Getting Started with Solaris Containers
November 9th, 2009
No comments
Migrated my Getting Started with Solaris Containers article over from the old zazzybob.com site.
Cheers,
Kevin
Archive
Archive for the ‘Solaris’ Category
SecCheck
November 9th, 2009
No comments
I’ve migrated the SecCheck security auditing tool for Solaris 10 over to the new zazzybob.com site. You can view the Project page here.
Cheers,
Kevin
Find a users working directory
November 8th, 2009
No comments
First, perform a w or a who to find out which pseudo-terminal the user is using:
# w | grep "oracle" oracle pts/12 Fri 3pm 3days -bash
Now, we can find out the PID of the shell they’re using:
# ps -ef | grep '[p]ts/12' oracle 11918 11916 0 May 18 pts/12 0:00 -bash
Finally, use the pwdx command to find the pwd of the process:
# pwdx 11918 11918: /var/opt/oracle
Cheers,
Kevin
Categories: Solaris
Fix Perl Make Errors Under Solaris
November 3rd, 2009
No comments
When you build Perl modules under Solaris, they are optimised for Sun Studio, which of course, we all use :/
So, if you build with gcc, the build will likely fail.
You can use the following magical one-liner to fix this brain damage, and your modules will build correctly.
# pwd /usr/local/src/cpan/Some-PerlMod-0.123 # find . -name "Makefile" | while read MAKEFILE; do > sed 's/^CC = cc$/CC = gcc/' ${MAKEFILE} > ${MAKEFILE}.tmp > sed 's/^LD = cc$/LD = gcc/' ${MAKEFILE}.tmp > ${MAKEFILE} > sed 's/^CCCDLFLAGS = -KPIC$/CCCDLFLAGS = -fPIC/' ${MAKEFILE} > ${MAKEFILE}.tmp > sed 's/OPTIMIZE = -xO3 -xspace -xildoff$/OPTIMIZE =/' ${MAKEFILE}.tmp > ${MAKEFILE} > sed 's/ -xarch=v8//' ${MAKEFILE} > ${MAKEFILE}.tmp && mv ${MAKEFILE}.tmp ${MAKEFILE} > done
Cheers,
Kevin
Categories: One Liners, Perl, Solaris
Checking md5 sum on Solaris 10
November 3rd, 2009
No comments
If you don’t have the md5sum utility installed, just use the digest tool supplied with Solaris 10
$ digest -a md5 -v /bin/ls md5 (/bin/ls) = b57e173220af4b919f1d4bef9db11482
Cheers,
Kevin
Categories: One Liners, Security, Solaris
Disable name resolution with snoop
November 3rd, 2009
No comments
Analysing some issues with multicast on a pair of Solaris boxes, I wanted to filter out some unwanted multicast addresses when viewing my snoop traces.
However, by default, snoop will resolve IPs, and ALL multicast IPs in the 228.x.x.x range (which I’m using) resolve to “reserved-multicast-range-not-delegated.example.com”
# dig -x multi.cast.ip.here
So… how to “play back” the snoop output without name resolution? Just use the -r option. I also added -ta to get readable timestamps.
# snoop -ta -ri ./input_file.snoop
I could then pipe this through grep -v and see only the information I cared about.
Cheers,
Kevin
Categories: Networking, Solaris
View LDOM Configuration as a non-privileged user
November 3rd, 2009
No comments
If you try to view LDOM configuration information as a non-privileged user, you’ll probably be greeted with this:
$ /opt/SUNWldm/bin/ldm ls Authorization failed
You can assign the “LDoms Review” profile to grant this privilege, i.e.:
$ su - # usermod -P "LDoms Review" username # profiles username LDoms Review Basic Solaris User All # exit
Now, you can view the LDOM Configuration as the non-privileged user to which the privilege was assigned
$ /opt/SUNWldm/bin/ldm ls Name State Flags Cons VCPU Memory Util Uptime primary active -n-cv SP 4 1G 0.3% 7d 23h 48m test-domain active -n--- 5000 6 4G 0.2% 7d 19h 55m
Cheers,
Kevin
Changing UID of a running process
November 3rd, 2009
No comments
Recent versions of Solaris come with a suite of tools known as the “/proc” tools, which list and/or modify process information in the kernel-maintained /proc filesystem. One of these tools, pcred, can be used to change (among other things) the UID of a running process, e.g.:
# ps -ef | grep sleep root 25853 22210 0 09:55:53 pts/10 0:00 grep sleep kevin 24088 24081 0 09:50:53 pts/11 0:00 sleep 10000000 # pcred -u 123 24088 # ps -ef | grep sleep mrbig 24088 24081 0 09:50:53 pts/11 0:00 sleep 10000000 root 25911 22210 0 09:56:02 pts/10 0:00 grep sleep
If you run a man proc, you’ll receive the manual page for the /proc tools – highly useful!
Cheers,
Kevin
Categories: Solaris