AIX 管理技巧

Install package lsof

Where to download the lsof, bind, rsyslog, openssh, openssl, etc packages?

• URL: https://www.ibm.com/resources/mrs/assets/packageList?source=aixbp&lang=en_US 

lsof_4.892.tar

tar xf lsof_4.892.tar
cd lsof_4.892
installp -acgXYd . lsof.base lsof.license lsof.man.en_US
lsof -v

tar xf lsof_4.892.tar
cd lsof_4.892
smitty installp

# Install Software 
# INPUT device / directory for software   [.]  << Input a dot
# SOFTWARE to install                     [_all_latest] << Esc + 4, Esc + 7
# ACCEPT new license agreements?          yes

User & Group

# Create a new user
mkuser admin="false" pgrp="staff" gecos="Test User" test3
mkuser admin="false" pgrp="staff" groups="sshusers" gecos="Test User" test3

# Remove a user
rmuser -p <user-name>

Network

Check the interface

lsdev -Cc if
lsdev -Cc adapter
lscfg -vpl ent0
lsattr -El ent0
lsattr -El en0

Configure the network

# Set the ip/netmask/gateway
/usr/sbin/mktcpip -h'aixvm' -a'192.168.99.100' -m'255.255.255.0' -i'en0' -g'192.168.99.1' -A'no' -t'N/A'

# Set the DNS server addr
echo "nameserver 1.1.1.1" > /etc/resolv.conf

Check the port opened

netstat -Aan

資安相關指令

# Login Failed
who /etc/security/failedlogin | tail -50

# Check the number of previous unsucessful logins for the account to confirm it is blocked
lsuser -a account_locked unsuccessful_login_count {ALL|user_name}

# Reset unsucessful login counter
chsec -f /etc/security/lastlog -a unsuccessful_login_count=0 -s {user_name}

# Unlock the locked account
chuser account_locked=false {user_name}

# Lock account
chuser account_locked=true {user_name}

# List the locked accounts
lsuser ALL | sed -n '/account_locked=true/p' | sed '/sshd/d' | awk '{print $1}'

登入失敗後自動鎖定

• 可指定帳號或全域設定
• 注意：retry 的次數是累計制，登入成功一次，計數不會歸零
• 解鎖方式是歸零登入失敗的計數

chuser loginretries=5 <username>
lsuser -a loginretries <username>

Mount CD-ROM & ISO

# Mount CD-ROM
mount -V cdrfs -o ro /dev/cd0 /mnt

# Mount ISO file
loopmount -i aix61_dvd.iso -o "-V cdrfs -o ro" -m /mnt

解封 HMC root

• 解锁 HMC8 及 HMC9 的 root 用户

Restrictd users to switch to root

# Create a group sysadm
mkgroup sysadm

# Add the user1 that is allowed to su to root into the group sysadm
chgrpmem -m + user1 sysadm 
lsgroup sysadm

chsec -f /etc/security/user -s root -a sugroups=sysadm
# Reset to the default, sugroups=ALL
# Alternatively
smitty user
# Change / Show Characteristics of a User
# User Name                              [root]
# SU GROUPS                              [sysadm]

Restricted Shell

針對指定帳號限制登入後的預設 Shell 環境的執行權限

教學：

• How to Use a Restricted Shell

Defaul Shell：

# Change the default shell for the user to the restricted shell such as rksh or Rsh.
chuser shell=/usr/bin/rksh <user-name>
# OR
chsh <user-name> /usr/bin/rksh

.profile：

# Add the commands that are allowd to run by the user into the directory.
mkdir /usr/bin/restricted
cd /usr/bin/restricted
ln -s /usr/bin/date date

# Create a .profile in the user's home directory and set the PATH environment variable to 
# a directory containing all of the commands you want the user to be able to run
export PATH=/usr/bin/restricted

Core dump

# 解析 core file
dbx -C ./core

(dbx) corefile

(dbx) dump

(dbx) quit

System dump

errpt:

67145A39 0413095315    U    S    SYSDUMP    SYSTEM DUMP

Copy the dump from the dump device to a file using the savecore command:

savecore  .

Yes, the period is necessary. It indicates you want the dump copied to your current directory

savecore will copy the dump to your current directory, and name it:

vmcore.0.BZ

Uncompress the dump using the dmpuncompress command:

dmpuncompress  vmcore.0.BZ

Lastly, format the dump:

/usr/lib/ras/dmprtns/dmpfmt  -c  vmcore.0

Reading a Dump

kdb  vmcore.0  vmunix.0

系統效能

Memory - svmon

# For a summary of the top 15 processes using memory on the system
svmon -Pt15 | perl -e 'while(<>){print if($.==2||$&&&!$s++);$.=0 if(/^-+$/)}'

-------------------------------------------------------------------------------
     Pid Command          Inuse      Pin     Pgsp  Virtual 64-bit Mthrd  16MB
18547096 db2sysc        3956861    12944   282407  4007901      Y     Y     N
19333470 db2sysc         690873    12944    26772   688572      Y     Y     N
19726694 db2sysc         271696    12944     6198   287133      Y     Y     N
13500914 db2sysc         263458    12943    18957   285159      Y     Y     N
 1966448 shlap64         109377    12900     3432   122071      Y     N     N
13631924 db2vend         105589    12900      597   115784      Y     N     N
19005734 db2sysc         105082    12902      409   114965      Y     Y     N
20709798 db2sysc         105071    12900      409   114953      Y     N     N
20119938 db2sysc         105071    12900      409   114953      Y     N     N
20185458 db2sysc         105071    12900      408   114953      Y     N     N
15597848 db2vend         104222    12900     1771   115608      Y     N     N
21430722 db2sysc         103728    12900     1576   114777      Y     N     N
21037528 db2sysc         103724    12902     1576   114773      Y     Y     N
14025064 db2sysc         103696    12900     1608   114777      Y     N     N
18350424 db2sysc         103696    12900     1608   114777      Y     N     N

Sar

• sar 指令 - IBM 說明文件

如果出現 sar: 0551-201 Cannot open /var/adm/sa/sa09，修復請執行 sar -o /var/adm/sa/sa09 10

# CPU
sar -u 2 10

# Mmeory
sar -r 2 10

# I/O
sar -b 2 10

iostat

iostat 2 10

Perl 應用

快速檢查特定模組安裝

perl -e "use LWP::UserAgent;"
perl -e "use DBI;"

HTTP GET request

use LWP::UserAgent;

my $ua = LWP::UserAgent->new;

my $server_endpoint = "http://192.168.1.1:8000/service";

# set custom HTTP request header fields
my $req = HTTP::Request->new(GET => $server_endpoint);
$req->header('content-type' => 'application/json');
$req->header('x-auth-token' => 'kfksj48sdfj4jd9d');

my $resp = $ua->request($req);
if ($resp->is_success) {
    my $message = $resp->decoded_content;
    print "Received reply: $messagen";
}
else {
    print "HTTP GET error code: ", $resp->code, "n";
    print "HTTP GET error message: ", $resp->message, "n";
}

HTTP POST request

use LWP::UserAgent;

my $ua = LWP::UserAgent->new;

my $server_endpoint = "http://192.168.1.1:8000/service";

# set custom HTTP request header fields
my $req = HTTP::Request->new(POST => $server_endpoint);
$req->header('content-type' => 'application/json');
$req->header('x-auth-token' => 'kfksj48sdfj4jd9d');

# add POST data to HTTP request body
my $post_data = '{ "name": "Dan", "address": "NY" }';
$req->content($post_data);

my $resp = $ua->request($req);
if ($resp->is_success) {
    my $message = $resp->decoded_content;
    print "Received reply: $messagen";
}
else {
    print "HTTP POST error code: ", $resp->code, "n";
    print "HTTP POST error message: ", $resp->message, "n";
}

NFS

Can't mount remotely Linux host on AIX

Try to run the following commands on your AIX.

nfso -o nfs_use_reserved_ports=1
nfso -o portcheck=1

AIX Toolbox

• AIX Toolbox for Open Source Software : Downloads alpha (ibm.com)
• Configuring YUM and creating local repositories on IBM AIX - IBM Developer
• Tips for Installing Python or other AIX Toolbox for Open Source Software