- 论坛徽章:
- 0
|
1.查看路由 netstat –r
增加路由
# route add -net 10.0.0.0 192.9.200.70
add net 10.0.0.0: gateway 192.9.200.70
# netstat -r
Routing Table:
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.9.200.0 dg07 U 3 522 hme0
arpanet 192.9.200.70 UG 0 0
224.0.0.0 dg07 U 3 0 hme0
localhost localhost UH 0 10221 lo0
3.增加default 路由
# route add -net 0 192.9.200.70
add net 0: gateway 192.9.200.70
# netstat -r
Routing Table:
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.9.200.0 dg07 U 3 523 hme0
arpanet 192.9.200.70 UG 0 0
224.0.0.0 dg07 U 3 0 hme0
default 192.9.200.70 UG 0 0
localhost localhost UH 0 10221 lo0
看网卡的速度和半/全双工模式
# more messages* | grep Link
Sep 3 10:48:46 dns hme: [ID 517527 kern.info] SUNW,hme0 : 100 Mbps Full-Duple
x Link Up
Sep 3 21:25:36 dns hme: [ID 517527 kern.info] SUNW,hme0 : 100 Mbps Full-Duple
x Link Up
Sep 5 15:27:55 dns hme: [ID 517527 kern.info] SUNW,hme0 : 100 Mbps Full-Duple
x Link Up
Sep 6 08:16:30 dns hme: [ID 517527 kern.info] SUNW,hme0 : 100 Mbps Full-Duple
x Link Up
# more /var/adm/messages* | grep Link
Aug 23 18:13:37 bj140 hme: [ID 517527 kern.info] SUNW,hme0 : 100 Mbps Full-Duplex Link Up
# ndd /dev/hme link_speed 输出结果可能是0或1 代表什么还得查找。
2002年9月28日星期六
BLADE2000原来是两块PGX64显示卡,更换成EXPERT 3D卡。关机,换卡,启动,boot –r完成之后,只能进命令行,提示启动X在屏幕0出错。
查资料,从SUN网站查到SOLARIS安装盘里面相关的EXPERT 3D的包,然后从安装光盘拷贝到SUN上,执行安装,然后boot –r就OK。
方法1 临时改变
uname -S
hosname newname
方法2 永久改变
/usr/sbin/sys-unconfig命令 相应更改的还有NISe,时区,IP地址,子网掩码,超级口令等。
方法3 编辑文件
/etc/nodename
/etc/inet/hosts
/hostname.hme0 (或类似文件)
/etc/net/ticlts/hosts
/etc/net/ticots/hosts
/etc/net/ticotsord/hosts
/etc/inet/ipnodes (这个文件没有的话就别动)
/usr/platform/sun4u/sbin/prtdiag -v
usr/bin/showrev [-p] -p显示已安装的补丁
/usr/sbin/prtconf
/usr/sbin/psrinfo -v
iostat -E
/usr/platform/platform-name/sbin/eeprom
sysdef
dmesg
nfsstat –m
ifconfig -a
env
uname -a
netstat –rn
share
isainfo
prstat
vmstat
psrinfo
prtconf
chroot ??????
想建一帐户,登录进去后自动shutdown/halt,这样就可以不把root的passwd告诉
> >; 每个使用者了。请问有无可能,如何做? OS是Solaris2.4。
> >; 多谢!
> 建一个用户,将其shell设为关机命令。为了安全,这个用户的UID最好不要
> 设成0。
> 关机命令可以自己编写:
> 用root帐号登录(!!!!),编以下一个文件:
> #include <stdio.h>;
> main()
> {
> int tmp;
> tmp = setuid(0);
> if (tmp) {
> shell("/etc/shutdown -g0 -y" ;
^-----对不起,这儿应该是system
> }
> else
> fprintf(stderr, "Setuid Failure!\n";
> }
> 然后编译,比方说执行文件为shut
> 最后,利用chmod修改这个命令的属性:
> chmod shut a+s
> 在建用户时,shell指向这个shut就行了。
编辑/etc/passwd加入
shut::0:1::/:/etc/halt
/etc/group加入
shut::::::::
没什么,这样的话它们必须配置在非一个网段内才能同时正常工作。
你看到的mac地址是主机的。如果想用网卡自己的mac地址
setenv local-mac-address? True
怎样让系统的消息不在控制台显示?
修改/etc/syslog.conf
改/etc/default/su
去掉root远程登录的提示
注掉有dev/sysmsg和*的行,就ok
谢谢大家
Multi-Booting Windows 98, Linux, and SolarisTM
Brian Gollsneider
I really enjoyed Brian Wilson's article, "Using VMware as a Development Tool," in Sys Admin (March 2001). Wilson described using VMware to emulate a Windows machine running on top of a Linux box but, rephrasing his theme, it is also a technique for getting more out of your hardware. You might wonder why bother -- hardware is so cheap that you can go out and get another box for peanuts. As I write this, I find ads selling complete systems for $800, 256 MB RAM for $80, and a 30-GB hard drive for $60. It's true that hardware is dirt cheap, but I find that my most limiting factor is not dollars but space. I run out of desk space before I run out of dollars to buy machines. So, to get more out of my hardware, I use the old Linux technique of multi-booting. Sometimes you just need the native OS, or sometimes the hardware you're working with is too underpowered to handle the overhead that an emulator/virtual machine adds. In this article, I present a formula to quickly set a machine to boot Windows 98, Linux, and Intel Solaris at no cost beyond the operating systems.
Multi-booting means that you can select which operating system to run when the computer is booting up. You can access one OS at a particular time, play computer games, and then reboot into a different OS. Most OSs have some form of a boot loader, and I use Linux's LILO most of the time because of its power and flexibility. For this article, I assume that the reader can do customized installations of Windows 98, Linux, and Intel Solaris. Here are the baseline requirements for hardware -- whatever is compatible with the three OSs, CD-ROM, floppy, and 6+ GB hard drive that hasn't been partitioned. If the disk has been partitioned, you will have to follow the spirit of the various steps and make adjustments as necessary. For software, I used Windows 98, Red Hat 6.2, and Intel Solaris 8, 6/00. I have used the formula below to set up many machines to triple-boot, but there can be differences depending on how completely the hardware is supported by Solaris. Also, this is my way of doing it. There are probably others, and I welcome hearing about other techniques. The cardinal rule when doing any kind of disk partitioning is to back up your data first.
Quick summary of steps:
1. Install Windows.
2. Install Linux in an extended partition.
3. Install Solaris.
4. Fix LILO.
I'll go through the formula below and explain at the end why some of the steps are done this way. The crux of the problem is that Solaris really slices up a hard drive during installation, leaving it in a state that Linux can't handle. Using this formula, I've set up triple-boot machines in less than six hours.
Disk Partitioning 101
There are some basic things to know about how a hard drive can be partitioned, which means dividing it into different areas. Always back up your data before doing any partitioning. Each OS has a tool to partition a hard drive. Windows, Linux, and Solaris all have a tool called fdisk, although they have different capabilities and interfaces. Use the fdisk tool from the particular OS you're installing. Windows can have a primary partition and an extended partition. The extended partition can be sliced up further into smaller logical partitions. The primary partition on the first hard drive will become c:, and the other partitions will pick up drive letters according to Windows rules.
Many versions of Linux, except for the newest ones, and Solaris must have a boot partition that is below the 1023th cylinder on the hard drive. The fdisk from Linux can set up four primary partitions or three primary and one extended. Like Windows, the extended partition can be further divided. The master IDE drive on the first channel is hda. Solaris requires a primary partition during installation that it will divide into two primaries. The first partition can be divided up into slices 0 through 7, with 2 being the overlap slice that shouldn't be modified by the user. Both Linux and Solaris have very powerful fdisk tools and can specify what type each partition will be. They can even say that a partition will be for Windows.
Formula
Step 1: Installing Windows
Do a regular Windows 98 installation according to the manual. Consider the 1023 cylinder limitations for the boot manager when you are partitioning the hard drive so don't make it too big. Since the hard drive has no partitions on it, the first time you boot it up, you will run fdisk, specify a partition, and exit fdisk. You will have to reboot, then format your partition by typing format c:, and then run the Windows setup program. Windows will be on partition 1.
Step 2: Installing Linux
Further partition the hard drive. Set up the extended partition on partition 4, dividing it as you desire for the Linux installation. You need at least two logical partitions, one for / and a swap partition. Many people set up several more, /home being the most common. Do the install. Make a floppy boot disk (this is critical). You will use the boot floppy in a later step to reestablish LILO. My habit is to install Linux at the high end of the hard drive so that after the installations are complete, the partitions are in numerical order according to the cylinders. A better reason for doing this is so you can modify Linux to live above cylinder 1023. Solaris can't do that, so I put it lower on the hard drive. For this article, I assume you're using two partititions: / in 5, swap in 6.
Step 2a: Modifying Linux
Some files on Linux need to be modified before we can move onto the Solaris install. First, modify /etc/lilo.conf as root. Change the line with /dev/hda5 in it for booting Linux to /dev/hda9. See Listing 1 for a sample /etc/lilo.conf file. Next, modify /etc/fstab. The line for hda5 needs to become hda9 and the swap line from hda6 to hda10. Listing 2 shows a modified /etc/fstab file. These changes are because of the way Solaris will install. Finally, trust me on this next part. Run fdisk /dev/hda and delete the extended partition, which will also delete your / and swap partitions. This is because of the way Solaris will install. We will re-establish these partitions later, so you won't lose any data. Make sure that you record the exact start and stop cylinders of the / and swap partitions. If done correctly, the only partition visible on the hard drive right now is Windows in partition 1.
Step 3: Installing Solaris 8
Put in the Solaris installation media and boot. The Solaris installation sequence should come right up. Run fdisk to establish partition 2 for Solaris. A catch in this step is the boundary cylinders on the hard drive. Give yourself a couple of cylinders buffer between the end of the your Windows partition and where you start the Solaris partition. Also allow some buffer between the end of your Solaris partition and the start of your Linux partition. I use a rule of thumb of two cylinders on each side. If you don't add this buffer, your installation will fail. Install what you want on partition 2. Note that Solaris will divide partition 2 into partitions 2 and 3 during the install. Late in the install process, you will have a chance to look at the filesystem layout. Partition 2 will be sliced up into / in s0, swap in s1, overlap will be in s2, and /export/home in s7. These four slices are the reason that in Step 2a we added four to several lines. After the Solaris install, Linux will see hda5 as hda9. If you use more than four slices in Solaris, you will have to modify Step 2a as appropriate. Reboot. Study Listing 3 to see what the partition table looks like after the Solaris installation, especially the cylinder buffers around the Solaris partitions.
Step 4: Boot Manager
Now you have three operating systems on your computer, but you can only access Windows and Solaris. We'll fix this by configuring LILO to give you all three. First, start a Linux install again and bring it to the point of partitioning the hard drive. Use fdisk and re-establish the partitions you previously deleted. Make sure you put the exact cylinder numbers in. You will probably have an option to use disk druid but use fdisk. Disk druid is a friendly disk partitioner, but it doesn't give you the cylinder control you need right now. You will see several messages about partitions having different logical and physical beginnings. This doesn't matter to us. Save the updated disk partitions and reboot using the boot floppy you made. Type linux root=/dev/hda9 at the LILO: prompt and log in. Edit /etc/lilo.conf, adding the lines other=/dev/hda3 and label=solaris to the end of it. Then run LILO using a special option: lilo -P ignore. The -P ignore option tells LILO to ignore any partition tables that it considers corrupt, which we have because of Solaris.
Using Your Triple-Boot Machine
Now you have a machine that can run Windows, Linux, and Solaris. When you turn it on, you will see the normal BIOS prompts and finally get a prompt LILO:. If you hit the tab key quickly, you will see the different operating systems available. Type in which one you want, and hit enter. The machine will then boot as if that OS is the only one on the machine. You will have to reboot to get to a different one. Still, this approach gives you three machines in the space of one, and it is free. You have only used tools that were part of the various operating systems.
Many of the steps may look like the ravings of a madman, but once you understand the impact of the various operating systems, especially Solaris, they make more sense. It's easy to set up a system to dual boot. Windows and Linux or Windows and Solaris set up easily, provided the hardware is supported. The hard part is when you want to combine Linux and Solaris 8. As a historical note, I've been setting up machines to triple boot for years. With Solaris 7, it was easier in some regards. Linux didn't give the error messages that you see working with Solaris 8, and it stayed in one primary partition. The biggest catch was that a native Solaris partition looks like a swap partition to Linux. This normally isn't a problem, but with Red Hat 6.2 and some other distributions, you have no control over which swap space is used.
The Linux install will reformat any swap partition it finds. This means that your Solaris distribution is gone and is being used as a Linux swap space, so I hope you have a backup. With Solaris 2.7, I would install Windows, then Solaris, and then Linux. During the Linux install, I would change the partition type of Solaris to something like FAT32 and complete the install. That way, the Linux installation would leave that fake Windows partition containing Solaris alone. After I finished and rebooted, I would change it back and set up LILO to boot the three systems. Solaris 8 invalidates this trick. If you change anything about the Solaris partitions using fdisk, you mess up Solaris' boot signature and it won't come up. As a sidenote, this last statement might not be totally true. I've used Linux's fdisk to manage the partitions. Some versions of Linux also have cfdisk and sfdisk. These are more powerful and also harder to use partitioning tools. These tools might be able to reslice the partition so that Solaris still works. Since they aren't universal, I didn't explore using them. Also, Linux can't install on a disk with the type of cylinder boundary problems that Solaris 8 creates. In other words, Solaris can't be installed before Linux.
Another new catch with Solaris 8 is that it requires two partitions on the hard drive. Remember that in this setup, partition 1 is Windows, and I specified that 4 be set up as an extended partition for Linux. There can only be four partitions, so this scheme leaves 2 and 3 for Solaris. Set it up for 2, and during the install it will add 3. Summarizing, partition 1 is Windows, 2 and 3 are Solaris, and partition 4 is extended and subdivided into logical partitions for Linux. All of these are below cylinder 1023 unless your Linux distribution can overcome this problem. Finally, remember the way that Solaris subdivides partition 2 internally. This means that some boot files need to be modified by the number of slices you set up during the Solaris installation. But, when you're using fdisk, you see those Solaris slices as one partition. It's a little confusing, but you can keep track of it by remembering the way the boot process works.
Alternatives
I've also done this basic procedure on a system with two hard drives, and it's considerably simpler. I put Linux on the second hard drive by itself and tweaked the procedure. First, put Windows in partition 1 on the first drive and Solaris in partition 2, which will become 2 and 3. Then, put Linux on hdb. Since you're not going to install Linux on hda, you don't have to worry about the problematic partition table.
Conclusion
The procedure I've described will result in a machine that can boot into three different operating systems. This can save you considerable desk space in the office or a lot of weight if you're on the road. The procedure is fairly complicated but doesn't cost anything. Be careful, because messing up a step can mean that you have to back up several steps or start from the beginning to recover. Always back up your data before trying anything like this.
Brian Gollsneider is working on a PhD in Electrophysics at the University of Maryland, College Park. He can be reached at: gollsneb@glue.umd.edu.
Measuring and Improving Memory Efficiency of Large Applications
Greg Nakhimovsky
Many of today's computer applications require large amounts of system memory. This is especially true with very large and complex applications that provide hundreds of functionalities and handle large amounts of data.
At the same time, computer CPU speeds have increased faster than memory access speeds, so the gap between them is now very wide. This makes memory efficiency issues increasingly more important. This article describes how a large application uses system memory and what you can do to monitor and improve its memory efficiency. It presents and discusses special tools for these tasks. This information and tools can help systems administrators, software developers, and users who are working with large applications, particularly under the Solaris operating system. In this article, I will consider an example of using PTC Pro/ENGINEER (a major Mechanical CAD/CAM system) under SPARC/Solaris from Sun Microsystems. See http://www.ptc.com for more information about PTC and Pro/ENGINEER, and http://www.sun.com/ \
tecnical-computing/ISV/PTCFaq.html for a technical FAQ regarding PTC applications on Sun. Note that Pro/ENGINEER is just a convenient example of using these techniques. You can use them just as easily with any large application that requires a lot of memory.
Memory efficiency is a very large subject, impossible to address comprehensively in a single article. Because of that, this article only touches on some issues while describing a few specific tools in detail.
Memory Access Speed
Modern computers have a hierarchy of memory types. A very small portion of memory called Level-1 or L1 cache (also called CPU-internal cache) provides very fast data access. A larger portion called L2 cache (also known as external cache) provides somewhat slower memory access but still much faster than that of general RAM without using a cache. The faster the memory type, the more expensive and less practical it is to use. This is one of the fundamental tradeoffs of computer architecture.
Here are typical orders of magnitude of memory access times and sizes of the major memory components. These values are generic and they change rapidly as computers become faster but their ratios stay relatively constant:
Latency (nanoseconds) Size (kilobytes)
L1-cache 3 32
L2-cache 30 4096
RAM 300 500,000
Disk 30,000,000 10,000,000
As you can see, memory efficiency can be hugely different depending on how much the application uses the faster memory components and avoids the slower ones.
The first practical conclusion from this data is that disk access as a substitute for memory access should be avoided in any performance-sensitive situation. High Performance Computing, Second Edition, by Kevin Dowd and Charles Severance (O'Reilly and Associates) is an excellent further resource regarding memory access speed and related issues.
Pro/ENGINEER Use of Memory
Unlike older applications that explicitly use disks for some of their storage requirements, Pro/ENGINEER keeps all model data directly in memory. It assumes that the system has enough memory for all needs. This approach relies on the OS virtual memory (VM) system. All modern operating systems contain page-demand VM systems. The main advantage of such a system is that memory available to applications is not limited to random access memory (RAM); disk swap space can also be used. The application or the users do not have to do anything special about using it: the OS handles it automatically.
The main disadvantage of using the VM system is that, if memory requirements significantly exceed the available RAM, system performance will degrade. As application memory requirements start exceeding the amount of physical memory available in the system, paging to disk will begin. This causes rapid performance degradation because, as you saw in the previous section, disk access is many orders of magnitude slower than memory access of any kind.
Eventually, if the application requires much more memory than the available physical memory, so-called "thrashing" may occur, which makes the system practically impossible to use. For detailed descriptions of the Solaris VM system and other system-related information, see Sun Performance and Tuning: Java and the Internet by Adrian Cockcroft and Richard Pettit (Prentice Hall) and Solaris Internals: Architecture, Tips and Techniques, Volume 1: Core Kernel by Richard McDougall and Jim Mauro (to be published by Prentice Hall). McDougall and Mauro's columns are also available online at SunWorld (http://www.sunworld.com).
Pro/ENGINEER is a large application with the following features (from the memory efficiency perspective):
· The use of the malloc() interface to obtain all required memory from the system. Most applications use this method, although other methods exist (mmap-based for example). C++ operator "new" also belongs to this category since most implementations of "new" call malloc() internally.
· Highly dynamic memory usage. In other words, the amount of memory a Pro/ENGINEER session requires is highly dependent upon the size of the model and the operations performed on it.
· Large amounts of memory required for large models. Pro/ENGINEER memory consumption can vary from about 50 megabytes to a number of gigabytes, up to the total amount of swap space (RAM plus disk swap) available in the system.
· Very large and complex dynamically allocated data structures, many of which are scattered over memory. One reason for this is that Pro/ENGINEER data structures represent 3-D objects, while the operating system virtual address space model is linear (1-D). This makes it necessary to map the 3-D data to the one-dimensional virtual address space. Such a mapping introduces gaps between addresses of data items that may logically be closely related.
· Very complex memory access patterns, in some cases approaching random access. There are some objective reasons for this. For example, certain algorithms used in mechanical CAD systems (Hidden Line Removal is one such algorithm) require examining a data item (say, Z-coordinate) for all existing entities, such as triangles tessellating the surfaces. The data structures containing the needed data items can be stored in memory far from each other. This can easily cause poor "locality of reference."
· Extensive use of function pointers, causing frequent address jumps in referencing the program code. This is typical for modern object-oriented applications. For example, C++ virtual functions are usually implemented with function pointers.
Taken together, these features mean that the CPU caches described in the previous section are not very effective with Pro/ENGINEER. A cache is only useful when many data items or program instructions can be accessed directly from the cache. When data access is almost random with large gaps between addresses, caches cannot help much. In this case, performance will often depend on raw memory latency, that is the time it takes to access RAM without the benefit of a cache.
SPARC/Solaris allows a full 4-GB virtual address space for 32-bit applications, and practically unlimited virtual address space size for 64-bit applications. See details at:
http://www.sun.com/technical-computing/ISV/PTCFaq.html#MORETHAN2G
Current Sun workstations (e.g., Ultra-80) can hold up to 4 GB of RAM, thus making large memory requirements practical. Future workstation models will be capable of holding even more RAM.
One example is the PTC Division MockUp application, which is supported in the 64-bit mode on Sun. It can handle huge assemblies by taking full advantage of the large amounts of RAM and virtual address space in the system.
Uniprocessor and Multiprocessor Systems
Currently, the most popular multiprocessing model is Symmetric Multi-Processing (SMP). All Sun workstations and servers use it. Briefly, SMP means that CPUs installed in the computer have equal status; all of them can equally execute both application and kernel code. Every CPU has its own hardware cache. Any CPU can access any data that the applications use. Such access can be performed in parallel. When the application modifies data, the MP hardware ensures that all CPUs see the same data values. This feature is called "cache coherency".
To take advantage of the multiple CPUs in the same machine, you can run multiple applications at the same time. In this case, the kernel will automatically distribute the load among CPUs. Alternatively, a single application can create multiple threads running in parallel, thus taking advantage of multiple CPUs.
Pro/ENGINEER is partially multithreaded, which means that certain operations can be performed in parallel when multiple CPUs are available. A brief description of the MP/MT features of Pro/ENGINEER is available at:
http://www.sun.com/technical-computing/ISV/PTCFaq.html#MP
On Sun systems, Pro/ENGINEER is statically linked with a special malloc() package allowing faster memory allocation when multiple threads manage their memory simultaneously. Sun Microsystems owns a patent for this technology ("Memory Allocation in a Multithreaded Environment", by Greg Nakhimovsky, http://www.uspto.gov).
Measuring Memory Used by Application
Knowing how much memory an application session has consumed can be useful in many ways. It can help you determine whether adding more RAM will help performance, or the amount of available physical memory can be decreased without a negative effect on performance. It can be useful for workload management tasks required for distributed computing. You can also use this information to detect abnormal situations, for example, when the application is consuming too much memory.
This task is generally not trivial since today's operating systems, including Solaris, are very complex. The naive methods frequently used for this purpose do not work well. Examples include ps(1), swap(1), and vmstat(1) commands. For various reasons, none of those commands report the total memory consumption of a particular application. For example, the ps(1) SZ (size) field will report the amount of virtual memory, but not the actual memory consumed. The RSS (resident set size) field will include the memory occupied by the shared libraries, which many processes can use simultaneously.
It is not impossible however. Solaris has a very useful pmap(1) command based on the proc(4) interface. Here is a description of a couple of tools based on pmap(1) technology, which you can use with most applications, not just Pro/ENGINEER.
The readers who are not programmatically inclined can skip all the details given here, download the tools, and simply use them. These tools, with the exception of pmap(1), are not officially supported by Sun Microsystems. They are informal example programs and anyone is welcome to use them or modify them. They also demonstrate a few useful programming techniques.
The first tool is a shared library interposer called mem_on_exit.so. Listing 1 contains its source code. To build this interposer, use the following command:
cc -o mem_on_exit.so -G -Kpic mem_on_exit.c
To use it (from a Pro/ENGINEER startup script, for example) do the following (we are using the C-shell syntax in this example):
setenv LD_PRELOAD /full_path/mem_on_exit.so
[ Run Pro/ENGINEER as usual ]
unsetenv LD_PRELOAD
Shared library interposers are programs capable of intercepting calls the application makes to any shared library. Once such a call is intercepted, the interposer can do whatever you need, and then call the real function originally intended by the application.
Library interposers are very useful for all kinds of debugging, testing, and collection of runtime data statistics. They can even be used to fix bugs by modifying the behavior of the interposed function. They can do all this without rebuilding the application in any way.
In this case, the library can interpose on system call exit(2), which most applications (including Pro/ENGINEER) invoke at the end of the run to exit to the operating system. First, it can determine the name of the executable that made the call. The library can use Solaris proc(4) interface for it. (Note: the version of the proc(4) interface shown here works with Solaris 2.6 and later.) Pro/ENGINEER main executable is called "pro". So if the current executable is called "pro", the library can call system(3S) invoking a Perl script called measure_proe_mem.pl. After that is finished, call the real system exit(2) routine.
I will assume that the directory where script measure_proe_mem.pl (described later) is installed in is on the shell $PATH. Alternatively, you can put the full path to measure_proe_mem.pl in the system() call.
When the application uses malloc() to dynamically allocate memory from the system, the amount of memory that the application consumes cannot decrease while the application is running. The malloc() package contains a memory management system. When the application calls free(), the freed memory is not returned to the operating system but saved for future use by the same process. (Actually, malloc() can be written to return memory to the system, but most malloc() implementations, including Sun's, do not do it that way because it would be hard to do and unnecessary in most cases.)
Therefore, to estimate the amount of memory that the application consumes, it is enough to measure it only once, immediately before the application exits. This will provide the "high-water mark" value. The actual measurement and calculations are performed by the Perl script measure_proe_mem.pl that the library interposer invokes. Listing 2 contains its source.
Perl is a part of Solaris 8 and above, where it is automatically installed in /bin. For the earlier Solaris releases, you can download Perl from a number of locations, including:
http://sunfreeware.com
If Perl is not in /bin on your system, make sure to modify the first line in the script to point to your Perl executable.
The measure_proe_mem.pl script runs the ps(1) command to find all the running processes related to Pro/ENGINEER. It assumes that any process with an executable name containing characters "pro" or "appmgr" qualifies. (These patterns can be easily changed if necessary.)
For each process with a name matching the specified pattern, the script runs the Solaris pmap(1) command with parameter "-x" producing a detailed memory map for the process. After parsing the pmap(1) output, the script adds the amounts of private memory that each process has used, and selects the maximum amount of shared memory among the processes. We do not want to add the shared memory many times since many processes share it. We assume that the Pro/ENGINEER-related processes share most of the same libraries. The resulting value (Max shared + Total private) is a good approximation for the amount of memory this Pro/ENGINEER session has consumed. You can download both source files from the Web:
ftp://ftp.sunmde.com/pub/gregns/mem_on_exit.c
ftp://ftp.sunmde.com/pub/gregns/measure_proe_mem.pl
Typically, these tools are used together. Either individual users of Pro/ENGINEER can run them directly, or a startup script of some kind can do it. In the latter case, a systems administrator can collect various statistics regarding memory consumption. You can also use the measure_proe_mem.pl script on its own. If you execute it at any time while the application is running, it will output the results at that time.
Here is an example output from the measure_proe_mem.pl script executed while Pro/ENGINEER is running:
% measure_proe_mem.pl -v
5045 /export/home/proe2000i2/sun4_solaris/obj/pro:
virtual_kb = 378512; shared_kb = 4232; private_kb = 179512
5046 /export/home/proe2000i2/sun4_solaris/nms/nmsd:
virtual_kb = 2832; shared_kb = 1512; private_kb = 1016
5048 /export/home/proe2000i2/sun4_solaris/obj/pro_comm_msg:
virtual_kb = 4848; shared_kb = 1496; private_kb = 1552
5060 /export/home/proe2000i2/sun4_solaris/obj/pglclock:
virtual_kb = 157592; shared_kb = 4224; private_kb = 6936
Total memory consumed by all Pro/ENGINEER-related processes:
Total virtual address space = 531 MB
Max shared = 4 MB
Total private = 185 MB
Max shared + Total private = 189 MB
You can easily modify these tools to work with applications other than Pro/ENGINEER. All you will have to do is change the names (or name patterns) of the executables, the name of the Perl script, and the output messages.
Measuring Paging to Disk
You can measure paging to disk with vmstat(1). This technique (among others) is described in:
http://www.sun.com/technical-computing/ISV/PTCFaq.html#PERFORMANCE
Look at the sr (scan rate) column in the vmstat output. When the numbers in that column are consistently zero or less than 200 pages per second, there is no significant paging to disk occurring and the amount of your physical memory is sufficient for the current session. If the scan rate is consistently high, application performance will improve if you add more RAM.
A Pro/ENGINEER startup script can start vmstat(1) in the background, capture the sr column output, and calculate some meaningful statistics. The vmstat(1) process can be terminated, for example, by a signal sent to it when the Pro/ENGINEER session ends. Developing such a script is left as an exercise for the reader.
As an alternative, you can watch for the disk activity reported for the swap device (assuming you use swap partitions rather than files). One way to do this is to run the iostat(2) command. Any significant input/output (I/O) in a swap partition is a sure sign of memory shortage.
I also recommend installing the xcpustate utility and using it to graphically monitor what your system is doing. It is a public-domain X-Windows based utility available for many UNIX platform. You can download it from:
ftp://ftp.cs.toronto.edu/pub/jdd/xcpustate
The SPARC/Solaris binary that I use (which is rather old) is available here:
ftp://ftp.sunmde.com/pub/gregns/xcpustate
To use it, simply make sure the xcpustate file is executable:
chmod +x xcpustate
and then start it putting it into background:
xcpustate &
If you would like to watch the I/O state in addition to the CPU state (which is a good idea, especially for the swap devices), start it with a -disk parameter:
xcpustate -disk &
The resulting display will show the state of each CPU and disk (if -disk is specified). It uses the following colors for the display:
Green User time
Yellow System time
Blue Wait/idle
The xcpustate display is updated each second.
There are other graphical utilities to monitor system performance, but I like xcpustate the most for its convenience and light weight.
Measuring CPU Cache Usage
Solaris 8 has cpustat(1) and cputrack(1) utilities, which can help you measure various CPU statistics. Specifically, you can measure the number of external cache hits and misses. Here is an example of how you can use cputrack(1):
% cputrack -fev -c EC_ref,EC_hit <command>;
EC_ref refers to the total number of external cache references, while EC_hit corresponds to the total number of external cache hits. The difference between the two values will give you the number of external cache misses. The external cache miss rate can be computed as:
(1 - EC_hit/EC_ref)*100%
Similarly, to watch the instruction cache references and hits, you can use this syntax:
% cputrack -fev -c IC_ref,IC_hit <command>;
You can also concatenate multiple -c options to cputrack or cpustat. That will make the tool cycle between the specified events. The above examples are for UltraSPARC-I and UltraSPARC-II. See UltraSPARC User's Manuals (http://www.sun.com/microelectronics/manuals/index.html) for detailed information about the UltraSPARC counters.
Frederic Pariente of Sun Microsystems/France has developed an interesting utility called Hardware Activity Reporter (HAR), which computes many useful UltraSPARC CPU statistics such as L1-cache miss rate and data stall rate. See Hardware Performance Counters, Hardware Statistics Tool: http://www.sunmde.com/perf_tools/har/.
Improving Memory Efficiency
· Using the tools described in the previous sections, measure how much memory your application uses and how much paging to disk is occurring.
· Collect statistics about the memory consumption and paging to disk over a period of time. Configure your system with the optimal amount of RAM and disk swap amount best suited to your needs.
· Use the cputrack or HAR tool to measure the CPU cache miss and data stall rates during specific application operations. Provide feedback to application developers, such that they can improve their algorithms and data structures to take better advantage of CPU caches. Improving locality of reference and thus increasing the number of cache hits can dramatically enhance application performance.
· Use the application features that generate many cache misses as little as necessary.
Summary
Now that you have some memory measurement tools, you can apply them in your own environment to configure the system's hardware and provide useful feedback to the application developers. Since memory efficiency is such a large issue, its further discussion should be useful to everyone involved with large applications.
Acknowledgments
I would like to thank my Sun Microsystems colleagues Tom Gould, Morgan Herrington, Peter Nurkse, and Pramod Rustagi for their advice and encouragement.
Greg Nakhimovsky is a member of the technical staff at Sun Microsystems. He works with independent software vendors making sure that their applications run well on Sun systems. He has 20 years of industry experience developing, performance tuning, and supporting technical computer applications on various computer systems.
汉字输入加拼音声调
智能ABC下面输入v8就可以了
我的六个系统安装方法及其应用(solaris,freebsd,linux,windows98,2k,xp)
小弟这里把自己装系统的过程及考虑的事情都写下来,另外也写了一些与这个主题无关的,有些东西很简单也提了一下,是给不太了解的朋友写的,希望对对这方面感点兴趣的朋友有点参考作用。
我的硬盘是80G,现在装有windows系列98,2k,xp,redhat,solaris,freebsd共六个操作系统。在分区的时候就考虑到要装多系统,所以分区的时候就计划好了。
首先,先制定出分区计划,计划我的硬盘分区如下:
Primary 1: FAT 1.8G (label:win9
Primary 2: Solaris 8 x86 5.6G
Primary 3: Extend (剩余的全给这个扩展分区了)
Primary 4: FreeBSD 4.6G
Extend :
Reiserfs:5G redhat 系统分区
swap:300M linux交换分区
Reiserfs:4G 备用分区
FAT32 :6G 主要是装程序文件 (label:prog)
FAT32:10G(label:soft)
FAT32:10G(label:doc)
NTFS:2G(label:mydoc)
NTFS:2G win2k advance server(label:win2k)
NTFS:7G(label:server)
NTFS:5G winxp(label:winxp)
FAT32:2G(label:swap)
FAT32:14G(label:vidio)
现在把考虑的事情说一下。
win98主要用于系统维护,给1.8G足够了,安装win98大约需要不到400M的空间,剩余的空间用于紧急时候存储一些东西,另外也可以利用这个空间和solaris交换文件,后面另述。之所以把这个分区划为FAT,是为了以后装DOS622考虑,因为DOS622不认FAT32,而装好了98以后,如果想再装DOS6.22,完全可以把DOS6.22装在这个分区,然后修改相应的启动文件,使98和dos622双启,这方面的技术文章在网上比较容易找到,不再另述。
把NTFS分区划在后面是为了在98和2k,xp里前面的一些分区有个统一个分区名,比如prog在三个windows系统里全是D盘,对一些应用比较方便。
之所以划出一个2G的label为swap的fat32分区,是为了这个分区在linux下挂接为可写,可以和windows交换数据,其它fat32视情况可以挂在linux下,建议为只读,防止误操作。
最后一个label为vedio的盘划在扩展分区的最后面,可以视情况以后用作扩展用途,或划定为其它类型的分区用,由于在扩展分区的最后,改变分区类型及大小时对前面系统影响最小。
需要准备的工具有,可以光盘启动带pqmagic的盘,diskman。pqmagic用于分区,diskman用于装完一个系统后保存分区表,以备不测时可以快速恢复。下面装完一个系统就diskman一把吧,出了事再diskman 回来。关于diskman下面就不述了。
首先分区,用光盘启动,进入pqmagic,按如上分区分好区,注意pqmagic不能划定solaris,freebsd及reiserfs类型的分区,在分区的时候全指定为linux native (ext2)即可,主要是为了先占个地方。
安装的时候,安装顺序如下:win98,redhat,win2k,winxp,freebsd,solaris,注意这里redhat一定要作一张启动盘,稍后要用到,而且,我们把grub装到mbr里,用他来引导其它操作系统。solaris最好是最后装,因为solaris要修改硬盘分区的CHS值,装完了solaris,PQMAGIC认为硬盘参数出了错误,认不出硬盘来了。这时候启动pqmagic的时候,他会提示你是否修正,你可千万别修正,修正完了,发现硬盘就成了一个大的没分的区了,再重启可能就出事了,弄不好什么也启动不了了,我试过一次,就这一次,害我终身难忘啊,呵呵。保留改动后的CHS事实上也没什么影响,不用pqmagic不就行了,只是硬盘分区参数不规范,也不影响其它系统的启动等等,无所谓了。
先装win98,不用说了.再装redhat,我的redhat7.3全安装,大约占了3G的硬盘空间。然后装win2k ,再装winxp,注意要先装win2k,再装winxp,否则winxp不能启动,最后还得把winxp的引导系统换到c盘去。
最后装freebsd,装freebsd的时候,不要装bootloader,保留mbr不变即可。最后用红帽那张启动软盘启动红帽,执行如下命令:
cd /boot/grub
grub
grub>;root(hd0,4)
grub>;setup(hd0)
grub>;quit
这样就成功的把grub安装到mbr里面了,再修改一下grub的配置文件,即可完成多系统的启动。
vi /boot/grub/menu.lst
填加如下几行:
title DOS/Windows
rootnoverify (hd0,0)
chainloader +1
title freebsd
rootnoverify (hd0,3)
chainloader +1
删掉引导ntfs分区的那几行,保留引导红帽的那几行,OK,保存,reboot,至此未安装solaris其它五个系统便安装完成了。重启系统,首先是grub菜单,如果选windows,那么便进入windows系统的启动菜单,这个菜单是c盘的引导分区及C盘根目录下的NTDETECT.COM,ntldr,bootsect.dos,boot.ini来引导的。
然后如果不愿装solaris呢,就完事了,如果你要装solaris,就往下看,提前说好了,出事别找我,呵呵,主要是solaris毛病太多,容易出事。2000年6月版的不支持大硬盘,2002月2月版的没问题了,拿2000年6月版的,认我的硬盘认成了11G多,再往下装说什么它也不干了。如果硬盘N大,那就使2002年2月版的,而且它也支持P4
solarisx86的分区号是82,linux的native分区号是83,linux的swap分区号是82,正好和solaris的分区号一样,先装solaris再装linux容易出问题,弄不好把solaris分区当swap分区给处理一下,可就惨了,所以后装吧。
注意,下面要进行一些处理,这个处理很关键。
用光盘启动,进入pqmagic,找到准备划给solaris的那个分区,现在那个分区类型是ext2,删掉这个分区,只是删除掉,让他处于未分配状态即可,应用,退出。稍后我们说这一步为什么重要。如果后来发现win2k,winxp都启动不了,自己改一下boot.ini吧。启动不了的原因就是boot.ini文件中的这一行:multi(0)disk(0)rdisk(0)partition(13)\WINDOWS="Microsoft Windows XP Professional" /fastdetect partition后面的参数不知道给改成几了,改成正确的即可。
下面进入solaris的安装,用software 1那张光盘启动,注意不是multilangue install那张盘,那张盘老让建个x86boot分区,而x86boot分区得在主分区里,现在主分区已经没地方了。software1不用建x86boot,直接装在一个主分区里就行了。启动系统,安装,刚删掉的那个分区安装时程序会划给solaris,到时候一看就明白了。直接一路装下去就OK了。
装完了solaris会用它的多系统引导管理器来替代mbr,也能引导win98,但是不能引导扩展分区里的东西,所以不能引导linux,那么我们还得用grub来引导。方法如上,这时候/boot/grub/menu.lst中引导solaris的代码为:
title solaris
rootnoverify(hd0,3)
chainloader +1
引导bsd的代码为
title freebsd
rootnoverify(hd0,2)
chainloader +1
细心的朋友会问,solaris不是在第二个主分区吗,应该为 rootnoverify(hd0,1)呀,怎么这里写成rootnoverify(hd0,3)了?而freebsd怎么写成rootnoverify(hd0,2)了,呵呵,这里得解释一下。(以下我没有确凿的技术证据,完全是个人的推测,不知道对不对)grub是按照在mbr里四个分区应占的格子的先后顺序来引导的,我们用pqmagic删除了原来准备划给solaris的分区,然后应用,相应的它会调整mbr里的对应参数,使extend和freebsd都向前提一个格,把四个位置中的最后一个空出来,当安装solaris的时候,它把自己的分区信息就填在这个位置上了,自成变成了四个主分区中的“最后一个”了。
如果不按照上述方面,solaris在硬盘分区表中还是第二个分区,那就坏了,linux说什么也启动不了了,不信你试试吧(可能改别的地方也可以,不过我不会现在,我已经试过很多方法了,还是不行,哪位找到方法说一声)原因是什么呢, linux在启动的时候,会识别出solaris分区中的slice,将这些也视为一个分区,例如,在我按上述方式装好后,在linux下键入“dmesg|grep hda”命令,会返回如下结果:
hda: hda1 hda2 < hda5 hda6 hda7 hda8 hda9 hda10 hda11 hda12 hda13 hda14 hda15 hda16 >; hda3 hda4
hda3: <bsd: hda17 hda18 >; hda4: <solaris: [s0] hda19 [s1] hda20 [s2] hda21 [s7] hda22 >;
如果solaris为第二个分区,那么相应的原来的红帽系统分区hda5就要变为hda9了,grub的配置菜单里怎么填,他又是怎么识别?linux的fstab里怎么填?很麻烦的,我试了好几种办法都不能协调好,linux不能正常启动,所以只好想出这个办法来了。
有的朋友会问,把solaris直接划成第四个区不就行了?呵呵,我还真想,用2002年2月版software1刚装的时候就是想把他装在BSD那里,先不用BSD了,没想到,后来提示,得在1024柱面以前,要不不往下进行了,哎,没办法呀。不过原先20G硬盘的时候用2000年6月版的装过,也是software1安装,安装在15G之后的最后一个分区里,挺正常的。具体我也搞不清,反正这样装是肯定没问题,至于1024柱面的问题,搞不清。
下面说一下solaris里面访问win98那个区的问题,用如下命令即可挂下win98的分区
mount -F pcfs /dev/dsk/c0d0p1 /mnt
这样/mnt里面的内容就是原来的win98分区了,交换数据挺方便的。
solaris下如何挂接一个ISO文件呢?不少同学网络条件挺好,从网上下载的solaris安装文件都为ISO文件形式,其实只要把software1刻成光盘,其它的仍然在windows分区里就行了。需要的时候,把那个ISO拷到win98分区里,然后启动solaris再把那个ISO挂到一个目录下就可以了,我装software2,language package,asia那几张盘的时候就是用的这个方法。
具体要用lofiadm命令,software1装好了就有这个命令,这个命令把一个ISO文件模拟成一个块设备。
假设software2安装ISO为c:\SOL_8_202_IA_2.iso,如下命令序列可完成安装过程。
进入solaris
#mount -F pcfs /dev/c0d0p1 /mnt
#lofiadm -a /mnt/SOL_8_202_IA_2.iso
/dev/lofi/1 /*这一行是上一行命令的处理结果,不是我键入的*/
#mkdir /tempiso
#mount -F hsfs -o ro /dev/lofi/1 /tempiso
#cd /tempiso
……自己安装吧,已经是ISO里面的内容了。
#umount /tempiso
#lofiadm -d /dev/lofi/1
现在就把SOL_8_202_IA_2.iso与/dev/lofi/1分离了,同上方法可以安装其它ISO,
lofiadm的具体用法请参见man lofiadm
呵呵,现在solaris就装好了。试试手吧。
在红帽下挂接windows分区,注意键入以下选项codepage=936,iocharset=gb2312或codepage=936,iocharset=cp936,否则不能正常显示中文。
当时redhat选reiserfs主要是由于宿舍的同学晚上爱看片,不过晚上到点停电,系统老没事掉电可不好玩,于是整了个reiserfs文件系统,省得文件系统容易崩溃了。
redhat7.3的内核好像不支持solaris的文件分区,挂不上,估计重新编译内核就行了。原来在蓝点2.0里面用下面的命令可以挂上solaris的分区,对于上面的grep hda的结果,用如下命令可以挂接上solaris的s7分区
mount -t ufs -o ufs=sunx86 /dev/hda22 /mnt/s7
上面的划分区的时候有一个NTFS分区server,是给vmware和virtual pc用的,在winxp里,virtualpc里装上solaris(划给32M内存),freebsd(minimal选项,划给16M内存),redhat(字符终端,划给16M内存),vmware里装上路由型linux(划给8M内存,双网卡,起网关作用),mandrake等。virtualpc不能装双网卡,vmware可以,自己组个小局域网玩吧。这个分区建议用NTFS,为什么呢,我的virtualpc里的solaris装好了,六张盘全让我塞进去了,包括GNUtools等,对应的virtualpc中的solaris的硬盘文件为4,405,129,216 字节,不过启用了NTFS的压缩功能,占用硬盘空间为:1,603,891,200 字节。FreeBSD为358,735,359 字节,占用硬盘为160,432,128 字节。类似,硬盘利用率高啦,得益于NTFS的压缩功能。
访问solaris的图形界面在winxp下装个exceed吧,省点虚处理机的资源,呵呵。
如果是小硬盘,只想装dos622,win98,solaris,建议C盘为FAT区,先装win98于C:\windows目录,然后用software1装solaris,这时候启动管理器是solaris的,开机后启动界面第一项就是win98的启动。装好了重启机器,用dos622的启动盘启动,装dos622于C盘,然后修改win98的一些配置文件即可完成双启,具体可参见下文:
http://www.lixiang.gd.cn/computer/system/Win98-dos6.22/
这种装法我没试过,不知道dos622会不会修改C盘的引导扇区,真怕修改,就先把C盘引导扇区保存下来,装完了再恢复就行了。
可以用一下下面的命令:
在还没装dos622的时候里,进入win98的command.com
c:\>;debug
-l 100 2 0 1
-n c:\testtest
-r cx
CX 0000
:200
-w 100
Writing 00200 bytes
-q
c:\testtest就是C盘的引导扇区。
恢复的时候可以如下,先进入command.com:
c:\debug
-n c:\testtest
-l 100
-w 100 2 0 1
-q
debug全干了,不用别的工具.
如果只是为了学汇编而用dos622,建议可以在vmware或virtualpc里装dos622,全屏了以
后和裸机上装dos622感觉一样,原来学汇编的时候我就是在vmware里装的dos622,省了
不少麻烦。
一块网卡两个ip
方法一:
编辑/etc/hostname.iprb0:1
编辑/etc/hosts
方法二:
把下列内容加到/etc/rc2里
ifconfig iprb0:1 192.168.2.57.netmask 255.255.255.0
一块网卡帮定三个ip,并且子网掩码不同
作者:zico
搞定!如下:
/etc/hosts
127.0.0.1 localhost
210.xxx.xx1.xx dbs loghost
192.168.9.15 mytestip
192.168.9.65 mytestip2
/etc/netmasks
210.xx.xx.0 255.255.255.0
192.168.9.0 255.255.255.192
192.168.9.64 255.255.255.252
/etc/hme0
dbs
/etc/hme0:1
mytestip
/etc/hme0:2
mytestip2
#init 6
...
#ifconfig -a
lo0: flags=1000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843 mtu 1500 index 2
inet 210.xxx0.2xx.xx netmask ffffff00 broadcast 210.82.31.255
hme0:1: flags=1000843 mtu 1500 index 2
inet 192.168.9.15 netmask ffffffc0 broadcast 192.168.9.63
hme0:2: flags=1000843 mtu 1500 index 2
inet 192.168.9.65 netmask fffffffc broadcast 192.168.9.67
sun官方网站
1. How can I bind multiple (virtual) IP addresses to a single network interface card ?
The following steps demonstrate how to configure the ethernet (elx0) device to support more than one IP address.
Create a text file in the /etc directory called hostname.elx0:1 and add this entry to file:
virtual
Add this IP address and hostname in the /etc/hosts file:
10.0.0.1 virtual
Create a new script file in the /etc/rc2.d directory called S70virtual, and add these entries in this file (for permanent change):
ifconfig elx0:1 10.0.0.1 up netmask 255.255.255.0
Reboot the system.
To delete a logical interface, use the unplumb command . For example,
example% ifconfig elx0:1 down unplumb will delete the logical interface elx0:1.
3.配置DNS服务器
在Solaris 中,in.named 进程域名服务器。通过网络初始化脚本S72inetsvc在level 2级上启动的,启动后,它读取/etc/named.conf以获取它所管理的区域和区域数据库文件。区域文件除了包含主机名到IP地址的映射外,还包含其他内容。
域名服务器的配置过程包括下列步骤:
1)注册一个域名
2)创建一个主机名和ip地址的列表
3)创建/etc/named.conf文件
4)创建区域数据文件
3.1资源记录类型
在区域数据文件中,信息是以特定的格式存储的。这些信息被定义为资源记录类型(RR)。
标准的资源记录
1.SOA(管理开始)资源记录
@ IN SOA X86_DNS.sunmarmot.com postmaster. sunmarmot.com (
2001041602 ; Serial
10800 ; Refresh - 180 Minutes
1800 ; Retry - 30 minute
1209600 ; Expire - 2 Weeks
43200) ; Minimum TTL - 12 Hours
X86_DNS.sunmarmot.com postmaster. sunmarmot.com
主DNS名字是X86_DNS.sunmarmot.com 技术支持者为postmaster. sunmarmot.com
2002101602 SOA序列号,2002年10月16号的02版本
10800 刷新时间,次DNS从主DNS上刷新数据库文件的时间间隔。它寻找主DNS上的SOA序列号,如果序列号发生了改变,名字服务器需要更新数据库。
1800 重试时间,次DNS与主DNS联系更新数据库失败时,再次与主域名服务器联系的时间间隔。
1209600 如果次DNS不能从主DNS上更新后到它自动失效的时间。
43200 不需要更新数据库而使主机名维持有效的时间。
2.NS(名字服务器)资源记录
列出了域或区域中的名字服务器
;
; Nameservers
;
sunmamot.com. IN NS X86_DNS.sunmarmot.com
IN NS dns2.sunmarmot.com
3.A (地址)资源记录
地址资源记录用于说明DNS 数据库中主机的IP地址。它可能即使用到绝对主机名(FQHN),也可能使用相对的主机名(短主机名)。
;
; use of absolute hostname
X86_DNS.sunmarmot.com IN A 192.168.9.1
; use of relative hostname
;jin IN A 192.168.9.2
;则jin相当于jin.sunmarmot.com
;--------------------------------------------------------------------------
; 同一个机器(一个网卡), 但有两个不同的 hostname/FQDN.
;---------------------------------------------------------------------------
NS IN A 140.113.250.135
IN MX 0 mail.sunmarmot.com..
dnsrd IN A 140.113.250.135
注意:在使用短主机名时,不要在主机名后加(.),在使用 绝对主机名时要加(.)
4.MX(邮件交换服务器)资源记录
MX资源记录负责域内的主机之间的邮件交换服务。
;
email IN A 192.168.9.1
email2 IN A 192.168.8.1
IN MX 5 email <------5表示优先级,值高的服务器优先使用。
IN MX 10 email2
5.PTR (指示器)资源记录 The Pointer Resource Record
通常用于逆向主机名的解析
6.CNAME 用于定义主机的别名
www IN A 192.168.9.1
ftp IN CNAME www
7.HINFO 主机信息记录
www IN HINFO ultra-10 Solaris
8.TXT 文本资源记录
用来记录主机文本信息
www IN TXT “this host is www in marmot home”
9.WKS (知名服务)资源记录
说明主机能提供的可用的知名服务的信息,从安全的角度讲,不要写这项。
www IN WKS 192.168.8.1 TCP ( smtp netstat nntp)
参考英文如下:
DNS RESOURCE RECORDS
Resource Record Description
SOA Start of Authority RR
NS Name Server RR
A The Address RR
MX The Mail Exchanger RR
PTR Pointer RR
CNAME Canonical Name RR
HINFO Host Info RR
TXT Text RR
WKS Well-Known Services RR
3.2委托子域
使用NS类型的资源记录可以将子域委托给其他的DNS,如:子域wife.sunmarmot.com将被委托给名字服务器husband.sunmarmot.com.
wife.sunmarmot.com. IN NS husband.sunmarmot.com.
3.3 /etc/named.conf关键词
3.3.1 acl
定义一个访问控制列表,哪些客户可以使用该服务器
要想为本地网络(192.168.9.*)上的所有主机定义一个acl可以插入声明
acl local_network {
192.168.9/24
};
24表示子网掩码255.255.255.0,如果路由器是主机192.168.9.88,并且希望这个地址对DNS服务器进行任何访问,则可以将前面的声明形式修改如下:
acl local_network {
! 192.168.9.88;192.168.9/24
};
注意:如果要拒绝一个被允许的的子网中的某个特定地址,那么必须在声明中将该地址放在子网定义的前面。
3.3.2 include
可以把指定文件中的内容插入/etc/named.conf中。
因为大型网络的定义DNS区域可能很长,管理员经常将他们放到一个单独的文件中,这样就可以使用acl定义和系统选项分别管理它们。因此要想从文件/var/named.conf中包括所有的定义,需要在/etc/named.conf文件中插入下面的声明:
include “/var/named/zones.conf”
3.3.3 options
options部分定义存储区域数据库的目录及存储命名进程的进程ID文件。
options {
directory “/var/named”;
pid-file “/var/named/pid”;
}
3.3.4 server
server 声明定义远程DNS服务器的特征。对于服务器的,可以设置两个主要的选项:远程服务器是否传送了不正确的信息,以及远程服务器是否能够在一个单独的请求中回答多个查询。
server 10.10.12.1
{
bogus yes;
transfer-format many-answers;
}
3.3.5 zone
对于DNS服务器管理的每一个网络或子域,都必须创建一个区域。区域可以创建为主区域(主域名服务器)或辅助区域(次域名服务器)。必须包括IP-域名及域名-IP的映射条才能正确解析IP地址和域名。对于sunmarmot.com域,需要创建下列区域条目
zone “sunmarmot.com”
{
type master;
file “sunmarmot.com.db”;
}
zone “9.168.192.in-addr.arpa”
{
type master;
file “sunmarmot.com..rev”;
}
在这个例子中需要使用主机信息填写两个区域文件/var/named/sunmarmot.com.db和/var/named/sunmarmot.com.rev。
示例文件/var/named/sunmarmot.com.db如下:
;File start: 89606
; The use of the Data contained in Verisign Inc.' aggregated
; .com, .org, and .net top-level domain zone files (including the checksum
; files) is subject to the restrictions described in the access Agreement
; with Verisign Inc.
@ INSOAsunmarmot.com. root.sunmarmot.net (
2002101501 ;serial
1800 ;refresh every 30 min
900 ;retry every 15 min
604800 ;expire after a week
86400 ;minimum of a day
)
IN NS ns.sunmarmot.com.
IN MX 10 friewall.sunmarmot.com
firewall IN A 192.168.9.1 ; firewall
sta IN A 192.168.9.2 ; webserver
jin IN A 192.168.9.3 ;webserver
wife IN A 192.168.9.4 ;Kerberos
security IN CNAME wife
文件/var/named/sunmarmot.com..rev用于反向查询,示例如下:
@ IN SOA 9.168.192.in-addr.arpa root.sunmarmot.net (
2002101516 ; serial
1800 ; refresh
900 ; retry
691200 ; expire
10800 ; negative cache
)
IN NS ns.sunmarmot.com.
1 IN PTR firewall.sunmarmot.com.
2 IN PTR sta.sunmarmot.com.
3 IN PTR jin.sunmarmot.com.
4 IN PTR wife.sunmarmot.com.
3.3.3 key
用于签名和授权的安全关键字
3.3.4 loggging 用于记录服务器信息
什么命令能看到每个用户分别用了多少空间
find $directory -user username | wc
repquota –a
前一段时间曾经在这里寻找sun solaris作为PDC(主域控制器)的解决方案;没有得到答案;我经过这两个星期的时间找到了它的解决方案,在这里跟大家分享以下:
Sun Solaris 环境下构建主域控制器(SUN Solaris PDC)
声明:本文档只是一种参考性的指南文档,相关技术问题可以参见相应的管理员指南文档。
Sun公司Solaris PC NetLink,该工具允许Windows用户运行Sun服务器和Solaris环境的目录、管理和验证服务。最多支持2000个用户同时使用,并增加了管理文件和打印环境的服务器功能。其他新特征还有支持Windows 2000和改良的备份工具。Solaris PC NetLink可以将几台NT服务器统一成一台Sun服务器,提供了灵活性,节约了成本,简化了管理。SUN的PC NETLINK软件可以把SUN的服务器模拟成NT服务器,包括作为主域控制器。 PC NetLink 1.2是免费软件,捆绑在所有Sun企业服务器软件中,也可以从Sun下载中心下载。
下载的源文件名称是PCNL_1_2.tar.Z,版本是1.2(目前最新版本是2.0),文件大小为大约250M。下载完成后首先用下面的命令解压缩:
uncompress -v PCNL_1_2.tar.Z
在上述命令执行完成之后,PCNL_1_2.tar.Z 将会被 PCNL_1_2.tar所替代。然后将此tar压缩包解开,确信有足够的空间能够存放这些展开后的文件;完全展开大约需要空间340M。用下面的命令解开压缩包
tar xvf PCNL_1_2.tar
运行安装文件install(在图形界面上),首先出现安装界面的选项;可选择进行“快速安装”或者“自定义安装”。快速安装将在新域中创建PDC并安装以下组件:
所有PC NetLink服务器组件
PC NetLink Server Manager管理工具
所有必需的增补程序和Java 组件
Windows NT Server Tools和其他客户机工具
在快速安装过程中,如果不想使用缺省名称,则需要输入服务器名称、域名和管理员帐户名及其口令。安装完成后,可运行Server Manager 或者 NT Server Tools来更改此配置。
自定义安装可以在安装和配置PC NetLink过程中具有更大的选择控制权。自定义安装的时候需要指定:
需要安装的组件——服务器、管理工具或者全部
如果要安装服务器组件,需要指定服务器是充当PDC(Prime Domain Controller)、BDC(Backup Domain Controller)还是成员服务器。
有关服务器/域名称和口令的信息
要使用的NetBIOS的配置类型(注:没有NetBIOS,安装将被终止)
l 是否安装Windows NT Server Tools和客户机工具
安装过程中需要输入域名domainname和主域控制器的名称PDCname,以及管理该域的管理员口令administrator password。然后根据提示的选项一步步安装PC NetLink直至安装结束。
如果不打算保留现有配置和数据,运行卸载脚本:
/opt/lanman/sbin/uninstall
安装结束后,系统将自动把下列目录共享:
其中tools目录下面包含着Windows NT Server Tools。进入目录TOOLS\winnt.40\i386,里面有srvmgr.exe和usrmgr.exe这两个可执行文件是我们管理服务器的主要工具,usrmgr.exe主要管理服务器上的用户和用户组,srvmgr.exe主要管理服务器的一些共享信息(添加删除共享目录)。要安装 PC NetLink Server Manager,双击 pcnlmgr_setup 文件夹中的 setup 程序。setup 程序将根据您的语言环境安装正确的版本。
安装完成之后,首先在客户端需要将服务器添加到 PC NetLink Server Manager。具体操作过程是在操作菜单中选择“添加solaris服务器”。(如果这是首次启动,将自动显示“添加solaris服务器”对话框)。输入要添加到PC NetLink Server Manager中的PC NetLink系统的solaris名称(我这里写的是ip地址),输入系统的root口令然后点确认按钮。
接下来,要将PC NetLink 用户账号与Solaris系统用户账号相关联。要创建此关联,可以使用PC NetLink Server Manager工具或者mapuname命令。将PC NetLink用户帐户映射到Solaris系统用户帐户后,PC NetLink服务器用户创建的所有文件都将归Solaris系统用户账号所有,并且可以通过PC NetLink用户帐户访问。具体操作方法:
使用PC NetLink Server Manager,登陆到要更改其用户帐户映射策略的PC NetLink系统上
双击代表该服务器的图标
双击策略——双击“用户帐户映射”
建立或编辑用户帐户映射策略。按照下图所示进行选择:
l 点确定
这样就完成了建立帐户映射策略的设置。
最后就可以根据Windows NT Server Tools设置用户和共享目录了。
已知问题:
1 PC NetLink软件无法复制大于2GB的文件,请尽量避免使用大文件或者使用压缩文件
2 使用Solaris PC NetLink加入Windows 2000域时,必须使用管理员的账户和口令。
3 管理员应该尽量避免用空口令创建用户帐户
4 客户机运行PC NetLink Server Manager管理工具的时候可能会无法显示汉字。这个可能与客户机的JRE(Java Runtime Environment)有关系。
如何关掉 不用的端口
关端口/etc/inetd.conf和/etc/rc2.d/,/etc/rc3.d,关掉相应的服务
上网机器设置
》修改以下文件:
etc/hosts 为 10.91.24.252 the9
etc/defaultrouter为 10.91.24.254 (我的网关)
etc/netmasks 10.0.0.0 255.255.255.0
etc/resolv.conf nameserver 202.106.196.115
重启动后发现网络以通,但仍不能上网,so
#ping www.263.net
未知主机
#ping 202.106.196.115
202.106.196.115 is alive
10.18第n次上www.chinaunix.net
得到众高手的指点。
修改etc/swwitch.conf 中的一行 host: files 为
host: dns files
重新启动机器(reboot),打开netscape一切ok/
转1 Sun系统的基本安全配置V1.0(by GaoXiao)
1)防止堆栈溢出(*)
2)关闭不用的服务,关闭一些无用的端口(*)
3)给系统打补丁(*)
4)消除系统中的弱智用户,定期修改用户口令,提高口令强度。
5)检查系统中SUID、SGID文件
find / \( -perm -004000 -o -perm -002000 \) -type f –print
检查系统上部正常的隐藏文件,例如…目录文件/dev下是否有可疑文件;/etc/inetd.conf是否有被替换文件;cron和at中是否运行可疑进程。
6)如果系统中开放了Ftp、www服务,则首先升级提供该服务的软件版本;FTP进行严格的权限设定;www服务要求严格检查CGI目录的文件,删除所有无用的脚本,防止恶意用户利用某些漏洞进行缓冲区溢出攻击;DDOS攻击可以通过修改ndd /dev/tcp ?;ndd /dev/ip ?中关于队列长度、最大等待时间等参数来防止。当然主要的是在边缘路由器上进行流量过滤。
7)检查r系列命令,尽量关闭该权限。如果必须开放则必须进行严格的认证措施。例如/etc/host.equiv文件(首先检查);~/$HOME/.rhost文件;
8)检查系统的文件共享问题,利用showmount命令,另外使用rpcinfo命令可以查看开放的r系列服务;rusers、finger可以探测远程用户信息。
9)查看是否有网络sniffer 的标记(*)
10)执行命令尤其是涉及到权限的命令时,一定要主要环境变量,养成良好的习惯;定期对系统的可执行文件、配置文件进行检查,可以采用第三方检查工具:tripwire
11)定期审计系统日志文件,检查是否有可疑用户登陆、程序运行。附unix系统详细日志文件说明。(*)
12)其他安全问题:例如sendmail(低版本-8.9以前有很大的隐患)、bind(8.2.2以前的版本有严重的缓冲去问题)的配置问题都会带来安全隐患;另外对xwindow的非授权使用,也会带来安全隐患,例如可以捕捉到控制台的鼠标坐标甚至屏幕,尽量不要使用xhost+命令。如果安装数据的话,也要提高数据库的安全性,因为很多数据库实际上是以root权限运行的。
#1 防止堆栈溢出
至少90%以上的安全问题都是来自所谓的“堆栈溢出”。攻击者通过给一个以root身份运行的程序提供比它所预期的输入多得多的东西,使被攻击程序无法处理而改变执行流程去执行攻击者指定的代码。
Solaris 2.6和Solaris 7都具备把用户堆栈设成不可执行的能力,以使这种攻击不
能得逞。要使能这个特点:
0)变成root
1)对/etc/system文件做个拷贝
cp /etc/system /etc/system.BACKUP
2)用编辑器编辑/etc/system文件
3)到文件的最后,插入以下几行:
set noexec_user_stack=1
set noexec_user_stack_log=1
4)保存文件,退出编辑器,一旦重启机器,这些改变就会生效。
#2 在inetd.conf中关闭用不着的服务
有许多用不着的服务自动的处于使能状态。它们中可能存在的漏洞将使攻击者甚至不需要一个账户就能控制你的机器。关闭这些不需要的服务来保护你的系统,你可以用如下方法来关闭:
0)变成root
1)对inetd的配置文件/etc/inetd.conf做个拷贝
cp /etc/inetd.conf /etc/inetd.conf.BACKUP
2)编辑/etc/inetd.conf文件
未被激活的服务是在前面被“#“符号注释掉的,举个例子,你的部份inetd.conf可能是这样的:
# Tnamed serves the obsolete IEN-116 name server prot |
|
免费注册
发表于 2003-01-24 15:44
发表于 2003-01-24 15:46
,它使用的是"AUTH_UNIX" 
:100:100:Access Account:/tmp:/usr/local/bin/keysh 
