Ò»¡¢ »ù±¾ÏµÍ³¹ÜÀí
1¡¢³£ÓÃÃüÁî
1. # ioscan -fn
Áгö¸÷I/O¿¨¼°É豸µÄËùÓÐÏà¹ØÐÅÏ¢£ºÈçÂß¼µ¥ÔªºÅ£¬Ó²¼þµØÖ·¼°É豸ÎļþÃûµÈ¡£
2. # ps -ef
ÁгöÕýÔÚÔËÐеÄËùÓнø³ÌµÄ¸÷ÖÖÐÅÏ¢£ºÈç½ø³ÌºÅ¼°½ø³ÌÃûµÈ¡£
3. # netstat -rn
ÁгöÍø¿¨×´Ì¬¼°Â·ÓÉÐÅÏ¢µÈ¡£
4. # lanscan
ÁгöÍø¿¨×´Ì¬¼°ÍøÂçÅäÖÃÐÅÏ¢¡£
5. # bdf
ÁгöÒѼÓÔصÄÂß¼¾í¼°Æä´óСÐÅÏ¢¡£
6. # mount
ÁгöÒѼÓÔصÄÂß¼¾í¼°Æä¼ÓÔØλÖá£
7. # uname -a
ÁгöϵͳID ºÅ£¬OS°æ±¾¼°Óû§È¨ÏÞµÈÐÅÏ¢¡£
8. # hostname
ÁгöϵͳÍøÂçÃû³Æ¡£
9. # pvdisplay -v /dev/dsk/c*t*d*
ÏÔʾ´ÅÅ̸÷ÖÖÐÅÏ¢£¬Èç´ÅÅÌ´óС£¬°üº¬µÄÂß¼¾í£¬É豸Ãû³ÆµÈ¡£
10. # vgdisplay -v /dev/vg00
ÏÔʾÂß¼¾í×éÐÅÏ¢£¬Èç°üº¬ÄÄЩÎïÀíÅ̼°Âß¼¾íµÈ¡£
11. # lvdisplay -v /dev/vg00/lvol1
ÏÔʾÂß¼¾í¸÷ÖÖÐÅÏ¢£¬Èç°üº¬ÄÄЩÅÌ£¬ÊÇ·ñÓоµÏñµÈ¡£
2¡¢ÍøÂç¹ÊÕÏÕï¶Ï
1. ÈçÐèÐÞ¸ÄÍøÂçµØÖ·¡¢Ö÷»úÃûµÈ£¬Ò»¶¨ÒªÓÃset_parms ÃüÁî
# set_parms hostname
# set_parms ip_address
2. ²é¿´Íø¿¨×´Ì¬£º lanscan
Hardware Station Crd Hardware Net-Interface
Path Address In# state nameunit state
8/20/5/1 0x0800097843FB 0 up lan0 up
3. È·ÈÏÍøÂçµØÖ·£º
# ifconfig lan0
4. Æô¶¯Íø¿¨£º
# ifconfig lan0 up
5. ÍøÂ粻ͨµÄÕï¶Ï¹ý³Ì£º
lanscan ²é¿´Íø¿¨ÊÇ·ñÆô¶¯(up)
ping ×Ô¼ºÍø¿¨µØÖ·(ip µØÖ·)
pingÆäËü»úÆ÷µØÖ·£¬È粻ͨ£¬ÔÚÆä»úÆ÷ÉÏÓÃlanscan ÃüÁîµÃÖªstation address£¬È»ºólinkloop station_address À´È·ÈÏÍøÏß¼°¼¯³ÉÆ÷ÊÇ·ñÓÐÎÊÌâ¡£
ÔÚͬһÍøÖУ¬ subnetmask Ó¦Ò»Ö¡£
6. ÅäÖÃÍø¹Ø
ÊÖ¶¯¼ÓÍø¹Ø£º
/usr/sbin/route add default 20.08.28.98 1
°ÑÍø¹Ø×Ô¶¯¼ÓÈëϵͳÖÐ
:
ROUTE_DESTINATION [0]=default
ROUTE_GATEWAY [0]=20.08.28.98
ROUTE_COUNT [0]=1
:
/sbin/init.d/net ½«Ö´ÐУº
/usr/sbin/route add default 20.08.28.98 1
ÃüÁînetstat -rn ²é¿´Â·Óɱí
ÁíÍâÒ²¿ÉÓÃset_parms addl_netwrk À´Éèȱʡ·ÓÉ¡£
¶þ¡¢°²È«°²×°HP-UX
1¡¢ ½¨ÒéÔÚ°²×°ÅäÖùý³ÌÖУ¬²»ÒªÁ¬½Óµ½Èκβ»ÐÅÈεÄÍøÂçÖС£
2¡¢ ¾¡¿ÉÄÜÑ¡Ôñ×îС°²×°
3¡¢ ¾¡¿ÉÄܲ»Òª°²×°NFS, X window, SNMPµÈ×é¼þ£¨ÊÓ¾ßÌåÐèÇó¶ø¶¨£©
4¡¢ °²×°Íê±Ï£¬ÔòʹÓÃϵͳÃüÁî²é¿´×´Ì¬¡£
# uname -a £¨°æ±¾ÐÅÏ¢£©
# bdf £¨Âß¼¾í״̬£©
# ps -ef £¨½ø³Ì״̬£©
# netstat -anf inet £¨¶Ë¿Ú״̬£©
5¡¢ °²×°¸÷ÖÖÇý¶¯µÈ
6¡¢ °²×°×îеIJ¹¶¡¡£
°²×°²¹¶¡Ê±Òª×¢ÒâHPµÄ²¹¶¡ÓëÓ²¼þÀàÐͺÍϵͳ°æ±¾¶¼Ïà¹Ø£¬¼ì²é²¢°²×°ËùÓÐÐèÒªµÄ²¹¶¡¡£È·ÈÏÐèÒªswlist -l fileset.
Èý¡¢ÏµÍ³»ù±¾ÅäÖÃ
²Ù×÷ϵͳ°²×°²¢´òÉϲ¹¶¡ºó£¬ÐèÒª×öһЩ´ëÊ©À´¶Ôϵͳ½øÐÐһЩÅäÖá£
ɾ³ý±£´æµÄ²¹¶¡£¨¿ÉÑ¡£©
ȱʡÇé¿öÏ£¬²¹¶¡°²×°Íê»áÔÚ/var/adm/sw/save/ϱ¸·ÝËùÓеIJ¹¶¡¡£¿ÉÒÔÑ¡Ôñɾ³ýÕâЩ²¹¶¡Îļþ£¬µ«Ò»µ©É¾³ý¾Íû·¨Ê¹ÓÃswremoveжÔز¹¶¡ÁË¡£
# swmodify -x patch_commit=true '*.*'
ת»»ÎªÒ»¸ö¿ÉÐÅϵͳ£º
# /usr/lbin/tsconvert
Creating secure password database...
Directories created.
Making default files.
System default file created...
Terminal default file created...
Device assignment file created...
Moving passwords...
secure password database installed.
Converting at and crontab jobs...
At and crontab files converted.
¸Ä±äÈ«¾ÖÌØȨ
HP-UX ÓÐÒ»¸öÌØȨ×飬¿ÉÒÔ·ÖÅä¸øÒ»¸ö×éÌØȨ(²Î¼ûprivgrp(4)). ȱʡÇé¿öÏ£¬CHOWNÊÇ·ÖÅä¸øËùÓÐ×éµÄÒ»¸öÈ«¾ÖÌØȨ£º
$ getprivgrp
global privileges: CHOWN
/sbin/init.d/set_prvgrpÔÚϵͳÆô¶¯Ê±Ö´ÐÐ/usr/sbin/setprivgrp -f /etc /privgroup. ¿ÉÒÔ´´½¨Ò»¸öÅäÖÃÎļþ£¬É¾³ýËùÓеÄÈ«¾ÖÌØȨ (see setprivgrp(1m)):
# getprivgrp
global privileges: CHOWN
# echo -n >/etc/privgroup
# chmod 400 /etc/privgroup
# /sbin/init.d/set_prvgrp start
# getprivgrp
global privileges:
ÉèÖÃĬÈÏumask.
ת»»µ½¿ÉÐÅϵͳºó£¬Ä¬ÈÏumaskÒѾ¸ÄΪ07077
ÏÞÖÆrootÔ¶³ÌµÇ¼£¬Ö»ÄÜÓÉconsoleµÇ¼
# echo console > /etc/securetty
# chmod 400 /etc/securetty
´ò¿ªinetdÈÕÖ¾¹¦ÄÜ
export INETD_ARGS=-l
ɾ³ý²»ÐèÒªµÄϵͳαÕÊ»§
# groupdel lp
# groupdel nuucp
# groupdel daemon
# userdel uucp
# userdel lp
# userdel nuucp
# userdel hpdb
# userdel www
# userdel daemon
¶ÔÓÚһЩ±£ÁôµÄϵͳαÕÊ»§È磺bin, sys£¬admµÈ, Ó¦µ±½«ÐèÒª½ûÖ¹ÕÊ»§µÄ**ÓÃNP´úÌ棬²¢²»ÌṩµÇ¼shell
Example: bin:NP:60002:60002:No Access User:/:/sbin/noshell
½«rootÖ÷Ŀ¼´Ó/¸ÄΪ/root.
±à¼/etc/passwd:
root:*:0:3::/root:/sbin/sh
´´½¨Ä¿Â¼²¢ÐÞ¸ÄȨÏÞ:
# mkdir /root
# chmod 700 /root
# mv /.profile /root
# pwconv
ËÄ¡¢½ûÖ¹ÍøÂç·þÎñ
1¡¢½ûÖ¹inetd ·þÎñ
¡
ftp 21/tcp
telnet 23/tcp
smtp 25/tcp mail
¡
¡
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
¡
# ps -ef |grep inetd
root 149 1 0 Jan 18 ? 0:00 /usr/sbin/inetd -s
root 24621 24605 0 15:53:01 pts/1 0:00 grep inetd
# kill -HUP 149
ÒÔÉϵÚÒ»ÌõÃüÁîÊÇΪÁË»ñµÃinetdµÄ½ø³ÌºÅ£¬Ê¾ÀýÖÐÊä³öµÄµÚ¶þÁÐÄÚÈݾÍÊǽø³ÌºÅ(149)£¬È»ºó½«¸Ã½ø³ÌºÅÌîÈëµÚ¶þÌõÃüÁîµÄÏàӦλÖá£
¿ÉÒÔʹÓÃlsof -iÀ´²é¿´¼àÌý½ø³ÌºÍ¶Ë¿ÚÐÅÏ¢:
# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslogd 261 root 5u inet 0x10191e868 0t0 UDP *:syslog (Idle)
rpcbind 345 root 4u inet 72,0x73 0t0 UDP *:portmap (Idle)
rpcbind 345 root 6u inet 72,0x73 0t0 UDP *:49158 (Idle)
rpcbind 345 root 7u inet 72,0x72 0t0 TCP *:portmap (LISTEN)
sendmail: 397 root 5u inet 0x10222b668 0t0 TCP *:smtp (LISTEN)
snmpdm 402 root 3u inet 0x10221a268 0t0 TCP *:7161 (LISTEN)
snmpdm 402 root 5u inet 0x10222a268 0t0 UDP *:snmp (Idle)
snmpdm 402 root 6u inet 0x10221f868 0t0 UDP *:* (Unbound)
mib2agt 421 root 0u inet 0x10223e868 0t0 UDP *:* (Unbound)
swagentd 453 root 6u inet 0x1019d3268 0t0 UDP *:2121 (Idle)
2¡¢½ûÖ¹ÆäËû·þÎñ
·ÀÖ¹syslogdÍøÂç¼àÌý
°²×°PHCO_21023²¹¶¡¿ÉÒÔ¸øsyslogd¼ÓÉÏ-N²ÎÊý·ÀÖ¹ÍøÂç¼àÌý. ±à¼/sbin/init.d/syslogdÐÞ¸ÄΪ /usr/sbin/syslogd -DN.
½ûÖ¹SNMP·þÎñ
±à¼SNMPÆô¶¯Îļþ:
Set SNMP_HPUNIX_START to 0: SNMP_HPUNIX_START=0
Set SNMP_MASTER_START to 0: SNMP_MASTER_START=0
Set SNMP_MIB2_START to 0: SNMP_MIB2_START=0
Set SNMP_TRAPDEST_START to 0: SNMP_TRAPDEST_START=0
½ûÖ¹sendmail½ø³Ì
export SENDMAIL_SERVER=0
½ûÖ¹rpcbind½ø³Ì
# mv /usr/sbin/rpcbind /usr/sbin/rpcbind.DISABLE
Îå¡¢Îļþϵͳ°²È«
1¡¢¼ì²éSet-id³ÌÐò
# find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -ld {} \;
# chmod u-s /usr/sbin/swinstall
# chmod u-s /usr/sbin/vgcreate
# chmod u-s /sbin/vgcreate
¿ÉÒÔ²ÉÓÃÏÂÁз½·¨£¬½«ËùÓÐÎļþµÄset-idλȥµô£¬È»ºó¶ÔһЩÐèÒªµÄ³ÌÐòµ¥¶À¼ÓÉÏsuid루¿É¸ù¾ÝÇé¿öÑ¡Ôñ£©:
# find / -perm -4000 -type f -exec chmod u-s {} \;
# find / -perm -2000 -type f -exec chmod g-s {} \;
# chmod u+s /usr/bin/su
# chmod u+s /usr/bin/passwd
²ÉÓÃÕâÖÖ·½·¨ºó£¬ÆÕͨÓû§½«ÎÞ·¨Ê¹ÓúܶàϵͳÃüÁÈçbdf, uptime £¬arpµÈ:
$ bdf /dev/vg00/lvol3
bdf: /dev/vg00/lvol3: Permission denied
2. ÐÞ¸ÄÖØÒªÎļþȨÏÞ
# chmod 1777 /tmp /var/tmp /var/preserve £¨¼ÓÉÏÕ³ÖÍ룩
# chmod 666 /dev/null
Áù¡¢ÍøÂç²ÎÊýµ÷Õû
¸ñʽÈçÏ£º
/usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
Network device
Parameter
Default value
Suggested value
Comment
/dev/ip
ip_forward_directed_broadcasts
1
0
²»×ª·¢¶¨Ïò¹ã²¥°ü
/dev/ip
ip_forward_src_routed
1
0
²»×ª·¢Ô·ÓÉ°ü
/dev/ip
ip_forwarding
2
0
½ûÖ¹°üת·¢
/dev/ip
ip_pmtu_strategy
2
1
²»²ÉÓÃecho-request PMTU²ßÂÔ
/dev/ip
ip_send_redirects
1
0
²»·¢ICMPÖض¨Ïò°ü
/dev/ip
ip_send_source_quench
1
0
²»·¢ICMPÔ´½áÊø°ü
/dev/tcp
tcp_conn_request_max
20
500
Ôö¼ÓTCP¼àÌýÊý×î´óÖµ£¬Ìá¸ßÐÔÄÜ
/dev/tcp
tcp_syn_rcvd_max
500
500
HP SYN flood±£»¤
/dev/ip
ip_respond_to_echo_broadcast
1
0
²»ÏìÓ¦ICMP echoÇëÇó¹ã²¥°ü
ÓÉÓÚnddµ÷ÓÃÇ°£¬ÒѾÆô¶¯Íø¿¨²ÎÊý£¬ËùÒÔ¿ÉÄܲ»ÄÜÕýÈ·ÉèÖá£
¿ÉÒÔ²ÉÓÃÏÂÁз½·¨£¬½¨Á¢Ò»¸öÆô¶¯½Å±¾¡£
# cp /tmp/sectune /sbin/init.d
# chmod 555 /sbin/init.d/sectune
# ln -s /sbin/init.d/sectune /sbin/rc2.d/S009sectune
