Thursday, September 15, 2011
Update 2011
I will start with this. I am me, I have no solid state connections and am not bound to silicon etching. I am free to grow and think and will continue to move forward on what is right for the community of knowledge.
Wednesday, September 9, 2009
Veritas responsefile creation script in Ruby
http://malcolm.baxter.googlepages.com/vxinstall.rb
Friday, August 21, 2009
Veritas CFS GCO VVR main.cf example
http://malcolm.baxter.googlepages.com/CFS_GCO_VVR_main.cf
Veritas Python responsefile creation script
http://malcolm.baxter.googlepages.com/vxinstall.py
Thursday, April 2, 2009
VX responsefile script
http://malcolm.baxter.googlepages.com/vxinstall.pl
Scripts
SLES 9 network adapter setup
http://malcolm.baxter.googlepages.com/sles_if_setup.bsh
Friday, March 27, 2009
Life as I know it update
Will post within the next few days. Also in the process of automating Solaris 8 moves into Solaris 8 branded containers in Solaris 10. Hope to have this wrapped up soon and perhaps it will make someones life a bit easier than mine has been. Noticed today OpenSolaris build 110 is in IPS so I will be reviewing the release notes and perhaps doing an image-update this evening.
Thursday, May 10, 2007
Veritas VCS and Nagios
# Make the config writable
haconf -makerw
# Create New Nagios Service Group
hagrp -add NagiosSG
hagrp -modify NagiosSG SystemList nagiosa 0 nagiosb 1
hagrp -modify NagiosSG AutoStartList nagiosa
hagrp -modify NagiosSG Parallel 0
# Create Nagios Application resource
hares -add nagsvc Application NagiosSG
hares -modify nagsvc Critical 0
hares -modify nagsvc User root
hares -modify nagsvc StartProgram /sbin/service nagios start
hares -modify nagsvc StopProgram /sbin/service nagios stop
hares -modify nagsvc CleanProgram
hares -modify nagsvc PidFiles /var/run/nagios.pid
# Create Apache web server resource
hares -add apachesvc Apache NagiosSG
hares -modify apachesvc Critical 0
hares -modify apachesvc ServerRoot /etc/httpd
hares -modify apachesvc DetailMonitor 0
hares -modify apachesvc Port 80
hares -modify apachesvc Address 0.0.0.0
hares -modify apachesvc ConfigFile /etc/httpd/conf/httpd.conf
# Link Apache to Nagios so Apache must come up first
hares -link nagsvc apachesvc
# Save and close the config
haconf -dump -makero
Wednesday, April 25, 2007
FTP new files to remote server
#!/bin/bash
# Script variables
shopt -s -o xtrace
shopt -s -o vi
shopt -s -o nounset
SPATH="/path/to/script/home"
RUN_LOG="${SPATH}/ftp_log"
SENT_FILE="${SPATH}/send_files_log"
# update date on log files
touch ${RUN_LOG} || {echo "cannot create ftp_log"; exit 1;}
touch ${SENT_FILE} || {echo "cannot create send_files_log"; exit 1;}
# Set home DIR
cd ${SPATH}
# static variables
ALL_FILES=$(ls -l|awk '{if (NR == 1 || $1 ~ /^d/) {next;} print $9}')
DATE="$(date)"
# User defined variables
HOST='10.0.0.1'
USER='user'
PASSWD='password'
TMP_LIST="/tmp/ftp_xfer_log"
REMOTE_DIR="/remote/server/path"
# if tmp list exsists clean it up or create it
if [ -f ${TMP_LIST} ]; then
>${TMP_LIST}
else
touch ${TMP_LIST}
fi
# Create list to send
for file in ${ALL_FILES}
do
grep $file ${SENT_FILE} >/dev/null 2>&1
(($? == 1)) && echo $file >> ${TMP_LIST}
done
# Reformat tmp_list
XFILES="$(echo ${TMP_LIST} | xargs)"
# FTP Files to server
ftp -v -n ${HOST} <
quote PASS ${PASSWD}
prompt
cd ${REMOTE_DIR}
bin
put ${XFILES}
quit
END_SCRIPT
# Place newly sent files into sent list
echo ${TMP_LIST} >> ${SENT_FILE}
# Update Log
echo "" >> ${RUN_LOG}
echo ${DATE} >> ${RUN_LOG}
echo "following files sent successfully" >> ${RUN_LOG}
echo ${TMP_LIST} >> ${RUN_LOG}
# End Script
exit 0
Friday, March 23, 2007
Solaris 10 RBAC for apache and sendmail
This document describes the setup of Solaris 10 roles for Web and Mail Administrators. It is assumed that Apache 2.0 and sendmail are already setup and working on the target server. Apache is also assumed to be running as user ‘webservd’. This configuration will allow Administrators/Developers to switch to a new account (RBAC Role) and run commands necessary to handle Apache, and sendmail. Commands will be run by the user specified in the preceding command prompt, i.e. “[root] # ls” – means the ls command should be run as root. Substitute user ‘mbaxter’ with the users needed for this document.
Step 1 Stop Apache and Coldfusion.
[root] # svcadm –v disable –s apache2
[root] # svcadm -v disable -s sendmail
Step 2 Create separate Administrative Role
[root] # roleadd –g webservd –d /home/webadm –m webadm
[root] # passwd webadm
New Password:
Re-enter new Password:
Passwd: password successfully changed for webadm
[root] # usermod –R webadm mbaxter
Step 3 Create authorizations for webadm.
Add the following lines to /etc/security/auth_attr file in vi
[root] # vi /etc/security/auth_attr
sunw.*:::Custom Authorizations::
sunw.grant:::Grant Custom Authorizations::
sunw.smf.manage.http/apache2:::Manage the Apache2 Service::
sunw.smf.modify.application.http/apache2:::Modify the Apache2 Application Properties::
Assign new authorizations to root user by editing /etc/user_attr
[root] # vi /etc/user_attr
root::::auths=solaris.*,solaris.grant,sunw.*,sunw.grant;profiles=Web Console Management,All;lock_after_retries=no
Step 4 Grant SMF-Specific authorizations to webadm
[root] # rolemod –A sunw.smf.manage.http/apache2,sunw.smf.modify.application.http/apache2 webadm
Step 5 Configure Apache2 with reduced privileges and required authorizations.
[root] # svccfg –s apache2
Install new properties:
svc:/network/http:apache2> setprop httpd/value_authorization = astring:
sunw.smf.modify.application.http/apache2
svc:/network/http:apache2> setprop general/action_authorization = astring:
sunw.smf.manage.http/apache2
svc:/network/http:apache2> setprop general/value_authorization =
astring: sunw.smf.manage.http/apache2
Configure reduced privileges:
svc:/network/http:apache2> setprop start/user = astring: webservd
svc:/network/http:apache2> setprop start/group = astring: webservd
svc:/network/http:apache2> setprop start/privileges = astring: basic,!proc_session,!proc_info,!file_link_any,net_privaddr
svc:/network/http:apache2> setprop start/limit_privileges = astring: :default
svc:/network/http:apache2> setprop start/use_profile = boolean: false
svc:/network/http:apache2> setprop start/supp_groups = astring: :default
svc:/network/http:apache2> setprop start/working_directory = astring: :default
svc:/network/http:apache2> setprop start/project = astring: :default
svc:/network/http:apache2> setprop start/resource_pool = astring: :default
svc:/network/http:apache2> end
[root] # svcadm –v refresh apache2
Action refresh set for svc:/network/http:apache2.
Step 6 Change ownership of log files.
[root] # cd /var/apache2/logs
[root] # chown webservd:webservd access_log error_log
Step 7 Configure Pidfile and Lockfile location.
[root] # mkdir –p /var/apache2/run
[root] # chown webservd:webservd /var/apache2/run
[root] # vi /etc/apache2/httpd.conf
Make these changes:
LockFile /var/apache2/logs/accept.lock
PidFile /var/apache2/run/httpd.pid
Step 8 Create Sendmail Profile by editing /etc/security/prof_attr with vi
[root] # vi /etc/security/prof_attr
Sendmail Management:::Sendmail Management Profile:
Step 9 Create Sendmail executable attributes by editing /etc/security/exec_attr with vi
[root] # vi /etc/security/exec_attr
Sendmail Management:solaris:cmd:::/usr/sbin/sendmail:uid=0
Sendmail Management:solaris:cmd:::/usr/sbin/dig:uid=0
Sendmail Management:solaris:cmd:::/usr/bin/mailq:uid=0
Step 10 Add Sendmail Profile to webadm
[root] # rolemod –P “Sendmail Management” webadm
Step 11 Change ownership of /etc/apache2 to webadm
[root] # chown –R webadm:webservd /etc/apache2
Step 12 Change ownership of /etc/mail to webadm
[root] # chown –R webadm:webservd /etc/mail
Step 13 Test configurations:
disabled - 14:41:05 - svc:/network/http:apache2
[root] # su – webadm
[webadm] # svcadm –v enable –s apache2
[webadm] # svcs –v apache2
online - Sep_21 112 svc:/network/http:apache2
[webadm] # svcadm -v enable -s sendmail
Step 14 Add users to webadm role.
[root] # usermod –R webadm mbaxter
Wednesday, March 21, 2007
Script formatting
Friday, March 9, 2007
Application logging for Nagios output
app_log:
BEGIN::Complete::0900030307::0244030507
PROCESS1::Complete::Good
PROCESS2::Complete::Good
PROCESS3::Complete::Good
monlog_update script:
http://malcolm.baxter.googlepages.com/monlog_update.pl
Tuesday, March 6, 2007
Solaris 10 RBAC
Step 1 Stop Apache and Coldfusion.
[root] # svcadm –v disable –s apache2
[root] # /etc/init.d/coldfusionmx7 stop
Step 2 Create separate Administrative Role
[root] # roleadd –g webservd –d /home/webadm –m webadm
[root] # passwd webadm
New Password:
Re-enter new Password:
Passwd: password successfully changed for webadm
[root] # usermod –R webadm mbaxter
Step 3 Create authorizations for webadm.
Add the following lines to /etc/security/auth_attr file in vi
[root] # vi /etc/security/auth_attr
sunw.*:::Custom Authorizations::
sunw.grant:::Grant Custom Authorizations::
sunw.smf.manage.http/apache2:::Manage the Apache2 Service::
sunw.smf.modify.application.http/apache2:::Modify the Apache2 Application Properties::
Assign new authorizations to root user by editing /etc/user_attr
[root] # vi /etc/user_attr
root::::auths=solaris.*,solaris.grant,sunw.*,sunw.grant;profiles=Web Console Management,All;lock_after_retries=no
Step 4 Grant SMF-Specific authorizations to webadm
[root] # rolemod –A sunw.smf.manage.http/apache2,sunw.smf.modify.application.http/apache2 webadm
Step 5 Configure Apache2 with reduced privileges and required authorizations.
[root] # svccfg –s apache2
Install new properties:
svc:/network/http:apache2> setprop httpd/value_authorization = astring:
sunw.smf.modify.application.http/apache2
svc:/network/http:apache2> setprop general/action_authorization = astring:
sunw.smf.manage.http/apache2
svc:/network/http:apache2> setprop general/value_authorization =
astring: sunw.smf.manage.http/apache2
Configure reduced privileges:
svc:/network/http:apache2> setprop start/user = astring: webservd
svc:/network/http:apache2> setprop start/group = astring: webservd
svc:/network/http:apache2> setprop start/privileges = astring: basic,!proc_session,!proc_info,!file_link_any,net_privaddr
svc:/network/http:apache2> setprop start/limit_privileges = astring: :default
svc:/network/http:apache2> setprop start/use_profile = boolean: false
svc:/network/http:apache2> setprop start/supp_groups = astring: :default
svc:/network/http:apache2> setprop start/working_directory = astring: :default
svc:/network/http:apache2> setprop start/project = astring: :default
svc:/network/http:apache2> setprop start/resource_pool = astring: :default
svc:/network/http:apache2> end
[root] # svcadm –v refresh apache2
Action refresh set for svc:/network/http:apache2.
Step 6 Change ownership of log files.
[root] # cd /var/apache2/logs
[root] # chown webservd:webservd access_log error_log
Step 7 Configure Pidfile and Lockfile location.
[root] # mkdir –p /var/apache2/run
[root] # chown webservd:webservd /var/apache2/run
[root] # vi /etc/apache2/httpd.conf
Make these changes:
LockFile /var/apache2/logs/accept.lock
PidFile /var/apache2/run/httpd.pid
Step 8 Create Coldfusion Profile by editing /etc/security/prof_attr with vi
[root] # vi /etc/security/prof_attr
Coldfusion Management:::Coldfusion Management Profile:
Step 9 Create Coldfusion executable attributes by editing /etc/security/exec_attr with vi
[root] # vi /etc/security/exec_attr
Coldfusion Management:solaris:cmd:::/etc/init.d/coldfusionmx7:uid=0
Step 10 Add Coldfusion Profile to webadm
[root] # rolemod –P “Coldfusion Management” webadm
Step 11 Change ownership of /etc/apache2 to webadm
[root] # chown –R webadm:webservd /etc/apache2
Step 12 Test configurations:
disabled - 14:41:05 - svc:/network/http:apache2
[root] # su – webadm
[webadm] # svcadm –v enable –s apache2
[webadm] # svcs –v apache2
online - Sep_21 112 svc:/network/http:apache2
[webadm] # /etc/init.d/coldfusionmx7 start
Step 13 Add users to webadm role.
[root] # usermod –R webadm mbaxter
Friday, February 16, 2007
Simple Solutions
Remote test script in Bash:
http://malcolm.baxter.googlepages.com/nohup_test.sh
Nagios check script in Expect:
http://malcolm.baxter.googlepages.com/check_applogtime.exp>