2017-08-18

AIX: New password requires a minimum of 1 elapsed week between changes.

Got an error message when I tried changing root's password subsequently.

New password requires a minimum of 1 elapsed week between changes.
Only the system administrator can change this password.

Solution is to use the NOCHECK of pwdadm command.

AIX xxxndsap01 1 7 00EA1A4B6C00
$ sudo pwdadm -f NOCHECK root; sudo chpasswd < .2017R4_root.pwd

2017-08-11

Adding "HP Repo" in Linux

To be able to install few missing drivers/tools for HP Proliant, did some research on how to do it and here in my post that by adding "HP repo" this can be real quick and easy.

$ wget https://downloads.linux.hpe.com/SDR/add_repo.sh
--2017-07-25 16:39:13--  https://downloads.linux.hpe.com/SDR/add_repo.sh
Resolving downloads.linux.hpe.com... 16.248.64.116
Connecting to downloads.linux.hpe.com|16.248.64.116|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 22183 (22K) [application/x-sh]
Saving to: “add_repo.sh”
100%[======================================================================================================================>] 22,183      --.-K/s   in 0.1s 
2017-07-25 16:39:14 (161 KB/s) - “add_repo.sh” saved [22183/22183]

$ sudo sh add_repo.sh spp
$ sudo yum repolist
Loaded plugins: product-id, refresh-packagekit, search-disabled-repos, security, subscription-manager, versionlock
HP-spp                                                                                                                                   | 2.5 kB     00:00   
HP-spp/primary_db                                                                                                                        | 1.7 MB     00:04   
repo id                                                           repo name                                                                               status
HP-spp                                                            HP Software Delivery Repository for spp                                                  1,361
rhel-6-server-rpms                                                Red Hat Enterprise Linux 6 Server (RPMs)                                                19,615
repolist: 20,976

$ sudo yum install hp-health hpssacli hpssa hpssacli
Loaded plugins: product-id, refresh-packagekit, search-disabled-repos, security, subscription-manager, versionlock
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package hp-health.x86_64 0:10.50-1826.38.rhel6 will be updated
---> Package hp-health.x86_64 0:10.60-1833.33.rhel6 will be an update
---> Package hpssa.x86_64 0:2.40-13.0 will be installed
---> Package hpssacli.x86_64 0:2.40-13.0 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================
 Package                              Arch                              Version                                         Repository                         Size
================================================================================================================================================================
Installing:
 hpssa                                x86_64                            2.40-13.0                                       HP-spp                            9.1 M
 hpssacli                             x86_64                            2.40-13.0                                       HP-spp                             11 M
Updating:
 hp-health                            x86_64                            10.60-1833.33.rhel6                             HP-spp                            324 k
Transaction Summary
================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)
Total download size: 21 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): hp-health-10.60-1833.33.rhel6.x86_64.rpm                                                                                          | 324 kB     00:00   
(2/3): hpssa-2.40-13.0.x86_64.rpm                                                                                                        | 9.1 MB     00:22   
(3/3): hpssacli-2.40-13.0.x86_64.rpm                                                                                                     |  11 MB     00:26   
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                           392 kB/s |  21 MB     00:53   
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Upgrade
  Using Proliant Standard
        IPMI based System Health Monitor
 
  Shutting down NIC Agent Daemon (cmanicd): [  OK  ]

  Shutting down Storage Event Logger (cmaeventd): [  OK  ]
  Shutting down FCA agent (cmafcad): [  OK  ]
  Shutting down SAS agent (cmasasd): [  OK  ]
  Shutting down IDA agent (cmaidad): [  OK  ]
  Shutting down IDE agent (cmaided): [  OK  ]
  Shutting down SCSI agent (cmascsid): [  OK  ]
  Shutting down Health agent (cmahealthd): [  OK  ]
  Shutting down Standard Equipment agent (cmastdeqd): [  OK  ]
  Shutting down Host agent (cmahostd): [  OK  ]
  Shutting down Threshold agent (cmathreshd): [  OK  ]
  Shutting down RIB agent (cmasm2d): [  OK  ]
  Shutting down Performance agent (cmaperfd): [  OK  ]
  Shutting down SNMP Peer (cmapeerd): [  OK  ]
  Shutting down Proliant Standard
        IPMI based System Health Monitor (hpasmlited): [  OK  ]
Waiting for hp-asrd[6119 6118] to terminate
HP Advanced Server Recovery Daemon Terminated[  OK  ]
  Updating   : hp-health-10.60-1833.33.rhel6.x86_64                                                                                                         1/4
Please read the Licence Agreement for this software at
         /opt/hp/hp-health/hp-health.license
By not removing this package, you are accepting the terms
of the "HPE Proliant Essentials Software End User License Agreement".
  Using Proliant Standard
        IPMI based System Health Monitor
  Starting Proliant Standard
        IPMI based System Health Monitor (hpasmlited):
   OK  ]
Starting HP Advanced Server Recovery Daemon[  OK  ]
The hp-health RPM has installed successfully.
  Installing : hpssa-2.40-13.0.x86_64                                                                                                                       2/4
  Installing : hpssacli-2.40-13.0.x86_64                                                                                                                    3/4
  Cleanup    : hp-health-10.50-1826.38.rhel6.x86_64                                                                                                         4/4
  Verifying  : hpssacli-2.40-13.0.x86_64                                                                                                                    1/4
  Verifying  : hpssa-2.40-13.0.x86_64                                                                                                                       2/4
  Verifying  : hp-health-10.60-1833.33.rhel6.x86_64                                                                                                         3/4
  Verifying  : hp-health-10.50-1826.38.rhel6.x86_64                                                                                                         4/4
Installed:
  hpssa.x86_64 0:2.40-13.0                                                      hpssacli.x86_64 0:2.40-13.0                                                   
Updated:
  hp-health.x86_64 0:10.60-1833.33.rhel6                                                                                                                     
Complete!

$ whereis hpssacli
hpssacli: /usr/sbin/hpssacli /usr/man/man8/hpssacli.8.gz

2017-08-04

Using CDPR to check information about network switch and port

I have posted in the past on my previous blog about how to discover this network information and this is using tcpdump.  Now I needed to post about the use of CDPR - Cisco Discovery Protocol Reporter so as not to forget this, after all this is quite useful tool.

$ hostname
benue

$ sudo rpm -ivh ftp://195.220.108.108/linux/epel/6/x86_64/cdpr-2.4-1.el6.x86_64.rpm
Retrieving ftp://195.220.108.108/linux/epel/6/x86_64/cdpr-2.4-1.el6.x86_64.rpm
warning: /var/tmp/rpm-tmp.8ET6wR: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:cdpr                   ########################################### [100%]

$ sudo cdpr -d bond0
cdpr - Cisco Discovery Protocol Reporter
Version 2.4
Copyright (c) 2002-2010 - MonkeyMental.com

Using Device: bond0
Waiting for CDP advertisement:
(default config is to transmit CDP packets every 60 seconds)
Device ID
  value:  sdkbn2p01nn053(SSI160209PE)
Addresses
  value:  10.200.190.130
Port ID
  value:  Ethernet100/1/8

2017-07-20

/usr/bin/which: no qaucli

One of my colleague from Backup team requested to check why our media servers don't have the utility qaucli installed.  So I did some research and found out how to install it.

Source download:  http://driverdownloads.qlogic.com/ and choose the QConvergeConsole CLI for Linux under Management Tools.  And how I am able to get the information, I just did the following:

I went to one of our media servers who has this utility installed.

# qaucli -v
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /root
QConvergeConsole
CLI - Version 1.1.4 (Build 65)
Copyright (C) 2015 QLogic Corporation
Build Type: Release
Build Date: Sep 23 2015 12:47:50 
# which qaucli
/usr/local/bin/qaucli 
# yum whatprovides '*qaucli*'
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
rhel-x86_64-server-6                                                                                                                     | 1.8 kB     00:00  
https://mirrors.dotsrc.org/fedora-epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
http://mirror.vutbr.cz/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Trying other mirror.
http://mirror.nl.leaseweb.net/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Trying other mirror.
https://anorien.csc.warwick.ac.uk/mirrors/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
https://mirrors.nic.cz/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
epel/filelists_db                                                                                                                        | 7.7 MB     00:03  
rhel-x86_64-server-6/filelists                                                                                                           |  33 MB     00:04  
QConvergeConsoleCLI-1.1.04-65.x86_64 : QConvergeConsole Command Line Interface
Repo        : installed
Matched from:
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli_contents.dat
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/libiscsi-qaucli-preun.sh
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/libiscsi-qaucli-post.sh
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli

So that's how I figured it out.  So I simply downloaded it (can't do it directly as there's an agreement box so I just copied over from my Windows machine to our NFS server).  Three media servers don't have this utility so I installed them as well via SSH thru for-do loop (of course I ensured that I can logon to these servers using my SSH keys to skip the password prompt).

$ for i in koios leto zefyr; do ssh -q $i.bck.corp.nnit.org -t "hostname; sudo yum install /depot/linux/sw_store/drivers_utils/utils/qlogic/QConvergeConsoleCLI-2.1.00-11.x86_64.rpm -y"; done

And to verify that it's working, I tried running the tool.

$ for i in dione koios leto zefyr; do ssh -q $i.bck.corp.nnit.org -t "sudo qaucli -iport"; echo -e "***********\r\n"; done                  
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106E Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FC-CD
               WWPN: 51-40-2E-C0-00-F3-FC-CC
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FC-CF
               WWPN: 51-40-2E-C0-00-F3-FC-CE
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106T Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-85
               WWPN: 51-40-2E-C0-00-F3-57-84
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-87
               WWPN: 51-40-2E-C0-00-F3-57-86
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717102M Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FA-D9
               WWPN: 51-40-2E-C0-00-F3-FA-D8
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FA-DB
               WWPN: 51-40-2E-C0-00-F3-FA-DA
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717102X Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FA-FD
               WWPN: 51-40-2E-C0-00-F3-FA-FC
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FA-FF
               WWPN: 51-40-2E-C0-00-F3-FA-FE
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106U Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-89
               WWPN: 51-40-2E-C0-00-F3-57-88
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-8B
               WWPN: 51-40-2E-C0-00-F3-57-8A
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106V Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-8D
               WWPN: 51-40-2E-C0-00-F3-57-8C
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-8F
               WWPN: 51-40-2E-C0-00-F3-57-8E
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C971710MW Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-5F-4D
               WWPN: 51-40-2E-C0-00-F3-5F-4C
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-5F-4F
               WWPN: 51-40-2E-C0-00-F3-5F-4E
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C971710N0 Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-5F-5D
               WWPN: 51-40-2E-C0-00-F3-5F-5C
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-5F-5F
               WWPN: 51-40-2E-C0-00-F3-5F-5E
***********


Using NetBackup's BPRESTORE command for File Restoration

Got a request today to restore files on /opt/oracle/diag/rdbms/pasx06p/PASX06P/trace and placing them to /data/ora_fra01/diag and since I am a bit lazy and lots of work to do, I did not do it on the GUI.

I used this reference as guide: How to run bprestore

On the destination server I prepared the following files (I am doing the restore on same source and target machine).

$ cat restorefiles.in
change /opt/oracle/diag/rdbms/pasx06p/PASX06P/trace/* to /data/ora_fra01/diag

$ cat filelist.in
/opt/oracle/diag/rdbms/pasx06p/PASX06P/trace

$ sudo /usr/openv/netbackup/bin/bprestore -s 05/19/2017 00:00:00 -e 05/27/2017 00:00:00 -L /tmp/restore-170719.log -R /tmp/restorefiles.in -f /tmp/filelist.in 

Now I am checking on the NetBackup Master Server the status of the job.

# bpdbjobs | grep uxmach01 | head -1
232661         Backup  Done      0                       BRMC_ORACLE_ARCHIVE_SILVER    pasx06tp_archive      uxmach01.np.lan       nbubkmast01      28589      No        

Done!  Files have been restored.

$ ls -l /data/ora_fra01/diag | wc -l
1076


2017-07-17

Connecting to PostgreSQL via command line

Got an alarm that this server has high CPU and memory usage.  So I am posting this as it's been quite a while since I used PostgreSQL.

$ cat /etc/redhat-release; uname -r
Red Hat Enterprise Linux Server release 5.7 (Tikanga)
2.6.18-274.12.1.el5

$ free -g | awk '/Mem:/ {print "Physical Memory: " $2 "GB."} /cache:/ {print "Resident: " $3 "GB."}'
Physical Memory: 15GB.
Resident: 4GB.

# su - postgres
-bash-3.2$ psql
Welcome to psql 8.2.13, the PostgreSQL interactive terminal.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

postgres=# \list
        List of databases
   Name    |  Owner   | Encoding
-----------+----------+-----------
 dmon2     | postgres | SQL_ASCII
 postgres  | postgres | SQL_ASCII
 template0 | postgres | SQL_ASCII
 template1 | postgres | SQL_ASCII
(4 rows)

postgres=# \connect postgres
You are now connected to database "postgres".

postgres-# \dt *.
                        List of relations
       Schema       |          Name           | Type  |  Owner
--------------------+-------------------------+-------+----------
 information_schema | sql_features            | table | postgres
 information_schema | sql_implementation_info | table | postgres
 information_schema | sql_languages           | table | postgres
 information_schema | sql_packages            | table | postgres
 information_schema | sql_parts               | table | postgres
 information_schema | sql_sizing              | table | postgres
 information_schema | sql_sizing_profiles     | table | postgres
(7 rows)

postgres=# SELECT procpid, datname, usename, query_start, current_query FROM pg_stat_activity ORDER BY backend_start DESC;
 procpid | datname  | usename  |          query_start          |                                                  current_query                                                
---------+----------+----------+-------------------------------+-----------------------------------------------------------------------------------------------------------------
   18523 | postgres | postgres | 2017-07-17 11:32:50.468531+02 | SELECT procpid, datname, usename, query_start, current_query FROM pg_stat_activity ORDER BY backend_start DESC;
   26119 | dmon2    | postgres | 2017-07-17 11:31:28.19822+02  | <IDLE>
   29143 | dmon2    | postgres | 2017-07-17 11:32:38.642829+02 | <IDLE>
    3436 | dmon2    | postgres | 2017-05-07 14:40:08.272183+02 | <IDLE>
   11059 | dmon2    | postgres | 2017-07-17 11:32:45.481078+02 | <IDLE>
   11006 | dmon2    | postgres | 2017-07-17 11:31:17.727868+02 | <IDLE>
   10977 | dmon2    | postgres | 2017-07-17 11:31:24.22136+02  | <IDLE>
   10974 | dmon2    | postgres | 2017-07-17 11:30:54.889548+02 | <IDLE>
   10966 | dmon2    | postgres | 2017-07-17 11:32:49.523143+02 | <IDLE>
   10963 | dmon2    | postgres | 2017-07-17 11:32:47.432331+02 | <IDLE>
   10960 | dmon2    | postgres | 2017-07-17 11:31:57.597219+02 | <IDLE>
   10957 | dmon2    | postgres | 2017-07-17 11:32:50.064883+02 | SELECT *, to_unixtime(schedtime) as uschedtime FROM v_rt_backend_checkqueue ORDER BY random()+1 LIMIT 300 ;
(12 rows)

postgres-# \q

Checking max_connections and shared_buffers seems fine.  And the kernel.shmmax seems OK too.

$ sudo cat /etc/sysctl.conf | grep shmmax
kernel.shmmax = 68719476736

$ sudo cat /var/lib/pgsql/data/postgresql.conf | egrep -i 'max_connections|shared_buffers' | grep -v '^#'
max_connections = 100                   # (change requires restart)
shared_buffers = 512MB                  # min 128kB or max_connections*16kB

Funny thing was, after I increased the /opt and /data3, seems that processes for postmaster went down.

$ sudo top -b -n 1 | head -n 24
top - 13:12:36 up 81 days, 22:23,  2 users,  load average: 1.54, 1.27, 1.23
Tasks: 250 total,   1 running, 249 sleeping,   0 stopped,   0 zombie
Cpu(s): 21.9%us,  4.0%sy,  0.0%ni, 72.1%id,  1.6%wa,  0.1%hi,  0.4%si,  0.0%st
Mem:  16436100k total, 16297896k used,   138204k free,  1285472k buffers
Swap: 12582904k total,      124k used, 12582780k free, 10205132k cached
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                          
11910 root      15   0 54636  14m 1884 S 10.9  0.1   3812:57 isdn30                                                                                          
11052 root      15   0 72076  16m 2560 S  3.6  0.1   9547:11 ciscoenv                                                                                        
10954 root      15   0 69496  32m 1248 S  1.8  0.2   6168:40 checkd                                                                                          
11050 root      15   0  102m  42m 2756 S  1.8  0.3   2456:42 cisconx-env                                                                                      
22844 root      15   0 31676 3336 1980 R  1.8  0.0   0:00.06 top                                                                                              
    1 root      15   0 10368  692  580 S  0.0  0.0   0:02.19 init                                                                                            
    2 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/0                                                                                      
    3 root      34  19     0    0    0 S  0.0  0.0   0:09.30 ksoftirqd/0                                                                                      
    4 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/1                                                                                      
    5 root      34  19     0    0    0 S  0.0  0.0   0:00.20 ksoftirqd/1                                                                                      
    6 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/2                                                                                      
    7 root      34  19     0    0    0 S  0.0  0.0   0:00.20 ksoftirqd/2                                                                                      
    8 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/3                                                                                      
    9 root      34  19     0    0    0 S  0.0  0.0   0:00.19 ksoftirqd/3                                                                                      
   10 root      10  -5     0    0    0 S  0.0  0.0   0:01.57 events/0                                                                                        
   11 root      10  -5     0    0    0 S  0.0  0.0   0:00.26 events/1                                                                                        
   12 root      10  -5     0    0    0 S  0.0  0.0   0:00.24 events/2

2017-07-14

Scheduling a user's job using command 'at'

I just thought of creating a schedule job using the Linux command 'at'.  Here's what I did.

$ at -t 1707141900
at> sudo yum install kernel-2.6.32-642.13.2.el6 kernel-devel-2.6.32-642.13.2.el6 kernel-headers-2.6.32-642.13.2.el6 kernel-firmware-2.6.32-642.13.2.el6 redhat-release-server-6Server-6.8*.el6 -y
at> sudo yum -x kernel*,redhat-release* update -y --nogpgcheck
at> sudo reboot
at> <EOT>
job 2 at 2017-07-14 19:00

$ atq
2       2017-07-14 19:00 a mmond

There have been some instances that you want to run the job on a different schedule, so it's in man pages and lots of examples from the web. But below are the ones I used which are pretty much straight-forward.

at 7 pm Tuesday
at now +5 minutes

Now I played around and see if I can patch the test server and reboot it afterwards.  And to display the content of my job id #2, I use "at -c 2".

$ at -c 2
#!/bin/sh
# atrun uid=8811 gid=804
# mail mmond 0
umask 22
HOSTNAME=dksvrlog01.a.globalhosting.net; export HOSTNAME
SHELL=/usr/bin/ksh; export SHELL
HISTSIZE=1000; export HISTSIZE
SSH_CLIENT=10.16.120.18\ 11986\ 22; export SSH_CLIENT
QTDIR=/usr/lib64/qt-3.3; export QTDIR
QTINC=/usr/lib64/qt-3.3/include; export QTINC
SSH_TTY=/dev/pts/1; export SSH_TTY
USER=mmond; export USER
LS_COLORS=rs=0:di=01\;34:ln=01\;36:mh=00:pi=40\;33:so=01\;35:do=01\;35:bd=40\;33\;01:cd=40\;33\;01:or=40\;31\;01:mi=01\;05\;37\;41:su=37\;41:sg=30\;43:ca=30\;41:tw=30\;42:ow=34\;42:st=37\;44:ex=01\;32:\*.tar=01\;31:\*.tgz=01\;31:\*.arj=01\;31:\*.taz=01\;31:\*.lzh=01\;31:\*.lzma=01\;31:\*.tlz=01\;31:\*.txz=01\;31:\*.zip=01\;31:\*.z=01\;31:\*.Z=01\;31:\*.dz=01\;31:\*.gz=01\;31:\*.lz=01\;31:\*.xz=01\;31:\*.bz2=01\;31:\*.tbz=01\;31:\*.tbz2=01\;31:\*.bz=01\;31:\*.tz=01\;31:\*.deb=01\;31:\*.rpm=01\;31:\*.jar=01\;31:\*.rar=01\;31:\*.ace=01\;31:\*.zoo=01\;31:\*.cpio=01\;31:\*.7z=01\;31:\*.rz=01\;31:\*.jpg=01\;35:\*.jpeg=01\;35:\*.gif=01\;35:\*.bmp=01\;35:\*.pbm=01\;35:\*.pgm=01\;35:\*.ppm=01\;35:\*.tga=01\;35:\*.xbm=01\;35:\*.xpm=01\;35:\*.tif=01\;35:\*.tiff=01\;35:\*.png=01\;35:\*.svg=01\;35:\*.svgz=01\;35:\*.mng=01\;35:\*.pcx=01\;35:\*.mov=01\;35:\*.mpg=01\;35:\*.mpeg=01\;35:\*.m2v=01\;35:\*.mkv=01\;35:\*.ogm=01\;35:\*.mp4=01\;35:\*.m4v=01\;35:\*.mp4v=01\;35:\*.vob=01\;35:\*.qt=01\;35:\*.nuv=01\;35:\*.wmv=01\;35:\*.asf=01\;35:\*.rm=01\;35:\*.rmvb=01\;35:\*.flc=01\;35:\*.avi=01\;35:\*.fli=01\;35:\*.flv=01\;35:\*.gl=01\;35:\*.dl=01\;35:\*.xcf=01\;35:\*.xwd=01\;35:\*.yuv=01\;35:\*.cgm=01\;35:\*.emf=01\;35:\*.axv=01\;35:\*.anx=01\;35:\*.ogv=01\;35:\*.ogx=01\;35:\*.aac=01\;36:\*.au=01\;36:\*.flac=01\;36:\*.mid=01\;36:\*.midi=01\;36:\*.mka=01\;36:\*.mp3=01\;36:\*.mpc=01\;36:\*.ogg=01\;36:\*.ra=01\;36:\*.wav=01\;36:\*.axa=01\;36:\*.oga=01\;36:\*.spx=01\;36:\*.xspf=01\;36:; export LS_COLORS
A__z=\"\*SHLVL; export A__z
PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin; export PATH
MAIL=/var/spool/mail/mmond; export MAIL
PWD=/home/mmond; export PWD
LANG=en_US.UTF-8; export LANG
MODULEPATH=/usr/share/Modules/modulefiles:/etc/modulefiles; export MODULEPATH
LOADEDMODULES=; export LOADEDMODULES
HISTCONTROL=ignoredups; export HISTCONTROL
SHLVL=2; export SHLVL
HOME=/home/mmond; export HOME
LOGNAME=mmond; export LOGNAME
QTLIB=/usr/lib64/qt-3.3/lib; export QTLIB
CVS_RSH=ssh; export CVS_RSH
SSH_CONNECTION=10.16.120.18\ 11986\ 10.225.34.32\ 22; export SSH_CONNECTION
MODULESHOME=/usr/share/Modules; export MODULESHOME
LESSOPEN=\|\|/usr/bin/lesspipe.sh\ %s; export LESSOPEN
G_BROKEN_FILENAMES=1; export G_BROKEN_FILENAMES
cd /home/mmond || {
         echo 'Execution directory inaccessible' >&2
         exit 1
}
${SHELL:-/bin/sh} << 'marcinDELIMITER48cb17a0'
sudo yum install kernel-2.6.32-642.13.2.el6 kernel-devel-2.6.32-642.13.2.el6 kernel-headers-2.6.32-642.13.2.el6 kernel-firmware-2.6.32-642.13.2.el6 redhat-release-server-6Server-6.8*.el6 -y
sudo yum -x kernel*,redhat-release* update -y --nogpgcheck
sudo reboot
marcinDELIMITER48cb17a0


And I received a mail stating each commands executed.  Awesome!

2017-07-13

Problem moving (and copying) files with wildcard

Today I was approached by my colleague to help him rename files that have a starting character of hyphen "-".  I tried double quotes and single quote but it is not working.  Odd that I haven't encountered this for my last 3 years in Unix/Linux.

mv: invalid option -- 2
Try `mv --help' for more information.

Good thing I have searched around and find about the use of "./".  So I am posting it here.

# ls
-13:36:37.tgz  -13:36:56.tgz  -13:37:02.tgz
-13:36:53.tgz  -13:36:59.tgz  -13:37:05.tgz

Files have been generated via script, I just wonder what went wrong with that.  So I needed to rename it with hostname as its prefix.

# ls | while read i; do echo $i; mv ./$i `hostname`-`date +%Y%j%N`.tar.gz; done; ls -l
-13:36:37.tgz
-13:36:53.tgz
-13:36:56.tgz
-13:36:59.tgz
-13:37:02.tgz
-13:37:05.tgz
total 312
-rw-r--r-- 1 root root 17988 Jul 13 13:30 bucmes001.global.hosting.net-2017194000141000.tar.gz
-rw-r--r-- 1 root root 55112 Jul 13 13:30 bucmes001.global.hosting.net-2017194002990000.tar.gz
-rw-r--r-- 1 root root 59228 Jul 13 13:30 bucmes001.global.hosting.net-2017194005274000.tar.gz
-rw-r--r-- 1 root root 58821 Jul 13 13:30 bucmes001.global.hosting.net-2017194007552000.tar.gz
-rw-r--r-- 1 root root 59889 Jul 13 13:30 bucmes001.global.hosting.net-2017194010266000.tar.gz
-rw-r--r-- 1 root root 38151 Jul 13 13:30 bucmes001.global.hosting.net-2017194996296000.tar.gz

So everything works now!

2017-07-07

Using shpass and ssh-copy-id

I am about to do some little automation on getting information for 200+ Linux servers (and few Solaris boxes too), basically checking if the server has Samba installed and if it is vulnerable to CVE-2017-7494 so I used the script I got.  But of course this can be easily done with any vulnerability scanner like Qualys or Rapid7 (this article seems cool as Metasploit module has been released since 25th of May).

  • Most servers are authenticated via LDAP.
  • Few servers are restricted to country where I reside, and it seems to have a local account only (so I need to manually keep track on them).
  • I will use SSH for key-less login.

mmond@nx05[42]:~> ls -l ~/.ssh/
total 280
-rw------- 1 mmond domain users    407 Jan 30 10:01 authorized_keys
-r-------- 1 mmond domain users     25 Jul  6 23:33 config
-rwx------ 1 mmond domain users   1679 Jan 12 09:48 id_rsa
-rwx------ 1 mmond domain users    407 Jan 12 09:48 id_rsa.pub
-rwx------ 1 mmond domain users 269770 Jul  6 23:37 known_hosts
mmond@nx05[42]:~> chmod 0400 ~/.ssh/id_rsa*
mmond@nx05[42]:~> ls -l ~/.ssh/id_rsa.pub
-r-------- 1 mzmo domain users 407 Jan 12 09:48 /home/AD/mmond/.ssh/id_rsa.pub
mmond@nx05[42]:~> echo "$Jr80UizAC3" > Notes/cust/net/mit_pwd
mmond@nx05[42]:~> chmod 0400 Notes/cust/net/mit_pwd
mmond@nx05[42]:~> for i in $(cat Notes/cust/net/servers.list); do sshpass -f Notes/cust/net/mit_pwd ssh-copy-id -i /home/ADNOC/mmond/.ssh/id_rsa.pub -o StrictHostKeyChecking=no nnit-mmond@$i; done
....
....
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh -o 'StrictHostKeyChecking=no' 'nnit-mmond@taipei.net.hosted-global.local'"
and check to make sure that only the key(s) you wanted were added.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
mmond@nx05[42]:~> rm -rf Notes/cust/net/mit_pwd

All set. =)  I have removed my password since I won't be needing it.  So now, I will check if these Solaris boxes have Samba installed using the svcs command.  But I hope I can come up with another approach.

mmond@nx05[42]:~> for i in $(cat Notes/cust/net/temp.out)
> do
> ssh -q nnit-mmond@$i -t 'hostname; if (("$(sudo svcs | grep -i samba | wc -l)" <= 0)) ; then echo "Samba is not installed"; fi';
> done  

And from the above, all Solaris boxes do not have Samba installed which is good!

In addition, Oracle Support supplemented me with the following information (and they are  not providing any vulnerability script check just as what I got from Red hat):

Doc ID 1448883.1 (asks for Oracle login credentials) lists the fixes for this and other security alerts.

In short, in Solaris 11.3 the fix has been incorporated into sru20.6, so if you are running an sru with a higher(or equal to)  number than that you have our fix for the issue.

For Solaris 10, the following patches are available

sparc: 119757-40
x86: 119758-40

We will not be supplying a script to test for vulnerability.

2017-05-10

Extending filesystem in HP-UX 11.31

My first post for the month after my paternity leave. Just warming up again as I am handling fewer HP-UX boxes these days.

[bagana:root]/ # uname -a
HP-UX bagana B.11.31 U ia64 3221436675 unlimited-user license

[bagana:root]/ # bdf /data/ora_data02
Filesystem          kbytes    used   avail %used Mounted on
/dev/vgora03/lvora_data02
                   1155072000 1076903944 77557984   93% /data/ora_data02

[bagana:root]/ # ioscan -fnNC disk
Class     I  H/W Path  Driver S/W State   H/W Type     Description
===================================================================
disk      1  64000/0xfa00/0x1   esdisk   CLAIMED     DEVICE       HP      LOGICAL VOLUME
                      /dev/disk/disk1      /dev/disk/disk1_p2   /dev/rdisk/disk1     /dev/rdisk/disk1_p2
                      /dev/disk/disk1_p1   /dev/disk/disk1_p3   /dev/rdisk/disk1_p1  /dev/rdisk/disk1_p3
..........
..........
disk    200  64000/0xfa00/0x47  esdisk   CLAIMED     DEVICE       EMC     SYMMETRIX
                      /dev/disk/disk200   /dev/rdisk/disk200
disk    227  64000/0xfa00/0x48  esdisk   CLAIMED     DEVICE       EMC     SYMMETRIX
                      /dev/disk/disk227   /dev/rdisk/disk227

[bagana:root]/ # /usr/local/tools/inq.hpux64 -sym_wwn -nodots | egrep -i '01C11|01C17'
/dev/rdisk/disk200   000292604097   01C11     60000970000292604097533031433131
/dev/rdisk/disk227   000292604097   01C17     60000970000292604097533031433137
/dev/rdsk/c19t4d5    000292604097   01C11     60000970000292604097533031433131
/dev/rdsk/c19t4d6    000292604097   01C17     60000970000292604097533031433137
/dev/rdsk/c21t4d5    000292604097   01C11     60000970000292604097533031433131
/dev/rdsk/c21t4d6    000292604097   01C17     60000970000292604097533031433137
/dev/rdsk/c23t4d5    000292604097   01C11     60000970000292604097533031433131
/dev/rdsk/c23t4d6    000292604097   01C17     60000970000292604097533031433137
/dev/rdsk/c25t4d5    000292604097   01C11     60000970000292604097533031433131
/dev/rdsk/c25t4d6    000292604097   01C17     60000970000292604097533031433137

[bagana:root]/ # ls -alit /dev/rdisk/disk* | head
  2951 crw-r-----   1 bin        sys         13 0x000048 May  9 15:15 /dev/rdisk/disk227
  2937 crw-r-----   1 bin        sys         13 0x000047 May  9 15:14 /dev/rdisk/disk200
  2891 crw-r-----   1 bin        sys         13 0x000046 May  3 10:03 /dev/rdisk/disk189
  2860 crw-r-----   1 bin        sys         13 0x000045 Apr 13 14:27 /dev/rdisk/disk164
  2792 crw-r-----   1 bin        sys         13 0x000044 Mar  4 03:29 /dev/rdisk/disk147
  2457 crw-r-----   1 bin        sys         13 0x000043 Nov 17 14:30 /dev/rdisk/disk116
  2661 crw-r-----   1 bin        sys         13 0x000042 Sep  4  2016 /dev/rdisk/disk29
  2995 crw-r-----   1 bin        sys         13 0x00003b Sep  1  2016 /dev/rdisk/disk222
  2993 crw-r-----   1 bin        sys         13 0x00003a Sep  1  2016 /dev/rdisk/disk221
  2430 crw-r-----   1 bin        sys         13 0x000040 Sep  1  2016 /dev/rdisk/disk10

[bagana:root]/ # vgdisplay -v vgora03 | grep "PV Name" | awk -F " " '{print $3}'
/dev/disk/disk80
/dev/disk/disk118
/dev/disk/disk187
/dev/disk/disk147

[bagana:root]/ # for i in $(vgdisplay -v vgora03 | grep "PV Name" | awk -F " " '{print $3}' | sed 's,/disk/,/rdisk/,g')
> do
> diskinfo $i;
> echo "\r";
> done
SCSI describe of /dev/rdisk/disk80:
             vendor: EMC    
         product id: SYMMETRIX      
               type: direct access
               size: 314576640 Kbytes
   bytes per sector: 512

SCSI describe of /dev/rdisk/disk118:
             vendor: EMC    
         product id: SYMMETRIX      
               type: direct access
               size: 314576640 Kbytes
   bytes per sector: 512

SCSI describe of /dev/rdisk/disk187:
             vendor: EMC    
         product id: SYMMETRIX      
               type: direct access
               size: 314576640 Kbytes
   bytes per sector: 512

SCSI describe of /dev/rdisk/disk147:
             vendor: EMC    
         product id: SYMMETRIX      
               type: direct access
               size: 314576640 Kbytes
   bytes per sector: 512
 
[bagana:root]/ # diskinfo /dev/rdisk/disk227
SCSI describe of /dev/rdisk/disk227:
             vendor: EMC    
         product id: SYMMETRIX      
               type: direct access
               size: 314576640 Kbytes
   bytes per sector: 512
[bagana:root]/ # diskinfo /dev/rdisk/disk220
SCSI describe of /dev/rdisk/disk220:
             vendor: EMC    
         product id: SYMMETRIX      
               type: direct access
               size: 314576640 Kbytes
   bytes per sector: 512
 
[bagana:root]/ # /usr/local/tools/inq.hpux64 -sym_wwn -nodots | egrep -i 'disk227|disk200|disk80|disk118|disk187|disk147'
/dev/rdisk/disk80    000292604097   05985     60000970000292604097533035393835
/dev/rdisk/disk118   000292604097   05029     60000970000292604097533035303239
/dev/rdisk/disk147   000292604097   05E34     60000970000292604097533035453334
/dev/rdisk/disk187   000292604097   05B5A     60000970000292604097533035423541
/dev/rdisk/disk200   000292604097   01C11     60000970000292604097533031433131
/dev/rdisk/disk227   000292604097   01C17     60000970000292604097533031433137

[bagana:root]/ # pvcreate /dev/rdisk/disk200
Physical volume "/dev/rdisk/disk200" has been successfully created.
[bagana:root]/ # pvcreate /dev/rdisk/disk227
Physical volume "/dev/rdisk/disk227" has been successfully created.

[bagana:root]/ # vgextend /dev/vgora03 /dev/disk/disk200
Volume group "/dev/vgora03" has been successfully extended.
Volume Group configuration for /dev/vgora03 has been saved in /etc/lvmconf/vgora03.conf
[bagana:root]/ # vgextend /dev/vgora03 /dev/disk/disk227
Volume group "/dev/vgora03" has been successfully extended.
Volume Group configuration for /dev/vgora03 has been saved in /etc/lvmconf/vgora03.conf

[bagana:root]/ # pvchange -t 90 /dev/disk/disk200
Physical volume "/dev/disk/disk200" has been successfully changed.
Volume Group configuration for /dev/vgora03 has been saved in /etc/lvmconf/vgora03.conf
[bagana:root]/ # pvchange -t 90 /dev/disk/disk227
Physical volume "/dev/disk/disk227" has been successfully changed.
Volume Group configuration for /dev/vgora03 has been saved in /etc/lvmconf/vgora03.conf

[bagana:root]/ # scsimgr set_attr -D /dev/rdisk/disk200 -a max_q_depth=64
Value of attribute max_q_depth set successfully
[bagana:root]/ # scsimgr set_attr -D /dev/rdisk/disk227 -a max_q_depth=64
Value of attribute max_q_depth set successfully

[bagana:root]/ # vgdisplay -v vgora03
--- Volume groups ---
VG Name                     /dev/vgora03
VG Write Access             read/write    
VG Status                   available                
Max LV                      255  
Cur LV                      1    
Open LV                     1    
Max PV                      128  
Cur PV                      6    
Act PV                      6    
Max PE per PV               30000      
VGDA                        12
PE Size (Mbytes)            32            
Total PE                    57594  
Alloc PE                    35250  
Free PE                     22344  
Total PVG                   0      
Total Spare PVs             0            
Total Spare PVs in use      0                    
VG Version                  1.0      
VG Max Size                 120000g  
VG Max Extents              3840000      

   --- Logical volumes ---
   LV Name                     /dev/vgora03/lvora_data02
   LV Status                   available/syncd          
   LV Size (Mbytes)            1128000        
   Current LE                  35250    
   Allocated PE                35250      
   Used PV                     4      


   --- Physical volumes ---
   PV Name                     /dev/disk/disk80
   PV Status                   available              
   Total PE                    9599  
   Free PE                     0      
   Autoswitch                  On      
   Proactive Polling           On              

   PV Name                     /dev/disk/disk118
   PV Status                   available              
   Total PE                    9599  
   Free PE                     0      
   Autoswitch                  On      
   Proactive Polling           On              

   PV Name                     /dev/disk/disk187
   PV Status                   available              
   Total PE                    9599  
   Free PE                     0      
   Autoswitch                  On      
   Proactive Polling           On              

   PV Name                     /dev/disk/disk147
   PV Status                   available              
   Total PE                    9599  
   Free PE                     3146  
   Autoswitch                  On      
   Proactive Polling           On              

   PV Name                     /dev/disk/disk200
   PV Status                   available              
   Total PE                    9599  
   Free PE                     9599  
   Autoswitch                  On      
   Proactive Polling           On              

   PV Name                     /dev/disk/disk227
   PV Status                   available              
   Total PE                    9599  
   Free PE                     9599  
   Autoswitch                  On      
   Proactive Polling           On              

[bagana:root]/ # lvdisplay /dev/vgora03/lvora_data02
--- Logical volumes ---
LV Name                     /dev/vgora03/lvora_data02
VG Name                     /dev/vgora03
LV Permission               read/write              
LV Status                   available/syncd          
Mirror copies               0          
Consistency Recovery        MWC                
Schedule                    parallel    
LV Size (Mbytes)            1128000        
Current LE                  35250    
Allocated PE                35250      
Stripes                     0      
Stripe Size (Kbytes)        0                  
Bad block                   NONE        
Allocation                  strict                  
IO Timeout (Seconds)        default

[bagana:root]/ # vgdisplay vgora03 | egrep "PE Size|Free PE"
PE Size (Mbytes)            32            
Free PE                     22344

[bagana:root]/ # echo 32*22344 | bc -l
715008
[bagana:root]/ # echo 32*35250 | bc -l
1128000
[bagana:root]/ # echo 715008+1128000 | bc -l
1843008

[bagana:root]/ # lvextend -L 1843008 /dev/vgora03/lvora_data02
Logical volume "/dev/vgora03/lvora_data02" has been successfully extended.
Volume Group configuration for /dev/vgora03 has been saved in /etc/lvmconf/vgora03.conf

[bagana:root]/ # fsadm -F vxfs -b 1843008M /data/ora_data02
UX:vxfs fsadm: INFO: V-3-25942: /dev/vgora03/rlvora_data02 size increased from 1155072000 sectors to 1887240192 sectors

[bagana:root]/ # bdfgigs /data/ora_data02
File-System                Gbytes    Used   Avail %Used Mounted on
/dev/vgora03/lvora_data02    1800    1027     767   57% /data/ora_data02

2017-04-10

Solving tampered system files in AIX

We have a cron script that checks for system files' integrity.  Output shows below.

Malicious Software Prevention, Detection and Correction:
FAIL System files have been tampered with (check output of "trustchk -n ALL" on server for details)

I find this document quite informative and this link as well.

[ldsap04:root]/ # trustchk -n ALL
trustchk: /etc/security/ldap/ldap.cfg: Verification of attributes failed: group mode
trustchk: /lib/wpars/unloadwpar: Verification of attributes failed: accessauths innateprivs inheritprivs

[ldsap04:root]/ # trustchk -t /etc/security/ldap/ldap.cfg
trustchk: Verification of attributes failed: group
Change the file group for /etc/security/ldap/ldap.cfg? [(y)es,(n)o,(i)gnore all errors]: yes
trustchk: Verification of attributes failed: mode
Change the file mode for /etc/security/ldap/ldap.cfg? [(y)es,(n)o,(i)gnore all errors]: yes
trustchk: Verification of stanza failed:
[ldsap04:root]/ # trustchk -u /etc/security/ldap/ldap.cfg

[ldsap04:root]/ # trustchk -t /lib/wpars/unloadwpar
trustchk: Verification of attributes failed: accessauths
Stanza /lib/wpars/unloadwpar has accessauths value "aix.wpar" in /etc/security/privcmds and value "" in TSD.
Change the value in /etc/security/privcmds to that as in TSD? [(y)es,(n)o,(i)gnore all errors]: yes
trustchk: Verification of attributes failed: innateprivs
Stanza /lib/wpars/unloadwpar has innateprivs value "PV_AZ_ADMIN,PV_FS_CHOWN,PV_KER_WLM,PV_KER_WPAR,PV_NET_CNTL,PV_NET_PORT,PV_PROC_PRIV,PV_WPAR_CKPT" in /etc/security/privcmds and value "" in TSD.
Change the value in /etc/security/privcmds to that as in TSD? [(y)es,(n)o,(i)gnore all errors]: yes
trustchk: Verification of attributes failed: inheritprivs
Stanza /lib/wpars/unloadwpar has inheritprivs value "PV_DAC_R,PV_DAC_W,PV_DAC_O,PV_DAC_X,PV_DEV_CONFIG,PV_DEV_QUERY,PV_DEV_LOAD" in /etc/security/privcmds and value "" in TSD.
Change the value in /etc/security/privcmds to that as in TSD? [(y)es,(n)o,(i)gnore all errors]: yes
trustchk: Verification of stanza failed:

[ldsap04:root]/ # trustchk -u /lib/wpars/unloadwpar

[ldsap04:root]/ # trustchk -n ALL
Now the compliance check is PASS.

And according to MANual pages of trustchk, the parameters I used above are:

       -n
            stderr. error file. To check all of the entries in the TSD, use the ALL parameter. To scan the entire system or directories for TROJAN detection, use with tree parameter.

       -t
            Specifies the auditing mode and indicates that errors are to be reported with a prompt asking whether the error should be fixed. To check all of the entries in TSD, use the ALL
            option. To scan the entire system or directories for TROJAN detection, use with tree parameter.

       -q
            Queries the TSD for a file name. Prints the entire list of security attributes, for example, stanza for the specified file name. To retrieve all of the entries of the TSD, use the
            ALL parameter instead of listing file path names.