KILL REALLY DOES NOT KILL

KILL REALLY DOES NOT KILL

kill is not really meant only
to kill a process.  But main
intention is to send a signal
to process.And the process
handles these signals to do
various tasks.


kill -INT 1234
#where 1234 is the Process ID
is really, this set an
interrupt signal, Ctrl-C is an
example of interupt signal given
to shell.


kill -HUP 1234
#some UNIX daemons handle this,
to do refreshing business.


kill -KILL 1234
This is the sure kill,which
cannot be handled by any process.
Also know as, kill -9 1234.

Just, check the in the file
/usr/include/sys/signal.h for all
signals on the system.

More about this can be found on
kill and signal man pages.

Thanks,
Santhosh Kumar Reddy

UNIX EFFICIENT COMMANDS

EFFICIENT COMMANDS

I cringe anytime I see someone code
inefficiently.  Here are three of the
most common mistakes, followed by a
better way to do the same thing.

Bad:    cat somefile | grep something
Better: grep something somefile
Why:    You're running one program (grep) instead of two (cat and grep).

Bad:    ps -ef | grep something | grep -v grep
Better: ps -ef | grep [s]omething
Why:    You're running two commands (grep) instead of three (ps
and two greps).

Bad:    cat /dev/null > somefile
Better: > somefile
Why:    You're running a command (cat) with I/O redirection,
instead of just redirection.

Although the bad way will have the
same result, the good way is far
faster.  This may seem trivial, but
the benefits will really show when
dealing with large files or loops.

Regards.
Santhosh Kumar R

HP-UX Resetting the MP Account Password.

MP login: Admin
MP password: *****

[testserver2] MP:CM>SA : Set MP Access
[testserver2] MP:CM>SO : Security Options
[testserver2] MP:CM>UC : User Configuration

For your case
[testserver2] MP:CM> UC
This command allows you to modify the user configuration.


User Configuration Menu:
L - List current users
N - Add a New user
C - Change a current user
D - Delete a current user

Enter menu item or [Q] to Quit:C

and change the password using the "P" key.

QUICK REFERENCE SOLARIS

# uname –a  à  Gives all details about the system

# uname –m  à  Displays H/W platform (sun4u)

# uname –p  à  Machine processor architecture (sparc or i386)

# uname –i  à  Machine model architecture (SUNW, Ultra 5_10)

# uname –X  à  Detailed description

# mkdir –p /data/dir  à  Creates directory and sub directory in one shot

# rmdir –r /data  à  Deletes the directory and all its subdirectory and files

# cp –r /data /data1  à  It copies the directory

# echo $MANPATH

   : /usr/local/samba/man:

# echo $PATH  à  Shows environmental path

   /usr/sbin:/usr/bin

Grep Command Options

-i   à  Searches for both upper & lower case characters

-l   à  Lists the names of files with matching lines

-n  à  Proceeds each line with the relative line number in the file

-v  à  Inverts the search to display lines that do not match the pattern

-w à  Searches for the expression as a complete word.

# find /kris –name file1  à  Searches for file file1 in /kris directory

# find /kris –name file1 –exec ls –l {} \;  à  Search and display

# find /kris –type f –size 0 –exec ls –l {} \;  à Search for the file with size 0

# find /kris –user user1  à  Shows file used by user ‘user1’

$ PATH=$PATH:/usr/ccs/bin:/usr/ucb:  à  It will get appended to the existing path

# ln –s <source filename> <destination filename>  à  Creating symbolic link

# ln <source filename> <destination filename>  à  Creating hard link

Unix File Permission

r – 4, w – 2, x – 1

_rw_ r_ _ r_ _  (644)  à  Default file permission

drwx r_x r_x  (755)  à  Default directory permission

O G O  à  Permission categories

# ls –n /var/adm

   drwxrwxr_x  5 4 4    512  nov 15 14:55  file1

5 - No of hard link to the file or directory

4 – The UID of the owner

4 – The GID of the group

512 – Size

# chmod –R 755 <directory name>  à  For inherit permission

#chown –R owner:group file1 àowner ship permission

VI Editor

Inserting and Appending Text

a          -           Append text after the cursor

A         -           Appends text at the end of the line

i           -           Inserts text before the cursor

I           -           Inserts text at the beginning of the line

o          -           Opens a new line below the cursor

O         -           Opens a new line above the cursor

:r <filename>   Inserts text from another file into the current file

Key Sequence for the VI Editor

n, left arrow or backspace  Left one characters

j or down arrow                     Down one line

k or up arrow                         Up one line

l, right arrow or spacebar    Right one character

w                     Forward one word

b                      Back one word

e                      To the end of the current word

$                      To the end of the line

0 (zero)           To the beginning of the line

^                      To the first non whitespace character on the line

Return                        Down to the beginning of the next line

G                     Goes to the last line of the file

1G                   Goes to the first line of the file

:n                     Goes to the line n

nG                   Goes to the line n

Ctrl F              Pages forward one screen

Ctrl D              Scroll down one half screen

Ctrl B              Pages back one screen

Ctrl U              Scrolls up one half screen

Ctrl L               Refreshes the screen

Editing files using the VI editing commands

R                     Overwrites or replace characters to the right of the cursor

C                     Changes or overwrites characters to the end of the line

s                      Substitute a string for a character at the cursor

x                      Deletes a character at the cursor

dw                   Deletes a word or part of the word to the right of the cursor

dd                    Dletes the line containing the cursor

D                     Deletes the line from the cursor to the right end of the line

:n,nd               Deletes the line n through n

Using the Text Changing Commands

u                      Undoes the previous command

U                     Undoes all changes to the current line

.                       Repeats the previous command

Search and Replace Command

/string                         Searches forward for the string

?string                        Searches backward for the string

n                                  Searches the next occurrence of the string

N                                 Searches for the previous occurrence of the string

:%s/old/new/g           Searches for the old string and replace it with the new string

globally

Using the text copying and Text Pasting Commands

yy                    Yanks a copy of a line

p                      Puts yanked or deleted text under the line containing the cursor

P                     Puts yanked or deleted text before the line containing the cursor

:n,n co n        Copies lines n through n and puts them after line n

:n,n m n         Moves lines n through n to line n

File Archives

# tar –cvf bkp.tar file1 file2  à  Will archive file1 & file2

# tar –tvf bkp.tar  à Shows the table of content

# tar –xvf bkp.tar  à  It extracts file from the tar archive

# tar cf - * | (cd /folder2 ; tar xvf -) à  To copy and extract file from one folder to

                                                                        other

# jar –cvf bkp.jar bkp.tar

# jar –tvf bkp.jar

# jar –xvf bkp.jar

# compress bkp.tar  à  To compress tar archive

# ls

   bkp.tar.z

# uncompress bkp.tar.z  à  To uncompress tar archive

# gzip bkp.tar  à  To create gzip file

   bkp.tar.gz

# gunzip bkp.tar.gz  à  To extract the tar archive by gunzip

   bkp.tar

# zip out.zip bkp.tar  à  To create zip archive

# unzip out.zip  à  To extract the zip archive

Performing Smartcard Authentication

# /usr/dt/bin/sdtsmartcardadmin &  à  To start smartcard console

ATR – Answer to reset Number  (unique)

# smartcard –c disable  à  Disabling smartcard operation

# smartcard –c admin  à  Display the current client and server configuration

# /etc/smartcard/opencard.properties  à  Config File

RBAC (Role Based Access Control)

/etc/user_attr  à  The extended user attributes database, which associates users

and roles with    authorizations and right profiles in addition to the /etc/passwd, /etc/group,  and /etc/shadow files

/etc/security/prof_attr  à  The rights profile attributes database, which defines

profiles, lists the profile’s assigned authorizations and any nested rights profiles,  and identifies the associated help files.

/etc/security/exec_attr  à  The execution attributed database, which defines the

                                                privileged   commands and scripts assigned to a profile.

/etc/security/auth_attr  à  The authorization attributes database, which defines

authorizations and their attributes. This database also identifies the associated help file.

/etc/security/policy.conf  à  File provides system default authorizations for users

The /etc/user_attr Database

user:qualifier(reserved):res1(reserved):res2(reserved):attr

attr :   An optional list of semicolon separated (;) key value pairs that describe the

            security attributes to be applied when the user runs commands.

type  à  Can be normal or role. A role is assumed after the user has logged in.

auths  à  Specifies a list of authorization chosen from names defined in the

                  auth_attr DB

profiles  à  Specifies a list of profile names chosen from the /etc/security/prof_attr

                        DB

roles  à  Specifies a list of role names defined in the same /etc/user_attr DB.

Roles are   indicated by setting the type value to role. Roles cannot be assigned to other roles.

sysadmin::::type=role;profiles=Device Management,Filesystem Management,Printer

Management

johndoe::::type=normal;auth=solaris.system.date;roles=sysadmin

The /etc/security/prof_attr Database

profname:res1:res2:desc(description):attr

attr : The security attributes to apply to the object upon execution. You can specify zero or more key. The two valid keys are help and auths.

# grep ‘Printer Management’ /etc/security/prof_attr

   Printer Management:::manage Printers, daemns, \

……………………;auths=solaris.admin.printer.read, \

The Printer Management profile, which is defined in the /etc/security/prof_attr DB, is assigned to the sysadmin role in the /etc/user_attr DB.

The Printer management profile is defined in the prof_attr DB as having all authorizations, beginning with the solaris.admin.printer.string, assigned to it. These authorizations are defined in the /etc/security/auth_attr DB.

solaris.admin.printer.read:::view printer information::\

 

The /etc/security/exec_attr Database

name:policy:type:res1:res2:id:attr

name  à  Name of the profile

policy  à  The security policy associated with this entry. The suser

       (superuser policy model)  is the only valid policy entry.

type  à  The type of entity. Whose attributes are specified. The only valid type is

                 cmd

id  à  a string identifying the entity. Command should have full path or a path with wildcard

attr  à  euid and uid   |   egid and gid

Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp

The /etc/security/auth_attr Database

You can assign authorization directly to users or roles in the /etc/user_attr DB. You can also assign authorizations to rights profiles, which are assigned to roles.

authname:res1:res2:short_desc:long_desc:attr

authname  à  A unique character string that identifies the authorization in the prefix.suffix[.] format.

The /etc/security/policy.conf file

This file lets you grant specific rights profiles and authorization to all users. Two types of entries in the file are

AUTHS_GRANTED=authorizations

PROFS_GRANTED=right_profiles

# cat policy.conf

   AUTHS_GRANTED=solaris.device.cdrw

   PROFS_GRANTED=Basic Solaris Users

# roleadd –m –d /export/home/tarback –m –c “Privileged tar backup role” –p “Media Backup, Media Restore” tarback

-A authorization and -p profile  à  Assign authorization and profiles respectively to

     the role.

# rolemod –A auth1,auth2 –p profile1,profile2 role1

Additional Commands Used to Perform RBAC Functions

auths             Displays authorizations for a user

makedbm     Makes a dbm file

nscd               Identifies the name service. Useful for caching the 4 RBAC DB details

pam_roles    Identifies the role account management module for password

                        authentication  module (PAM)

pfexec           Identifies the profile shells used to execute commands with

                        attributes specifies   in exec_attr

policy.conf   Identifies the config file for the security policy. Lists granted

                        authorization

profiles          Displays profiles for a specified user

roles               Displays roles granted to a user

roleadd          Adds a role account to the system

rolemod        Modifies the role’s account info in the system

roledel           Deletes a role’s account from the system

Example

Profile  à  Privilege to Profile  à  Role  à  Profile to Role  à  Role to User

/etc/security/prof_attr  à  Contains profile details

Creating profile in prof_attr

uadd:::Profile for user admin

init:::Profile for init process

/etc/security/exec_attr  à  Privilege to profile

uadd:suser:cmd:::/usr/sbin/useradd:euid=0

uadd:suser:cmd:::/usr/sbin/usermod:euid-0

init:suser:cmd:::/usr/sbin/init:euid=0

init:suser:cmd:::/usr/sbin/shutdown:euid=0

Creating Role

# roleadd –d /export/home/role1 –m role1

# passwd role1

Role to Profile

# rolemod –P uadd,init role1

Adding role to user

# usermod –R role1 user1

/etc/user_attr  à  Details about role & user to role

à Login as normal user

à Switch to role profile & use the privilege command

/etc/security/auth_attr  à  Authorization file  à  Config file for users & this roles