Check the Listening ports in AIX

To Determine which processes have listening ports on AIX

 The open source "lsof" tool is great for determining what process has a port open.  Unfortunately lsof isn't included with AIX so if you just want to quickly identify which process is using a port and you don't have lsof you can use "netstat -Aan" combined with the "rmsock" command.  

For example, lets say I want to identify which process is listening on port 1334.   I would first run:

# netstat -Aan | grep LISTEN | grep 1334

f100050000b05bb8 tcp4       0      0  *.1334      *.*  LISTEN

The socket 0xf100050000b05808 is being held by proccess 5767378 (writesrv).
You can see that port 1334 is open by the writesrv process with PID 5767378.
You then take the first column (f100050000b05bb8 in this example) and run the following command:
# rmsock f100050000b05bb8 tcpcb
  

If you want to see all of the TCP listening ports and which processes and PID's are assigned to them, run the following script:

!/usr/bin/ksh

print "Port            PID              Process"
netstat -Aan | grep LISTEN | awk '{print $1 " " $5}' | while read pcb port; do 
        out=`rmsock $pcb tcpcb`
        if echo "$out" | grep "Kernel Extension" > /dev/null; then
                printf "%-15s Kernel Extension\n" "$port"
        else
                pid=`echo "$out" | sed -n 's/.*pro[c]*ess \([0-9][0-9]*\) .*/\1/p'`
                if [ -n "$pid" ]; then
                        proc=`ps -p $pid | tail -n 1 | awk '{print $4}'`
                        printf "%-15s %-16s $proc\n" "$port" $pid
                else
                        echo "Error, Line not recognized \"$out\" for Port $port"
                fi
fi
done

Here is example output from the script:

*.13            4063356          inetd

*.21            4063356          inetd

*.23            4063356          inetd

*.25            1835206          sendmail

*.37            4063356          inetd

*.24575         15597582         java

*.111           Kernel Extension

*.199           3539070          snmpdv3ne

*.49293         35389582         rwrun

*.512           4063356          inetd

*.513           4063356          inetd

*.514           4063356          inetd

*.25075         15597582         java

*.657           6095060          rmcd

192.168.1.32.12360 51052606         java

*.25575         15597582         java

*.1334          5570768          writesrv

*.1536          22610158         tnslsnr

*.1641          34472056         tnslsnr

*.2049          Kernel Extension

192.168.1.23.38199 20316174         java

192.168.1.25.39654 25559104         java

*.4458          6750376          httpd

*.6000          5373952          X

*.6000          5373952          X

*.6001          6619338          X

*.6001          6619338          X

*.6112          4063356          inetd

*.55731         Kernel Extension

127.0.0.1.52089 34472056         tnslsnr

Mount the new harddisk as local

Mount a hard disk as Local
==========================

Step 1 : fdisk -l

Device Boot Start End Blocks Id System
/dev/sda1 * 1 14057 112912821 83 Linux
/dev/sda2 14058 14592 4297387+ 82 Linux swap

Device Boot Start End Blocks Id System
/dev/hda1 1 14057 112912821 83 Linux

step 2 Now Let us assume the hda are the second hard disk to be mounted
step 3 mkdir /saravana
step 4 mount /dev/hda1 /saravana
step 5 Now we have mounted the external partition /dev/hda1 in out local hardisk partition where we have created /saravana.
step 6 Now we can see all the contents of /dev/hda1 in the /saravana mount point.

Cannot access Apps from Front end

Disable / Enable Linux Firewall (Red hat/CentOS/Fedora Core) :

Symptoms:
=========
Oracle Apps 11i is running fine in backend but cannot access in the Front end

Reason:
=======
The Firewall is enabled so we cannot Connect from outside/Front end Browser. SO Disable firewall in the server.

Solution:
========

Note :you must login as the root user :

1. /etc/init.d/iptables save
2. /etc/init.d/iptables stop

After this we can use the front end for apps.

ADD TEMPORARY SWAP SPACE IN LINUX

TO ADD A TEMPORARY SWAP SPACE IN LINUX:

To check the Swap space Available:

[root@apps ~]# /sbin/swapon -s

Filename Type Size Used Priority
/dev/hdc2 partition 4096564 238796 -1


To install an extra 64 MB of swap space:


dd if=/dev/zero of=/swap bs=1024 count=65535 ---> adding 64 MB of swap for the variable dd.
mkswap /swap ----> create swap named /swap
swapon /swap ----> Swap on

Now check the space :

[root@apps /]# /sbin/swapon -s

Filename Type Size Used Priority
/dev/hdc2 partition 4096564 247632 -1
/swap file 65524 0 -3

The /swap is added as 64 MB.

1. The count= argument to dd determines how big the swap file will be.
2. In this example the swap file's name is /swap, but the name and location are, generally, arbitrary, depending only on the file system's available space.
3. you should have write permissions in the directory.

Temp Swap OFF:

When you don't need the swap space any more, remove it with the following statements:

swapoff /swap ---> To Off
rm /swap ---> To Remove

Note :

The recommendation for an Enterprise Edition is to use twice as much SWAP space as RAM up to 4 GB and then use an equal amount of RAM vs. SWAP after 4 GB.

Enable SSH in Linux

To Enable SSH in linux :

1.First whether the RPM is installed for ssh

[root@sys38 ~]# rpm -qa openssh-server
openssh-server-3.9p1-8.RHEL4.24

2.Now start the ssh service by the following command

[root@sys38 ~]# /etc/init.d/sshd start
Starting sshd: [ OK ]

Enable Telnet and FTP in Linux

To Enable Telnet:

[root@sys38 ~]# chkconfig telnet on
[root@sys38 ~]# service xinetd reload

Reloading configuration: [ OK ]

[root@sys38 ~]# vi /etc/securetty

Allowing Root Logins to Telnet and FTP Services

To configure Red Hat Linux for root logins,

Note:
This is VERY BAD security. Make sure that you NEVER configure your production servers for this type of login.

Configure Telnet for root logins :

Simply edit the file /etc/securetty and add the following to the end of the file:

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9

This will allow up to 10 telnet sessions to the server as root.

Configure FTP:

# /etc/init.d/vsftpd start
Starting vsftpd for vsftpd: [ OK ]

Configure FTP for root logins:

Edit the files /etc/vsftpd.ftpusers and /etc/vsftpd.user_list and remove the 'root' line from each file.

Usage of Tar command

Some Tricks with unix command 'Tar'

Tar is an archiving program designed to store and extract files from an archive file known as a tarfile. Here the commands are for Online compression of tar backup.

For online compress of files with gzip

tar cvf - * : gzip > file_name.tar.gz

For testing backup files

gunzip < file_name.tar.gz : tar tvf -

For extracting files from above compress

gunzip < file_name.tar.gz : tar xvf -

For Online extracting of files from compress tar file, this way no need to uncompress it

zcat file_name.tar.Z : tar xvf -

Kernel Parameters for 11i

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.core_uses_pid = 1
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_max = 262144

CONFIGURING VNC SERVER IN LINUX (RHEL 4.6)

VNCSERVER : Linux Machine
VNCVIEWER : Windows XP

Do The Following Changes in SERVER SIDE ie) LINUX MACHINE :


Step 1 : check the RPM is available by rpm -q vnc

Step 2: chkconfig --level 345 vncserver on

Step 3 : Add a user(s) by opening /etc/sysconfig/vncservers as root and do the following:

Step 4:

VNCSERVERS="1:bobpeers,oracle"
VNCSERVERARGS[1]="-geometry 1024x768 -depth 16"

-These Two Lines will be commented by default . So uncomment it. and add the user ex: root ,in the place of bobpeers.

Step 5 :` vncpasswd

Step 5 : cd /root/.vnc
Step 6 : vi xstartup

Step 7 : Uncomment this two lines :

unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

Note if we want the graphical mode for oracle user the uncomment the following file in this file also as oracle user

vi /home/oracle/.vnc/xstartup

unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

Step 8 : vncserver -kill :1 (If there is any running)
Step 9 : vncserver :1
Step 10 : Now from the client pc That is XP go to Programs ->Real VNC -> vncviewer
Step 11: sys46.doyen.in:1
Step 12: Give the password given in the server side.

Note : Make a entry in the hostfile in the XP about the server.

Kernel Parameters for RHEL4.5 for AS10g

kernel.shmall = 2097152
kernel.shmmax=4294967295
kernel.shmmni = 4096
kernel.sem = 256 32000 100 142
fs.file-max = 206173
kernel.msgmnb=65535
kernel.msgmni=2878
net.ipv4.ip_local_port_range = 10000 65000
net.core.rmem_default=262144
net.core.wmem_default=262144
net.core.rmem_max=262144
net.core.wmem_max=262144

Configuring SSL in RHEL4.5

Configuring SSL in Linux :
=========================

Before Configuration of SSL:
=============================


1. cd /usr/sbin
2. ls -lrt ap*
3. sh apachectl start
4. Now connect from the client. it will say certificate not verified.


Follow the below steps to get a valid certificate:
=================================================

1. Create Certificate and Configuring SSL in Redhat Linux 4.5

mkdir /sslcert
chmod 0700 sslcert
cd /sslcert
mkdir certs private
echo '100001' >serial
touch certindex.txt
touch openssl.cnf
vi openssl.cnf

2. Copy the bellow content of "###End openssl"
============================================
#
# OpenSSL configuration file.
#

# Establish working directory.

dir = /sslcert

[ ca ]
default_ca = CA_default

[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match

[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64

# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------ ------------------------------
0.organizationName_default = My Company
localityName_default = My Town
stateOrProvinceName_default = State or Providence
countryName_default = US

[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

#
###End openssl
#
==============================================================


Note : Now we are inside the sslcert directory :


3. openssl req -x509 -newkey rsa:1024 -keyout private/cakey.pem -out cacert.pem -days 10000 -config openssl.cnf


output :
===================================================================

Generating a 1024 bit RSA private key
.........++++++
..............................................................++++++
writing new private key to 'private/cakey.pem'

4. Enter PEM pass phrase: sample1
5. Organization Name (company) [My Company]:doyensys
6. Organizational Unit Name (department, division) []:dba
7. Email Address []:dba@doyensys.com
8. Locality Name (city, district) [My Town]:chennai
9. State or Province Name (full name) [State or Providence]:tamilnadu
10. Country Name (2 letter code) [US]:IN
11. Common Name (hostname, IP, or your name) []:sys46.doyen.in
====================================================================

Note : The name of the host name should be given correctly.


12. Now inside the private Directory cakey.pem is generated and cacert.pem is generated outside.

13. Now inside the sslcert


openssl req -nodes -new -x509 -keyout apache.key -out apache_request.pem -days 3650 -config openssl.cnf


14. The following two files are generated :

-rw-r--r-- 1 applmgr dba 1273 Apr 17 20:26 apache_request.pem
-rw-r--r-- 1 applmgr dba 891 Apr 17 20:26 apache.key


15. openssl x509 -x509toreq -in apache_request.pem -signkey apache.key -out apache.csr

The following file is generated :

rw-r--r-- 1 applmgr dba 2180 Apr 17 20:26 apache.csr

16. openssl x509 -req -days 10 -in apache.csr -signkey apache.key -out apache.crt

Note : we can increase it from 10 days to more.

17. cp -f apache.crt /etc/httpd/conf/ssl.crt/server.crt
cp -f apache.key /etc/httpd/conf/ssl.key/server.key

18. /usr/sbin/apachectl restart

Note : If already running we can stop and the give start.

19. Now connect from client .

20. View Certificate

21. Install certificate.

22. Now it will be installed and start a new browser, So that it will be a valid certificate.

==============================================================