Unix/Linux/AIX Operating System Commands/Utilities
The commands/utilities listed here are common for most Unix environments. However, some required the installation of various utilities and subsystems. All commands have worked before, so if they dont work on your system, you are on your own.
Common
Unix Linux AIX Commands
System
Management Miscellaneous Information
Linux
Specific Operating System Commands
Solaris Specific Operating System Commands
License
User Manager
MQSERIES
Commands
MISC
vi Commands
Miscellaneous
Operating System Notes/Utilities
Installing
Filesets Manually From sesni1
Installing
Filesets Manually From lppsource
Exporting
Files For Mounting By Other Machines
Securing An AIX Machine
Securing A Solaris Machine
Windows/DOS Commands
AIX Specific Functionality
Any user that logs into or connects to AIX will have an initial
environment
configuration which is contained in the file "/etc/environment". This
includes
PATH information and miscellaneous other parameters.
Common Unix Linux AIX Commands
Command Action
prtconf
Display machine info (processor, memory, etc.)
cp -fpR blah
blah1
Copy blah to blah1, with all files and subdirectorys and keeping
original
time stamps
lsattr -El
mem0
To display the amount of memory on your box
lsps
-a
To list the amount of paging space on your box
uname
-a
To list the version of operating system
(results will look like "AIX wea2aix1 1 5 0007386C4C00"
instfix
-a
To list all fixes currently installed on your box
lspv
List physical volumes on your box
ls
-la
Show all files, folders, and links in current directory
nslookup (ip or
nodename)
Looks up node name or ip address on net
su
Log in as root (will be queried for password)
find / -name
(filename)
Finds (filename) looking from root (/)
find . -name
(filename)
Finds (filename) looking from current directory
file
(filename)
Displays what type of file (filename) is
find (path/subs) -name (filename) Finds (filename)
starting at (path/subs)
*
domainname
Returns domain name
* ypmatch (nodename)
hosts
Returns IP address and alias'
uname
-a
Returns node, uxversion, machine type, etc.
hostname
Returns the domain name of this server
whoami
Returns your user id
shutdown -r
now
Shut the box down, reboot!
chmod 644
(filename)
Changes file to read by everyone
chown (owner) (directory/filename) Change owner of
filename/directoryname
chgrp (group)(directory/filename) Change group
of filename/directoryname
*
bdf
Displays disk space
rm -r
(directory)
Removes directory and all subdirectories
rm -rf
(directory)
Removes directory and all subdirectories (no prompts!)
tar -cvf (file.tar) ./(directoryname) Tar's a directory
and all subs
xhost
+
Tells xserver to accept x requests from any host (normally in "
usr/openwin/bin/")
xhost +
machinename
Tells xserver to accept x requests from a specific host
ls
-aCF
Lists files (inc. "."'s)
unset (environment
variable)
Unsets an environment variable
du -s (directory
name)
Lists space used in directory and subs
du –k
.
Lists space used in directory and subs (in kilobytes)
df
-k
Lists space on disks in kbytes
* df
-b
Lists available space on current disk in blocks
df
.
Do df on current directory/filesystem
finger
Queries who is on and is doing what
tar -cvf newtarfile
directory
Directory/file to tar
tar -xvf (filename.tar)
&
Untar a tar file
tar cvf /dev/rmt/0mn (filename)
Tar my file to mag tape with rewind
tar cvf /dev/rmt/0m
(filename)
Tar with no rewind
tar
tf
Look at next tar file on tar tape
tar tvf (filename) | grep (string)
Search tar file (filename) for file (string)
tar -cf - (directory/file) | rsh (nodename) 'cd vob1; cat >
(filename)
Tars from another machine
.
(filename)
To execute script file
jobs
Displays jobs running invoked from current shell
mount -v 'cdrfx' -r /dev/cd0
/usr/cdrom/ics
Mount cdrom on AIX (Angela Meng)
mount -o ro -v cdrfs /dev/cd0
/mnt
Mount cdrom on AIX (Gary Deen)
mount
-a
Mounts everything in "/etc/filesystems" file
ls | wc
–l
Lists number of files in a directory
? mount -F nfs (nodename):/cdrom/(directoryname)
/cdrom
Mount a cdrom on diff. machine
? unmount
/cdrom
Unmount cdrom
stty
Sets terminal characteristics (ie. stty erase (Ctrl/v and then
backspace
character))
nm
libcrap.so
Displays symbol map and other info for a *.so or *.a file
crapola 2>&1 | tee
/filename
Run program "crapola", let it's output go to console and to "/filename"
Piping
Command/script 2> somefilename Pipes output of the execution of a command to somefilename
$$ Korn shell
ksh
Go to Korn shell
* whence (program
name)
Tells you directory the program exe. is
export (env
var)=(value)
Sets environment variable in Korn/Borne Shell
$$ Misc NSF stuff:
*
/etc/services
Has list of ports on workstation
/etc/hosts
Has IP addr. (resident machine & ones you can acc.)
*
/etc/nodename
Has hostname in it (i.e. greenk.charlotte.ibm.com)
$$ Netscape stuff
*
/usr/local/lib/netscape
(expects to go)
*
/usr/contrib/bin
(put executables in for Navigator)
* Dependant upon your particular installation, this does
not work on IBM AIX
System
Management Miscellaneous Information
smit
Systems management utility (GUI)
smitty
Text version of Systems Mgt utility
info
Documentation utility
xcalc
Calculator
lsvg
rootvg
Lists total free disk space
lslpp
–l
Lists software component versions
lslpp –l
db2*
Lists S/W component requested (i.e. DB2)
lsvg
List volume groups
lspv
List physical groups
lsfs
Lists file system
lscfg
List installed resources
lsdev -C -c
if
Display the physical address of
AIX ethernet adapters to correspond with lscfg for MAC selection
lscfg -l entX
-v
Display the ethernet address of the adapter
arp -s ether ip_address hw_addr pub
- Publish a MAC address for NAT
lspv
disk_label
Display complete information about a drive. Ex of disk_label:
hdisk0
startsrc –g
nfs
Starts NFS process
startsrc -g
nim
Starts NIM server
shutdown
–Fr
Shuts down/reboots system (DANGEROUS!!!!)
shutdown -r
now
Duh!
stopsrc -g
nfs
Stops "nfs" subservice of service "tcp/ip"
startsrc -g
nfs
Starts "nfs" subservice of service "tcp/ip"
ulimit
–a
Shows what you userid is allowed to use
vmstat
Lists virtual memory
vmstat
–s
Lists swap memory
vmstat
–i
Lists interrupts
vmstat
10
Runs vmstat every 10 seconds
ps
aux
Lists everything about processes
uptime
Displays how long since last reboot
lsps
–s
Lists paging space
instfix
-ia
Display installed patches
mkps -s4 -n -a
rootvg
Adds 4*256 megabytes of paging space to the rootvg
chps -d /dev/paging00 -s +4 rootvg Increases existing
paging space (maybe)
svmon
–G
Lists memory usage
oslevel
Lists OS level
oslevel
-r
Operating System level plus ML
who
-r
Ddetermine system runlevel
chmon
-p20
Invokes real time cpu monitor/display (top 20 processes)
tprof
AIX system monitoring tool
nslookup
(machinename)
Lookup IP address value/existence for machine/domain name
jar –tvf (jar
name)
List the classes within a Java jar file (i.e. “jar –tvf servlet.jar”)
fsck
File System Check, do on reboot when machine has been shut down
dis-gracefully
monitor
-a
Systems monitoring tool for showing CPU usage, etc.
xload
Systems monitoring tool for graphically showing aggregate machine usage
netstat
-a
Provides detail of networking configuration, including port #'s
netstat
-in
Displays network info (mac addr., etc).
bootinfo
-z
Displays parallel architecture (0=uni, 1=multiprocessor)
bootinfo
-p
Displays the processor architecure (risk, chrp, etc)
bootinfo
-r
Displays the amount of real memory in Kbytes
tracerout theothermachinename
Displays
the IP route a connectivity hops
route
Manually manipulate the routing tables (i.e route add default
9.42.64.1
will add this route)
unset
(someenvironmenvar)
Unset some environment variable you have exported
/usr/lib/methods/showled (adigit) Displays
a hex digit on the alphanumeric display on the front panel of the
machine
lsattr -E -l
ent0
Displays the ethernet adapter
lsattr -E -l
sys0
Displays machine architecture and other info.
nfsstat
Displays NFS statistics
ipconfig
-a
Displays the ethernet information (including "en1")
entstat -d
ent1
Displays ethernet statistics
ifconfig en0
down
Shuts the ethernet interface down
ifconfig en0
detach
Detaches the ethernet I/F
chdev -l ent0 -a
media_speed=100_Full_Duplex
Changes ethernet I/F to 100meg
ifconfig en0
up
Brings up ethernet I/F
cfgmgr
Reconfigure ethernet
ifconfig
-a
Displays which ethernet adapter is being used (i.e. "en1").
Then, smitty, "Devices", "Communication", "Ethernet Adapter",
"Adapter",
"Change/Show
Characteristics of an Ethernet Adapter", select the adapter you wish to
view/show and in "Change/Show
Characteristics of an Ethernet Adapter" panel (Media Speed should
be 100_Full_Duplex)
bootlist -m normal
-o
Displays the boot sequence for your machine
The following command changes the bootsequence to 1) CD, 2)
ethernet,
3) Harddisk
bootlist -m normal cd0 ent0
gateway=9.42.66.56
bserver=9.42.66.56 client=9.42.66.57 hdisk0
smitty mktcpip (then select "Minimum Configuration And Startup", select your interface (i.e. "en0") then "Enter" Displays ether info
For the following commands, see also Installing
a Network Printer
/usr/lib/lpd/pio/etc/piomknp mkpq_np -p
'ibm4317'
-D pcl -q 'lp' -D ps -q 'ps'
-h
'9.9.9.9' Add a network printer
with the characteristics printer type ibm4317 can do postscript,
IP address is 9.9.9.9
/usr/lib/lpd/pio/etc/piochdfq -q 'lp'
lpr
nowafilename
Print a file to the printer
lpr -P lpc
nowafilename
Print a file to the color printer, however, it must be a color format
file
enq
-A
Inquire about the status of print queues
$$ * If you try to log into a machine as
root
from another console, and it will not let you, you can
$$ * go to the
/etc/default/login
and in login command, comment out console command.
AIX
64-bit Kernel Mode
To verify your AIX hardware supports 64-bit, run the following command:
bootinfo -y
If the command returns 64, then your hardware is 64-bit.
To verify that you have the 64-bit kernel installed and running, run
the following command:
bootinfo –K
If the command returns 64, then your kernel is 64-bit.
The 32-bit and 64-bit kernels are provided as part of the AIX 5L
Version 5.3 base media.
You can switch between the 32-bit and 64-bit kernels without
reinstalling the operating system. The path name of the 64-bit
kernel is /user/lib/boot/unix_64, and the path name of the
multiprocessor version of the 32-bit kernel is /usr/lib/boot/unix_mp.
If bootinfo –K returns 32, you can switch from the 32-bit kernel to the
64-bit kernel by doing the following:
1. Modify the /usr/lib/boot/unix directory and the /unix directory to
be symbolic link to the binary of the desired kernel. Issue the
following commands
rm /unix
ln –sf /usr/lib/boot/unix_64 /unix
rm /usr/lib/boot/unix
ln –sf /usr/lib/boot/unix_64 /usr/lib/boot/unix
2. Run bosboot –a command to write a new system boot image
3. Reboot the sytem
After the AIX system reboots, the bootinfo –K command should return 64.
System Files
/etc/resolv.conf
File that contains name servers for the box
/etc/hosts
File that contains IP/Domain names (Resolves hostnames to IP's)
Resource Usage
wsm
Web System Management (Overview displays CPU utilization)
Linux Specific Operating System Commands
rpm -q
softwarepackagename
Is the software package "softwarepackagename" installed on system?
rpm
-qa
Lists all installed software installed
rpm -e
erasethissoftware
Uninstall the software package "erasethissoftware"
rpm -ivh
installthissoftware
Install the software package "installthissoftware"
rpm -q
IBMWebAS
(shows the rpm package name)
rpm -qi
IBMWebAS
(shows lotsa details about the package, location, description, etc)
rpm -qa | grep package
Query an installed package
rpm --uninstall
IBMWebAS
(uninstalls the package)
man
rpm
(bores you to death with details and "the philosophy" of rpm)
smbclient //wasdoc0/APARS -U
guest
Creates a more robust ftp connection (allows you to read a file)
uname
-a
Display OS and Kernel Info
arp -s -i interface -s ip_address hw_addr pub Publish
a MAC address for NAT
who -r
Determine system runlevel
more /proc/meminfo
List physical memory
watch -n 2 'more
/proc/net/sockstat'
List # of in-use UDP and TCP ports
cat
/etc/issue
Displays Linux distribution
Solaris Specific Operating System Commands
prtconf
-
Display amount of RAM
psrinfo
- Display processors
arp -s ip_address hw_addr pub
- Publish a MAC address for NAT
more /etc/path_to_inst | grep network
- Display interface identifier and
number (prededed by identifier)
showrv -p
- Display
installed patches
who -r
- determine system runlevel
prtconf
- List physical memory +
prstat
- Command like topaz or top
who -r
- Display run level
i4blt –a –n (server name)
i4cfg –list (lists subsystems)
i4blt –lp (lists licenses)
When you attempt to login to AIX and get the Action Required dialog box, it states:
The DT messaging system could not be started.
To correct the problem:
1. Choose [OK] to return to the logon screen.
2. Select Failsafe Session from the logon screen's optoin menu
and log in.
3. Check to see that the hostname is correct in "/etc/hosts".
Other hostname problems can be corrected by
usingthe command "smit mktcpip"
4. Check to see that if a search list is specified in
"/etc/resolv.conf"
it includes the domain your machine is configured on.
For additional information, see the DT Users's Guide.
[OK]
runmqsc
WBANK0
Invoke MQSeries Admin tool and look at qmanager WBANK0
/usr/lpp/mqm/bin/runmqsc WBANK0 Same as above with command not
in your PATH
dis q
(‘*’)
Shows all queues
runmqsc WBANK0 >
silly
Run runmqsc on WBANK0 and pipe all subsequent output to “silly”
(Note that output will not appear on
your display when invoking subsequent commands. When you
terminate the running of “runmqsc”
you can edit this file)
<ctrl/C>
Exit runmqsc
dspmqfls -m WBANK0 -t qr
‘*’
Display all remote queues on WBANK0 queue manager
dspmqcsv
WBANK0
Display status of WBANK0 command server
strmqm
WBANK0
Start queue manager WBANK0
endmqm
WBANK0
Stop queue manager WBANK0 (there are 2 other ways to stop a queue
manager)
:1,$s/oldstring/newstring/g
Substitute oldstring with newstring from first to last lines
:%s/oldstring/newstring/g
Same as above
:1,$?/oldstring?/newstring?g
Same as above but will look for or substitute slashes “/”
:30,50s/oldstring/newstring/g
Substitute oldstring with newstring on lines 30 through 50
:set
ic
Disable case sensitivity while searching for strings
:1,$s/^.........//
On every line, delete the first X characters where X = the number of
"."
characters
Shift/G
Go to last line in file
Ctrl/G
Display the file name you are editing and the line you are on
Miscellaneous Operating System Notes and Utilities (smitty)
Common Smitty Functions
Using
The Systems Management Tool To Increase File Sizes
Adding Users
Creating
a
New Group
Creating
a new File System
Uninstalling
Software
Removing
a Broken Mount
Miscellaneous
Notes
Mounting a Disk
Permanently
Installing
Filesets
Manually From sesni1
Installing
Filesets Manually From lppsource
Installing
a Network Printer
Ethernet
Network Interface Operation
Using
The Systems Management Tool To Increase File Sizes
To use the "smitty" systems management tool to increase the sizes,
from
the command line type "smitty". Select ""System Storage Management",
the
"File Systems", then "Add/Change/Show/Delete File Systems", "Journaled
File Systems", then "Change/Show Characteristics of a Journaled File
System".
Select "/home" in the pop-up and change "Size of file system" to
"81920".
Use this same procedure to change "/usr" to "3809280", and “/” to 65536
(if any of these values are less than what you system is already
configured
at, use the largest value for that file system).
Creating a new user using "smit" or "smitty":
(selections are):
Security and Users
Users
Add a User
User Name es363
Home Directory /home/es363
(remaining values can be ignored)
(selections are):
Groups
Add a Group
Group Name es363
Administrative Group false
Group ID
User List es363
Creating
a new File System
(selections are):
smitty
System Storage Management
File Systems
Add / Change / Show / Delete File Systems
Journaled File Systems
Add a Journaled File System.
Add a Standard Journaled File System
In the "Volume Group Name" section of this panel, select
"rootvg",
then press "Enter"
In the "Add a Standard Journaled File System" panel, for the following fields enter the associated value:
Field Value
Size of file system 12000000
MOUNT POINT /users
Mount AUTOMATICALLY "yes"
Then press "Enter" and when the command completes, press "Ctrl/c"
Then, from the AIX command prompt, type "mount -a" to mount this
file
system.
Uninstalling
Software
(selections are):
Software Installation and Management
Software Maintenance and Utilites
Remove Installed Software
(From this window, pressing key "F4" provides
a list of all software. Go
to the desired item(s) you wish to remove
and press "F7" to select it/them. Press
"Enter". Your items will be included
in the "Entry Fields". Tab to the next
entry "Preview only?", and press the "Tab"
key to indicate "No". Press "Enter"
and the software will be uninstalled)
(notes: The WebSphere product will normally be "IBMWebAS", and may contain several modules, dependant upon your installation.
There is some likelihood you will need to delete associated
directories
dependant upon what software you are uninstalling).
Removing Directories from a broken mount.
System Storage Management (Physical & Logical Storage)
File Systems
Add/Change/Show/Delete File Systems
Network File System (NFS)
Network File System (NFS)
Remove an NFS File System
On Solaris, (maybe even AIX) you need to run ksh to be able to export display. Likely you will need to "xhost +" also.
On Solaris or AIX, to run db2 from the command line, you must be
logged
on as a user that is a member of all 3 db2 groups (Solaris =
"db2asgrp",
"db2fadm1",
and "db2iadm1".
To add user on Solaris, use the Administration Tool, which is
invoked
from the command line with the command "admintool". And as per
previous
"tidbit", go ahead
and add the three db2 groups.
AIX
When running "configassist", you cannot execute your .profile beforehand, for if you do you will get the error "Cannot find class "java/lang/Thread".
On Solaris, (maybe even AIX) you need to run ksh to be able to export display. Likely you will need to "xhost +" also.
On Solaris or AIX, to run db2 from the command line, you must be
logged
on as a user that is a member of all 3 db2 groups (Solaris =
"db2asgrp",
"db2fadm1", and "db2iadm1").
1) From the AIX command prompt type "smitty".
2) Select "Communications Applications and Services", and press "Enter".
3) In the "Communications Applications and Services" panel, select "NFS", and press "Enter".
4) In the "NFS" panel, select "Network File System (NFS)", then press "Enter".
5) In the "Add a File System for Mounting", enter appropriate values as in the following example:
Field Value
PATHNAME of mount
point
[/WEA] (what you want to call it on your local
machine)
PATHNAME of remote
directory
[/WEA] (the name of the directory on the remote
machine)
HOST where remote directory
resides
[wea2aix6] (the machine your mount directory is on)
..
MOUNT now, ad entry to the /etc/filesystems or
both?
both
/etc/filesystems entry will mount the directory
on system
RESTART
yes
Then press "Enter". A Command "OK" reflects success.
Installing
a Network Printer
(smitty panels)
System Management
Print Spooling
Add a Print Queue
(In the "Add a Print Queue"
select "ibmNetPrinter" or "ibmNetlblahcolor")
Names of NEW print queues
to add
PCL 5E
Emulation
[lp] (black and white) [lpc] (color)
PostScript
[ps] (black and white) [lpcps] (color)
Printer connection
characteristics
HOSTNAME of Network Printer Card [enter the IP
address here, i.e. 9.42.64.85]
To Make It The Default Printer
(smitty panels)
System Management
Print Spooling
Manage Print Queues
Set the System's Default Print Queue
Set System's
Default Printer Queue
System DEFAULT QUEUE name [lpc]
Ethernet Network Interface Operation
(smitty panels)
(not exhaustive!)
Detaching The Device (required for changing speed)
smitty
System Management
Communication Applications and Services
TCP/IP
Further Configuration
Network Interfaces
Network Interface Selection
Change / Show a Standard Ethernet Interface
(up/down arrow in the "Available Network Interface" portion of the
panel, up/down arrow to the interface you wish to change and
press
"Enter")
(back in the "Change / Show a Standard Ethernet Interface" panel,
up/down arrow to the "Current STATE" field, press the F4 key, and in
the
resulting "Current STATE" selection, up/down arrow to "down" and press
"Enter", then press "Enter" to invoke the operation)
(back in the "Change / Show a Standard Ethernet Interface" panel,
up/down arrow to the "Current STATE" field, press the F4 key, and in
the
resulting "Current STATE" selection, up/down arrow to "detach" and
press
"Enter", then press "Enter" to invoke the operation.)
When operation is complete ("OK") press "Ctrl/c" to get out of smitty.
Changing speed of device
smitty
System Management
Devices
Communication
Ethernet Adapter
Adapter
Change / Show Characteristics of an Ethernet Adapter
(in the resulting "Ethernet Adapter" list, up/down arrow to your
choice,
then press "Enter")
(up/down arrow to the field "Media Speed", press F4 for list, and
select
the appropriate value (100_Full_Duplex), then press "Enter")
(back in the "Change / Show Characteristics of an Ethernet Adapter"
panel, press "Enter" to perform the change)
When operation is complete ("OK") press "Ctrl/c" to get out of smitty.
Re attaching The Device
smitty
System Management
Communication Applications and Services
TCP/IP
Further Configuration
Network Interfaces
Network Interface Selection
Change / Show a Standard Ethernet Interface
(up/down arrow in the "Available Network Interface" portion of the
panel, up/down arrow to the interface you wish to change and
press
"Enter")
(back in the "Change / Show a Standard Ethernet Interface" panel,
up/down arrow to the "Current STATE" field, press the F4 key, and in
the
resulting "Current STATE" selection, up/down arrow to "up" and press
"Enter",
then press "Enter" to invoke the operation)
When operation is complete ("OK") press "Ctrl/c" to get out of smitty.
Installing Filesets Manually From sesni1
It is recommended you use the Installing Filesets Manually From lppsource method to install Maintenance Level 3 filesets.
1) Create directory and mount disk on sesni1 (i.e. "mkdir sesni
&&
mount sesni1:/: /sesni), change directories to
"/sesni/inst.images/aix/5.1/510_lpp_source_MAINT3", and execute the
command "smitty install_latest".
2) In the "Install Software" smitty panel, in the "INPUT device" field, enter a period ("."), and press "Enter".
3) In the next "Install Software" panel, in the "SOFWARE to install" field, press the F4 key (then wait a minth).
4) In the next panel, scroll down, and use the F7 key to select "X11.adt", "bos.adt" (which includes "bos.adt.libm"), and "bos.compat", then press "Enter".
5) For the parameters on the left, input/select the values on the
right
(see example below), then press "Enter". In the "ARE YOU SURE?"
confirmation
window press "Enter". Wait a minth, and when the install finishes "OK",
press the F3 key until you return to the command prompt.
********************* SMITTY SCREEN
******************************
Install Software
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* INPUT device / directory for
software
.
* SOFTWARE to
install
[bos.compat]
+
PREVIEW only? (install operation will NOT
occur)
no
+
COMMIT software
updates?
yes
+
SAVE replaced
files?
yes
+
AUTOMATICALLY install requisite
software?
yes
+
EXTEND file systems if space
needed?
yes
+
OVERWRITE same or newer
versions?
no
+
VERIFY install and check file
sizes?
yes
+
Include corresponding LANGUAGE
filesets?
yes
+
DETAILED
output?
yes
+
Process multiple
volumes?
yes
+
ACCEPT new license
agreements?
no
+
Preview new LICENSE
agreements?
no
+
F1=Help
F2=Refresh
F3=Cancel
F4=List
F5=Reset
F6=Command
F7=Edit
F8=Image
F9=Shell
F10=Exit
Enter=Do
Installing Filesets Manually From lppsource
All (practically) WEA AIX Test machines can use the NIM server to install additional filesets.
1) On the client NIM machine, execute the command "smitty nim".
2) In the "Network Installation Management" smitty panel, select "Install and Update Software" and press "Enter".
3) In the "Install and Update Software" panel, select "Install Software" and press "Enter".
4) In the next "Select the LPP_SOURCE containing the install images" section of the panel, select the appropriate lpp_source (i.e. "lpp_source_gvt_aix513" for AIX Maintenance Level 3), then press "Enter".
5) In the "Install Software" panel, in the "Software to Install" field, if you know the fileset you want to install (i.e. "bos.adt.prof"), enter that value and skip the next step, otherwise press the F4 key to obtain a set of filesets to select from (then wait a minth).
6) In the next panel, scroll down, and use the F7 key to select all of the filesets you wish to install, then press "Enter".
7) For the parameters on the left, input/select the values on the
right
(see example below), then press "Enter". In the "ARE YOU SURE?"
confirmation
window press "Enter". Wait a minth, and when the install finishes "OK",
press the F3 key until you return to the command prompt.
********************* SMITTY SCREEN
******************************
Install Software
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
*
LPP_SOURCE
lpp_source_gvt_aix513
.
* SOFTWARE to
install
[bos.adt.prof]
+
Customization SCRIPT to run after
installation
[ ]
(not applicable to SPOTs)
installp Flags
PREVIEW only? (install operation will NOT
occur)
no
+
Preview new LICENSE
agreements?
no
+
ACCEPT new license
agreements?
yes
+
COMMIT software
updates?
yes
+
SAVE replaced
files?
no
+
AUTOMATICALLY install requisite
software?
yes
+
EXTEND file systems if space
needed?
yes
+
OVERWRITE same or newer
versions?
no
+
VERIFY install and check file
sizes?
yes
+
F1=Help
F2=Refresh
F3=Cancel
F4=List
F5=Reset
F6=Command
F7=Edit
F8=Image
F9=Shell
F10=Exit
Enter=Do
Installing a New AIX Image (WEA Testing)
1) Telnet to the machine wesbeta2 and login as root (Steve remember the NIM password).
2) From wesbeta2, invoke the script NIM with the machine name you wish to rebuild as the only parameter (i.e. "/NIM b80aix109").
3) When prompted for the version of the OS, respond accordingly (i.e. "5").
4) If prompted for whether this is a single or multiprocessor
machine, respond accordingly (i.e. "M" or"U").
Exporting Files For Mounting By Other Machines
To be able to mount a disk from another machine, you must first "export" the associated disk to allow other machines to "mount" it. The following steps describe the procedure to do this. Note that this is an example and your directory name and machines will be different.
1) From the machine you wish enable sharing of your disks from( i.e. "6c4aix104"), edit the "/etc/export" file and add the path to the directory you wish to share (i.e. to this file add a line for the directory you wish to share "/usr/WebSphere/AppServer -ro" (note only one space before the "-")).
2) Export this directory by using the export command (i.e. "exportfs -a").
3) To list directories you have exported, use the "showmount -a" command (might need to do "startsrc -f nfs" to get the following "showmount" to work)
(other showmount commands)
showmount -e (what I offer to be mounted)
showmount -a (what is mounted or has been mounted)
showmount (what is mounted now)
4) From the machine you want to mount to (i.e. "b80aix109", create a directory in the root path (i.e. "cd /", and then "mkdir /Steven")
5) Mount the associated file (i.e. "mount 6c4aix104:/usr/WebSphere/AppServer /Steven") (or this could be in the "/etc/filesystems" , which contains a list of know mountable file systems. In this case you do not need to specify the last parm "/Steven")
6) Change to your directory and have at it.
How to secure an AIX/Windows box for NSA scan
- in /etc/inetd.conf comment out:
dtspc
all services with sunrpc in them
shell (rshd)
kshell
login (rlogind)
klogin
exec (rexecd)
ntalk
- in rc.tcpip comment out:
sendmail
qpi = 30m
snmpd
lpd
if other processes need to be stopped (like http server)
comment them out of /etc/inittab
Execute the folllowing shell script (or figure it out and do it
manually) (filename "NSA.fix") It might even work (steve couldnt get it
to on Solaris)
#!/bin/ksh
echo "This application will apply NSA security fixes to a AIX 5.x,
Solaris 8.x system."
if [[ "`uname`" = "SunOS" ]]; then
echo "SunOS detected..."
echo "Removing 'Desk Top Shell remote shell
access'"
cat /etc/inet/inetd.conf | sed -e 's/^dtspc/#dtspc/'
> /tmp/inetd.conf
chmod +w /etc/inet/inetd.conf
cp /tmp/inetd.conf /etc/inetd.conf
chmod -w /etc/inet/inetd.conf
#
# stop/start inetd
#
/etc/rc2.d/S72inetsvc stop
/etc/rc2.d/S72inetsvc start
#
# change SNMP community group
#
cat /etc/snmp/conf/snmpd.conf | sed -e
's/community public/community
wireless/' > /tmp/snmpd.conf
cat /tmp/snmpd.conf | sed -e 's/community
*public/community wireless/' > /tmp/snmpd.conf2
cp /tmp/snmpd.conf2 /etc/snmp/conf/snmpd.conf
chmod 600 /etc/snmp/conf/snmpd.conf
if [[ `ps -ef | grep snmpd | grep -v grep` = "" ]];
then
:
else
echo "Restarting snmpd"
/etc/rc2.d/K07dmi stop
/etc/rc2.d/K07snmpdx stop
/etc/rc2.d/K07dmi start
/etc/rc2.d/K07snmpdx start
fi
#
# Fixing telnet patches
#
if [[ `patchadd -p | grep 110668-04` = "" ]]; then
echo "Applying patch 110668-04"
patchadd
/WEA/inst.images/NSA.Security.Fixes/Fixes/Telnet/Solaris/Solaris_8/110668-04
fi
else
if [[ "`uname`" = "AIX" ]]; then
:
#
# change SNMP community group
#
cat /etc/snmpd.conf | sed -e
's/community public/community
wireless/' > /tmp/snmpd.conf
cat /tmp/snmpd.conf | sed -e 's/community
*public/community wireless/' > /tmp/snmpd.conf2
cp /tmp/snmpd.conf2 /etc/snmpd.conf
chmod 640 /etc/snmpd.conf
#
# If it was running restart it... If it wasn't, then
dont...
#
refresh -s snmpd
stopsrc -s snmpd
#
# dtspc/rstatd out of inetd.conf
#
# cat /etc/inetd.conf | sed -e 's/^dtspc/#dtspc/' -e
's/^rstatd/#rstatd/' > /tmp/inetd.conf
# chmod +w /etc/inetd.conf
# cp /tmp/inetd.conf /etc/inetd.conf
#
# HTTP server
#
# if [[ -f /usr/HTTPServer/bin/httpd ]]; then
# /usr/HTTPServer/bin/apachectl
stop
# cp /usr/HTTPServer/bin/httpd
/usr/HTTPServer/bin/httpd.backup.$$
# cp
/WEA/inst.images/NSA.Security.Fixes/Fixes/IHS1.3.19.2/AIX/httpd
/usr/HTTPServer/bin/httpd
# /usr/HTTPServer/bin/apachectl
start
# fi
fi
fi
Results:
bash-2.03# ./NSA_fix
This application will apply NSA security fixes to a AIX 5.x, Solaris
8.x system.
SunOS detected...
Removing 'Desk Top Shell remote shell access'
Setting netmask of eri0 to 255.255.252.0
Setting default IPv4 interface for multicast: add net 224.0/4: gateway
weasun10
cat: cannot open /etc/snmp/conf/snmpd.conf
Restarting snmpd
bash-2.03#
netstat -a | findstr 1352 DOS
Command to find string 1352 in output of "netstat -a"