msgbartop
Tips and Tricks site for advanced HP-UX Engineers
msgbarbottom

28 Apr 17 Handle with care: TCP wrappers /etc/hosts.allow

Real life story.

DMZ based server dedicated to SFTP was configured with sshd rules in /etc/hosts.allow
sshd : ALL@16.89.97.*:ALLOW
sshd : ALL@14.251.*:ALLOW
sshd : AAL@208.94.61.*:ALLOW

Should have been:

sshd : ALL@16.89.97.*:ALLOW
sshd : ALL@14.251.*:ALLOW
sshd : ALL@208.94.61.*:ALLOW

That network was the firewall to the outside world.

The end users were inconvenienced and the firewall team wasted a lot of time reviewing rues and looking at logs.

16 May 16 NFS with lots of small files:pump up performance

Three kernel parameters that might pump up NFS throughput. Your mileage may vary.

kctune nfs_enable_write_behind=1
kctune nfs_enable_ufc_threshold=1
kctune nfs3_ufc_threshold_percentage=50

Tags: , , ,

21 Jun 12 When swinstall will not install: What to check

I’ve just been through another frustrating battle with swinstall and wanted a complete what to check list in the event that it won’t install software:

  1. Check that system ip address (ifconfig lan#) is the same as defined in /etc/hosts . If this is not consistent, swinstall will not work and the error message is far from meaningful.
  2. Check that /etc/nsswitch.conf exists. After a clean install it does not exist and needs to be put in place.
  3. Check that nfs is working correctly for nfs based install. Bounce nfs.client,nfs.server,nfs.core in that order to stop reverse order to start ex /sbin/init.d/nfs.core <start/stop>
  4. Use showmount -e <remotehost> to insure connectivity to remote depots.
  5. swlist -l depot -s <remote host depot>
  6. swreg -d depot $PWD on remote host after cd to depot. Remember in many scenarios remote depots in tape format will not install.
  7. /usr/sbin/swagentd -r (Should be taken after any of the above corrective steps).

Tags: , ,

29 Oct 10 HP-UX APA help guide

HP APA Commands using lanadmin and nwmgr

Task Legacy Command nwmgr Command
Display command help lanadmin -X -H 900 nwmgr –help -S apa
View link aggregate status lanadmin -x -v 900 nwmgr -c lan900
Create a MANUAL mode link aggregate lanadmin -X -a 1 2 900 nwmgr -a -A links=1,2 -A mode=MANUAL -I 900 -S apa
Create a failover group lanapplyconf nwmgr -a -A links=1,2 -A mode=LAN_MONITOR -I 900 -S apa
Remove all ports from a link aggregate lanadmin -X -c 900 nwmgr -d -A links=all -I 900 -S apa
Remove all ports from a failover group landeleteconf -g lan900 nwmgr -d -A links=all -c lan900
Remove specific ports from a link aggregate lanadmin -X -d 1 2 900 nwmgr -d -A links=1,2 -I 900 -S apa
Update the load balancing algorithm and group
capability for a link aggregate
lanadmin -X -l LB_MAC 900
lanadmin -X -g 900 900 900
nwmgr -s -A lb=LB_MAC, gc=900 -I 900 -S apa
Update the group capability and configuration
mode for a port
lanadmin -X -p 3 900 900
lanadmin -X -p 3 FEC_AUTO 900
nwmgr -s -A gc=900, mode=FEC_AUTO -I 3 -S apa
Update the group capability for a link aggregate lanadmin -X -g 900 900 900 nwmgr -s -A gc=900 -I 900 -S apa
Update the administrative key and load
balancing for a link aggregate
lanadmin -X -k 900 900 900
lanadmin -X -l LB_IP 900
nwmgr -s -A key=900 -A lb=LB_IP -I 900 -S apa
Update the administrative key and
configuration mode for a port
lanadmin -X -k 4 900 900
lanadmin -X -p 4 LACP_AUTO 900
nwmgr -s -A key=900 -A mode=LACP_AUTO -I 4 -S apa
Update the administrative key for a port lanadmin -X -k 4 900 900 nwmgr -s -A key=900 -I 4 -S apa
Update the load balancing lanadmin -X -l LB_IP 900 nwmgr -s -A lb=LB_IP -I 900 -S apa
Set the configuration mode on a port lanadmin -X -p 5 MANUAL 900 nwmgr -s -A mode=MANUAL -I 5 -S apa
Set the system priority on a port lanadmin -X -s 5 10 900 nwmgr -s -A sys_pri=10 -I 5 -S apa
Display the MAC address lanadmin -a 900 nwmgr -A mac -c lan900
Display the speed lanadmin -s 900 nwmgr -A speed -c lan900
Display the MTU, MAC address, and speed lanadmin -m -a -s 900 nwmgr -A mtu,mac,speed -c lan900
nwmgr -A all -c lan900
Display group capability lanadmin -x -g 5 900 nwmgr -A gc -I 5 -S apa
Display aggregate port status lanadmin -x -i 900 nwmgr -A all -c lan900
Display administrative key lanadmin -x -k 5 900 nwmgr -A key -I 5 -S apa
Display load balancing algorithm lanadmin -x -l 900 nwmgr -A lb -c lan900 -S apa
Display port status lanadmin -x -p 5 900 nwmgr -A mode -I 5 -S apa
Display system priority lanadmin -x -s 5 900 nwmgr -A sys_pri -I 5 -S apa
Display current port priority lanadmin -x -t 5 900 nwmgr -A port_pri -I 5 -S apa
Display aggregate status lanadmin -x -v 900 nwmgr -v -c lan900
Check network connectivity linkloop -i 900 0xaabbccddeeff nwmgr –diag -A dest=0xaabbccddeeff -c lan900
Get statistics lanadmin -g 900 nwmgr –st -c lan900
Monitoring statistics apa-monitor -p 5 nwmgr –st monitor -S apa -I 900
Reset an APA interface lanadmin -r 900 nwmgr -r -c lan900
Reset statistics lanadmin -c 900 nwmgr -r –st -c lan900
View basic help lanadmin -x -h 900 nwmgr -h -S apa
View verbose help lanadmin -X -H 900 nwmgr -h -v -S apa
Clear data flows on a link aggregate lanadmin -X -o 900 nwmgr -r -q data_flow -c lan900
List all interfaces on the system lanscan nwmgr
List all APA interfaces lanscan -q nwmgr -S apa

Found some really useful information on APA. So good I won’t risk it disappearing. Pretty much here for my own reference.

Tags: ,

07 Oct 07 SSHD configuration public key only.

In order to set up ssh to only accept login by public key and not interactive login, the following changes are needed to sshd_config

PermitRootLogin without-password

Change:

#PubkeyAuthentication yes

to

PubkeyAuthentication yes

You must restart the sshd daemon next to implement:
hp-ux(HP may change this with no notice):
/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Linux(RH distros):
service sshd restart

Make sure you have placed a public key file from a system you want to login and tested it first or your access will be console, hands on the keyboard only. That can be a big problem on remote systems.
For more on public key configuration and exchange, click here

02 Oct 07 Password Free Secure Shell Access

It does not matter whether the system is Sun or Linux or HP-UX. Password free secure shell access makes a systems administrators job much easier.

Click here for the presentation

This was writtten for HP World 2005, never delivered and not accepted (their loss) for HP technology forums.

There may be a need for certain systems to convert a public key to ssh2 mode.

ssh-keygen -e -f id_dsa.pub > id_dsa_ssh2.pub

Enjoy

01 Oct 07 mailscript with an attachement

The famous script for attaching a file to an automated mail script.

Works on HP-UX, Linux. Downloaded thousands of times.

http://www.hpux.ws/mailfile2

This is production code.

01 Oct 07 How to build sendmail configuration from a macro in HP-UX

HP-UX has a non-standard but quite usable equivalent to the sendmail.mc macro.

Here is a script that automates the process:
http://www.hpux.ws/buildmail.hpux.text

Tested for 11.00 11i v1 sendmail 8.9 and 8.11 and 8.13(Tested with HP depot sendmail only.)