October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Disable first time password change in AIX

Disable first time password change in AIX

 

How to disable first time password change in AIX?

Usually in AIX, if you change the password of a user, it will prompt the user to change his password when he login first time.

To disable this first time password change in AIX Server, Clear the ADMCHG flag of the user account.

To do this,

pwdadm -c  <USER_NAME>

Example:

#pwdadm –c testuser1

July 10th, 2012 | Category: AIX | Leave a comment

Open Files – Linux

Open Files – Linux

 

ope it will be useful to you as well..
You might have this scenario; Logfiles deleted while the process is still running. That’s annoying: On your Linux-Server the /var filesystem is nearly full. You remove a very large logfile that you don’t need with the rm command:
myserver1# df -Ph /var
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/root-var  7.1G  7.0G  100M  99% /var
myserver1# ls -l /var/log/myapp/userlog
myserver1# rm /var/log/myapp/userlog
myserver1# df -Ph /var
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/root-var  7.1G  7.0G  100M  99% /var
But what’s that? The filesystem is still full. With lsof you can see, that the logfile is still opened in write mode:
myserver1# lsof | grep var/log/myapp/userlog
myapp    25139      root   4w     REG      3,12       0    2101404 /var/log/myapp/userlog (deleted)
To actually free up the space you would have to stop the logging process. But since this might be a mission critical application this is not always an option. Is there any way to get rid of the file without stopping the logging process?
Find the deleted file’s representation under /proc
Actually we cannot remove the file as long as the file is still in use by a process. But what we can do is: Getting the size down to 0. Thanks to Linux’ enhanced /proc filesystem.
And that’s how you do it:
First find the process that still uses the file (we already did that – see above):
myserver1# lsof | grep var/log/myapp/userlog
myapp    25139      root   4w     REG      3,12       0    2101404 /var/log/myapp/userlog (deleted)
lsof tells us that a process with PID=25139 has opened the file (with number 4) in write mode. See the bolded part of the lsof output.
Knowing the PID of the process and the file number we can visit its representation under /proc:
myserver1# cd /proc/25139/fd
myserver1:/proc/25139/fd#  ls -l 4
lr-x—— 1 root root 64 2010-01-07 17:10 4 -> /var/log/myapp/userlog (deleted)
We can do almost everything with this file (called 4 here) what we can do with a real file: we can less it, copy it, and we can change its contents!
Free up the Space
As already said, we cannot remove the file, but what we can do is getting the size down to zero. And that’s done as with every other file, e.g. if you use bash (or ksh) – what is most likely under Linux:
myserver1# > /proc/25139/fd/4
myserver1# df -Ph /var
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/root-var  7.1G  4.9G  1.2G  69% /var
As we see there is again free space under /var, and the process is still running:
myserver1# lsof | grep var/log/myapp/userlog
myapp    25139      root   4w     REG      3,12       0        0  /var/log/myapp/userlog (deleted)
What more could be done…?
As said before you can work on this file as you work on real files. That means, you could even save this file and compress it before getting its size down to 0:
myserver1# cp /proc/25139/fd/4 /tmp/userlog
myserver1# gzip -9 /tmp/userlog
myserver1# mv /tmp/userlog.gz /var/log/myapp/userlog.1.gz
myserver1# > /proc/25139/fd/4
Final Remarks
This procedure helps you if you are in a pinch – but basically you should never remove such an open file, because you still have an issue here: The process still writes to this file – and the only way to see what it logs is to use the procedure to save the file as shown above.
So remember to bring the size down to 0 in the first place instead:
myserver1# > /var/log/myapp/userlog
This way the space in the filesystem is freed immediately – and you still see what your application is writing to this file.

July 10th, 2012 | Category: DISK, TIPS on Linux | Leave a comment

Configuring TCP Wrappers for Linux Security

Configuring TCP Wrappers

 

The TCP Wrappers package is installed by default on Fedora Linux and provides host-based security separate from that provided by a firewall running on the server itself or elsewhere.
The application relies on two main files:

/etc/hosts.allow: Defines the hosts and networks allowed to connect to the server. The TCP Wrappers enabled application searches this file for a matching entry, and if it finds one, then the connection is allowed.

/etc/hosts.deny: Defines the hosts and networks prohibited from connecting to the server. If a match is found in this file, the connection is denied. No match means the connection proceeds normally.

The /etc/hosts.allow file is always read first and both files are always read from top to bottom, therefore the ordering of the entries is important.

The TCP Wrappers File Format:


The format of the file is:

    <TCP-daemon-name> <client-list> : <option>


This example allows all traffic from the 192.168.5.0/24 and the 192.168.8.0/255.255.255.0 networks and SSH from only two hosts, 172.16.1.2 and 216.14.169.134. All HTTP Web traffic is allowed. All other TCP traffic to the host is denied. Notice how the subnet masks can use the slash nomenclature or the dotted decimal 255.255.255.0 format.

#
# File: hosts.allow
#
ALL:    192.168.5.0/24  192.168.8.0/255.255.255.0
sshd:   172.16.1.2  216.14.169.134
httpd:  ALL

#
# File: hosts.deny
#
ALL:    ALL

Determining the TCP Daemon’s Name:


The easiest way of determining the name of a daemon is to use the ps command and then use grep to filter for the name of the service. Here, the example quickly determines the daemon name (/usr/sbin/sshd) for the SSH server process. Because TCP Wrappers only requires the program name and not the path, sshd therefore becomes the entry to place in the TCP-daemon-name column of the configuration file.

[root@mysrv1 tmp]# ps -ef | grep -i ssh
root     10053     1  0 Nov06 ?        00:00:00 /usr/sbin/sshd
root     14145 10053  0 Nov13 ?        00:00:02 sshd: root@pts/1
root     18100 14148  0 21:56 pts/1    00:00:00 grep ssh
[root@mysrv1 tmp]#

For a full explanation of all the options available, refer to section 5 of the man pages for hosts_access:

[root@mysrv1 tmp]# man 5 hosts_access

TCP Wrappers is simple to implement, but you have to set them on every host. Management is usually easier on a firewall that protects the entire network.

July 10th, 2012 | Category: Security on Centos, TIPS on Linux | One comment

AIX Boot Process

AIX Boot Process

 

AIX Booting Process explained below.

Phases of the Boot Process:

1. Read Only Storage Kernel Init Phase

1. Motherboard is Checked
2. Bootlist is found
3. Boot image is read into memory
4. Initialization starts

2. Base Device Configuration Phase
1. All devices are configured with cfgmgr command

3. System Boot Phase
1. Logical volumes are varied on
2. Paging is started
3. /etc/inittab is processed
4. Relevant Services according to run level  starts. srcmstr daemon controls this

July 10th, 2012 | Category: AIX | Leave a comment

changing boot order in AIX

Changing boot order in AIX

What does the boot logical volume(blv) contains?

Contents of Boot Logical Volume in AIX

  • Kernal – Copy of /unix
  • LVM Commands
  • ODM Predefined Structure
  • ODM Customized Structure
  • rc.boot shell script


How to Listing and changing the current boot order in AIX

bootlist -m normal -o              – Lists the current bootlist
bootlist -m normal cd0 hdisk0   – To set cd0 and hdisk0 as first and second boot devices
bootlist -m service cd0 rmt0    – To change the bootlist for service mode

To find out whether a Hard drive is bootable

# ipl_varyon -i
PVNAME        BOOT DEVICE     PVID                                            VOLUME GROUP ID
hdisk0          YES             00c898eb372ea9410000000000000000        00c898eb00004c00
hdisk1          YES             00c898eb38483a300000000000000000        00c898eb00004c00
hdisk2          NO              00c898bbdd86318c0000000000000000        00c898bb00004c00

July 10th, 2012 | Category: AIX | One comment

Recreate BOOT LOGICAL VOLUME (BLV) in AIX

Recreate BOOT LOGICAL VOLUME (BLV) in AIX

(Eg:bad block in a disk might cause a corrupted BLV)

To fix this situation, You must boot your machine in maintenancemode, from a CD or Tape. If a NIM has been setup for a machine, you can also boot the machine from a NIM master in maintenance mode.

The bootlists are set using the bootlist command or through theSystem Management Services Progam (SMS). pressing F1 will go to SMS Mode.

then change the bootlist for service(maintenance) mode as 1st device to CD ROM.

#bootlist -m service cd0 hdisk0 hdisk1

then start maintenance mode for system recovery,

Access rootvg,

access this volum group to start a shell,

then recreate BLV using bosboot command.

#bosboot -ad /dev/hdisk0

it’s important that you do a proper shutdown, All changes need to be written from memory to disk.

#shutdown -Fr

Imp: bosboot command requires that boot logical volume hd5exists. If you wan create a BLV ( may be it had been deleted by mistake ), do the following,

1. boot your machine in maintenance mode,
2. Create a new hd5 logical volume, one PP size, must be inrootvg,specify boot as logical volume type,

#mklv -y hd5 -t boot rootvg 1

3. Then run bosboot command as described.

If you have an HMC, then at the time of booting select boot asSMS in the properties of that partition.

July 10th, 2012 | Category: AIX | 4 comments

Configuring Link Aggregation ( Network Bonding ) in AIX

Configuring Link Aggregation ( Network Bonding ) in AIX

 

Link aggregation means you can give one IP address to two network cards and connect to two different switches for redundancy purpose. In this only one network card will be activein one time, and when it got failed the other network card goes active and let us continue our work.

It is better to use through SMIT.

#smit

then goto

Devices > Communication > EtherChannel / IEEE 802.3ad Link Aggregation > Add An EtherChannel / Link Aggregation


here select the network card that you want to use, ie active.

Eg: select ent0

IMP : then select Mode as 8023ad

then select backup adapter for redundancy.(press F4 to show N/W adapters.)

Eg: ent1

press enter.

now ent0 and ent1 got bonded.

then automatically a virtual adapter will be created named ent2.

then put IP address and all to this virtual adapter.

#smit

Communications Applications and Services > TCP/IP > Minimum Configuration & Startup

here select ent2 ( new bonded virtual adapter )

put IP Address and all,

give start now option.

Now you are successfully completed Link aggregation and checkwhether it works or not by removing the 2nd cable to the network card and check ping, then put the 2nd cable and remove 1st cable. 2 – 3 drops normally occurs in my experience.

July 10th, 2012 | Category: AIX | Leave a comment

Disable Ping on Linux Server

Disable Ping on Linux Server

How do you disable ping to Linux server? Here is the quick steps:

To disable ping:

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To enable ping:

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

That’s all..!
July 10th, 2012 | Category: TIPS on Linux | Leave a comment

Clean reboot of hung Linux server

Clean reboot of hung Linux server

 

In day to day system administration job, you may come across the situation that your Linux server is hung or freeze and your system is not responding even  for Ctrl+Alt+Del in console itself and you must need to do a hard reboot by pressing reset button. As everyone know, the hard reboots is not good and can crash the File systems. so what to do now?
There is a way in Linux,
Hold down the Right Alt and SysRq keys and press this sequence:

  R E I S U B

This will cleanly unmount the drives, terminate the processes and nicely reboot your machine.

of course, To get this worked, you need to “enable” this feature on the running kernel first !

On 2.6 kernel

echo 1 > /proc/sys/kernel/sysrq

This will do the trick.

In Some distributions, you may have a way to enable this feature at boot time.
On Fedora and RHEL, edit the file /etc/sysctl.conf, and change the line kernel.sysrq = 0 to kernel.sysrq = 1
Hope this helps to some one..!
July 10th, 2012 | Category: TIPS on Linux | Leave a comment

How To do “Man in Middle” Attack using Ettercap

How To do “Man in Middle” Attack using Ettercap

 

“Man in Middle” Attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new and modified messages to one or both of them, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle). example in form of picture is shown below.

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

Installation: OpenSuSe 11.1 user can use “1-click” installer to install Ettercap – Here

Running Ettercap:You need to select a user interface (no default) using -T for Text only, -C for the Ncurses based GUI, or -G for the nice GTK2 interface (e.g) – # ettercap -G

Open Ettercap in graphical mode: # ettercap -G

Select the sniff mode: Sniff ? Unified sniffing and Scan for host inside your subnet Hosts ? Scan for hosts

See the  MAC and  IP addresses of the hosts inside your subnet: Hosts ? Hosts List, from this list Select the machines to poison

We chose to ARP poison only the windows machine 192.168.1.2 and the router 192.168.1.1.
Highlight the line containing 192.168.1.1 and click on the “target 1” button.
Highlight the line containing 192.168.1.2 and click on the “target 2” button.

Start the ARP poisoning: Mitm ? Arp poisoning and start the sniffer to see the activities

ARP TRAFFIC before the poisoning:
As you can see that the router and the Windows machine send an ARP broadcast to find the MAC address of the other.

No
1
2
3
4		 Source
11:22:33:44:55:66
11:22:33:44:11:11
11:22:33:44:11:11
11:22:33:44:55:66		 Destination
11:22:33:44:11:11
11:22:33:44:55:66
11:22:33:44:55:66
11:22:33:44:11:11		 Prot
ARP
ARP
ARP
ARP		 Info
who has 192.168.1.1? Tell 192.168.1.2
192.168.1.1 is at 11:22:33:44:11:11
who has 192.168.1.2? Tell 192.168.1.1
192.168.1.2 is at 11:22:33:44:55:66

ARP TRAFFIC after the poisoning
The router ARP broadcast request is answered by the Windows machine similarly than in the previous capture.

The difference between the two steps comes from the fact that there is no request coming from Windows (192.168.1.2) to find the MAC address associated to the router (192.168.1.1) because the poisoner continuously sends ARP packets telling the Windows machine that 192.168.1.1 is associated to his own MAC address (11:22:33:44:99:99) instead of the router MAC address (11:22:33:44:11:11).

No
1
2
3
4		 Source
11:22:33:44:11:11
11:22:33:44:55:66
11:22:33:44:99:99
11:22:33:44:99:99		 Destination
11:22:33:44:55:66
11:22:33:44:11:11
11:22:33:44:55:66
11:22:33:44:55:66		 Prot
ARP
ARP
ARP
ARP		 Info
who has 192.168.1.2? Tell 192.168.1.1
192.168.1.2 is at 11:22:33:44:55:66
192.168.1.1 is at 11:22:33:44:99:99
192.168.1.1 is at 11:22:33:44:99:99

 

July 10th, 2012 | Category: Hacking | Leave a comment
« Newer Entries  
  Older Entries »