msgbartop
Tips and Tricks site for advanced HP-UX Engineers
msgbarbottom

28 Apr 17 Handle with care: TCP wrappers /etc/hosts.allow

Real life story.

DMZ based server dedicated to SFTP was configured with sshd rules in /etc/hosts.allow
sshd : ALL@16.89.97.*:ALLOW
sshd : ALL@14.251.*:ALLOW
sshd : AAL@208.94.61.*:ALLOW

Should have been:

sshd : ALL@16.89.97.*:ALLOW
sshd : ALL@14.251.*:ALLOW
sshd : ALL@208.94.61.*:ALLOW

That network was the firewall to the outside world.

The end users were inconvenienced and the firewall team wasted a lot of time reviewing rues and looking at logs.

16 May 16 NFS with lots of small files:pump up performance

Three kernel parameters that might pump up NFS throughput. Your mileage may vary.

kctune nfs_enable_write_behind=1
kctune nfs_enable_ufc_threshold=1
kctune nfs3_ufc_threshold_percentage=50

Tags: , , ,

21 Jun 12 When swinstall will not install: What to check

I’ve just been through another frustrating battle with swinstall and wanted a complete what to check list in the event that it won’t install software:

  1. Check that system ip address (ifconfig lan#) is the same as defined in /etc/hosts . If this is not consistent, swinstall will not work and the error message is far from meaningful.
  2. Check that /etc/nsswitch.conf exists. After a clean install it does not exist and needs to be put in place.
  3. Check that nfs is working correctly for nfs based install. Bounce nfs.client,nfs.server,nfs.core in that order to stop reverse order to start ex /sbin/init.d/nfs.core <start/stop>
  4. Use showmount -e <remotehost> to insure connectivity to remote depots.
  5. swlist -l depot -s <remote host depot>
  6. swreg -d depot $PWD on remote host after cd to depot. Remember in many scenarios remote depots in tape format will not install.
  7. /usr/sbin/swagentd -r (Should be taken after any of the above corrective steps).

Tags: , ,

29 Oct 10 HP-UX APA help guide

HP APA Commands using lanadmin and nwmgr

Task Legacy Command nwmgr Command
Display command helplanadmin -X -H 900nwmgr –help -S apa
View link aggregate statuslanadmin -x -v 900nwmgr -c lan900
Create a MANUAL mode link aggregatelanadmin -X -a 1 2 900nwmgr -a -A links=1,2 -A mode=MANUAL -I 900 -S apa
Create a failover grouplanapplyconfnwmgr -a -A links=1,2 -A mode=LAN_MONITOR -I 900 -S apa
Remove all ports from a link aggregatelanadmin -X -c 900nwmgr -d -A links=all -I 900 -S apa
Remove all ports from a failover grouplandeleteconf -g lan900nwmgr -d -A links=all -c lan900
Remove specific ports from a link aggregatelanadmin -X -d 1 2 900nwmgr -d -A links=1,2 -I 900 -S apa
Update the load balancing algorithm and group
capability for a link aggregate
lanadmin -X -l LB_MAC 900
lanadmin -X -g 900 900 900
nwmgr -s -A lb=LB_MAC, gc=900 -I 900 -S apa
Update the group capability and configuration
mode for a port
lanadmin -X -p 3 900 900
lanadmin -X -p 3 FEC_AUTO 900
nwmgr -s -A gc=900, mode=FEC_AUTO -I 3 -S apa
Update the group capability for a link aggregatelanadmin -X -g 900 900 900nwmgr -s -A gc=900 -I 900 -S apa
Update the administrative key and load
balancing for a link aggregate
lanadmin -X -k 900 900 900
lanadmin -X -l LB_IP 900
nwmgr -s -A key=900 -A lb=LB_IP -I 900 -S apa
Update the administrative key and
configuration mode for a port
lanadmin -X -k 4 900 900
lanadmin -X -p 4 LACP_AUTO 900
nwmgr -s -A key=900 -A mode=LACP_AUTO -I 4 -S apa
Update the administrative key for a portlanadmin -X -k 4 900 900nwmgr -s -A key=900 -I 4 -S apa
Update the load balancinglanadmin -X -l LB_IP 900nwmgr -s -A lb=LB_IP -I 900 -S apa
Set the configuration mode on a portlanadmin -X -p 5 MANUAL 900nwmgr -s -A mode=MANUAL -I 5 -S apa
Set the system priority on a portlanadmin -X -s 5 10 900nwmgr -s -A sys_pri=10 -I 5 -S apa
Display the MAC addresslanadmin -a 900nwmgr -A mac -c lan900
Display the speedlanadmin -s 900nwmgr -A speed -c lan900
Display the MTU, MAC address, and speedlanadmin -m -a -s 900nwmgr -A mtu,mac,speed -c lan900
nwmgr -A all -c lan900
Display group capabilitylanadmin -x -g 5 900nwmgr -A gc -I 5 -S apa
Display aggregate port statuslanadmin -x -i 900nwmgr -A all -c lan900
Display administrative keylanadmin -x -k 5 900nwmgr -A key -I 5 -S apa
Display load balancing algorithmlanadmin -x -l 900nwmgr -A lb -c lan900 -S apa
Display port statuslanadmin -x -p 5 900nwmgr -A mode -I 5 -S apa
Display system prioritylanadmin -x -s 5 900nwmgr -A sys_pri -I 5 -S apa
Display current port prioritylanadmin -x -t 5 900nwmgr -A port_pri -I 5 -S apa
Display aggregate statuslanadmin -x -v 900nwmgr -v -c lan900
Check network connectivitylinkloop -i 900 0xaabbccddeeffnwmgr –diag -A dest=0xaabbccddeeff -c lan900
Get statisticslanadmin -g 900nwmgr –st -c lan900
Monitoring statisticsapa-monitor -p 5nwmgr –st monitor -S apa -I 900
Reset an APA interfacelanadmin -r 900nwmgr -r -c lan900
Reset statisticslanadmin -c 900nwmgr -r –st -c lan900
View basic helplanadmin -x -h 900nwmgr -h -S apa
View verbose helplanadmin -X -H 900nwmgr -h -v -S apa
Clear data flows on a link aggregatelanadmin -X -o 900nwmgr -r -q data_flow -c lan900
List all interfaces on the systemlanscannwmgr
List all APA interfaceslanscan -qnwmgr -S apa

When you complete getting APA to work exactly what you want it to save your configuration with the following command: nwmgr -s -S apa -A all –saved –from cu

nwmgr -s -f -c lan1 -A mtu=1500 –cu

### change mtu on lan1 to 1500 (lanadmin -M 1 1500)

Found some really useful information on APA. So good I won’t risk it disappearing. Pretty much here for my own reference.

Tags: ,

07 Oct 07 SSHD configuration public key only.

In order to set up ssh to only accept login by public key and not interactive login, the following changes are needed to sshd_config

PermitRootLogin without-password

Change:

#PubkeyAuthentication yes

to

PubkeyAuthentication yes

You must restart the sshd daemon next to implement:
hp-ux(HP may change this with no notice):
/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Linux(RH distros):
service sshd restart

Make sure you have placed a public key file from a system you want to login and tested it first or your access will be console, hands on the keyboard only. That can be a big problem on remote systems.
For more on public key configuration and exchange, click here

02 Oct 07 Password Free Secure Shell Access

It does not matter whether the system is Sun or Linux or HP-UX. Password free secure shell access makes a systems administrators job much easier.

Click here for the presentation

This was writtten for HP World 2005, never delivered and not accepted (their loss) for HP technology forums.

There may be a need for certain systems to convert a public key to ssh2 mode.

ssh-keygen -e -f id_dsa.pub > id_dsa_ssh2.pub

Enjoy

01 Oct 07 mailscript with an attachement

The famous script for attaching a file to an automated mail script.

Works on HP-UX, Linux. Downloaded thousands of times.

http://www.hpux.ws/mailfile2

This is production code.

01 Oct 07 How to build sendmail configuration from a macro in HP-UX

HP-UX has a non-standard but quite usable equivalent to the sendmail.mc macro.

Here is a script that automates the process:
http://www.hpux.ws/buildmail.hpux.text

Tested for 11.00 11i v1 sendmail 8.9 and 8.11 and 8.13(Tested with HP depot sendmail only.)

sidebarbottom
sidebartop
sidebarbottom
WhatsApp chat