6/29/09

Applet Security -

When an app is accessed through https, if there is no trust between app server and browser jre, client jvm may spit SSL HandShake Error. Error may go like this -
Error Occured during session initialization: Error SSL connecting to server:9446:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Its very simple to solve this. One needs to import client certificate into jre/lib/security/cacerts which is the trust store of the JVM.
example -
"C:\Program Files\Java\jre1.5.0_11\bin\keytool" -import -trustcacerts -keystore "C:\Program Files\Java\jre1.5.0_11\lib\security\cacerts" -storepass changeit -noprompt -alias ALIAS_NAME -file "\CERTIFICATE_NAME"

6/22/09

10000

I am happy to announce that this blog crossed 10000 hits.

Thanks to all for viewing my blog on webshpere.

Please mail me if u have any questions or for any info or any suggestions.

admin.websphere@gmail.com

6/17/09

While using df

Solaris
df -h is the command to display available disk free space in bytes
e.g.,
$df -h
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d84 3.9G 136M 3.8G 4% /var
swap 6.6G 992K 6.6G 1% /tmp
/dev/md/dsk/d101 20G 7.8G 12G 41% /software

Equivalent df in AIX
df -g

AIX df command

df Command

Purpose

Reports information about space on file systems. This document describes the AIX df command as well as the System V version of df.

Syntax

df [ [ -P ] | [ -I | -M | -i | -t | -v ] ] [ -k ] [ -m ] [ -g ] [ -s ] [FileSystem ... | File... ]

Description

The df command displays information about total space and available space on a file system. The FileSystem parameter specifies the name of the device on which the file system resides, the directory on which the file system is mounted, or the relative path name of a file system. The File parameter specifies a file or a directory that is not a mount point. If the File parameter is specified, the df command displays information for the file system on which the file or directory resides. If you do not specify the FileSystem or File parameter, the df command displays information for all currently mounted file systems. File system statistics are displayed in units of 512-byte blocks by default.

The df command gets file system space statistics from the statfs system call. However, specifying the -s flag gets the statistics from the virtual file system (VFS) specific file system helper. If you do not specify arguments with the -s flag and the helper fails to get the statistics, the statfs system call statistics are used. Under certain exceptional conditions, such as when a file system is being modified while the df command is running, the statistics displayed by the df command might not be accurate.

Note:
Some remote file systems, such as the Network File System (NFS), do not provide all the information that the df command needs. The df command prints blanks for statistics that the server does not provide.

The df command does not fully support NFSv4 filesystems. Use the nfs4cl command to extract block and space information.

Flags

-g Displays statistics in units of GB blocks. The output values for the file system statistics would be in floating point numbers as value of each unit in bytes is significantly high.
-i Displays the number of used inodes and the percentage of inodes in use for the file system. This output is the default when the specified file system is mounted.
-I Displays information on the total number of blocks, the used space, the free space, the percentage of used space, and the mount point for the file system.
-k Displays statistics in units of 1024-byte blocks.
-m Displays statistics in units of MB blocks. The output values for the file system statistics would be in floating point numbers as value of each unit in bytes is significantly high.
-M Displays the mount point information for the file system in the second column.
-P Displays information on the file system in POSIX portable format.

When the -P flag is specified, the header line appears similar to:

Filesystem 512-blocks Used Available Capacity Mounted on\n

If the -k, -m or -g flag is specified in addition to the -P flag, the column heading 512-blocks is replaced by the respective units, depending on which of these flags is used with the -P flag.

File system statistics are displayed on one line in the following order:

FileSystem, TotalSpace, UsedSpace, FreeSpace, UsedPercentage, MountPoint

-s Displays statistics on unmounted JFS or Enhanced JFS file systems by the command line arguments. If there are no arguments specified, the -s flag has no effect. If the file systems specified by the argument are currently mounted or an argument is a file, the -s flag has no effect for that particular argument. To collect statistics on unmounted file systems, an argument must be a JFS or Enhanced JFS file system mount point or device, the file system must be listed in /etc/filesystems, and the user must have read access to the device.
-t Includes figures for total allocated space in the output.
-v Displays all information for the specified file system.

The values of the output parameters with the flags -m and -g would be rounded off to nearest second decimal digit. If all or any two of the -k, -m and -g flags are specified, the last one specified takes effect.

Exit Status

This command returns the following exit values:

0 Successful completion.
>0 An error occurred.

Examples

  1. To display information about all mounted file systems, enter:
    df

    If your system has the /, /usr, /site, and /usr/venus file systems mounted, the output from the df command resembles the following:

    Filesystem 512-blocks Free   %Used   Iused  %Iused  Mounted on
    /dev/hd0 19368 9976 48% 4714 5% /
    /dev/hd1 24212 4808 80% 5031 19% /usr
    /dev/hd2 9744 9352 4% 1900 4% /site
    /dev/hd3 3868 3856 0% 986 0% /usr/venus
  2. To display information about /test file system in 1024-byte blocks, enter:
    df -k /test
    Filesystem    1024 blocks    Free    %Used   Iused  %Iused  Mounted on
    /dev/lv11 16384 15824 4% 18 1% /tmp/ravi1
    This displays the file system statistics in 1024-byte disk blocks.
  3. To display information about /test file system in MB blocks, enter:
    df -m /test
    Filesystem    MB blocks    Free    %Used    Iused  %Iused  Mounted on
    /dev/lv11 16.00 15.46 4% 18 1% /tmp/ravi1
    This displays file system statistics in MB disk blocks rounded off to nearest 2nd decimal digit.
  4. To display information about the /test file system in GB blocks, enter:
    df -g /test
    Filesystem    GB blocks   Free     %Used    Iused  %Iused  Mounted on
    /dev/lv11 0.02 0.02 0% 18 1% /tmp/ravi1
    This displays file system statistics in GB disk blocks rounded off to nearest 2nd decimal digit.
  5. To display available space on the file system in which your current directory resides, enter:
    cd/
    df .

    The output from this command resembles the following:

    Device   512-blocks  free   %used   iused   %iused  Mounted on
    /dev/hd4 19368 9976 48% 4714 5% /

Files

/etc/filesystems Lists the known file systems and defines their characteristics.
/etc/vfs Contains descriptions of virtual file system types.

Solaris df, du, ls commands

Solaris df command

New df, du, and ls Options

The df, du, and ls commands have a new h option for displaying disk usage and file or file system sizes that are easy to understand.

The default form of the df command displays file system size in blocks (512 bytes). The df output, in kilobytes, follows:

$ df -k / /usr
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0t0d0s0 192056 94788 78063 55% /
/dev/dsk/c0t0d0s6 1982988 829966 1093533 44% /usr

The same file system sizes displayed in powers of 1024 follows:

$ df -h / /usr
Filesystem size used avail capacity Mounted on
/dev/dsk/c0t0d0s0 188M 93M 76M 55% /
/dev/dsk/c0t0d0s6 1.9G 811M 1.0G 44% /usr

The default form of the du command displays disk space in blocks (512 bytes). The du output, in blocks, follows:

% du -s k*
100 kadmin
98 kadmin.local
98 kdb5_util
90 keyserv
10 killall

The same disk space displayed in powers of 1024 follows:

% du -h k*
50K kadmin
49K kadmin.local
49K kdb5_util
45K keyserv
5K killall

The default form of the ls -l command displays file size in bytes. Use the ls -lh command to display file size in powers of 1024:

% ls -lh k
-r-xr-xr-x 1 root bin 49K Nov 30 03:32 kadmin
-r-xr-xr-x 1 root bin 49K Nov 30 03:32 kadmin.local
-r-xr-xr-x 1 root bin 49K Nov 30 03:32 kdb5_util
-r-xr-xr-x 1 root sys 44K Nov 25 04:37 keyserv
-r-xr-xr-x 1 root bin 4.3K Nov 25 04:36 killall

6/10/09

AIX Command Tips

Displaying top CPU_consuming processes:
#ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying top 10 memory-consuming processes:
#ps aux | head -1; ps aux | sort -rn +3 | head
Displaying process in order of being penalized:
#ps -eakl | head -1; ps -eakl | sort -rn +5
Displaying process in order of priority:
#ps -eakl | sort -n +6 | head
Displaying process in order of nice value
#ps -eakl | sort -n +7
Displaying the process in order of time
#ps vx | head -1;ps vx | grep -v PID | sort -rn +3 | head -10
Displaying the process in order of real memory use
#ps vx | head -1; ps vx | grep -v PID | sort -rn +6 | head -10
Displaying the process in order of I/O
#ps vx | head -1; ps vx | grep -v PID | sort -rn +4 | head -10
Displaying WLM classes
#ps -a -o pid, user, class, pcpu, pmem, args
Determinimg process ID of wait processes:
#ps vg | head -1; ps vg | grep -w wait
Wait process bound to CPU
#ps -mo THREAD -p
Cpu usage with priority levels
#topas -P

#svmon -Put 10 will give the memory mapping for the
top ten memory consuming processes.

#top


Remember, some commands needs you to be root. So, you switch to su to root.
Two important things here -
1. from ur profile, if u say
$su root
takes you to root with current shell. Means that, though u r root, u still carry ur .profile and ur env variables.
2. if u want to have root's env variables -
su - root or
su root
after getting into root
. ./.profile

AIX commands

Found some AIX commands thru google. Thought to share here. Enjoy :)
1. Useful commands
Note All AIX commands reference can be found under
http //www.austin.ibm.com/doc_link/en_US/a_doc_lib/aixgen/wbinfnav/CmdsRefTop.htm
1.1 Memory
bootinfo –r shows how much RAM does my machine has (as root)
lsattr –E –l sys0 –a realmem shows how much RAM does my machine have (as non root)
rmss -c 512
rmss -r sets the memory size to 512 MB
resets the memory size to the original one
1.2 Devices

lsattr -El en0 displays en0 driver params
lsattr -El ent0 displays ent0 HW params
lsattr -El rmt0 displays tape params
lscfg -vp -l rmt0 (all information about a tape drive)
lsattr -El sys0 displays system type, firmware, etc driver params
lscfg –v lists all system HW config (NVRAM)
lsdev –Csscsi list all scsi devices
lsdev –Cspci list all pci devices
lsparent –Ck scsi list all scsi adapters
lsdevfc list fiberchannel devices
cfgmgr Configures devices
lsdev -Ccdisk Shows all disks
lsdev -Cctape Shows all tapes
cfgmgr -v -l device –v Specifies verbose output. The cfgmgr command writes information about what it is doing to standard output.
cfgmgr -v -l device Name Specifies the named device to configure along with its children.
If you only turned on a disk tower at e.g. scsi2 cfgmgr -v -l scsi2 will only configure this with detailed output.
lsdisp To check which graphic adapter is installed.
lscfg -vp -l mga0 (all information about a adapter)
lscfg -vp -l hdisk0 | grep Machine gives info about the disk manufacture type
lsslot -c pci For 6F1 only !!!! Lists all slots ,voltage,boards,etc !!!!
bootlist -m normal cd0 rmt0 hdisk0 Changes the default bootlist
lsmcode -c display the system firmware level and service processor
lsmcode -r -d scraid0 display the adapter microcode levels for a RAID adapter scraid0
lsmcode -A display the microcode level for all supported devices


1.3 System info

/usr/bin/uname -m Get machine ID
/usr/bin/uname -M Get platform type
oslevel Displays current AIX level
oslevel -r Displays current AIX maintenance level
oslevel -g List filesets at levels later than maintenance level !!!
lsps -a Paging space settings.
lscfg -vp -l proc0 (1,2,3) (all information about a processor[s])
lscfg -vp -l mem0 |pg (all information about memory modules installed)
env ulimit Environment setings - show user ulimit
bootinfo –s hdisk0 Displays disk size
lsattr -El sys0 -a systemid Determines the system serial number
lscfg –vp|grep ROM|grep -v CD Determines the system Firmware level
1.4 System issues

TERM=vt100 -If you execute a command/application and it responds with msg
‘ The type of your terminal is unknown to the system’,run those commands (In ‘ksh’)
set term=vt100 -Same (In tcsh’)
rcp -rp /dataVolumes/brisque1.1.0/jobs/flower.job sciroot@ripro3:/dataVolumes/ripro3.3.0/jobs/ -Copying a file from one Unix machine (Brisque) to another (Server) the assumption is that both machines know each other’s names (in hosts file)
dd if=/dev/fd0 of=/temp/diskimage bs=4096 -Duplicate a diskette copy from diskette to hard drive
dd if=/temp/diskimage of=/dev/fd0 bs=4096 -copy diskette image onto diskette
/usr/lpp/X11/bin/xset -display unix 0 s off -Kill display timeout
lsfs -v jfs -List of Filesystem items.
lsfs -q -v jfs -you can see also the parameter of a filesystem and thus see if e.g. /backup was or is a big_filesystem_enabled one.
Important for the 2GB File limit.
lsuser –f root Shows all user parameters (max .file size,etc)
sysdumpdev -L Check last system dump status
sysdumpdev -l Check system dump device settings
lslpp -f Upd_Timna_DTM.obj List contents of the package
1.5 Networking

ksh
for ENT in ` lsdev –Cs pci|grep ent | awk '{ print $1 }'|cut –c 1,2,4 `;do
mktcpip –S $ENT
done
exit -Shows all interfaces IP config+mask+router+DNS !
host timna1 displays station default IP address – works ONLY in DNS environment
ifconfig en0 displays en0 driver params
netstat -i displays network interfaces setting
mktcpip -S en0 #host:addr:mask:_rawname:nameserv:domain:gateway:type:start
syslab18:192.9.100.1:255.255.255.0:en0:10.4.2.12:csil.creoscitex.com:10.4.30.1:N/A:no
GREAT TCPIP info in one command !!!
showmount –e displays all exported volumes
showmount -a show who's got my filesystemsses mounted over IP !
lssrc –g tcpip displays all IP oriented processes status
entstat -drt ent0 |grep –i error display any communication errors on etn0
entstat -r Resets all the statistics back to their initial values.
arp -a shows a local arp cache
cd /usr/local/es/;res restarts appletalk
netstat -ptcp shows IP statistics
netstat -pudp shows UDP statistics
netstat -c
-s
-m client only;
server only
NFS mount
netstat -I en0 10 Trace en0 every 10 seconds
netstat -rn Display routing info with IP address (10.4.27.182)
netstat -in Shows the state of all configured interfaces
netstat -r Display routing info with full hostnames (timna2.csil.creoscitex)
nfsstat –z ;to reset NFS stats without reboot
cat /etc/resolv.conf Check DNS settings
stopsrc –g NFS To stop NFS services on a client
startsrc –g NFS To start NFS services on a client
traceroute 149.115.39.1 Trace all hobs (interconnections=routers) to the destination IP
netpmon -o netpmon.out
trcstop Traces all network processes activity into a logfile. Must be preceede by a trcstop command !
nslookup hostname Shows the DNS server name and address
ping -R -c 1 bnc2 Ping with displaying the routing info
namerslv -s | grep domain | awk '{ print $2 }' Displays a fully qualified domain name of a host
rup Shows the status of a remote host on the local network
nmonnfs Traces all NFS processes activity
mount hostname:/filesystem /mount-point Mount an NFS filesystem
mknfsexp -d /directory Creates an NFS export directory
mknfsmnt Creates an NFS mount directory
rmnfs Stops and un-configures NFS services
mknfs Configures and starts NFS services
exportfs -u (filesystem) Un-exports a filesystem
exportfs Lists all exported filesystems
exportfs -a Exports all fs's in /etc/exports file
1.6 Disks

synclvodm -vP svg3 synchronizes ODM and the disk VG info.
redefinevg svg3 Redfined VG definition in ODM
lqueryvg -p hdisk0 –Avt -reads logical volumes info from disk
bootinfo -s hdiskx Shows Megabytes available even if no volume group is assigned.
lspv -p hdiskx (PP's used, location on disk, mount point)
lscfg -vp -l hdiskx (all information about a disk/raid)
1.7 Filesystem

chfs -a size=+200000 /var increases /var FS by 100MB
du -sk /john shows directory used space in kb !!!!
mount all mounts all FS
umount /dataVolumes/rtest9.1.0 unmounts a FS
fuser -k /dev/cd0 Releases a CD that will not unmount !
fuser –c /dataVolumes/rtest9.1.0 -Find out which process_id lock the FS
istat Shows when the file was last created/modified/accessed !!!!
1.8 System monitoring

istat Shows create/modify/access file info
alog -o -t boot | more displays system boot log
w Lists login users and their programs.
who Identifies the users currently logged in
/usr/local/es/swho Identifies the Ethershare users currently logged in
last |more shows last logins
last –20 Shows recent 20 lines
last root Shows username ‘root’ login/logout record
last ftp Shows all FTP session in the record
mount shows all mounted filesystems (nfs+local)
ps -ef show all running processes
ps -ef |grep Scitex show all scitex running processes
du -ak /scitex|sort -n -r|head –10 -Display 10 biggest directories on the volume by size
find /scitex -xdev -size +2048 -ls|sort -rn +6|head –10 -to find 10 top files in the root (/) directory larger than 1 MB.”-xdev” helps searching ONLY in “/” !!!!!!!!!
history Last commands run on the system by this user
alog -ot boot Lists a log of all boot operations
grep TX /etc/environment Verify daylight settings
1.9 Performance issues

nmon a nice monitor - runs only on AIX5 and up
topas a nice monitor - runs only on AIX 4.3.3 and up
monitor -top 10 -s 2 monitors system 10 top processes with 2 seconds
iostat 2 displays disks activity every 2 seconds refresh interval
iostat –a 2 AIX5 ONLY !!!!
displays disks and ADAPTER !!!! activity every 2 seconds refresh interval
vmstat 2 ;monitors virtual memory statistics every 2 seconds (see appendix A)
sar –P ALL 2 2 Show all CPU’s activity on an SMP machine
svmon –i 2 Monitors real and virtual memory
ps auxw | sort –r +3 |head –10 -Shows top 10 memory usage by process
ps auxw | sort –r +2 |head –10 -Shows top 10 CPU usage by process
ps –auw | grep defunct Shows zombies processes (to kill – reboot or kill the parent)
filemon –O all –o filemon.out ; find / -name core ; trcstop Traces FS,LV,disks,files activityof a “find” command into a logfile (filemon.out). Must be preceded by a trcstop command.
tprof –x find / -name core ; trcstop Traces CPU activityof a “find” command Severall logfile are created. Must be preceded by a trcstop command.
tprof -ske -x "sleep 30" -Trace CPU activity for next 30 seconds.Results in file sleep.tprof

lvmstat –ev svg1
lvmstat –v svg1 2 AIX5 ONLY !!!!
enable gathering the VG statistics
Display VG logical volumes statistics every 2 seconds
1.10 Remote issues (working over the modem)

pdelay tty0; pdisable tty0 >/dev/null ;penable tty0
-Resets tty0
stty erase '^?' Makes bakespace to work
/scitex/version/utils/modem/kermit -l /dev/ttyx –c atdt {phone #} Use Unix to Dail-out (for any reason) ttyx is the serial port the cable is connected
/scitex/version/utils/modem/kermit -s /u/d0/ripro_messages -i Sends a file to a remote desktop in binary mode
/scitex/version/utils/modem/kermit –r
-Receives a file to from remote desktop
1.11 Browsing errlog with errpt

errpt -a -s 0604090601 -e 0605090901 browse the errlog in detail for all errors within a timeframe
errpt -a -N SYSPROC |more
errpt -a -N SYSPROC > /tmp/err.log Browse the errlog for the SYSPROC resource, can be into the file
errpt -j 5DFED6F1 -Browse the errlog by the identifier
errpt –A -AIX5 ONLY !!!! Shows less detailes then errpt -a
errpt –D -AIX5 ONLY !!!! eliminates double entries
1.12 Security issues

chmod -s Filename Remove Sticky Bit to a file or directory

chmod +r+w+x+t Filename Add Read+Write+Execute+Temp mode to a file or directory.
This is a ‘blanket’ change for all owner, user & group.
Numeric Access Modes
0 (---) - no access
1 (--x) - execute permissions; search permissions for directories
2 (-w-) - write access
3 (-wx) - execute/search permission and write access
4 (r--) - read access
5 (r-x) - execute/search permission and read access
6 (rw-) - read and write access
7 (rwx) - execute/search permission and read and write access
mkpasswd -f rebuild the /etc/passwd indexes in case of suspected corruption
1.13 Miscellaneous
ksh
find / -type f|xargs grep "10.4.27.181" 2> /dev/null
-Find all files containing my IP address
compress -c file > file.Z Compresses the files while keeps the original
whereis Returms full path of program