Zivo NiX BLog

###BASH Command Chaining/Logical ANDing/ORing###

Command Chaining:

TO run a -> b -> c

ls -lF /etc; pwd;who;ps

Logical ANDing:

Program b will execute only if program a was executed
a&&b&&c

Programs mutually inclusive
Returns a exit status 0 and then run b exit status 0 and then run C

Logical ANDing - runs subsequent based on exit status of 0

ls -l /etc/resolv.conf && grep name /etc/resolv.conf

Logical ORing:

Run subsequent program based on failure of previous

ls -l /etc/resolve.conf || grep name /etc/resolv.conf

Example:

If the file text.txt doesnt exist you can create with ORing

ls -l test.txt || touch test.txt

Combining ANDing ORing

-bash-3.00$ ls -l text.txt || touch test.txt && ls -ltr test.txt
text.txt: No such file or directory
-rw-r--r-- 1 carlosap other 0 Aug 22 00:13 test.txt


BASH for LOOPS

text.txt
1
2
3

LOOPS SYNTAX:
for variable in list; do command variable; done


-bash-3.00$ for i in `cat test.txt`; do echo $i; done
1
2
3
-bash-3.00$ for i in `cat test.txt`; do echo test$i; done
test1
test2
test3


FYI, I managed to do this by booting from a remote Jumpstart image - in single user, and then using the following command:

raidctl -c c0t0d0 c0t1d0

Just booting to single user won’t let you do this - you have to be booted from something other than c0t0d0 or c0t1d0, i.e. CD or a jumpstart image.

Redirection Basics:

( < )STDIN - where to get input. i.e. keyboard, file
( > ) STDOUT - where to send processed info. i.e. Monitor, file
STDERR - where to send program error. i.e. monitor, background, file

< - STDDIN
> - STDOUT - This redirects STDOUT from screen (default) to a file

>> - STDOUT - This represents APPEND mode

< - STDIN is usually read from a keyboard (console) or file

| - PIPE - connects output of one program to input of another program

awk field processor - searches lines and tokenizes fields.


-bash-3.00$ ls -lF /etc | grep rc | awk '{ print $1,$2,$8 }'
-rw-r--r-- 1 2007
lrwxrwxrwx 1 14:15
drwxr-xr-x 2 22:23
lrwxrwxrwx 1 14:15
drwxr-xr-x 2 22:23
lrwxrwxrwx 1 14:15
drwxr-xr-x 2 12:02
lrwxrwxrwx 1 14:15
drwxr-xr-x 2 22:23
lrwxrwxrwx 1 14:15
lrwxrwxrwx 1 14:15
lrwxrwxrwx 1 14:15
drwxr-xr-x 2 22:23
drwxr-xr-x 3 14:15
drwxr-xr-x 6 14:22
-rw-r--r-- 1 09:00
-rwxr-xr-x 1 2007
-rwxr-xr-x 1 2004


STDIN - 0
STDOUT - 1
STDERR - 2

-bash-3.00$ ls archivo_que_no_existe
archivo_que_no_existe: No such file or directory
-bash-3.00$ echo $?
2


to instruct ls to redirect file descriptor number two to a file

-bash-3.00$ ls archivo_que_no_existe 2> error.txt
-bash-3.00$ echo $?
2


ls archivo_queno_Existe 2> error.txt - redirects STDERR to file named ‘error.txt’

/dev/null –> all is discarted

-bash-3.00$ ls archivoquenoexiste 2>/dev/null
-bash-3.00$ echo $?
2


continua….
Final de STDERR y BASHH SHELL COMMAND CHAINING

-bash-3.00# who
pedro pts/1 Aug 20 12:35 (172.16.2.80)
pedro pts/2 Aug 20 13:06 (172.16.2.80)
-bash-3.00# w
2:32pm up 2:02, 2 users, load average: 0.46, 0.46, 0.42
User tty login@ idle JCPU PCPU what
pedro pts/1 12:35pm 50 21:16 14 sysbench --test=oltp --oltp-tabl
pedro pts/2 1:06pm 1 -bash


Current Terminal Session:

-bash-3.00# tty
/dev/pts/2
-bash-3.00#


w/who - reveals currently opened ttys/pts (pseudo-terminals)

tty - reveals the current tty

Basic Shell Commands:

pwd

List Directory using long format reveals type, permissions, timestamp info, size
-bash-3.00# ls -lF || ls -F
total 40
drwxr-xr-x 3 root root 512 Aug 18 13:10 InstallShield/
-rw-r--r-- 1 root root 18665 Aug 11 22:21 servicios.txt


echo $? Returns the exit status of recently-executed command
touch - creates a zero lenght file and optionally atlers timestamp

Common Pagers:
more, less

wc - counts words in documents and lines

A handy Solaris 10 command: fcinfo
Filed under: Solaris, Storage — christianbilien @ 4:14 pm

One the most useful new command I found in Solaris 10 is fcinfo, a command line interface that will display information on HBA ports on a host, but also many useful bits of information on connected storage remote port WWN, raid type, link status,etc.

root # fcinfo hba-port -l

The following sequence of commands allows remote access to WBEM-based applications, including the Solaris Management Console.

# svccfg -s svc:/application/management/wbem setprop options/tcp_listen = true
# svcadm refresh svc:/application/management/wbem

groupadd / groupmod / newgrp / groups

The file that stores group information is:

/etc/group


bash-3.00# cat /etc/group
root::0:
other::1:root
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
mail::6:root
tty::7:root,adm
lp::8:root,adm
nuucp::9:root
staff::10:
daemon::12:root
sysadmin::14:
smmsp::25:
gdm::50:
webservd::80:
postgres::90:
nobody::60001:
noaccess::60002:
nogroup::65534:
mysql::100:
sasl::101:


columns:
group_name : optional_password : GID : list_ofmembers (comma-delimeted)

Groups are basically use to restric or permit access to resources.


-bash-3.00# groups
root other bin sys adm uucp mail tty lp nuucp daemon

-bash-3.00# groups paco
other


To create groups ‘groupadd’

max 8 caracteres.


-bash-3.00# groupadd learn
-bash-3.00# groupadd -g 10000 learn2

Rules regarding groups:

A user can belong to 1 primary group and up to 15 secondary groups

Primary groups: permit the operating system to assing a default group to object (files/directories)

Secondary groups: permit subjects (users) the flexibility to access various group-protected resources.

To show primary group:


-bash-3.00# id
uid=0(root) gid=0(root)

How to assign existing user(s) to a newly-create group?

usermod -G group1,group2,group3
usermod -G learngroup paco

#### How to create new user and assing the user to the ‘training’ secondary group? ###

useradd -G training -s /usr/bin/bash pedro

### How to change default/primary group temporarily ? ####

groups
newgrp group_name

with no options will return to the primary default group

newgrp

next Solaris MGMT. Console ….

####### User Management - Shell based tools #######

useradd - adds users to /etc/passwd /etc/shadow


-bash-3.00# ls -ltr passwd shadow
-r-------- 1 root sys 422 Aug 11 04:54 shadow
-rw-r--r-- 1 root sys 834 Aug 11 05:43 passwd

shadow file is readable only by the root user for security purposes

passwd file is flag world redable

Example /etc/passwd entry:


root:x:0:0:Super-User:/root:/usr/bin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:

username: x : uid : gid : description : home dir : default shell

username
x indicates that the password is located in the /etc/shadow
(uid) user id
(gid) group id
(description field) comment or person full name
(user home directory)
(Default Shell )

Note: root’s uid/gid values are always 0
Note: values 0 - 99 for uid/gid are reserved for System ID’s
Note: Max uid/gid = 2 billion, however, try not to exceed 60,000

Shadow File /etc/shadow

root:abbaabbaabba:6445::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::


username : encrypted_password : num of days sinces epoch password chaged : min hold period : max hold period: num of days prior to expiration to issue warning : inactivity limit : expiration date using unix epoch : failed _ login _ count

Note: Unix Expoch was Jan. 1 , 1970

##### useradd #####
useradd paco

/etc/passwd
paco:x:100:1::/home/paco:/bin/sh

/etc/shadow
paco:*LK*:::::::

grep 1 group

other::1:root
staff::10:
daemon::12:root
sysadmin::14:
nobody::60001:
mysql::100:
sasl::101:


Note: *LK* = password is not been set

Default algorithms password is weak
Password algorithms are defined in /etc/security/policy.conf

#### Change default Crypt Algorithms __unix__ to md5 #####

# The Solaris default is the traditional UNIX algorithm. This is not
# listed in crypt.conf(4) since it is internal to libc. The reserved
# name __unix__ is used to refer to it.
#
#CRYPT_DEFAULT=__unix__
#CRYPT_DEFAULT=md5


Other Algorithms

# crypt(3c) Algorithms Configuration
#
# CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
# be used for new passwords. This is enforced only in crypt_gensalt(3c).
#
CRYPT_ALGORITHMS_ALLOW=1,2a,md5


note: 2a is stronger than md5 ( blowfish algorithms )

Identifier
Description
Algorithm Man Page

1 The MD5 algorithm that is compatible with MD5 algorithms on BSD and Linux systems.

2a The Blowfish algorithm that is compatible with the Blowfish algorithm on BSD systems.

md5 The Sun MD5 algorithm, which is considered stronger than the BSD and Linux version of MD5.

__unix__ The traditional UNIX encryption algorithm. This algorithm is the default module in the policy.conf file.

####### usermod ‘Users attributes’ ##########

usermod -d /export/home/paco


-bash-3.00# usermod
UX: usermod: ERROR: Invalid syntax.
usage: usermod -u uid [-o] | -g group | -G group[[,group]…] |
-d dir [-m] | -s shell | -c comment |
-l new_logname | -f inactive | -e expire |
-A authorization [, authorization ...] | -K key=value … |
-P profile [, profile ...] | -R role [, role ...] login

######## change user shell ##########

-bash-3.00#usermod -s /usr/bin/bash

####### To change user’s password use ‘passwd’ command ########

########Controlling the default password lenght policy ##########

cat /etc/default/passwd


#ident "@(#)passwd.dfl 1.7 04/04/22 SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
MAXWEEKS=
MINWEEKS=
PASSLENGTH=6


Next: Group Managemnet Shell…

###### Service Management with ‘inetadm’ #########

-bash-3.00# which inetadm
/usr/sbin/inetadm


inetadm controls INETD services

Note: INETD is a super-server which proxies connections to servers
( such as telnet )

client -> INETD -> telnet

Note: INETD services are traditionally defined in /etc/inetd.conf

Telnet is enabled by default


-bash-3.00# inetadm |grep online | wc -l
19



bash-3.00# svcs -l telnet
fmri svc:/network/telnet:default
name Telnet server
enabled true
state online
next_state none
state_time Sun Aug 10 18:17:33 2008
restarter svc:/network/inetd:default
contract_id 106

Note: inetadm permits control of key/value or name/value pairs of services.


bash-3.00# inetadm -?
Usage:
inetadm
inetadm -?
inetadm -p
inetadm -l {FMRI | pattern}...
inetadm -e {FMRI | pattern}...
inetadm -d {FMRI | pattern}...
inetadm -m {FMRI | pattern}... {name=value}...
inetadm -M {name=value}...

inetadm -d FMRI - disables services
inetadm -e FMRI - enables services


-bash-3.00# inetadm -l telnet
SCOPE NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10


inetadm modify


-bash-3.00# inetadm -m svc:/network/telnet:default bind_addr="127.0.0.1"
-bash-3.00# echo $?

inetadm -m svc:/network/telnet:default bind_addr=”"

Global Values for inetadm

-bash-3.00# inetadm -p
NAME=VALUE
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=FALSE
tcp_wrappers=FALSE
connection_backlog=10


INETD ( effect changes globally. i.e. bind_address, etc.)
-telnet
-ftfpd (effect changes services scope based. i.e. bind_address )


bash-3.00# inetadm -?
Usage:
inetadm
inetadm -?
inetadm -p
inetadm -l {FMRI | pattern}...
inetadm -e {FMRI | pattern}...
inetadm -d {FMRI | pattern}...
inetadm -m {FMRI | pattern}... {name=value}...
inetadm -M {name=value}...

change global settings

inetadm -M max_copies=10


-bash-3.00# which svcadm
/usr/sbin/svcadm
-bash-3.00# svcadm
Usage: svcadm [-v] [cmd [args ... ]]

Maintenance mode: Example Upgrade a service

Once completed maintenance mode, you have to clear

#### Service Management with svcadm ######

Disable service:

svcadm disable FMRI

svcadm disable -s FMRI - stops each service instance

svcadm disable -s sendmail - stop default instance

svcadm disable -t FMRI - effects temporary disable ( when systems reboots it will start )

Note: svcadm really delegates service management to default restarter. i.e. svc.startd


0-bash-3.00# grep svc /etc/inittab
# For modifying parameters passed to ttymon, use svccfg(1m) to modify
# # svccfg
# svc:> select system/console-login
# svc:/system/console-login> setprop ttymon/terminal_type = "xterm"
# svc:/system/console-login> exit
smf::sysinit:/lib/svc/bin/svc.startd >/dev/msglog 2<>/dev/msglog

Enable service:

svcadm enable FMRI - enables FMRI accross ALL reboots
svcadm enable -t FMRI - enables FMRI for current sessions ( test, developers )
svcadm enable -r FMRI - ALL dependencies are enabled ( recursive switch )
svcadm enable -s FMRI - enables each service instance

svcadm -v refresh smtp ( reread configuration files of smtp, same PID)

svcadm -v restart smtp ( new PIDS)

PIDS

-bash-3.00# svcs -p smtp
STATE STIME FMRI
online 0:36:17 svc:/network/smtp:sendmail
0:36:17 1219 sendmail
0:36:17 1220 sendmail