A system engineer's notes: HP-UX

Showing posts with label HP-UX. Show all posts

Sunday, 20 November 2016

Disabling password aging in HP-UX

Disabling password aging in any operating system is a security risk but if the concerned system is intended for some sort of file transfer use like automated sftp file transfers then dealing with disabled passwords every couple of months can cause some issues.
This article describes the process to to disable password aging policy globally for all users in HP-UX.

We'll be using SAM for this. So, as root user type sam on the command line & the SAM TUI menu will open.

From there navigate to Auditing & security > System security policies

At the System security policies menu press the space bar to edit the policies.

From here you can see that password aging is currently enabled. You can disable it & press ok to save changes.

Saturday, 2 July 2016

Unlocking user accounts on trusted systems

Steps for unlocking user accounts:

1. Check if the account is locked in the first place using the following command:

/usr/lbin/getprpw username

Check the lockout field. If any of the bits is a 1 instead of 0 then that implies that

Account is locked..

2. Type the following command to unlock the account:

/usr/lbin/modprpw -k username

3. Type the following command to extend the user’s password by 90 days if it’s expired

/usr/lbin/modprpw -v username

To change user’s password:

Type the following command:

passwd username

Rename device file for a tape drive

After the reboot or if the ioscan –fnC tape shows the below output:-

[server1:/opt/atdd/bin]# ioscan -fnC tape

Class I H/W Path Driver S/W State H/W Type Description

===============================================================

tape 0 0/5/1/0.9.12.0.0.0.1 atdd CLAIMED DEVICE IBM ULTRIUM-TD2

/dev/rmt/0m /dev/rmt/0mnr /dev/rmt/c22t0d1BESTnb /dev/rmt/s0mnb

/dev/rmt/0mb /dev/rmt/c22t0d1BEST /dev/rmt/s0m

/dev/rmt/0mn /dev/rmt/c22t0d1BESTb /dev/rmt/s0mb

/dev/rmt/0mnb /dev/rmt/c22t0d1BESTn /dev/rmt/s0mn

------------------------------------------------------------------------------------------------------------

So to change from 0mn to 1mn check with below commands:-

[server1:/opt/atdd/bin]# /opt/atdd/bin/atdd_mksf –h ---à For Help

[server1:/opt/atdd/bin]# /opt/atdd/bin/atdd_mksf –c -à The command for listing the commands for creating the special files as shown below.

mknod /dev/rmt/atdd.dbg c 118 0xFFFFFd

mknod /dev/rmt/atdd.cfg c 118 0xFFFFFc

rm -f /dev/rmt/atdd.ctrl

mknod /dev/rmt/atdd.ctrl c 118 0xFFFFFa

mknod /dev/rmt/0m c 118 0x160100

mknod /dev/rmt/0mb c 118 0x160180

mknod /dev/rmt/0mn c 118 0x160140

mknod /dev/rmt/0mnb c 118 0x1601c0

mknod /dev/rmt/0mnr c 118 0x16014b

rm -f /dev/rmt/c22t0d1BEST

mknod /dev/rmt/c22t0d1BEST c 118 0x160100

rm -f /dev/rmt/c22t0d1BESTb

mknod /dev/rmt/c22t0d1BESTb c 118 0x160180

rm -f /dev/rmt/c22t0d1BESTn

mknod /dev/rmt/c22t0d1BESTn c 118 0x160140

rm -f /dev/rmt/c22t0d1BESTnb

mknod /dev/rmt/c22t0d1BESTnb c 118 0x1601c0

chmod 666 /dev/rmt/atdd.dbg /dev/rmt/atdd.cfg /dev/rmt/atdd.ctrl /dev/rmt/0m /dev/rmt/0mb /dev/rmt/0mn /dev/rmt/0mnb /dev/rmt/0mnr /dev/rmt/c22t0d1BEST /dev/rmt/c22t0d1BESTb /dev/rmt/c22t0d1BESTn /dev/rmt/c22t0d1BESTnb

chown bin:bin /dev/rmt/atdd.dbg /dev/rmt/atdd.cfg /dev/rmt/atdd.ctrl /dev/rmt/0m /dev/rmt/0mb /dev/rmt/0mn /dev/rmt/0mnb /dev/rmt/0mnr /dev/rmt/c22t0d1BEST /dev/rmt/c22t0d1BESTb /dev/rmt/c22t0d1BESTn /dev/rmt/c22t0d1BESTnb

So to change from 0mn to 1mn manually create the device file for the tape drive:-

[server1]#mknod /dev/rmt/atdd.dbg c 118 0xFFFFFd

[server1]#mknod /dev/rmt/atdd.cfg c 118 0xFFFFFc

[server1]#rm -f /dev/rmt/atdd.ctrl

[server1]#mknod /dev/rmt/atdd.ctrl c 118 0xFFFFFa

[server1]#mknod /dev/rmt/1m c 118 0x160100

[server1]#mknod /dev/rmt/1mb c 118 0x160180

[server1]#mknod /dev/rmt/1mn c 118 0x160140

[server1]#mknod /dev/rmt/1mnb c 118 0x1601c0

[server1]#mknod /dev/rmt/1mnr c 118 0x16014b

[server1]#rm -f /dev/rmt/c22t0d1BEST

[server1]#mknod /dev/rmt/c22t0d1BEST c 118 0x160100

[server1]#rm -f /dev/rmt/c22t0d1BESTb

[server1]#mknod /dev/rmt/c22t0d1BESTb c 118 0x160180

[server1]#rm -f /dev/rmt/c22t0d1BESTn

[server1]#mknod /dev/rmt/c22t0d1BESTn c 118 0x160140

[server1]#rm -f /dev/rmt/c22t0d1BESTnb

[server1]#mknod /dev/rmt/c22t0d1BESTnb c 118 0x1601c0

Then Change the permission and owership of the newly created device files as mentioned below.

[server1]#chmod 666 /dev/rmt/atdd.dbg /dev/rmt/atdd.cfg /dev/rmt/atdd.ctrl /dev/rmt/1m /dev/rmt/1mb /dev/rmt/1mn /dev/rmt/1mnb /dev/rmt/1mnr /dev/rmt/c22t0d1BEST /dev/rmt/c22t0d1BESTb /dev/rmt/c22t0d1BESTn /dev/rmt/c22t0d1BESTnb

[server1]#chown bin:bin /dev/rmt/atdd.dbg /dev/rmt/atdd.cfg /dev/rmt/atdd.ctrl /dev/rmt/1m /dev/rmt/1mb /dev/rmt/1mn /dev/rmt/1mnb /dev/rmt/1mnr /dev/rmt/c22t0d1BEST /dev/rmt/c22t0d1BESTb /dev/rmt/c22t0d1BESTn /dev/rmt/c22t0d1BESTnb

Then Check with ioscan as shown below after the changes:-

[server1:/opt/atdd/bin]# ioscan -fnC tape

Class I H/W Path Driver S/W State H/W Type Description

===========================================================================

tape 0 0/5/1/0.9.12.0.0.0.1 atdd CLAIMED DEVICE IBM ULTRIUM-TD2

/dev/rmt/1m /dev/rmt/1mnr /dev/rmt/c22t0d1BESTnb /dev/rmt/s0mnb

/dev/rmt/1mb /dev/rmt/c22t0d1BEST /dev/rmt/s0m

/dev/rmt/1mn /dev/rmt/c22t0d1BESTb /dev/rmt/s0mb

/dev/rmt/1mnb /dev/rmt/c22t0d1BESTn /dev/rmt/s0mn

[server1:/root]#

Move resources between vpars

Change Description:

Shift 2 CPU’s from the partition in server1 to server2

1. Collect the configuration for your reference.

#server1:/#vparstatus -vp server1

[Virtual Partition Details]

Name: server1

State: Up

Attributes: Dynamic,Autoboot

Kernel Path: /stand/vmunix

Boot Opts: -lq

[CPU Details]

Min/Max: 2/16

Bound by User [Path]:

Bound by Monitor [Path]: 0.12

0.13

Unbound [Path]: 1.10

1.11

1.12

2.10

[IO Details]

1.0.0

1.0.2

1.0.4

1.0.8

1.0.10

1.0.12

1.0.0.2.0.6.0.0.0.0.0 BOOT

1.0.0.3.0.6.0, ALTBOOT

[Memory Details]

Specified [Base /Range]:

(bytes) (MB)

Total Memory (MB): 28288

2. server2:/#vparstatus -vp server2

[Virtual Partition Details]

Name: server2

State: Up

Attributes: Dynamic,Autoboot

Kernel Path: /stand/vmunix

Boot Opts: -lq

[CPU Details]

Min/Max: 2/16

Bound by User [Path]:

Bound by Monitor [Path]: 0.10

0.11

Unbound [Path]: 1.13

2.11

2.12

2.13

3.10

3.11

3.12

3.13

[IO Details]

0.0.0

0.0.2

0.0.4

0.0.6

0.0.8

0.0.10

0.0.12

0.0.14

0.0.0.2.0.6.0.0.0.0.0 BOOT

1.0.1

0.0.1

0.0.0.3.0.6.0, ALTBOOT

[Memory Details]

Specified [Base /Range]:

(bytes) (MB)

Total Memory (MB): 20224

***************************************************************************************************************

3. Check the vPar status:

#server1:/#vparstatus

[Virtual Partition]

Boot

Virtual Partition Name State Attributes Kernel Path Opts

============================== ===== ========== =========================

server2 Up Dyn,Auto /stand/vmunix -lq

server1 Up Dyn,Auto /stand/vmunix -lq

[Virtual Partition Resource Summary]

CPU Num Memory (MB)

CPU Bound/ IO # Ranges/

Virtual Partition Name Min/Max Unbound devs Total MB Total MB

============================== ================ ==== ====================

server2 2/ 16 2 8 12 0/ 0 20224

server1 2/ 16 2 4 8 0/ 0 28288

From the above output we see:

vpar server2 has 8 Unbound CPU's.

vpar server1 has 4 Unbound CPU's.

4. Delete 2 Unbound CPU's from vPar server1 (for moving it to vPar server2)

#vparmodify –p server1 –d cpu::2

5. Check the new configuration status of the vPar, server1 it should show 2 less Unbound CPU's. i.e it will show only 2 Unbound CPU's.

# vparstatus

[Virtual Partition]

Boot

Virtual Partition Name State Attributes Kernel Path Opts

============================== ===== ========== ========================= server2 Up Dyn,Auto /stand/vmunix -lq

server1 Up Dyn,Auto /stand/vmunix -lq

[Virtual Partition Resource Summary]

CPU Num Memory (MB)

CPU Bound/ IO # Ranges/

Virtual Partition Name Min/Max Unbound devs Total MB Total MB

============================== ================ ==== ====================

server2 2/ 16 2 8 12 0/ 0 20224

server1 2/ 16 2 2 8 0/ 0 28288

6. View the available resources that are not assigned to any vPar.

server1:/#vparstatus -A

[Unbound CPUs (path)]:

[Available CPUs]:

[Available I/O devices (path)]:

[Unbound memory (Base /Range)]: 0x0/64

(bytes) (MB) 0xc000000/448

[Available memory (MB)]: 512

7. Add 2 more Unboud CPU's to the vPar server2

#vparmodify -p server2 -m cpu::12

8. Check the new configuration status of the vPar, server2 should show 10 Unbound CPU's.

#vparstatus

[Virtual Partition]

Boot

Virtual Partition Name State Attributes Kernel Path Opts

============================== ===== ========== ========================= server2 Up Dyn,Auto /stand/vmunix -lq

server1 Up Dyn,Auto /stand/vmunix -lq

[Virtual Partition Resource Summary]

CPU Num Memory (MB)

CPU Bound/ IO # Ranges/

Virtual Partition Name Min/Max Unbound devs Total MB Total MB

============================== ================ ==== ====================

server2 2/ 16 2 10 12 0/ 0 20224

server1 2/ 16 2 2 8 0/ 0 28288

All Interfaces of are down

# lanscan

Hardware Station Crd Hdw Net-Interface NM MAC HP-DLPI DLPI

Path Address In# State NamePPA ID Type Support Mjr#

0/0/0/1/0 0x00306E28284E 0 UP lan0 snap0 1 ETHER Yes 119

1/0/0/1/0 0x00306E0AD090 3 UP lan3 snap3 2 ETHER Yes 119

1/0/10/0/0 0x00306E271FB0 4 UP lan4 snap4 3 ETHER Yes 119

0/0/10/0/0 0x00306E271FB9 1 UP lan1 snap1 4 ETHER Yes 119

0/0/12/0/0 0x00306E271FB7 2 UP lan2 snap2 5 ETHER Yes 119

Note the “Hdw State” (Hardware State) of the lan cards. Should be “UP”

Lan cards that are assigned an ip-address:

# grep -i interface_name netconf

# INTERFACE_NAME: Network interface name (see lanscan(1m))

INTERFACE_NAME[0]="lan1"

INTERFACE_NAME[1]="lan2"

The cards with ip-address assigned should have the interface state UP.

# ifconfig lan1

lan1: flags=843<UP,BROADCAST,RUNNING,MULTICAST>

inet 194.178.122.10 netmask ffffffc0 broadcast 194.178.122.63

For lan cards that are not assigned a ip-address will report “no such interface”

# ifconfig lan0

ifconfig: no such interface

If the interface state is blank then check the /etc/rc.config.d/netconf file for the INTERFACE_STATE[N]="" parameter value of the interface card.

If value is “down “ then this could be purposefully done.

If the value is “up” or empty “” then the interface has to be UP on a system boot. If so change the interface state of the lan card to UP:

# ifconfig lan1 UP

Adding a Dummy Printer in HP-UX

1 Dummy Printer:

Configuring a dummy printer, on a system that has no printers configured and process lpsched not running, but Tivoli monitoring checks for a running lpsched process, can help avoid false alerts

lpadmin - configure the LP spooling system

syntax: /usr/sbin/lpadmin -pprinter [options]

-p Names a printer to which all of the options below refer. If printer does not exist, it will be created

[options]

-mmodel Selects a model interface program for printer P.

-vdevice Associates a new device with printer P.

1.1 # lpadmin -pdummy -v/dev/null –mdumb

accept - allow LP printer queuing requests.

The accept command permits the lp command to accept printing requests

1.2 # accept dummy

destination "dummy" now accepting requests

The enable command activates the named printers, enabling them to print requests taken by lp.

# enable dummy

printer "dummy" now enabled

Use lpstat to find the status of printers

1.1 #lpstat -t

scheduler is not running

no system default destination

device for dummy: /dev/null

dummy not accepting requests since Nov 21 05:33 -

new destination

printer dummy disabled since Nov 21 05:33 -

new printer

fence priority : 0

no entries

Use lpsched - start the LP request scheduler.

1.2 # lpsched

scheduler is running

# lpstat -t

scheduler is running ß

no system default destination

device for dummy: /dev/null

dummy accepting requests since Nov 21 05:33 ß

printer dummy is idle. enabled since Nov 21 05:34 ß

fence priority : 0

Thursday, 30 June 2016

Creating & extending a file system with HP-UX LVM

Step 1: Scan the disk & make it visible on the server

#insf -e (create device files for any newly added devices)
#ioscan -fnC disk

Step 2: Create a physical volume

#diskinfo /dev/rdisk/disk210 (check disk size)
#pvcreate /dev/disk/disk210

Step 3: Create the volume group

#mkdir /dev/vgignite
#ll /dev/*/group (check for currently create group special device files)
#mknod /dev/vgignite/group c 128 0x010000 (create new group device special file specifying the major & minor numbers as 128 &0x010000 )

The major number signifies the type of device file & minor number will uniquely identify the device.

#vgcreate -V 2.0 -s 64 -S 4t /dev/vgignite /dev/disk/disk210

Step 4: Create a logical volume

#lvcreate -L 256000 -n lv_ignite -s y /dev/vgignite (size is in MB)
#lvdisplay /dev/vgignite/lv_ignite

Step 5: Create & mount the file system

#newfs -F vxfs -o largefiles /dev/vgignite/rlv_ignite
#mount /dev/vgignite/lv_ignite /ignite_depot

To extend the file system:

Step 1: Extend the logical volume:

#lvextned -L 512000 -n lv_ignite /dev/vgignite (size is in MB)

Step 2: Extend the file system:

#fsadm -F vxfs -b 512000M /ignite_depot

Wednesday, 20 April 2016

How to check Console/MP logs in HP-UX

This guide will describe how to check console/MP logs from OS.

It should be followed whenever there is any alert for event log error.

Steps:

• Go to “/var/stm/logs/os”: It’s the location where all the console/MP (FPL) logs are stored.

• Check the latest fpl logs with using “slview” command.

# slview -f fpl.log.11 [full path “/usr/sbin/diag/contrib/slview”]

The above command will show the following output, please follow the instructions:

Use the following navigation commands to display the logs. Use sequence A,1,F.

A – Alert Level ? Select alert level “1” ? F – Display the logs

[ User inputs are in bold red fonts ]

hpuxnode[os]# slview -f fpl.log.06

Welcome to the FPL (Forward Progress Log) Viewer 1.2

The following FPL navigation commands are available:

D: Dump log starting at current block for capture and analysis

F: Display first (oldest) block

L: Display last (newest) block

J: Jump to specified entry and display previous block

+: Display next (forward in time) block

-: Display previous (backward in time) block

<cr>: Repeat previous +/- command

?: Display help

q: Exit viewer

The following event format options are available:

K: Keyword

R: Raw hex

T: Text

V: Verbose

The following event filter options are available:

A: Alert level

C: Cell

U: Unfiltered

SL (<cr>,+,-,?,F,L,J,D,K,R,T,V,A,C,U,q) > A

Alert Level Filter:

0: Minor Forward Progress

1: Major Forward Progress

2: Informational

3: Warning

5: Critical

7: Fatal

Q: Quit

For example, selecting an alert level threshold of 3

selects all events with alert levels of 3 or higher.

Please select alert level threshold: 1

Switching to alert level 1 filter.

SL (<cr>,+,-,?,F,L,J,D,K,R,T,V,A,C,U,q) > F

7508 PM 0 *3 0x64800b1400e00000 0x0001ffffff03ff64 IOFAN_FAIL

7509 Mon Apr 13 09:35:42 2015

7510 MP 0 1 0x24800acc00e00000 0x000101ffffffff85 MP_BUS_DEVICE_DETACH

7511 Mon Apr 13 09:35:42 2015

7512 MP 0 1 0x24800acc00e00000 0x000103ffffffff85 MP_BUS_DEVICE_DETACH

7513 Mon Apr 13 09:35:42 2015

7514 MP 0 1 0x24800acc00e00000 0x000003ffffffff85 MP_BUS_DEVICE_DETACH

7515 Mon Apr 13 09:35:42 2015

7516 PDHC 0,0 2 0x54800c3900e00000 0x00000000000d000c CELL_POWER_OFF

7517 Mon Apr 13 09:35:42 2015

7518 PDHC 0,4 2 0x54800c3904e00000 0x00000000000d000c CELL_POWER_OFF

7519 Mon Apr 13 09:35:42 2015

7520 PDHC 0,2 2 0x54800c3902e00000 0x00000000000d000c CELL_POWER_OFF

7521 Mon Apr 13 09:35:42 2015

7522 PDHC 0,6 2 0x54800c3906e00000 0x00000000000d000c CELL_POWER_OFF

7523 Mon Apr 13 09:35:42 2015

7524 MP 0 1 0x24800acc00e00000 0x000001ffffffff85 MP_BUS_DEVICE_DETACH

7525 Mon Apr 13 09:35:42 2015

7526 CLU 0 1 0x24800b3400e00000 0x000001ffffffff8d HIOPB_POWER_OFF

7527 Mon Apr 13 09:35:42 2015

7528 CLU 0 1 0x24800b3400e00000 0x000003ffffffff8d HIOPB_POWER_OFF

7529 Mon Apr 13 09:35:42 2015

SL (<cr>,+,-,?,F,L,J,D,K,R,T,V,A,C,U,q) > D

7530 CLU 0 1 0x24800b3400e00000 0x000101ffffffff8d HIOPB_POWER_OFF

7531 Mon Apr 13 09:35:42 2015

7532 CLU 0 1 0x24800b3400e00000 0x000103ffffffff8d HIOPB_POWER_OFF

7533 Mon Apr 13 09:35:42 2015

7534 PM 0 *7 0xe4800b1e00e00000 0x0001ffffffffff64 SHUTDOWN_IOFAN

7535 Mon Apr 13 09:35:43 2015

7536 PM 0 2 0x4b000af800e00000 0x01000000552b8def CABPWR_OFF

Mon Apr 13 09:35:43 2015

7537 PM 0 1 0x2b000ae600e00000 0x01000000552b8def BLOWER_SPEED_CHG_NORM

Mon Apr 13 09:35:43 2015

7538 CLU 0 1 0x2b000b4100e00000 0x01000000552b8df0 SYS_BKP_POWER_OFF

A system engineer's notes

Sunday, 20 November 2016

Disabling password aging in HP-UX

Saturday, 2 July 2016

Unlocking user accounts on trusted systems

Rename device file for a tape drive

Move resources between vpars

All Interfaces of are down

Adding a Dummy Printer in HP-UX

1 Dummy Printer:

1.1 # lpadmin -pdummy -v/dev/null –mdumb

1.2 # accept dummy

1.1 #lpstat -t

1.2 # lpsched

Thursday, 30 June 2016

Creating & extending a file system with HP-UX LVM

Wednesday, 20 April 2016

How to check Console/MP logs in HP-UX

Using capture groups in grep in Linux

Tags

Flickr Imags