloads
# mkdir –p /opt/admin/scripts/funcs
在/etc/shellsm文件中产生有效shell列表
# vi /etc/shells
/bin/sh
/bin/ksh
/bin/csh
/bin/bash
# chown rootther /etc/shells
# chmod 644 /etc/shells
如果某个用户的shell这个文件里没有列出,他就不能使用FTP,应确保可能使用的shell都包括在本文件中。
确保系统不会作为路由器
# touch /etc/notrouter
# chown root:sys /etc/notrouter
# chmod 444 /etc/notrouter
让系统定时执行
# su –sys
# EDITOR=vi; export EDITOR
# crontab –e
#(sys crontab 记录定时执行操作的,关于启动的详细信息请看cron performance手册)
0 * * * 0-6 /usr/lib/sa/sal
20,40 6-22 * * 1-5 /usr/lib/s/sal
5 18 * * 1-5 /usr/lib/sa/sa2 –s 8:00 –e 18:01 –I 1200 –A
禁止自动引导
# eeprom auto-boot?=false
当服务器加电引导时,会停在OK提示符下。
配置唯一网卡物理地址(MAC)
确省时solaris给所有的网卡指定同一个MAC地址,这样会潜藏故障隐患,(如地址冲突或
性能降低),使用以下命令避免隐患发生:
# eeprom local-mac-address\?=true作者: houji 时间: 2003-07-07 16:08 标题: Solaris_build_document文档翻译认领开始 安全配置
安装SSH
Telnet和FTP明文传送用户的id和密码。这些敏感的信息会被探测到。SSH采用加密方式传送,有效地代替了Telnet和FTP。我仍推荐加强Telnet和FTP进行深程度的安全预防。
商用软件SSH: http://www.ssh.com
自由软件SSH: http://www.openssh.org
限制root用户通过控制台访问,限制su。
telnet:
# vi /etc/default/login
CONSOLE=/dev/donsole
确保CONSOLE条目没有被注释掉。为了增强访问管理的责任,root账号应不允许直接登录。这样配置强制以其他用户帐户登录再su成root,root依然可以在控制台直接访问。
SSH:
# vi /etc/sshd_config
PermitRootLogin no
#ps –ef | grep sshd
# kill –HUP <sshd PID>;
限制使用su命令
如此配置后,root用户访问会要求用户id、密码、用户属组、root密码4项。(group wheel不知怎么翻译)
生成wheel组
# groupadd wheel
为系统增加管理员
# useradd –c “john smith” –d /export/home/jsmith –m –u 1001 –g wheel –s /bin/ksh jsmith
提示:”-g” 从/etc/group决定默认的组(使用组ID或组名)
“-u” 必须是/etc/passwd里唯一的用户id
# passwd jsmith (设置用户的密码)
# passwd –f jsmith (强制用户修改密码)
# vi /export/home/jsmith/.forward (转发用户的邮件)
jsmith@domain.com
# chown jsmith:wheel /export/home/jsmith/.forward
改变su命令的属主
# cd /usr/bin
# ls –al su
-r-sr-xr-x 1 root sys 17976 Oct 6 1998 su
# /usr/bin/chgrp wheel su
# /usr/bin/chmod 4750 su
# ls –al su
-rwsr-x--- 1 root wheel 17976 Oct 6 1998 su
# cd /sbin
# ls –al su.static
-r-xr-xr-x 1 root sys 473808 Sep 1 1998 su.static
# /usr/bin/chgrp wheel su.static
# /usr/bin/chmod 4750 su.static
ls –al su.static
-rwsr-x--- 1 root wheel 473808 Sep 1 1998 su.static
*摘自 Lance Spitzer’s Armoring Solaris
指定密码策略
# vi /etc/default/passwd
Before:
MAXWEEKS=
MINWEEKS=
PASSLENGTH=6
After:
MAXWEEKS=8
MINWEEKS=1
PASSLENGTH=8
WARNWEEKS=1
Root和用户的密码使用3个月到期,到期时必须在控制台重新设置。为避免系统停工,root的密码应该于2个月后重设。
说明:
MAXWEEKS – 密码最大有效期限
MINWEEKS - 密码最小有效期,在期限内不能修改密码
PASSLENGTH – 密码的长度
WANWEEKS – 在密码到期前多长时间发出警告
配置在3次登陆失败后断开
# vi /etc/default/login
# Disconnect users after three login failures
RETRIES=3
(提示:solaris默认在5次连续的登陆失败后断开,工业标准是3次。)
#下面一条:系统日志记录登陆失败信息前允许几次失败登陆企图,使用syslog(3) #LOG_NOTICE工具,如果设为0,系统将记录每一次登陆失败企图
SYSLOG_FAILED_LOGINS=3作者: houji 时间: 2003-07-07 17:58 标题: Solaris_build_document文档翻译认领开始 禁止使用rlogin命令
在/etc/pam.conf中注释掉以下行:
#rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
#rlogin auth required /usr/lib/security/pam_unix.so.1
#rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
这样配置强制用户在使用rlogin命令时使用用户的密码。
锁掉远程存取文件
# /usr/bin/touch /.rhosts /.netrc /etc/hosts.equiv
# /usr/bin/chmod 0 /.rhosts /.netrc /etc/hosts.equiv
*摘自Lance Spitzer’s Armoring Solaris
这些文件提供信任用户不需要密码就能进行远程访问。要么确保这些文件不存在,要么使用监控软件通知是否产生了这些文件。
删除或禁止不必要的用户帐户
# passwd –l adm
# passwd –l bin
# passwd –l daemon
# passwd –l listen
# passwd –l lp
# passwd –l nobody
# passwd –l noaccess
# passwd –l nuucp
# passwd –l sys
# passwd –l uucp
用户nobody4不再需要,删除掉。
# userdel nobody4
给禁止的用户指定一个无效的shell
# vi /sbin/noshell
#!/bin/sh
trap “” 1 2 3 4 5 6 7 8 9 10 12 15 19
HOSTNAME=`uname –n`
USER=`id | awk ‘{print \$1}’`
logger –i –p auth.err “Attempted access by $USER on host $HOSTNAME”
# the next variable can be set for multiple addresses
# (i.e. jsmith@yahoo.com,jsmith.hotmail.com)
MAILADD=monitor
mail MAILADD <<EOF
From: $0
To: $MAILADD
Subject: Unauthorized Access Attempt on $HOSTNAME
Someone has attempted to access a disabled account ($USER)
on $HOSTNAME.Please investigate immediately.
$DATE
EOF
进程监控脚本(mon_procs.sh)
目的:确保进程在运行,通过邮件通知。
隶属:mon_procs.dat-包括进程名。
/etc/aliases-status(管理员的邮件地址)
# vi /opt/admin/scripts/mon_procs.sh
#!/bin/ksh
ADMINDIR=/opt/admin/scripts
MAILADD=monitor
SRVNM=`uname –n`
while read PROG
wo
ANSWER=`ps –e –o comm | grep $PROG`
if test “$ANSWER” = “$PROG”; then
sleep 1
else
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: Missing process on $SRVNM
Checking $PROG on $SRVNM... not found!
EOF
fi
done < $ADMIDIR/mon_procs.dat
exit 0
# vi /opt/admin/scripts/mon_proc.dat
/usr/sbin/syslog
# chmod 700 /opt/admin/scripts/mon_procs.sh
# chmod 600 /opt/admin/scripts/mon_procs.dat
服务器监控脚本(mon_srv.sh)
目的:确保服务器能够响应ping,通过邮件通知。
隶属:mon_srv.dat-包括IP地址、监视者邮件地址、服务器名。
/etc/aliases-status(管理员的邮件地址)
# vi /opt/admin/scripts/mon_srv.sh
#!/bin/ksh
ADMINDIR=monitor
while read –r IP SRVNM
do
if test `/usr/sbin/ping $IP | grep –c “is alive”` -eq 0; then
#wait 5 minutes before checking again
sleep 300
if test `/usr/sbin/ping $IP | grep –c “is alive”` -eq 0 ; then
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: $SRVNM Down
$SRVNM is noot responding.
EOF
fi
fi
done < $ADMINIR/mon_srv.dat
exit 0
# vi /opt/admin/scripts/mon_srv.dat
192.168.1.103 hostname
# chmod 700 /opt/admin/scripts/mon_srv.sh
# chmod 600 /opt/admin/scripts/mon_srv.dat
用户磁盘空间监控脚本(maildu.sh)
目的:当用户的主目录超过100MB时通知用户,给局域网用户发邮件。
隶属:~/.forward – 包括用户的局域网邮件地址。
# vi /opt/admin/scripts/maildu.sh
#!/bin/ksh
PATH=/usr/sbin:/usr/bin:/usr/ucb:/bin:.
HOMEDIR=/export/home
SRVNM=`uname –n`
#确保临时文件在退出前清理干净
trap ‘/bin/rm –fr $tmp; exit ‘ 0 1 2 3 15
WRKFILE=/tmp/prog$$
#检查用户使用的空间
cd $HOMEDIR
du –sk * | sort –nr >;>; $WRKFILE
#通知用户
while read –r MB NAME
do
if [ “$MB” –gt “102400” ] ; then
#通知root 用户
print “Mailing Disk Usage reminders out to:\n”
print “$NAME \t$MB KB\n”
if [ -f $HOMEDIR/$NAME/.forward ]; then
MAILADD=`cat $HOMEDIR/$NAME/.forward`
else
MAILADD=$NAME
fi
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: Disk Usage on $SRVNM
The automated disk usage utility indicates that you have $MB KB’s of
disk usage in your home directory on $SRVNM.You receive mail if you have more than 100MB
in your home directory. Please delete any excess files you have. Thank you.
UNIX System Administrators
EOF
fi
done < $WRKFILE
rm $WRKFILE
exit 0
# chmod 700 maildu.sh
性能监控脚本(mon_prf.sh)
目的:监视服务器的性能。使用vmstat iostat netstat 和其他性能察看命令,通过邮件通知用户。
隶属:/etc/aliases – status(管理员的邮件地址)
# vi /opt/admin/scripts/mon_prf.sh
#!/bin/ksh
PATH=$PATH:/usr/sbin:/usr/bin
SRVNM=`uname –n`
ADMINDIR=/opt/admin/scripts
DATDIR=/var/adm/log/mon_prf
if [ ! –d $DATDIR ] ; then
mkdir –p $DATDIR
fi
MAILADD=monitor
VMSTAT=`vmstat 1 2 | tail –l `
# CPU性能(vmstat –r column)
#当’r’或者运行队列栏目每CPU的进程达到3个以上,CPU的能力明显不足,一个进程在#得到CPU前在等待队列中的等待时间加长。这会降低吞吐量,增大交互相应的时间。
CPUPERF=`echo $VMSTAT | awk ‘{ print $1}`
if [ “$CPUPERF” –gt “3” ]; then
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: CPU Performance on $SRVNM
The vmstat tun queue column has exceeded 3 processes per CPU on $SRVNM.
There is insufficient CPU power for the load placed on the server.
EOF
fi
#CPU性能(vmstat – cpu id column)
#cpu id列指出哪个cpu在等待
CPUSTAT=`scho $VMSTAT | awk ‘{ print $22 }`
if [ “$CPUSTAT” –lt “10” ]; then
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: cpu Performance on $SRVNM
The vmstat cpu id column is less than 10 on $SRVNM.
The CPU is idle $CPUSTAT % of the time.
EOF
fi
#内存性能(vmstat –sr column)
#专家说当’sr’或扫描速度达到200以上,系统会以很高的速度扫描内存寻找空闲的页面。这指出活动的页面可能被进程窃取。过高的扫描速度会使系统比平常消耗更多的CPU资源。
MEMSTAT=`echo $VMSTAT | tail –l | awk ‘{ print $12 }`
if [ “$MEMSTAT” –gt “200” ]; then
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: Memory Performance on $SRVNM
According to vmstat,the scanrate on $SRVNM is $MEMSTAT.
This indicates that there is no enough memory the server’s current load.
EOF
fi
# TCP 连接
TCPCON=`netstat –aP tcp | tail +39 | wc –l`
if [ “$TCPCON” –gt “900” ]; then
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: TCP Connections on $SRVNM
According to netstat –a,there are currently %TCPCON TCP Connections on
$SRVNM.This may or may not be cause for soncern.
EOF
fi
# NIC 输入错误
# netstat –i
# NETIDAT=`netstat –i | grep hme0`
#NICIE=`echo $NETIDAT | awk {‘print $6’}`
if [ “$NICIE” –gt “10” ]; then
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: NIC Input Errors on $SRVNM
According to netstat –i, there are currently $NICIE input errors on $SRVNM hme0 on NIC
EOF
fi
# NIC 输出错误
#NICOE=`echo $NETIDAT | awk {‘print $8’}`
if [ “$NICOE” –gt “10” ]; then
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: NIC Input Errors on $SRVNM
According to netstat –i, there are currently $NICOE output errors on $SRVNM hme0 on NIC
EOF
fi
#iostat
#磁盘性能
#生成iostat数据文件
# DATFILE=$DATDIR/iostat.dat
# cp $DATFILE $DATFILE.old
# cp /dev/null $DATFILE
#检查 iostat util 列
# IODAT=`iostat –Dl 20 –n | tail –l`
# DSKSTAT=`echo $IOSTAT | awk ‘{ print $3,$6,$9,$12,$15,$18,$21,$24,$27,$30,$33,$39,$42,$45,$48,$51,$54,$57,$60 }`
# 需要编辑下一行解决这个问题
# echo $DSKSTAT >;>; $DATFILE
# cat iostat.dat | awk {‘ print $2’}
while read –r
do
if [ “$REPLY” –gt “3” ]; then
mail $MAILADD <EOF
From: $0
To: $MAILADD
Subject: Disk Perfoemance on $SRVNM
According to iostat,the disk utilization on $SRVNM is greater than 3 on
the server’s hard disks.The indicates that the disk is being heavily used.
EOF
fi
Done <$DATFILE
#netstat
# CPU 数据
# mpstat
# swap -l
# /tmp (不作为交换空间)
# du –sk /tmp
exit 0
# chmod 700 /opt/admin/scripts/mon_prf.sh作者: houji 时间: 2003-07-09 10:45 标题: Solaris_build_document文档翻译认领开始 Veritas Cluster失败通知脚本(resfault)
# vi /opt/VRTSvcs/bin/triggers/resfault
#!/bin/ksh
PATH=/usr/sbin:/usr/bin
DATE=”`date`”
MAILADD=monitor
Mail $MAILADD << EOF
From: $0
To: $MAILADD
Subject: vcs Oracle Database Warning
$DATE
Resource $2 has faulted on system $1
If this is news to you,please investigate.
EOF
exit 0
# chmod 700 /opt/VRTSvcs/bin/triggers/resfault
安装报告、日志记录脚本
监控脚本应该和商业的监控软件联合起来提供分层次的监控(为深层次的预防)。
系统状态脚本(status.sh)
# vi /opt/admin/scripts/status.sh
#!/bin/ksh
PATH=/usr/sbin:/usr/bin:/usr/ucb:/bin
HOSTNAME=`uname –n`
SCRIPTS=/opt/admin/scripts
HWCONF=$SCRIPTS/hrdwspecs.sh
IWS_DIR1=/app/iplanet/iws
IWS_DIR2=/app/iplanet/ws4/enterprise
JRUN_DIR=/app/jrun
LDAP_DIR=/app/iplanet/ids
SM_DIR=/app/siteminder
ORA_TAB=/var/opt/oracle/oratab
SYB_DIR1=/app/sysbase
SYB_DIR2=/syb/app
LEGATO_EXEC=/usr/sbin/nerexecd
BACKUP_SRV=nypbck01
#List mounted file systems
function fslist
{
mount –p | awk ‘
$4 == “ufs” { print $3; }
$4 == “vxfs” { print $3; }
‘
}
FSLIST=`fslist`
Function system_status
{
print “\nStatus Taken at: “`date`
print “\n\n”
echo “$HOSTNAME up for: “`uptime | awk ‘ { print $3, $4 }`
print “\n\n”
echo ‘File System Size: \n’
fd –k
print “\n”
if [ -f $LEGATO_EXEC ]; then
print “\n\nChecking Backups: \n”
for i in $FSLIST
do
print “$i:”
mminfo –s $BACKUP_SRV –c $HOSTNAME –r ‘savetime,volume,level’ –q name=$i –t’1 week ago’ –ot
done
print “\n”
fi
if [ -d %IWS_DIR1 –o –d $IWS_DIR2 ]; then
print –ef | grep [h]ttp
print “\n”
fi
if [ -d $JRUN_DIR ]; then
print “\nAre the Jrun Instances up>;: \n”
ps –ef |grep [-]start
print “\n”
fi
if [ -d $LDAP_DIR ]; then
print “\nIs LDAP up?: \n”
ps –ef | grep [n]s-slapd
print “\n”
fi
if [ -d $SM_DIR ] ; then
print “\nIs StieMinder up?: \n”
ps –ef | grep mservauth
print “\n”
fi
if [ -f $ORA_TAB ] ; then
print “\nAre the oracle Database up?: \n”
ps –ef | grep [o]ra_
print “\nAre the Oracle Instances up?: \n”
ps –ef | grep –i [l]istener
ps –ef | grep [o]rasrv
print “\n”
fi
if [ -d $SYB_DIR1 –o –d $SYB_DIR2 ] ; then
print “\nAre the Sybase Database up?: \n”
ps –ef | grep [d]ataserver
pa –ef | grep cakupserver
print “\n”
fi
#print “\nChecking Print Queus: \n”
#lpstat –o
# print “\nChecking Printer Status: \n”
#lpstat –t
print ‘\nWho has Switched Users?: \n\n’
tail -30 /var/admin/sulog
print ‘\n\nWho is Currrently Logged on?: \n\n’
who –a | head -20
print ‘\n\nNetwork Status: \n’
print “netstat –i: \n”
netstat –i
print “\nifconfig –a: \n”
ifconfig –a
print “\nnetstat –rn : “
netstat –rn
print ‘\n\nChecking Mail Queue:\n\n’
mailq
print “\n”
#调用配置脚本
if [ -x $HWCONF ]; then
$HWCONF
fi
print ‘\nProcesses Currently Running (ps –ef): \n\n’
ps –ef
print ‘\n\nSYSTEM STATUS COMPLETE\n\n’
#End system_staus function
}
if [ -z “$1” ]; then
system_status
else
mail $1 <<EOF
From: $0
To: $1
Subject: System Status for $HOSTNAME
`system_status`
EOF
fi
exit 0
# chmod 700 /opt/admin/scripts/status.sh作者: houji 时间: 2003-07-09 13:05 标题: Solaris_build_document文档翻译认领开始 硬件审计脚本
# vi /opt/admin/scripts/hrdwspecs.sh
#!/bin/ksh
PATH=/usr/sbin:/usr/bin
DATE=`date ‘+%m-%d-%y%n’`
SVRNM=`uname –n`
# 确保在退出前把临时文件清理干净
trap ‘/bin/rm –fr $tmp; exit ‘ 0 1 2 3 15
WRKFILE=/tmp/prog$$
Df –k >;>; $WRKFILE
#删除第一行和交换项
{
vi $WRKFILE <<EOF
:1
dd
/swap
dd
:wq!
EOF
} >; /dev/null
# 如果加载了CD-ROM,把这条也删掉
CDR=`cat $WRKFILE | grep –c cdrom`
If [ “$CDR” –gt “0” ] ; then
{
vi $WRKFILE <<EOF
/cdrom
dd
:wq!
EOF
} >; /dev/null
fi
integer KTOTL=0
integer kUSED=0
integer KAVAIL=0
while read –r FS TOTL USED AVAIL CAP MNT
do
if [ “$TOTL” –gt “0” ] ; then
((KTOTL = KTOTL + TOTL))
fi
if [ “$USED” –gt “0” ] ; then
((KUSED = KUSED + USED))
fi
if [ “$AVAIL” –gt “0” ] ; then
((KAVAIL = KAVAIL + AVAIL))
fi
#把KB换成 GB
((GTOTL = KTOTL / 1048576))
((GUSED = KUSED / 1048576))
((GAVAIL = GTOTL – GUSED))
echo “ “
echo “$SVRNM Total Disk Space Usage:”
echo “ “
echo “GB USED AVAIL”
echo “----------------------------------------------------------------------------“
echo “GTOTL $GUSED $GAVAIL”
echo “ “
echo “ “
echo “$SVRNM CPU Specifications:”
echo “ “
/usr/platform/’arch –k’ /sbin/prtdiag | grep Configuration | awk {‘print $9,$10,$11,$12’}
echo “ “
echo “ “
echo “$SVRNM Memeory Specifications:”
echo “ ”
/usr/platform/’arch –k’ /sbin/prtdiag | grep ‘Memory size’ | awk {‘print $3,$4’}
echo “ “
echo “ “
rm $WRKFILE
exit 0
# chomod 700 /opt/admin/scripts/hrdwspecs.sh
性能日志脚本(perf_log.sh)
目的:把查看性能的命令写入日志文件,使用vmstat iostat netstat等。
使用:周一到周五上午9点到下午5点每5分钟从crontab里执行一次。
警告:在输出目录里超过14天的任何文件都被删除,如果输出目录的大小超过50MB,会删除超过7天的文件并发邮件通知。使用本脚本前确保加载的/var文件系统是单独的。
隶属:/etc/aliases – status(管理员的邮件地址)
输出:/var/adm/log/perf_log/files
# vi /opt/admin/scripts/perf_log.sh
#!/bin/ksh
PATH=/usr/sbin:/usr/bin:.
DATESUFFIX=`date ‘+%m-%d-%y%n’`
# 存放日志文件的目录
OUTPUTDIR=/var/adm/log/perg_log
#放脚本的目录
ADMINDIR=/var/admin/scripts
MAXSIZ=51200
If [ ! –d $OUTPUTDIR ] ; then
mkdir –p $OUTPUTDIR
fi
MAILADD=status
#vmstat
date >;>; $OUTPUTDIR/vmstat.$DATESUFFIX
# 自重启动后的vmstat的第一行
vmstat 1 2 | tail –l >;>; $OUTPUTDIR/vmstat.$DATESUFFIX
#iostat
date >;>; $OUTPUTDIR/iostat.$DATASUFFIX
iostat –xtnc >;>; $OUTPUTDIR/iostat.$DATESUFFIX
#netstat
date >;>; $OUTPUTDIR/netstat.$DATESUFFIX
netstat –i >;>; $OUTPUTDIR/netstat.$DATESUFFIX
#process Data
date >;>; $OUTPUTDIR/ps.$DATESUFFIX
/usr/bin/ps –el –o pcpu,pmem,pname,rss,vsz,pid,stime >;>;$OUTPUTDIR/ps.$DATESUFFIX
date >;>; $OUTPUTDIR/ucbps.$DATESUFFIX
/usr/ucb/ps –aux >;>; $OUTPUTDIR/ucbps.$DATESUFFIX
# Kernel Data
date >;>; $OUTPUTDIR/kmastat.$DATESUFFIX
echo kmstat | crash >;>; $OUTPUTDIR/kmastat.$DATESUFFIX
date >;>; $OUTPUTDIR/kernelmap.$DATESUFFIX
echo “map kerenelmap” | crash >;>; $OUTPUTDIR/kernelmap.$DATESUFFIX
#CPU Data
date >;>; $OUTPUTDIR/mpstat.$DATESUFFIX
mpstat >;>; $OUTPUTDIR/mpstat.$DATESUFFIX
#swap
date >;>; $OUTPUTDIR/swap.$DATESUFFIX
swap –l >;>; $OUTPUTDIR/swap.$DATESUFFIX 2 >; /dev/null
#/tmp(运行时不包括在交换空间内)
# date >;>; $OUTPUTDIR/tmp_du.$DATESUFFIX
# du –sk /tmp >;>; $OUTPUTDIR/tmp_du.$DATESUFFIX
# date >;>; $OUTPUTDIR/tmp_ls.$DATESUFFIX
# ls –lt /tmp >;>; $OUTPUTDIR/tmp_ls.$DATESUFFIX
#压缩日志文件
for i in `find $OUTPUTDIR –mtime +1 –exec ls {} \; | grep –v .Z`
do
compress $i
done
#删除所有的超过14天的查看性能的日志文件
find $OUTPUTDIR –mtime +14 –exec rm {} \;
#确保日志文件不超过50MB
LOGDU=`du –sk $OUTPUTDIR | awk ‘{ print $1 }`
if [ “$LOGDU” –gt “$MAXSIZ” ]; then
find $OUTPUTDIR –mtime +7 –exec rm {} \;
mail $MAILADD <<EOF
From: $0
To: $MAILADD
Subject: Performance Log Size on `uname –n’ $OUTPUTDIR was
$LOGDU KB.$0 does not allow more than 50MB of log files in this directory.
Log files older than 7 days have been deleted.
The current size of $OUTPUTDIR is `du –sk $OUTPUTDIR | awk ‘{ print $1 }`KB.
Thank you .
EOF
fi
exit 0
#chomd 700 /opt/admin/scripts/perf_log.sh作者: houji 时间: 2003-07-09 15:55 标题: Solaris_build_document文档翻译认领开始 日志集中脚本
# vi /opt/admin/scripts/web_pull.sh
#!/bin/ksh
# Solaris Web log pull script
# 目的:使用FTP和SCP下载的服务器的日志文件,超过1天的被压缩循环使用,如果出##现错误发邮件。
# 使用:每天从crontab执行
# 依赖:无
# 输出:日志文件、邮件
PATH=/usr/sbin:/usr/bin:/usr/local/bin
# Webtrends 目录
# 有服务器命名日志文件
LOGDIR=/weblogs/sitel
#存档目录
ARCHDIR=/webarch/sitel
DATE=`date ‘+%m-%d-%y%n’`
UMASK=033
HOSTNAME=`uname –n`
MAILADD=status
#处理旧的日志
#已经存在的日志文件转移到存档目录
for i in `/usr/bin/ls $LOGDIR`
do
gzip $LOGDIR/$i
mv $LOGDIR/$i.gz $ARCHDIR/$i.gz
done
# 下载当天的日志文件
scp “admin@logsrv1.domain.com#22:/weblog/access.logsrv1” $LOGDIR
if [ $? –gt 0 ] ; then
mail $MAILADD <<EOF
From: $0
Subject: Web Server Log Centralization
The download of log files from logsrv1 to sunsrv01 has failed.
The files must be downloaded immediately.See $0 for details.
Once the files have been sownloaded,click “Analyze Now” for each sitel Webtrends
profile.Otherwise,there will be a missing day in the web statistics.
EOF
fi;
# 处理站点2的日志
# Webtrends 目录
#日志文件不是服务器命名的
LOGDIR1=/weblogs/site2/websrv1
LOGDIR2=/weblogs/site2/websrv2
#存档目录
ARCHDIR=/webarch/site2/websrv1
MONTH=`date ‘+%B’`
DAY=`date ‘+%d’`
DAYMONTH=$DAY$MONTH
#把已经存在的日志文件转存到存档目录
for i in `/usr/bin/ls $LOGDIR1`
do
gzip $LOGDIR1/$i
mv $LOGDIR1/$i.gz $ARCHDIR/$i.$DATE.gz
done
#下载当天的日志文件
ftp –n logsrv2 <<EOF
u sysact passed
prompt
lcd $LOGDIR1
cd /websrv1/iplanet/site2/SSL
mget access.$DAYMONTH*
lcd $LOGDIR2
cd /websrv2/iplanet/site2/SSL
mget access.$DAY$MONTH*
bye
EOF
#检查是否传送结束
for i in $LOGDIR1 $LOGDIR2
do
if [ `lsl $i | wc –l` -lt 1 ]; then
mail $MAILADD <<EOF
From: $0
Subject: Web Server Log Centralizaton
The download of log files from logsrv2 to sunsrv01 has failed.
The files must bu downloaded immediately.See $0 for details.
Once the files have been downloaded,click “Analyze Now” for each
Site2 Webtrends profile.Otherwise,there will be a missing day in the web statistics.
EOF
fi;
done
#解压日志文件,以便Webtrends能够处理它们。
gunzip $LOGDIR1/access*
gunzip $LOGDIR2/access*
# 确保日志文件不会超过100MB
MAXSIZ=102400
ARCHDIR=/webarch
LOGDU=`du –sk $ARCHDIR | awk { print $1 }`
if [ “$LOGDU” –gt “$MAXSIZ” ] ; then
mail $MIALADD <<EOF
From: $0
Subject: Web Log Size on $HOSTNAME
$ARCHDIR is $LOGDU KB.$0 notifies of more than
100MB of log files in this directory.
Thank you.
EOF
fi
exit 0
#chmod 700 /opt/admin/scripts/web_pull.sh
卷管理配置脚本(vmconfig.sh)
目的:保存卷管理配置,用”vxdisk list” “vxprint –ht” df –k” /etc/vfstab记录
使用:每夜从crontab执行
依赖:无
输出:/var/adm/log/backup/vmsa.log
/var/adm/log/backup/diskgroup.conf
# vi /var/admin/scripts/vmconfig.sh
#!/bin/ksh
#日志文件路径
OUTPUTDIR=/var/adm/log/vmsa
LOGFILE=$OUTPUTDIR/vmsa.log
cp /dev/null $LOGFILE
if [ ! –d $OUTPUTDIR ] ; then
mkdir –p $OUTPUTDIR
fi
{
echo “Volume Manager Configuration for `uname –n` on `date`”
echo “ “
echo “This is the output of vxdisk list:”
echo “ “
vxdisk list
echo “ “
echo “This id the output of vxprint –ht:”
echo “ “
vxprint –ht
echo “ “
echo “This is the output of df –k:”
echo “ “
df –k
echo “ “
echo “This is the contents of /etc/vfstab:”
echo “ “
cat /etc/vfstab
echo “ “
echo “ “
} >;>; $LOGFILE
#在磁盘组上备份卷管理配置
vxprint –g rootdg –vpshm >; /var/adm/log/backup/rootdg.conf
#注意:用以下名里命令恢复磁盘组配置
# “vxmake –g <disk_group>; -d filename”
exit 0
# chmod 700 /opt/admin/scripts/vmconfig.sh
安装安全审计脚本(sec_audit.sh)
从http://www.cisecurity.org 下载并安装 CIS Solaris Benchmark Tool
# pkgadd –d CISscan
# vi /opt/admin/scripts/sec_audit.sh
#!/bin/ksh
# Solaris 2.x安全审计脚本
# 目的:每月对服务器进行安全审计
#依赖:/opt/CIS/cis_scan
# CIS Solaris Benchmark Tool
# http://www.cisecurity.org
#使用:每月在命令行或从crontab执行
#输出:日志文件,给操作组发邮件。
PATH=/usr/sbin:/usr/bin:/usr/local/bin
MAILADD=status
HOSTNAME=`uname –n`
LOGDIR=/var/adm/log/cis-tool
#确认日志的存放目录存在
if [ ! –d $LOGDIR ] ; then
mkdir –p $LOGDIR
chmod 700 $LOGDIR
fi
DAY=`date ‘+%D`
MONTH=`date ‘+%m’`
YEAR=`date ‘+%Y’`
DATE=$YEAR$MONTH$DAY
#运行CIS工具包
/opt/CIS/cis-scan >; /dev/null
# 移走日志文件
mv /opt/CIS/cis-ruler-log* $LOGDIR
#删除超过35天的任何性能日志文件
find $LOGDIR –mtime +35 –exec rm {} \;
function security_audit
{
print “\nAudit Taken at: “`data`
print ‘\n\nWho has Switched Users?:\n\n’
tail -100 /var/adm/sulog
print ‘\n\nWho Last Logged into the System?:\n\n’
last | head -100
print ‘\n\nWho is Currently Logged on?:\n\n’
who –a | head -20
print “\n\nThis section contains the findings of a vulnerability assessment conducted”
print “by the CIS Solaris Benchmark and Scoring/Scanning Tool(http://www.cisecurity.org).\n”
egrep “^Negaive” $LOGDIR/cis-ruler-log.$DATE-*
print ‘\n\nProcesses Currently Running:\n\n’
ps –ef
print ‘\n\nSECURITY AUDIT COMPLETE\n\n’
#End security_audit function
}
#发送结果
if [ -z “$1” ] ; then
security_audit
else
mail $1 <<EOF
From: $0
To: $1
Subject: $HOSTNAME Security Audit
`security_audit`
EOF
fi
#确保日志文件不超过50MB
MAXSIZ=51200
LOGDU=`du –sk $LOGDIR | awk ‘{ print $1 }`
if [ “$LOGDU” –gt “MAXSIZ” ] ; then
Mail $MAILADD <<EOF
From: $0
Subject: Web Log Size on $HOSTNAME
$LOGDIR is $LOGDU KB.$0 notifies of more than 50MB of
log files in this directory.
Thank you.
EOF
fi
exit 0作者: houji 时间: 2003-07-09 18:59 标题: Solaris_build_document文档翻译认领开始 给crontab增加监视/日志脚本
# crontab –e
#sendmail后台进程没有运行,告诉他工作发出邮件
05,,20,35,50 * * * * /usr/lib/senmail -q
#监视脚本
22,52 * * * * /opt/admin/scripts/mon_fs.sh >; /dev/null
12,42 7-18 * * * /opt/admin/scripts/mo_procs.sh >; /dev/null
13,43 7-18 * * 1-5 /opt/admin/scripts/mon_perf.sh >; /dev/null
17,47 * * * * /opt/admin/scripts/mon_srv.sh >; /dev/null
05 21 * * * /opt/admin/scripts/maildu.sh
14,29,44,59 * * * * /opt/admin/scripts/rtlgn.sh >; /dev/null
01 8 * * 1-5 /usr/local/etc/logcheck.sh >; /dev/null
#报告脚本
36 7 * * 1-5 /opt/admin/scripts/status.sh status >; /dev/null
01 7 2 * * /opt/admin/scripts/sec_audit.sh status
#日志记录脚本
0 0 * * * /etc/security/newauditlog.sh
0 21 * * * /opt/admin/scripts/vmconfig.sh 1>;/dev/null 2>;/dev/null
01,06,11,16,17,21,26,31,36,41,46,51,56 9-17 * * 1-5 /opt/admin/scripts/perf_log.sh
Solaris基于角色的访问控制
Solaris RBAC允许系统管理员授权用户访问系统,并且记录访问日志。
http://wwws.sun.com/software/whitepapers/wp-rbac
http://www.samaq.com/documents/s=7667/sam0213c/0213c.html
Solaris IP多路径
为了高可用性,考虑设置Solaris IP多路径,使用独立的交换机。多路径保证在一个网卡故障时不停止工作。至少需要2块网卡,每块有2个IP地址(共4个)其实质是故障导致有缺陷的接口停止第一块网卡,启动第二块网卡。作为添加的措施,同样包括了负载均衡。
Solaris 8 2/02 IP网络多路径管理指南
http://docs.sun.com/?q=IP+Network+Multipathing+&p=/doc/816-0850
远程系统控制卡
为了进行远程控制台访问和硬件失败通知,设立了RSC卡。通过telnet或RSC图形客户端系统管理员可以远程对服务器控制台进行访问。同样在本地可通过RSC串口访问控制台。当服务器关闭电源后RSC没有休眠。仅在最新的Sun服务器(如250、280、480、880等)上安装了RSC卡。有多个RSC卡的话可以使用交换机。他们还较少使用,因为交换机的众多端口的费用会很快地增加。
注意:RSC卡工作在10MB半双工下,确认交换机没有工作在100MB全双工下。
Sun远程系统控制(RSC)安装指南
http://docs.sun.com./?q=rsc&p=/doc/816-3886-10
Sun远程系统控制(RSC)用户指南
http://docs.sun.com./?q=rsc&p=/doc/816-3314-10
Sun Fire V480 服务器管理指南
http://docs.sun.com./?q=480&p=/doc/816-0904-10
Solaris Fingerprint数据库
Solaris Fingerprint数据库包括原始Solaris文件的MD5加密签名。他与数据库比较系统的二进制文件、补丁、各个产品的差异并通知。
http://www.sun.com/solutions/blueprints/0501/Fingerprint.pdf
The Coroners Toolkit
从其网站引用,“TCT是Dan Farmer和Wietse Venema写的UNIX系统遭入侵后分析的程序集合”。
http://www.procupin.org/forensics/tct.html
http://rr.sans.org/incident/TCT.php
perator@domain.com
:1:1::/usr/sbin/noshell
0