sábado, 27 de diciembre de 2003

Para tostar DVDs con el Nero (.img)

http://www.dvd-cloner.com/nero-img.html

Seleccionar "all" y dejar las opciones por defecto:

Data Mode 1, Raw data sin marcar, block size 2048
Image header y trailer size a 0
scrambled y swapped sin marcar

jueves, 25 de diciembre de 2003

para hacer un port forward con linux e iptables:


Con la configuracion apropiada en el kernel, claro:

iptables -t nat -I PREROUTING 1 -s 0/0 -d <IP.LOCAL> -p tcp --dport 443 -j DNAT --to-destination <IP.DESTINO:PORT.DESTINO>
iptables -t nat -I POSTROUTING 1 -s 0/0 -d <IP.REMOTA> -j SNAT --to-source <IP.LOCAL>

viernes, 21 de noviembre de 2003

Evitar que el named (bind) responda peticiones

Para evitar que el named responda a peticiones DNS que no son de los
dominios que gestiona hay que añadir al named.conf:

allow-recursion {
127.0.0.1;
};


O las ips a las que si se les permita hacer esto (en caso de que sea un ISP, o
necesario por cualquier otra razon

Para saber que puerto abre un FTP Pasivo en el servidor

To find the actual port multiply the fifth octet by 256 and then add
the sixth octet to the total. Thus in the example below the port number
is ( (14*256) + 178), or 3762. A quick check with netstat should confirm
this information.

PORT 192,168,150,80,14,178

jueves, 13 de noviembre de 2003

Enhanced Security en tru64

From: Jon Buchanan <Jonathan.Buchanan@ska.com>

You asked for the pros and cons of Enhanced Security. Well, here's my view:

Pros:

+ a protected password database
+ records last successful and unsuccessful logins
+ records repeated login failures
+ automatic lockout after repeated login failure
+ configurable minimum password length
+ password lifetimes
+ password quality checks
+ password change history
+ password usage history
+ GUI for user account maintenance
+ templates for user setup
+ audit subsystem (means C2 security requirements can be satisfied)

Cons:

- performance problems with very large user base (>1000 users)
- NIS doesn't work with other operating systems
- still not as secure as Sun's NIS+
- no (official) failover for NIS master -> single point of failure
- new and not very well understood, even by Digital!

To answer your questions:

1) Turn enhanced security on/off with the secsetup utility. However, if
turning it off, you may find that you need to give all users a new password.

2) Follow the procedures in the 'Security' manual to migrate users from base
to enhanced security. They provide scripts which do it for you.

I think you should decide first whether you want Enhanced Security or not,
and then deal with the admin problems that arise. However, don't base your
decision on the admin problems, base it on your need for security.

Attached is a general list of tips and notes regarding Enhanced Security.
It provides detail on some of the issues just mentioned.

Regards,
Jon Buchanan, Zuerich, Switzerland
[ Jonathan.Buchanan@ska.com ]

Some tips and notes about Enhanced Security:

With enhanced security, your user, group and password databases are
divided into many places:

/etc/passwd
This contains entries for local users not defined under NIS.
Passwords are not stored here - a * appears in place of each password.
Typically you would leave the system users like root, deamon etc here.
NIS-defined users must not appear in this file!
At the end of this file is +: for NIS to be searched.

/tcb/files/auth directories
Users defined in /etc/passwd have security profiles in these
directories. Their passwords, and things like successful/unsuccessful
login info are stored here. No NIS users have profiles in these
directories.

/etc/group
This contains entries for local groups not defined under NIS.
At the end of this file is +:

/var/yp/src/passwd
This is your NIS passwd file.
Local users, defined in /etc/passwd, should NOT appear here!
Passwords are not stored here - a * appears in place of each password.
The file should not contain +:

/var/yp/src/prpasswd
This is the 'protected password' NIS file, which functions like the
/tcb directory but for NIS users instead of local users. All users
with an entry in the NIS password file have an entry here.

/var/yp/src/group
This is the NIS group file.
Local groups, defined in /etc/group, should NOT appear here!
The file should not contain +:

Creating the prpasswd file is described in the section 'Moving Local
Accounts to NIS' in the 'Security' manual. You have to copy the script
they give you in the book, which reads all the information from the /tcb
tree and writes it into a file with one line per user. After that you
need to:

- delete (or move) all security profiles below /tcb for NIS registered
users
- delete all prpasswd entries for locally registered users (like root)

this is in accordance with the split described above.

When you are using the advanced security XIsso and XSysAdmin tools you
choose whether to manage the local or NIS registered users by clicking
on the 'Network Control' button. It then updates only the appropriate
files, and in the case of the NIS files, does a make for you.

To change passwords, use passwd for all accounts including the NIS ones.

/etc/svc.conf should contain an entry like: auth=local,yp

Delete the files /etc/passwd.dir and passwd.pag if you have them. These
are 'hashed' password files which adduser offers to make for you when it
finds they are not there. However, you don't need them and it will
probably stop NIS from working properly.

The main problem with switching Enhanced Security/NIS on and off is in
restoring the information to the correct place. Above all, Enhanced
Security passwords CANNOT be re-inserted into the passwd files (in place
of the *'s) - you need to give all users a new password.

A couple of problems that took us a long time to solve:

- The file /etc/auth/system/files must contain entries for
prpasswd and prpasswd:t. We have added them like this:

/var/yp/src/prpasswd:\
:f_type=r:f_mode#0660:f_owner=auth:f_group=auth:\
:chkent:
/var/yp/src/prpasswd\:t:\
:f_type=r:f_mode#0660:f_owner=auth:f_group=auth:\
:chkent:

- An Enhanced Security NIS Slave cannot operate independently of the
Enhanced Security NIS Master. This is because the prpasswd file
is updated with every login attempt, and is only mastered on the
NIS Master. In other words, there's no point having a Slave because
it won't be able to function without the Master running.

DEC have refused to acknowledge this as a problem, so a fix is
unlikely for the forseeable future. We have worked around it by
setting up a second Master and copying certain files from the
'real' master to the 'second' master periodically using rdist.
It is not an altogether satisfactory solution but it works and we
prefer it to being dependent on the availability of one machine.
Let me know if you would like more details on setting this up.

If you are determined to set up a Slave then you may hit another problem
too, whereby a make of the yp maps pauses for a few minutes. Fix is to
send the Slave the copies of the maps which it is missing by using ypxfr
(but a better fix is to disable the Slave).

One other note about Enhanced Security - if your system manages X
sessions for X displays (such as PCs) then you will need to add entries
for these remote displays to the files /etc/auth/system/devassign and
/etc/auth/system/ttys. I can let you have more details if you need
them.

From: Spider Boardman <spider@Orb.Nashua.NH.US>

I'm afraid your question didn't make a lot of sense to me, unless
I assume that you don't have Enhanced Security in use, but that
you merely have its subsets installed (which is not enough to
enable it).

In particular, check the output of running this command:
/usr/sbin/rcmgr get SECURITY BASE
If it's BASE then you've not enabled Enhanced Security.

The /usr/sbin/secsetup script is supposed to take care of
creating prpasswd entries (the /tcb/files/auth/?/* files) for the
users which were already in /etc/passwd when you enable the "C2"
login features. If it didn't, then that's a bug. I do seem to
recall that the adduser script had a bad habit of creating
prpasswd entrries even when it shouldn't, because it didn't check
the result of the rcmgr command above. Unless that returns
ENHANCED you're still using "BASE" security.

comprobar el Hardware de tru64

The question was:

>HOW do I find out how much
>RAM I have. Someone's just asked me & I realised that while I've been
>told "256M" I've got no idea how to confirm that.
>
>There's gotta be a simple query command somewhere (yes, I've looked
>through "man -k ram" & "man -k mem")

NB I was after physical - not virtual - memory

I was stunned by the number of responses & some specific help from one
person who checked my results against her system to make sure my
understanding was correct (Thanks again for that Pam).

Most of the replies were variations of a theme so I've just summarized
them. Alternative scripts / C-code are included as sent, for others
interest.

Thanks to:
========
Alan alan@nabeth.cxo.dec.com
Anil Khullar Anil.Khullar@mailhub.gc.cuny.edu
Andreas atoalu2@ato.abb.se
Becki Kain beckers@josephus.furph.com
Brian H. Mayo brian.mayo@brynmawr.edu
Brian Sherwood sherwood@esu.edu
Cliff Krieger ckrieger@latrade.com
Dave Golden golden@falcon.invincible.com
David Warren warren@atmos.washington.edu
Dick Abraham abrahad@govonca.gov.on.ca
Thomas Eisele eisele@pfa.research.philips.com
Fergal Mc Carthy fergal@ilo.dec.com
Guy Dallaire dallaire@total.net
James Soh jamessoh@post1.com
Jean Schuller schuller@crnal4.in2p3.fr
Jerome Fenal fenal@dcmc.creditlyonnais.fr
Joe Spanicek joe@resptk.bhp.com.au
Joel Healy jsh@mentor.co.nz
Kurt Knochner Kurt.Knochner@Physik.TU-Muenchen.DE
Lucio Chiappetti lucio@ifctr.mi.cnr.it
Martin E. Lally mel1003@phy.cam.ac.uk
Nick Hill N.M.Hill@rl.ac.uk
Pam Woods axsymgr@UAA.ALASKA.EDU
Paul Crittenden crittend@storm.simpson.edu
Paul Henderson henderson@unx.dec.com
Palo paulo@dexel.co.za
Peter Stern peter@wiscpa.weizmann.ac.il
Rainer Landes Computer-Administration@Physik.uni-karlsruhe.de
Randy M. Hayman haymanr@icefog.alaska.edu
Richard Tame Richard.Tame@asx.com.au
Rick Muse m6u@oaunx1.ctd.ornl.gov
rioux@ip6480nl.ce.utexas.edu
Rob Hamm hammr@ucfv.bc.ca
<whew!!!>


Now for the solution(s)

The most suggested themes were around the UERF & /var/adm/messages logs.
As root try:
#uerf -Rr 300 | more

& look for the physical memory

or as any user try
$more /var/adm/messages

Of course you could grep either of these for "mem" or "memory" if you
want. The UERF one is reversed to ensure that you are looking at the
most recent - I was stumped for a while as my log hadn't been cleared
since a memory upgrade ages ago, so I saw, first, the original memory
size.

=========
A few people mentioned :
Try (as root):
# vmstat -P

At the frimware prompt you could try:
>>>>show config
or
>>>>show memory
(or is that "show mem"?)

But I had no intention of bringing the system down for such a query -
could be handy if its shutdown for some other reason though

or

use monitor and magnify the "memory" item (run monitor, type "m", arrow
down to "memory" and type "s")

or use "top" (I don't have it)


Other suggestions were:

Alan:
====
Count the number of bytes in memory:
# wc -c /dev/mem
(I got nervous when I it took a while and after running syd found it to
be the highest process - so killed it - Dave)

Get the number of pages and multiply by the page size:
# dbx -k /vmunix /dev/mem
(dbx) print physmem
(I got some error messages with the first line & the response from the
dbx command was different from that obtained from uerf & messages - but
then I don't know much about dbx)

Thomas Eisele:
===========
for the csh:
dd bs=1048576 if=/dev/mem of=/dev/null |& tail -1 | sed -e 's/\+.*$/
MB/'

and for sh:
dd bs=1048576 if=/dev/mem of=/dev/null 2>&1 | tail -1 | sed -e
's/\+.*$/ MB/'


Jean Schuller
==========
I remember I wrote a shell script using uerf and I called it CONFIG :
It shows Ethernet address, devices, memory size and unix version .

--------------------------------- 8< cut here -------------------

#!/bin/ksh
#
# Show configuration
#
acc=`whoami`
if [ $acc != "root" ]
then
echo "You must be root for this instructions "
return
fi
machine=`hostname`
clear
echo " $machine : Configuration"
echo
echo
"-----------------------------------------------------------------------
--"
#
# 1) Ethernet address
#
echo "Ethernet address"
echo "================"
uerf -r 300 | grep -i "_hardware address" | sort -u
echo
"-----------------------------------------------------------------------
--"
#
# 2) Show devices
#
echo "Devices : "
echo "=========="
let i=0
while [ $i -lt 11 ]
do
dev="/dev/rrz"$i"c"
file $dev 2>/dev/null | grep character
let i=i+1
done
echo
"-----------------------------------------------------------------------
--"
#
# 3) memory size
#
echo "Memoy size"
echo "=========="
uerf -r 300 | grep -i 'physical memory ' | sort -u
echo
"-----------------------------------------------------------------------
--"
#
# 4) Unix Versions
#
echo "Successive Digital Unix Versions"
echo "================================"
uerf -r 300 | egrep -i 'DEC OSF/1 V|Digital UNIX V' | sort -u
echo
"-----------------------------------------------------------------------
--"
--------------------------------- 8< cut here -------------------


Martin E. Lally
==========
Here is the C source code for displaying system RAM size. Compile with
# cc -o memsize filename.c

------------------------------- CUT HERE -------------------------------
#include <stdio.h>
#include <sys/types.h>
#include <sys/sysinfo.h>

main(argc, argv)
int argc;
char **argv;
{
int memsize,err;

err=getsysinfo(GSI_PHYSMEM, &memsize, sizeof(memsize), 0, NULL);

printf("Total Real Memory: %d Mb\n", memsize/1024);
exit(0);
}
------------------------------- CUT HERE -------------------------------
Randy M. Hayman
=============
A variation of that theme is:

compile with: cc -o show_mem show_mem.c
------------------------------- CUT HERE -------------------------------
#include <stdio.h>
#include <sys/sysinfo.h>

int status, *int_buff;

main()
{
if( -1 == (status = getsysinfo(GSI_PHYSMEM, &int_buff, sizeof(int_buff),
0, 0)) )
fprintf(stdout, "error %d getting GSI_PHYSMEM\n", status);
else
fprintf(stdout, "Physical memory in use: %d KB\n",
(int)int_buff);
}
------------------------------- CUT HERE -------------------------------

Theis Jean-Marie
============
(I'm afraid I haven't had a chance to check this - but as Theis was kind
enough to pass it to me, I thought it may be of interest to others in
the list - Dave)

If you are interested I have done a script called cnfg which describes
your configuration (OSF station 2100 or 3000) The drawback of it is
that it is reserved to root , and need editing when a new device
appears (it already knows a lot of them).


------------------------------- CUT HERE -------------------------------
if [ `whoami` != root ]
then
echo "Vous devez etre root pour cette commande . Bye..."
exit 1
fi
trap 'rm -f /tmp/cnfg.tmp 2>/dev/null' 0 1 2 15
PATH="$PATH:/etc:/sbin:/usr/sbin"
nodate=false
long=false
while [ "$1" ]
do
case $1 in
-nodate)nodate=true
shift;;
-l)long=true
shift;;
esac
done
export PATH
hostname=`hostname | awk -F\. '{print $1}'`
HOSTNAME=`echo $hostname | tr 'a-z' 'A-Z'`
adresseIP=`arp $hostname | sed 's/^.*(//;s/).*$//'`
ADRESSEIP=`arp $HOSTNAME 2>/dev/null | sed 's/^.*(//;s/).*$//'`
[ `machine` = "alpha" ] || echo "wait..."
uerf -R -r 300 | head -200 | sed '
s/ //
s/OCCURRED ON SYSTEM/Nom du systeme :/
s/OCCURRED.LOGGED ON/Dernier boot le :/
s/(DEC //
s/RZ25./device:& : disque de 0,42 Gbyte/
s/RZ26./device:& : disque de 1 Gbyte/
s/ST32430./device:& : disque de 2 Gbyte/
s/DSP3105./device:& : disque de 1 Gbyte/
s/DPES-31080./device:& : disque de 1 Gbyte/
s/RZ28./device:& : disque de 2,1 Gbyte/
s/RZ55./device:& : disque de 0,33 Gbyte/
s/RZ56./device:& : disque de 0,6 Gbyte/
s/RZ58./device:& : disque de 1,4 Gbyte/
s/RZ29./device:& : disque de 4 Gbyte/
s/RX26./device:& : floppy 2,8 Mbyte externe/
s/fd[0-1] at fdi[0-1] unit [0-1]/ _ device:& : floppy interne/
s/RRD43./device:& : disque CD-rom/
s/RRD42./device:& : disque CD-rom/
s/RRD40./device:& : disque CD-rom/
s/CD-ROM./device:& : disque CD-rom/
s/IMPRIMIS94601.* /device:& : disque de 1 Gbyte/
s/HEXABYTE./device:& : Bande hexabyte/
s/EXABYTE./device:& : Bande exabyte/
s/gd[0-9][0-9]*:/ _ device:& : Graveur CDrom/
' > /tmp/cnfg.tmp
ed - /tmp/cnfg.tmp <<@@ >/dev/null
/ENTRY *2./,\$d
w
q
@@
egrep -s 'ENTRY *1' /tmp/cnfg.tmp
if [ $? -eq 1 ]
then
echo "Anomalie dans les fichiers log lus par la commande uerf"
echo operation annulee
echo Bye...
exit 1
fi
if [ `machine` = "alpha" ]
then
#swapon -s | tail -5 >> /tmp/cnfg.tmp
swapon -s | egrep "partition|Allocated" >> /tmp/cnfg.tmp
elif [ `machine` = "mips" ]
then
swap=`pstat -s | head -1 | sed 's/k.*//'`
echo " Taille du swap = `expr $swap \/ 1000`
MB" >> /tmp/cnfg.tmp
fi
#sed -f config.sed /tmp/cnfg.tmp
if [ "$long" = true ]
then
cat /tmp/cnfg.tmp
fi
echo
------------------------------------------------------------------------
--------------------
grep "Nom du systeme" /tmp/cnfg.tmp
echo
------------------------------------------------------------------------
--------------------
echo "Version Operating system : `uname -a`"
if [ `machine` = "alpha" ]
then
psrinfo -n | sed 's/number of .*=/nombre de CPU : /'
else
echo "nombre de CPU : 1"
fi
[ "$nodate" = "false" ] && grep "Dernier boot" /tmp/cnfg.tmp
grep "CPU TYPE" /tmp/cnfg.tmp
echo
echo "Ethernet interfaces :"
egrep "Ethernet|address" /tmp/cnfg.tmp
echo "Adresse IP : $adresseIP"
if [ "$ADRESSEIP" != "$adresseIP" -a "$ADRESSEIP" ]
then
echo "Adresse IP : $ADRESSEIP"
fi
echo
------------------------------------------------------------------------

Problemas con vold /vol


Se queda pillado haciendo un ls, y truss muestra
un sleeping...

Hay que desmontar el /vol con un umount, parar el vold y arrancarlo nuevamente
/etc/init.d/volmgt

Ver problemas, o debug de hardware en solaris

/usr/platform/sun4u/sbin/prtdiag
/usr/sbin/psrinfo
dmesg




miércoles, 12 de noviembre de 2003

Sumar el tamaño de varios dirs con du

Con el script:
for i in `du -ks /tmp /opt | awk '{ print $1 }'`; do A=$(($A+$i)); echo "$A"; done | tail -1


Sacar lista de procesos y su CPU como el top en AIX

topas, si no lo tenemos instalado:
ps -eo "%p %y %C %c %a"
AIX FORMAT DESCRIPTORS
This ps supports AIX format descriptors, which work some-
what like the formatting codes of printf(1) and printf(3).
For example, the normal default output can be produced
with this: ps -eo "%p %y %x %c"
CODE NORMAL HEADER
%C pcpu %CPU
%G group GROUP
%P ppid PPID
%U user USER
%a args COMMAND
%c comm COMMAND
%g rgroup RGROUP
%n nice NI
%p pid PID
%r pgid PGID
%t etime ELAPSED
%u ruser RUSER
%x time TIME
%y tty TTY
%z vsz VSZ

Ver la configuración hardware en AIX

lscfg -v : Información general del sistema:
http://www.unm.edu/~hamjavar/item/aixcommands/cpuspeed1.txt
lsattr -El sys0: memoria y micro (depende de la version)
oslevel : versión del sistema operativo
uname -M: Modelo de la máquina (depende de la version)
lsdev -Cc disk: Información de los discos
lsattr -El hdisk0: Información detallada del disco 0

Como saber la marca de los dispositivos (hd, cdrom, etc) en solaris?

iostat -En

Graficas con los distintos tipos de RAID

Se pueden ver los distintos tipos de RAID en:

http://www.acnc.com/04_01_00.html


lunes, 10 de noviembre de 2003

Historia de Unix (arbol)

Enlace con información, en forma de arbol (gráfica) de la historia de Unix en pdf

http://www.levenez.com/unix/

miércoles, 15 de octubre de 2003

Versiones de Digital Unix / tru64

De: http://www.usit.uio.no/it/unix/tru64unix/versions.txt

Version Rev. (mm/yy)
------------------------
HP Tru64 UNIX:
v5.1B 2650 09/02
Compaq Tru64 UNIX:
v5.1A 1885 10/01
v5.1 732 10/00
v5.0A 1094 09/00
v5.0 910 Dept. of astrophysics alphatested it; "do not install.."
v4.0G 1530 10/00
v4.0F 1229
Digital UNIX:
v4.0E 1091 (USB, euro, NetRAIN, Gb ethernet, sys_check, ..)
v4.0D 878 (Y2K, new partitionstables, 100Mb/s, NFS: patchsett #3)
v4.0C 564.32 (=v4.0B + hw drivers. for pws433/500)
V4.0B 564
V4.0A 464
V4.0 386
V3.2G* 62
V3.2F 69.73
V3.2D-2 41.64
V3.2D-1 41
V3.2C 148
V3.2B 214.61
V3.2A 17
V3.2 214
V3.0B 358.78
V3.0 347