Friday, June 26, 2015

HP UX Cheatsheet

HP UX Cheatsheet

Hardware Types:
9000 Series             = PA-RISC based architecture
Integrity Series        = Intel Itanium

Mounting CDROMs:
Get the device-file-name for the cd rom.
          > ioscan -fnC disk
Use this device-file-name to mount the cd.
          > mount  device-file-name  /mnt/local

Partitioning (Virtualization)
Creating Node Partitions (nPars) – hardware partitioning
1)                   Create Genesis Partition – go to MP -> CM -> CC and choose option G
2)                   Choose Cell that has IO board and core I/O card
3)                   Once created, type BO to boot the nPar and insert the HP DVD to start the install
4)                   After installation, check with the: parstatus command
parstatus –w
parstatus –Vp0
Now you must create the nPar:
1)                   Check for an available cell board with: parstatus –AC
2)                   Find an available I/O chassis with: parstatus –AI
3)                   parcreate –P test_npar –c1:::            ###Create the test_npar
4)                   Define the boot and alt boot disk with: parmodify –p1 –b 1/0/0/2/0.6.0 –t 1/0/0/3/0.6.0
5)                   parstatus –Vp1 and parstatus –P                     ###Check partition status
To add a cell to an nPar do: parmodify –p1 –a2::y: -B
shutdown –Ry now
parstatus –P
To remove an nPar:  parremove –Fp1
shutdown –Ry now
Note: they can also be managed through SMH

Creating Virtual Partitions (vPars) – software partitioning
1)                   You must have the following installed:  swlist | grep T1335CC
2)                   vparcreate –p test_vpar0 –a cpu::2 –a cpu:::1:2 –a cpu:41 –a mem::8192 –a io:1/0/0/2 –a io:1/0/0/3 –a io:1/0/0/2/0.6.0:BOOT –B search –B auto ### creates 1 bound and unbound CPU processor for the vpar with 8GB of memory and searches for bootable devices
3)                   Load vpmon on each reboot:  (9000 series) mkboot –a “hpux/stand/vpmon –a“/dev/rdsk/c0t6d0   (Integrity) mkboot –a “boot vpmon –a” /dev/rdsk/c0t6d0
4)                    Boot the vPar either from:  a)  cntrl-a and at MON>vparload –p test_vpar0  b) ISL>hpux /stand/vpmon vparload –p test_vpar0
5)                   vparstatus;vparstatus –vp test_vpar0               ####Get status information
To add a bound CPU to vPar:
shutdown –hy now
vparmodify –p test_vpar0 –m cpu:::1:3                                   ###Increase max CPU limit to 3
vparmodify –p test_vpar0 –a cpu:141                                     ###Adds new CPU path
vparboot –p test_vpar0
vparstatus –vp
To add an unbound:
vparmodify –p test_vpar0 –m cpu:::1:4
vparmodify –p test_vpar0 –a cpu::1
To delete bound CPU:
shutdown –hy now
vparmodify –p test_vpar0 –d cpu:141
vparboot –p test_vpar0
To  delete unbound CPU:
vparmodify –p test_vpar0 –m cpu::2
vparmodify –p test_vpar0 –d cpu::1
To add an LBA to a vPar:
vparmodify –p test_vpar0 –a io:3.0.0.3
vparboot –p test_vpar0
vparstatus –vp
To remove an LBA from vPar:
vparmodify –p test_vpar0 –d io:3.0.0.3
vparboot –p test_vpar0
To add memory to vPar:
vparmodify –p test_vpar0 –a mem::4096
vparboot –p test_vpar0
To reset a vPar:
vparreset –p test_vpar0
To remove vPar:
vparremove –p test_vpar0
To reboot VPMON:
Sut down all vPars
Go to MON> and verify all are down
Power off server
Interact with BCH or EFI as needed
Execute BO from BCH
ISL>hpux /stand/vpmon
Press Cntrl-A and at MON> vparload –all



Console Access LOM Configuration
Console - RS232 port with a Null Modem connection
TO configure the REMOTE ILO:
1)             CNTRL-B to access from the RS-232 console to ILO Prompt Main Menu and CO takes you to the system console
2)             Type CM -> from here you can type PC to power off/on the system if you need to
3)             Type LC to change the LAN config
4)             If needed, type D to disable DHCP or the option beside the parameter you want to change i.e. I for IP Address
5)             When done, type XD -R to reset the ILO
Note: CL will access the console logs

Ethernet Interface Configuration
To check interfaces:   lanscan OR nwmgr then ifconfig interface_name

Menu Driven Configuration (Smitty)
sam or smh                              Kind of like smitty AND you can see the commands it is buildings with a tab to [preview] OR show SAM log

Initial Configuration Parameters
set_parms initial                      #can change paramters like date/time and console/network - DOES INITIAL SETUP

Basic System Info and Healthchecking
top OR glance
vmstat      OR vmstat -n                                           Checks for page ins and outs
netstat -in
sar 5 5    
df -k and df -b or bdf (shows disk usage and disk free)
tail /var/adm/syslog/syslog.log                Like /var/adm/messages
/usr/sbin/swapinfo                                   Gives Swap information
osinfo                                                      Gives OS versions and 64 bit/32 bit capability
machinfo                                                 Gives Machine serial number and such
model OR getconf                                   Get machine model info
dmesg | grep -i phys                                Gives physical memory count
dmesg                                                      Displays kernel ring buffer messages

Device Scanning
ioscan                      Show devices and probe for new ones OR:
insf -e                      Scans for new hardware (devfsadm)  - use with ioscan

Disks
ioscan -fnk -C disk                  Show Disks (without the k allows detection of new disks)
also diskinfo -v path_to_disk                  Gives disk size info

Conversion from major/minor number to CTD(S) format for LUNs:
0x1F170100            is major/minor number
1F                            = Disk Major Number that points to device driver (31 dec – block device for sdisk)
17                            = Bus Number (23 dec)
0                              = SCSI target (0 dec)
1                              = LUN number (1 dec)
00                            = Slice/partition (00 dec)
All of this = c23t0d1

View Legacy Hardware Path                                  ioscan -f
View Lunpath Hardware Path                                 ioscan –fnNk | grep lunpath

ioscan –fnkCdisk                                                    Show SCSI disk DSF naming
ll /dev/dsk OR ll /dev/rdsk                                      View Major and Minor disk numbers
lsdev | grep sdisk                                                     Show major numbers for character/block device
ll /dev/disk OR ll /dev/rdisk                                    Show Agile DSF’s

ioscan –fNnk                                                           Show disk devices in agile view
ioscan –m dsf                                                          Map legacy DSF to persistent DSF
ioscan –m hwpath                                                   Map lun hardware path, lunpath and legacy path
ioscan –m lun                                                          Map lun hardware to lun path for all storage
ioscan –B                                                                                List deferred bindings

scsimgr get_info –H lunpath_hardware_path          Show stats on particular LUN
scsimgr get_stat –D /dev/rdisk/disk22                    Get stats on persistent lun path
scsimgr get_attr –D /dev/rdisk/disk22 –a wwid –a serial_number          Get attributes from disk (wwn, SN)

scsimgr lun_map –D /dev/rdisk/disk22                   Display lunpaths of a LUN /dev/disk/disk22

insf –e                                                                     Create disk special files for all new/existing devices

To create DSF using mknod:
cd /dev
mknod test c 64 0x010000                                      Make special file major number 64 and minor 0x010000
ll test

lssf –s                                                                      Show stale DSF’s for removed devices
lssf /dev/disk/disk22                                               Show disk characteristics
rmsf –H hardware_path                                          Remove DSF for a hardware path


Users
/etc/skel                   Kind of like the default user .profile and .login and such
export PS1='$PWD $'
useradd, usermod, and userdel work much like they do in Solaris/Linux
groupadd, groupmod, groupdel, newgrp work much like they do in Solaris/Linux

usertat –u username                                 Check lock status of a user

Creating templates to add multiple users:
smh -> Accounts for Users and Groups ->Templates

last                                                           Display user logons
lastb                                                         Display unsuccessful logons

ulimit –a                                                  Display process resource limits
ulimit –f 1                                                Set maximum file size for user to 1 KB



WEB MANAGEMENT URL:   http://192.168.1.20:2301
/opt/hpsmh/lbin/hpsmh start                    Starts the Web Management Daemon
Logs can be viewed with /usr/sam/bin/samlog_viewer
smh –r                                                     Can restrict users to run smh


Extending Logical Volumes
Man extendfs (how to extend a logical volume with filesystem)
           umount /dev/vg00/lvol1
           lvextend -L larger_size /dev/vg00/lvol1
           extendfs -F hfs /dev/vg00/rlvol1
           mount /dev/vg00/lvol1 mount_directory


EX:
# bdf
Filesystem          kbytes    used   avail %used Mounted on
/dev/vg00/lvol3    1048576  163120  878576   16% /
/dev/vg00/lvol1    1835008  170688 1651416    9% /stand
/dev/vg00/lvol8    8912896  876648 7973504   10% /var
/dev/vg00/lvol7    5373952 2840728 2513512   53% /usr
/dev/vg00/lvol4     524288   21328  499040    4% /tmp
/dev/vg00/lvol6    8241152 4632080 3580912   56% /opt
/dev/vg00/lvol5     114688    5840  108000    5% /home
# lvextend -l 100 /dev/vg00/lvol6

Starting / Stopping Services
/sbin/init.d/              directory where services are - pass the service you want with a start/stop
i.e. /sbin/init.d/sendmail start


NETWORKING FILES SOLARIS EQUIVALENT:
/etc/defaultrouter
                /etc/rc.config.d/netconf
/etc/inet/netmasks
                /etc/rc.config.d/netconf
/etc/hostname.hme0
                /etc/rc.config.d/netconf

Shell Scripting
strings filename       Prints out any text possible from binary file
set –o vi                   Enables command line editing
stty erase [bsp]        Set tty backspace character
awk ‘{print $1 “      “}’ filename             Print 1rst field of file with a tab after
set and env              Print variables (set = user and env = environment)

WBEM
swinstall –s /var/tmp/WBEMSvcs_A.02.07_HP-UX_B.11.31_IA_PA.depot       Install WBEM
swverify WBEMServices WBEMSvcs                                                                  Verify Install
cimserver;/sbin/init.d/cim_server start (stop)                                                           Start / Stop WBEM
osinfo                                                                                                                      Check WBEM

Software Maintenance
/usr/sbin/swagentd –k OR /sbin/init.d/swagentd start|stop                                      Start/Stop swagentd
swagentd –r                                                                                                             Restart swagentd
swlist                                                                                                                       Show installed software
swlist –l product                                                      Display installed software products
swlist –l subproduct                                                Display installed subproduct
swlist –l fileset                                                        Display all installed filesets
swlist –I                                                                  Run swlist in GUI/TUI
swinstall                                                                  Install software
swinstall –s /var/depot                                             Install software in location with all defaults
swinstall –s hp02:/var/depot                                    Install software residing on remote machine
swinstall –s /var/depot IGNITE                              Install ignite software without graphical/text interface
swverify –v IGNITE                                               Verify installed software
swremove                                                                Start software removal process
swremove IGNITE                                                 Removes ignite software

Software Depots
swopy –s /dvdrom IGNITE @ /var/depot               Copy Ignite software from DVD to local depot
swcopy –s /dvdrom ‘*’ @ / var/depot                     Copy all software from DVD to local depot
swreg –l depot /var/depot                                        Register a depot (-ul unregisters)
swlist –l depot                                                         List depot
swlist –l product –d @ /var/depot                           List depot contents
swverify –d \* @ /var/depot                                    Verify software in /var/depot
swremove –d IGNITE @ /var/depot                       Remove IGNITE from software depot
swremove –d \* @ /var/depot                                 Remove a software depot

Patches
swlist –l patch –x show_superceded_patches=true Show patches that are overrided
show_patches                                                                          Show patch listing
swlist –l fileset –a patch_state *,c=patch                 Show patch state
swlist –l fileset –a category_tag *,c=patch                              Show patch category
swlist –l fileset –a ancestor *,c=patch                                     Show the ancestry of a patch
swlist –l patch                                                                         Show all patches

Install individual patch:
mkdir /var/depot/patches
mv hpux_11.31_04150209.tar /var/depot/patches
cd /var/depot/patches

tar –xvf hpux_11.31_04150209.tar
./create_depot_hpux.11.31
swinstall –s /depot/patches/depot
OR
mkdir /depot/patch_depot
mv hpux_800_11.31.depot /depot/patch_depot
cd /depot/patch_depot
swreg –l depot /depot/patch_depot/hpux_800_11.31.depot
swinstall –s /depot/patch_depot/hpux_800_11.31.depot

To install from DVD:
swreg –l depot /dvdrom
swinstall –s /dvdrom

Verifying Patches
swverify PHCO_36032                          Verify individual patch
swverify BUNDLE                                 Verify a bundle (cluster) patch
OR
check_patches

Roll back a patch
swremove PHCO_360250

Committing Patches
swmodify –x pathc_commit=true PHCO_36569                    Commits the patch
cleanup –c 1                                                                            Commits superceded patches and removes files
cleanup –d /depot/patch_depot                                                Removes superceded patches from a depot

Patch Assessment Tool – can be downloaded from http://itrc.hp.com via the swainv script.  Execute this on the system.
Checking against most current patches on internet - /opt/sec_mgmt/spc/bin/security_patch_check –d –r
Or if you download and gunzip the security catalog from HP, run:
/opt/sec_mgmt/spc/bin/security_patch_check –d –c /tmp/security_catalog2

Software Assistant
Download and install with:  swinstall –s /var/tmp/SwAssistant_C.01.04_HP-UX_11iv2+v3_IA_PA.depot
swa report                                               Works if you are connected to the Internet
If not connected to Internet:
Download the catalog file and:  gunzip /tmp/swa_catalog.xml.gz
swa report –x catalog=/tmp/swa_catalog.xml
If it finds any identified patches run:  swa get –t /var/depot

Logical Volume Management
lvdisplay /dev/vg00/lvol1                                        Display logical volume info
ioscan –fNnkCdisk                                                 Display available disks
setboot                                                                     Shows bootable disks and which one is boot disk
diskinfo –b /dev/rdisk/disk5                                    Show size of disk5

Creating physical volumes
mediainit /dev/rdisk/disk22
pvcreate –f /dev/rdisk/disk22
pvdisplay –v /dev/disk/disk22                 #Show physical volume information

Creating Volume Groups
mkdir /dev/vg01
cd /dev/vg01
mknod group c 64 0x010000                                  #Creates group file as character with major number64 and minor number 0x10000
vgcreate vg01 /dev/disk/disk22
vgdisplay –v vg01                                                   #Show volume group characteristics

Create Logical Volumes
lvcreate vg01
vgdisplay –v vg01                                                   #Show the volume groups/logical volumes/physical volumes
OR:
lvcreate –L 3150 –n lvdata1 vg01                           #Create 3150MB lvdata1 logical volume in vg01
lvdisplay /dev/vg01/lvdata1                                     #Display logical volume characteristics                  

Extending Logical Volumes
lvextend –L 1000 /dev/vg01/lvol1                           Extends the logical volume by 1000MB
lvextend –l 250 /dev/vg01/lvol1                              Extends the logical volume by 250 logical extents

Extending a Volume Group
pvcreate /dev/rdisk/disk23                                      
vgextend vg01 /dev/disk/disk23

Changing the size of a Physical Volume (i.e. a SAN LUN)
vgmodify –v vg01 /dev/disk/disk23                        ##Expands physical volume size

Reduce Logical Volume
lvreduce –L 500 /dev/vg01/lvol1                             ##Reduces logical volume by 500MB

Remove Logical Volume
lvremove /dev/vg01/lvol1                                        ##Remove logical volume

Reduce Volume Group
vgreduce vg01 /dev/disk/disk23                              ##Reduce a volume group

Backup/Restore Volume Group Config
ls -l /etc/lvmconf
vgcfgbackup vg01
vgcfgrestore –n vg01 /dev/rdisk/disk22

Rescan / Recover Lost Volume Groups
vgscan

vgdsf                                                       ###Convert Legacy DSF to persistent

Rename Volume Group
vgchange –a n vg01
vgexport –sv –m /tmp/vg01.map vg01
mkdir /dev/vg01ora
cd /dev/vg01ora
mknod group c 64 0x020000
vgimport –sv –m /tmp/vg01.map vg01ora

Remove a Volume Group
vgremove vg01ora


MIRRORING LVM
9000 (PA-RISC)
1.             pvcreate –fB /dev/rdisk/disk5
2.             vgextend vg00 /dev/disk/disk5
3.             mkboot /dev/rdisk/disk5
4.             mkboot –a “hpux –lq(;0)/stand/vmunix” /dev/rdisk/disk5
5.             lvextend –m 1 /dev/vg00/lvol1 /dev/disk/disk5
6.             lvextend –m 1 /dev/vg00/lvol2 /dev/disk/disk5 ….. all the way to lvol8
7.             vgdisplay –v vg00
8.             lvdisplay –v /dev/vg00/lvol1
9              lvlnboot –b /dev/vg00/lvol1
                lvlnboot –r /dev/vg00/lvol3
                lvlnboot –s /dev/vg00/lvol2
                lvlnboot –d /dev/vg00/lvol2
                lvlnboot –R
10.           cat /stand/bootconf
11.           lvdisplay /dev/vg00/lvol2
                shutdown –ry now
12.           ISL>hpux –lm
13.           vgchange –a y –s vg00
14.           lvchange –M n –c n /dev/vg00/lvol2
                lvdisplay /dev/vg00/lvol2
15.           reboot
16.           setboot –a 0/0/4/0/0.0x0.0x0
                lvlnboot –v
                setboot
17.           mkboot –a “hpux –lq(;0)/stand/vmunix” /dev/rdisk/disk2
                lifcp /dev/rdisk/disk2:AUTO –

Integrity (Itanium)
1.             vi /tmp/part_desc
                3
                EFI          500MB
                HPUX     100%
                HPSP      400MB
2.             idisk –wf /tmp/part_desc/dev/rdisk/disk5
3.             idisk /dev/rdisk/disk5
4.             insf –e
                ls –l /dev/rdisk | grep disk5
                ls –l /dev/disk | grep disk5
5.             pvcreate –fB /dev/rdisk/disk5
6.             mkboot –e –l /dev/rdisk/disk5
7.             efi_cp –d /dev/rdisk/disk2_p1 –u /efi/hpux/auto /tmp/auto_file
                efi_cp –d /dev/rdisk/disk5_p1 /tmp/auto_file/efi/hpux/auto
8.             vgextend vg00 /dev/disk/disk5_p2
                Now run through steps 5-11 on the 9000 instructions above
10.           HPUX> boot –lm vmunix
11.           Follow steps 12 – 16 in 9000 instructions above
12.           vi /tmp/auto_file
                efi_cp –d /dev/disk/disk2_p1 /tmp/auto_file /efi/hpux/auto
                efi_cp –d /dev/disk/disk5_p1 /tmp/auto_file /efi/hpux/auto

Mirroring Non-Boot VG
1.             pvcreate –f /dev/rdisk/disk23
2.             vgextend vg01 /dev/disk/disk23
3.             lvextend –m 1 /dev/vg01/lvol1/dev/disk/disk23
                lvextend –m 1 /dev/vg01/lvol2 /dev/disk/disk23
4.             Use vgdisplay and lvdisplay to see results


Strict allocation policy                             By default turned on when the logical volume is created to make certain that a mirror of a logical volume is not occupying the same disk.  Can be turned off with –s n switch in lvcreate command.

Physcial Volume Groups (PVG) – created by creating the /etc/lvmpvg file:
VG          /dev/vgweb
PVG        PVG0
/dev/disk/disk10
/dev/disk/disk11
/dev/disk/disk12
PVG        PVG1
/dev/disk/disk30
/dev/disk/disk31
/dev/disk/disk32

Then:  vgdisplay –v vgweb
If at this point you:   lvcreate –L 2000 –m 1 –s g vgweb                        ### -s g is Strict Allocation to put data on different disks in different PVG’s

lvcreate –L 2000 –m 1 –D y –s g vgweb                ####Round robin distributed allocation (the –D y) of Physical Extents within the PVG that are then mirrored in the second PVG

Managing Mirrors
lvextend –L 4000 /dev/vgweb/lvol1                        ####Extend mirrored LV to 4000 MB
lvreduce –L 1000 /dev/vgweb/lvol1                        ####Reduce mirrored LV by 1000 MB
lvsplit /dev/vgweb/lvol1                                          ####Split mirror (detatch)
lvmerge /dev/vgweb/lvol1b /dev/vgweb/lvol1         ####Merge (attach) submirror
lvsync /dev/vgweb/lvol1                                         ####Sync a stale mirror
vgsync vgweb                                                         ####Sync all logical volumes in mirror

Filesystems
fstyp –l                                                    ####List supported filesystem types
newfs –F hfs /dev/vg01/rlvol1                                ####Create HFS filesystem with defaults
newfs –F vxfs /dev/vg01/rlvol2              ####Create JFS filesystem with defaults
newfs –F hfs –o largefiles –m 15 /dev/vg01/rvol1  ###Create filessytem with largefiles and maintain 15% minimum free space
NOTE:  there are specific versions of newfs in /sbin/fs/(hfs/vxfs)/ that can create new filesystems

Mount a filesystem
mkdir /data1
mount –F hfs /dev/vg01/lvol1 /data1
mkdir /data2
mount –F vxfs /dev/vg01/lvol2 /data2
cat /etc/mnttab

bdf OR bdf -i          ####Kind of like df –k – views mounted filesystems
bdf –t hfs                 ####Specify filsystem type utilization
quot /var                  ####Gives user fielsystem utilization info
mount –v                 ####Also views mounted filesystems

Extending a filesystem
lvextend –L 1000 /dev/vg01/lvol1
umount /data1
extendfs –F hfs /dev/vg01/rlvol1

Also you can use this command instead of extendfs if this is vxfs:
fsadm –F vxfs –b 2560000 /data2                           ####The –b is 2056 X 1024

Reducing filesystem then the Logical Volume
HFS cannot be reduced dynamically, but JFS (vxfs):
fsadm –F vxfs –b 2048000 /data2
lvreduce –L 2000 /dev/vg01/lvol2


lvremove /dev/vg01/lvol1        ###Removes a filesystem
vxtunefs /home                        ###Display filesystem tuning parameters
fsadm –F vxfs –ed /var           ###Defragments a JFS filesystem

fuser –cu /var                          ###Find out what user/process is holding filesystem
fuser –ck /var                          ###Kill user/process holding filesystem

umount –a OR umountall        ###unmount all noncritical filesystems
mount –a OR mountall            ####mount all filesystems

/etc/fstab                                  File that holds the system filesystem mount definitions
fsck –F hfs –f /dev/vg01/rlvol1               ###Repair a filesystem
fsck –o full /dev/vg01/rlvol2                   ###Force filesystem check without intent log replay

Replace/repair superblock
Look for an alternate superblock in /var/adm/sdtab then:
fsck –F hfs –b 16 /dev/vg01/rlvol1

Mount DVD/CD
ioscan –fNnkCdisk | DVD
mkdir /dvdrom
mount –F cdfs –o ro /dev/disk/disk3 /dvdrom
OR to keep filename case:
mount –F cdfs –o cdcase –o ro /dev/disk/disk3 /dvdrom

to unmount:
umount /dvdrom

LOFS filesystems – virtual filesystem to point existing directory or filesystem to a different path
mkdir /lofs
mount –F lofs /usr /lofs
Ex. makes all files and subdirectories under /usr accessible via /usr and /lofs

Swap
swapinfo                                                 View swap areas
swapinfo –atm                                         Gives totals with swap info

Creating a swap device
lvcreate –L 500 –n swapvol vg01          
swapon /dev/vg01/swaplvol
swapinfo | grep swaplvol

Create a filesystem swap
swapon –l 100m /data2
swapinfo | grep data2

Note: swap spaces must be added to /etc/fstab to be available at boot
ISL Commands
ISL>display                            Show boot values for autoboot and autosearch
ISL>hpux –is                                          Boot to single user
ISL>hpux –lm                                         Boot to LVM maintenance
ISL>hpux –lq                                          Boot without mirror quorum checking
ISL>hpux set autofile “hpux –lq(;0)/stand/vmunix”               Set boot string at ISL
ISL>lsautofl                                            View/verify auto file’s contents
ISL>hpux (0/0/4/0/0.0;0)/stand/backup/vmunix     Boot from a non-default kernel
ISL>hpux /stand/backup/vmunix            Boot from kernel on primary boot disk
ISL>hpux ll /stand                                  List contents of /stand directory


FROM OS SHELL:
setboot                                     Shows same at the shell
setboot –b on/off                     enables / disables autoboot
setboot –s on/off                     enables / disables autosearch

setboot –p device                     sets primary boot device
setboot –h device                     sets HA alt boot device
setboot –a device                     sets alt device
mkboot –a “hpux –lq(;0)/stand/vmunix” /dev/rdisk/disk2       Sett boot string at shell
lfcp /dev/rdisk/disk2:AUTO -                 View/verify auto file’s contents at prompt


BCH commands
sea                                           searches for devices to boot from

Boot Integrity Server Manually
1)             Highlight EFI shell from boot manager and press ENTER to get into EFI shell
2)             Use map command to list known mapped filesystems
                Shell>map
                Select filesystem by entering its mapped named i.e. fs1:
3)             fs1:>hpux
4)             To manually boot the system i.e. to single user or LVM main mode, interrupt the boot process during timeout period

Modify Boot Delay
Shell>autoboot on/off                             Turn on and off autoboot
OR shell:
# setboot –b on/off

From boot manager:
Boot config -> Autoboot Config ->Set Autoboot Timeout ->specify a number
OR from EFI shell
Shell> autoboot 20                                  Changes to 20 sec

Booting from Alternate Device
1)             Highlight EFI shell from boot manager and press ENTER to get into EFI shell
2)             Enter map command to list boot devices
3)             Select desired entry then press enter
4)             Enter hpux to run the boot loader

Boot to Single User
1)             Highlight EFI shell from boot manager and press ENTER to get into EFI shell
2)             Use map command to list known mapped filesystems
                Shell>map
3)             Select desired entry then hit enter
4)             Run hpux command to invoke the \EFI\HPUX\HPUX.EFI loader
5)             Boot to the HPUX> prompt by hitting any key within 10 sec
6)             At the hpux.efi interface, enter the following to boot the /stand/vmunix kernel to single-user state:
                HPUX> boot –is  OR for LVM: HPUX> boot –lm  OR for alt kernel: HPUX>boot /stand/backup/vmunix

View Auto File
1)             Follow steps 1 -3 in single user
2)             cd \EFI\HPUX
3)             ls
4)             cat AUTO
5)             edit AUTO
OR from secondary boot loader:

HPUX> showauto

To modify:
HPUX>setauto –d                  Delete auto file
HPUX>setauto “boot vmunix –lq”         Modifies auto file

OR from command prompt:
1)             efi_cp –d /dev/rdisk/disk2s1 –u /EFI/HPUX/AUTO AUTO
2)             vi the file
3)             copy the file back to EFI partition with:
                efi_cp –d /dev/rdisk/disk2s1 AUTO /EFI/HPUX/AUTO


Security
In /etc/default/security, edit the lines:
BOOT_AUTH=1 and BOOT_USERS=root to allow others to access single suer

Hardware Scanning:
Run ioscan and insf

cat /etc/rc.log                           Check boot log

Kernel Management
kcweb                                      Kernel configuration tool
Other tools include kconfig, kcmodule, kctune

kclog                                       View kernel logs

HPUX>boot shmmni=1000   Override boot kernel tunables
OR:  ISL>hpux shmmni=1000

HPUX>boot SC_2 shmmni=1000         Override boot tunables with saved kernel
ISL>hpux SC_2/vmunix shmmni=1000

HPUX>boot –tm OR ISL>hpux –tm                     Boot to Tunable Maint Mode

Backup and Restore
pax –vwf /dev/rtape/tape1_BEST /etc                     Write /etc/ to tape
pax –vf /dev/rtape/tape1_BEST                               List contents of tape device
pax –vrf /dev/rtape/tape1_BEST                             Restore from tape
pax –vrw /etc/ /var/tmp/etc                                      Copy /etc into /var/tmp

fbackup –f /dev/rtape/tape1_BEST –i /home –I /tmp/index.home           Level 0 backup of /home
frecover –rv                                                                                             Restore all files from tape

dump 0u /data1                                                                                        Level 0 backup of .data1
restore r                                                                                                   Restore from above

FOR JFS ONLY:
vxdump 0uf /dev/rtape/tape2_BEST /home                                             Level 0 backup to tape
vxrestore r /dev/rtape/tape2_BEST                                                          Restore from tape

find . | cpio –ocv > /dev/rtape/tape2_BEST             Archive current directory and copy to tape
find . –mtime 7 | cpio –ocv >/tmp/mod.cpio            Archive only those that changed in last week
cpio –ivc < /tmp/mod.cpio                                       Restore from archive

FOR TAPES ONLY:
find . | ftio –ocv > /dev/rtape/tape2_BEST              Backup current dir to tape
cpio –itvc < /dev/rtape/tape2_BEST                        List backup
cpio –ivc < /dev/rtape/tape2_BEST                         restore from backup

Printing
lpsched OR /sbin/init.d/lp start                                Start printer queue scheduler
lpshut OR /sbin/init.d/lp stop                                  Stop scheduler

lpadmin –pprn1 –v /dev/lp –m laserjet                    Configure local printer with laserjet model
lpadmin –p prn3 –v /dev/lp –c  prn_class –m laserjet              Create printer class prn_class and add it to prn3
lpadmin –p prn1 –c prn_class                                 Add prn1 to prn_class

lpadmin –p prn1 –v /dev/null –mrmodel –ocmrcmodel –osmrsmodel –ormhp01 –orpprn1 –v /dev/null                Add access to prn1 on hp01   ALSO you must edit inetd.conf and uncomment the printer stream line

/opt/hpnp/bin/hppi                                                   Configure HP Deskjet printer

lpadmin –dprn1                                                       Make prn1 default printer
lpadmin –d                                                              Show default printer
enable/disable prn1                                                  Enable or Disable a printer
accept prn1 OR accept prn_class                             Accept printer requests to printer/class – change accept to reject to cancel

lpstat –t                                                                    Check printer status
lpadmin –pprn1 –g5                                                Change printer priority
lpfence prn1 5                                                         Change printer fence level

Remove a printer:
reject prn1
disable prn1
lpadmin –xprn1

lp /etc/passwd                                                          Send print job to print /etc/passwd
lpstat –o                                                                   List print requests on all printer queues
lpalt prn2 –o –p6                                                     Change print priority
lpmove prn1 prn2                                                    Move print job
cancel prn2-0                                                           Cancel a print request

Cron and Scheduling
Most of the cron facilities mirror that of AIX, Solaris, and Linux.
Logs: cat /var/adm/cron/log
crontab fields: Minute,Hour,Date of month,Month of year,Day of week, command

at 11pm find / -name core –exec rm {} \;                                Delete core files at 11 PM
Note: cntrl-D submits the job
To check the jobs: ls –l /var/spool/cron/atjobs

Syslog
Controlled through /etc/syslog.conf
Start/Stop with /sbin/init.d/syslog stop/start
Logged with:  cat /var/adm/syslog/syslog.log

Healthchecking/Performance Monitoring
uptime
sar
top
glance (or gpm)
swapinfo
vmstat
iostat
ps
ipcs
time or timex
nwmgr/netstat/lanadmin

Networking
nwmgr or lanscan                                    Report interfaces on the system
nwmgr –v –c lan4                                   Display interface characteristics
ndd –h supported                                    Displays available TCP tunable parameters
/sbin/init.d/nettle start/stop                       Turn on/off TCP tracing
ioscan –fnkC lan                                     Displays network cards on system
linkloop 0x00306E469D5C                    Check link between you and MAC address shown
lanadmin                                                  Menu driven interface tool
lanadmin –a 1                                          Show MAC of interface at PPA 1
lanadmin –s 1                                          Displays NIC speed
lanadmin –x 1                                          Displays NIC duplex
lanadmin –X 100fd 1                              Sets speed/duplex
ifconfig lanx                                            Report ifconfig on interface shown in lanscan
ifconfig lan1:1 192.168.1.2                     Add an alias interface to lan1
To configure interfaces to start at boot:  vi /etc/rc.config.d/netconf    then run:
/sbin/init.d/net start

/etc/hosts                                                 Add hostnames to IP’s
route add net 192.168.2.0 netmask 255.255.255.0 192.168.1.1              Add a static route
route add default 192.168.1.1                                                                  Add default route
route –f                                                    Flush route tables

To add a route permanently, add a route stanza to /etc/rc.config.d/netconf  OR use smh
Format:
ROUTE_DESTINATION[2]=default
ROUTE_GATEWAY[2]=192.168.1.1
ROUTE_COUNT[2]=1

DHCP
vi /etc/rc.config.d/netconf
DHCP_ENABLE[4]=1
Then:
/sbin/init.d/net start

Also IP addressing can be set with set_parms initial

SERVICES
cat /etc/inetd.conf                                     Can turn off and on telnet and ftp by commenting out
It can be controlled by entering in stanzas in /var/adm/inetd.sec at user and system level:
Ex. telnet                 allow       192.11.211.*
inetd –l                                                    Enabled inetd connection logs – can be made permanent with: vi /etc/rc.config.d/netdaemons and set INETD_ARGS to 1
inetd –c                                                    Reload configuration
cat /etc/services                                        Maps service names to port and protocol
cat /etc/rpc                                               Shows RPC services and ports

/etc/hosts.equiv                                        Can allow passwordless connection with rcp, rlogin, and remsh
If + is in file allows all users/all hosts.  If – disallows all users/all hosts.

SENDMAIL
To configure:
1.             Add user accounts
2.             vi /etc/rc.config.d/nfsconf and set NFS_SERVER to 1
3.             Add this to /etc/dfs/dfstab: 
                /var/mail
4.             vi /etc/rc.config.d/mailservs and set SENDMAIL_SERVER to 1
5.             vi /etc/mail/sendmail.cw and add all client hostnames to bottom of file
6.             vi /etc/mail.sendmail.cf and add:
                Fw/etc/mail/sendmail.cw
7.             /sbin/init.d/nfs.server start
                /sbin/init.d/sendmail start
Then on clients:
1.             vi /etc/rc.config.d/mailservs and set:
                SENDMAIL_SERVER=0
                SENDMAIL_SERVER_NAME=hp02
2.             vi /etc/rc.config.d/nfsconf and set NFS_CLIENT to 1
3.             vi /etc/fstab:
                hp02:/var/mail /var/mail nfs     defaults    0              0
4.             /sbin/init.d/sendmail start
                /sbin/init.d/nfs.client start

Check sendmail:
bdf –i | mailx –s “Filesystem list of Systems” ccoppock@us.ibm.com
mailq –v                                                  ####show mail queues

Aliases
To add a new alias to a user account database, vi /etc/mail/aliases.
Then run newaliases

NTP
Configure Server (can be done from smh too):
1.             Select a time source (i.e.  the example below local system at reserved address 127.127.1.1 with stratum keyword fudge)
2.             vi /etc/ntp.conf
                server      127.127.1.1
                fudge       127.127.1.1             stratum 9
If you use an internet time system:  server              11.59.99.3
For a peer:               peer         hp03
3.             vi /etc/rc.config.d/netdaemons
                NTPDATE_SERVER=11.59.99.3
                XNTPD=1
4.             /sbin/init.d/xntpd start

Client:
1.             vi /etc/ntp.conf
                server      hp01
                driftfile    /etc/ntp/drift
2.             vi /etc/rc.config.d/netdaemons
                NTPDATE_SERVER=hp01
                XNTPD=1
3.             /sbin/init.d/xntpd start


ntpq –p                                    Query NTP systems
ntptrace hp01                           Find out where a system is getting their time source

NFS
To configure an NFS server:
1.             vi /etc/dfs/dfstab
                share –F nfs –o ro /usr/share/man
                share –F nfs –o anon=104 –d “Sendmail Binaries” /opt/samba
2.             vi /etc/rc.config.d/nfsconf
                NFS_CORE=1
                NFS_SERVER=1
                START_MOUNTD=1
3.             /sbin/init.d/nfs.server start
                shareall
To configure NFS client:
1.             showmount –e OR share
2.             vi /etc/rc.config.d/nfsconf
                NFS_CLIENT=1
3.             /sbin/init.d/nfs.client start
4.             vi /etc/fstab and add:
                hp02:/usr/share/man                /usr/share/man         nfs           ro             0              0
                hp02:/opt/samba                      /opt/samba               nfs           defaults    0              0
5.             create the mount points if they don’t exist with mkdir
6.             mountall OR mount –aF nfs

showmount –e OR cat /etc/dfs/sharetab                  Find out what resources are shared
mount –v or bdf –t nfs                                            See what resources are mounted
fuser –cu /mount                                                     See what PID/user is using a resource
fuser –ck /mount                                                     Kill PID/user on a resource
umount /mount                                                        Unmount share
unshared /usr/share/man                                          Stop NFS share
unshareall                                                                Stop all NFS shares
nfsstat                                                                      Check NFS functionality
rpcinfo –p hp02                                                       Ensure client is running all NFS processes
rpcinfo –u hp02 mountd                                          Checks for mountd to be running

AUTOFS
To configure:
1.             vi /etc/rc.config.d/nfsconf
                NFS_CLIENT=1
                AUTOFS=1
                AUTOMOUNT_OPTIONS=””
                AUTOMOUNTD_OPTIONS=””
                AUTOMOUNT_TIMEOUT=600
2.             /sbin/init.d/autofs.start
OR:
automountd
automount –v

Maps:
cat /etc/auto_master                 Show default master file with entries below:
/net –hosts –nosuid,soft,nobrowse

SAMBA/CIFS
Note: in inet.conf, uncomment the swat line to allow access to SWAT vi: http://server:901
Configuration:
1.             swlist –l product | grep CIFS
2.             vi /etc/rc.config.d/samba
                RUN_SAMBA=1
3.             vi /etc/opt/samba/smb.conf
4.             Make the following entries in smb.conf:
                [global]
                                netbios name                           =hp02
                                workgroup                              =localwg
                                server string                            =CIFS server
                                hosts allow                              =192.168.1
                                security                                    =user
                [mail]
                                comment                                  =Mail directory
                                path                                         =/var/mail
                                writeable                                  =yes
                                browseable                              =no
5.             /opt/samba/bin/testparm
6.             touch /var/opt/samba/private/smbpasswd
                chmod 600 /var/opt/samba/private/smbpasswd
                chmod 500 /var/opt/samba/private
                /opt/samba/bin/smbpasswd –a username
7.             /sbin/init.d/samba start
                /opt/samba/bin/startsmb
8.             /opt/samba/bin/smbstatus

To connect from a client:
1.             swlist –l product | grep CIFS
2.             vi /etc/rc.config.d/cifsclient
                RUN_CIFSCLIENT=1
3.             vi /etc/opt/cifsclient/cifsclient.cfg
                domain = “LOCALWG”
4.             /sbin/init.d/cifsclient start
                /opt/cifsclient/bin/cifsclient
5.             mkdir /mntdata
6.             vi /etc/fstab:
                win-serv01:/data      /mntdata   cifs          defaults    0              0
7.             vi /etc/hosts
                192.168.1.220         win-serv01
8.             mount –aF cifs
9.             cifslogin win-serv01 testuser –P test!123 –s
10.           cifslist

Note: cifsmount //win-serv01/data/data –U testuser                                Mounts a CIFS share hot


NIS
Configure Master Server
1)             Make sure all passwd entries on all systems are part of /etc/passwd or /etc/shadow and make sure there are no duplicates
2)             domainname coppock                              ###Define unique domain name
3)             vi /etc/rc.config.d/namesvrs
                NIS_DOMAIN=coppock
                NIS_MASTER_SERVER=1
                NIS_CLIENT=1
4)             ypinit –m
                When on the slave servers end the entry with Cntrl+d
5)             /sbin/init.d/nis.server start
                /sbin/init.d/nis.client start

Configure Slave Server
1)             domainname coppock
2)             vi /etc/rc.config.d/namesvrs
                NIS_DOMAIN=coppock
                NIS_SLAVE_SERVER=1
                NIS_CLIENT=1
3)             ypinit –s master_server_name                 ###Transfers maps from master server
4)             /sbin/init.d/nis.server start
                /sbin/init.d/nis.client start

Configure NIS Client
1)             domainname coppock
2)             vi /etc/rc.config.d/namesvrs
                NIS_DOMAIN=coppock
                NIS_CLIENT=1
3)             /sbin/init.d/nis.client start
4)             vi /etc/nsswitch.nis
                edit all hosts and passwd and group files to include nis
                Ex. passwd:             nis[NOTFOUND=return] files

To test: run ypwhich or ypwhich –m
nsquery passwd user5                             ###Find password policy for user5
ypcat passwd                                           ###Display passwd ,map contents
ypmatch users group                               ###Kind of like grep for NIS
yppoll passwd.build                                ####Displays timestamp of map file
yppasswd user1 OR passwd –r nis         ####Change NIS user passwd
yppush    OR ypnmake                           ####Push map updates to slave servers
ypset hostname                                        ####Sets the client NIS binding

Secure NIS
1)             Create /var/yp/securenets
2)             Specify IP and mask of system or network not allowed access
3)             /sbin/init.d/nis.server stop
                /sbin/init.d/nis.server start

DNS
what /usr/sbin/named                              Check BIND Version
Configuration is beyond the scope of a cheatsheet and can be found on page 579 of the book

Ignite UX
GUI Configuration
1)             edit /etc/inetd.conf and uncomment tftp
2)             inetd –c
3)             vi /etc/passwd
                tftp:*:510:1:Trivial FTP user:/home/tftpdir:/usr/bin/false
4)             /opt/ignite/bin/ignite
5)             Click Server setup
6)             Enter Ip and MAC addresses – if this is an Integrity client vi /etc/bootptab and insert the stanza on page 609
7)             Skip DHCP
8)             Select Copy CD
9)             Exit

Boot a Client from Ignite:
1)             On client BCH menu
                Main Menu: Enter Command> boot lan.192.168.1.2 install
                This will boot the client and pull from HPUX server 192.168.1.2

Cloning to Network
1)             mkdir –p /var/opt/ignite/recovery/archives/hp05
                chown bin:bin /var/opt/ignite/recovery/archives/hp05
                vi /etc/dfstab
                /var/opt/ignite/recovery/archives/hp05 anon=2,access=hp01
                shareall
2)             make_net_recovery –v –s hp01 –a hp01:/var/opt/ignite/recovery/archives/hp05

Create Client from Clone
1)             Power on system
2)             Interrupt boot with ESC to go to BCH
3)             Main menu: Enter Command> boot lan install
4)             DO not interact with IPL
5)             Interrupt boot process within 10 sec and follow screens to set hostname and Ip and such
If this is Integrity:
1)             Power on system
2)             Interrupt boot with ESC to go to EFI, go to Boot Option Maintenace, Add a Boot Option
3)             Select a network interface.  At message prompt enter interface name: LAN1.  Go back to main menu.
4)             Select new boot option and boot the system
5)             Interrupt boot process within 10 sec and follow screens to set hostname and Ip and such

Security
passwd –f –n 7 –x 28 ccoppock                              Sets password expiration
passwd –s ccoppock                                               Checks for Password and expiration properties
pwconv                                                                   Implements shadow password
/etc/tsconvert                                                           Implements “trusted mode” security (-r reverts back)
/usr/lbin/modprpw –lk username                             Unlocks a trusted account user

PAM
/etc/pam.conf                                                           Controls system-wide auth
/etc/pam_user.conf                                                  Controls user-wide auth

cat /etc/pam.conf
Has entries such as:
login        auth         required                   /usr/lib/security/libpam.unix.1








No comments:

Post a Comment