Monday, December 28, 2009

Hp-ux Basic Admin commands


The command used to check the cpu utilization in hpunix is as follows
Method 1:
#top
Output

CPU UTILIZATION
Step 1:

Check the status of idle value

To find the current utilization = 100 – idle value
Idle value = 70.4
Current utilization = 100-70.4 = 29.6%
Step 2:

Next focus on highly utilized process

The highly utilized process can be found in %CPU

In the above screen we can able to find the first high utilized process is dw.sapCEP_D01 which is consuming around 29.65%

Method 2:

Copy the below command and execute in terminal

# UNIX95= ps -ef -o pid,ppid,pcpu,sz,args | sort -nbk 3 | tail -10

Pid= process id
Ppid = parent of pid
Pcpu = percentage cpu usage
Sz=process name
Args= full path of the process executed command.


In the above screen shoot find the third column is the percentage used by the process. The highest usage process is 1765 with percentage 19.41%



Method 3


To find the how userprocess, system process is consuming the cpu utilization run the below command



# sar -u 5 5

HP-UX utapp1ac B.11.23 U ia64 02/27/09

19:44:22 %usr %sys %wio %idle
19:44:27 16 1 0 83
19:44:32 14 1 0 85
19:44:37 9 1 0 90
19:44:42 8 1 0 90
19:44:47 12 1 0 86

Average 12 1 0 87

Total User Utilization is = 12%
Total System utilization = 1%

Memory Management:



Method 1:

#vmstat
procs memory page faults cpu
r b w avm free re at pi po fr de sr in sy cs us sy id
2 0 0 861817 112795 8 3 21 3 0 0 24 1231 9748 949 18 1 81


To find the free memory in server

From the above output free = (112795*4) / 1024 = 440MB

Availabe = (861817*4)/1024 = 3366MB


Method 2:
To find the total physical memory installed in the server

Common for PA-Risc and itanium server.
# dmesg | grep -i physical
physical page size = 4096 bytes, logical page size = 4096 bytes
Physical: 8358472 Kbytes, lockable: 6160756 Kbytes, available: 7152516 Kbytes

From the above output the total memory size = 8358472/1024 = 8162MB

Common for PA-Risc and itanium server.
# print_manifest | grep -i memory
Main Memory: 8162 MB


For itanium server.
# machinfo | grep -i memory
Memory = 8162 MB (7.970703 GB)


Method 3

To find which process is utilizing high memory in the server

Copy the below command and execute in the server.

#UNIX95= ps -ef -o pid,ppid,pcpu,sz,args | sort -nbk 4 | tail -10

The above command will display top 10 highly utilized process which is consuming high memory.


Disk Management:

Method 1


Sar = system activity report

# sar –d 5 5

HP-UX utapp1ac B.11.23 U ia64 02/27/09

19:51:47 device %busy avque r+w/s blks/s avwait avserv
19:51:52 c2t2d0 2.99 0.50 5 50 0.00 6.43
19:51:57 c2t2d0 0.40 0.50 1 7 0.00 7.43
19:52:02 c2t2d0 1.00 0.50 1 19 0.00 20.12
19:52:07 c2t2d0 0.40 0.50 1 10 0.00 8.65
19:52:12 c2t2d0 0.60 0.50 1 10 0.00 12.09

Average c2t2d0 1.08 0.50 2 19 0.00 9.29

Current avg disk utilization is 1.08%




Method 2

To check the i/o status for the disk run the below command

# iostat 5 5

Column Heading Interpretation
device Device name
bps Kilobytes transferred per second
sps Number of seeks per second
msps Milliseconds per average seek


device bps sps msps

c2t2d0 0 0.0 1.0

c2t2d0 123 14.3 1.0

c2t2d0 8 2.0 1.0

c2t2d0 4 0.6 1.0

c2t2d0 117 3.8 1.0


# iostat -t
tty cpu
tin tout us ni sy id
0 70 18 0 1 81

device bps sps msps

c2t2d0 0 0.0 1.0

The iostat command gives you an indication of the level of effort the CPU is putting into I/O and the amount of I/O taking place among your disks and terminals. The following example shows the iostat -t command, which will be executed every three seconds, and associated output from an HP-UX 11.x system

Tin = terminal input
Tout = terminal output





Hardware status:

To collect the hardware details in the server run the below command

#print_manifest

The above command display complete hardware information

To check status of hardware

# ioscan –fn

The above command display complete hardware status

To check disk status in the server

#ioscan –fnC disk

# ioscan -fnC disk

Class I H/W Path Driver S/W State H/W Type Description
============================================================================
disk 0 0/0/2/1.0.16.0.0 sdisk CLAIMED DEVICE TEAC DV-28E-N
/dev/dsk/c0t0d0 /dev/rdsk/c0t0d0
disk 22 0/3/1/0.1.2.0.0.0.0 sdisk CLAIMED DEVICE HITACHI OPEN-V*15
/dev/dsk/c10t0d0 /dev/rdsk/c10t0d0


Explanation

Ioscan – Input output scan

C = specific class (for example disk, lancard, etc..)

In the above output class=disk
H/W path = 0/0/2/1.0.16.0.0
Instance Number = 0
Device file = /dev/dsk/c0t0d0

In the above output we need to focus on S/w & H/w State where the above output shows the state is CLAIMED where the disk is inserted properly in the server and the driver state is good.

If the disk is not inserted properly then we will get the output as show below

#ioscan –fnC disk


Class I H/W Path Driver S/W State H/W Type Description
============================================================================
disk 0 0/0/2/1.0.16.0.0 sdisk UNCLAIMED DEVICE TEAC DV-28E-N
/dev/dsk/c0t0d0 /dev/rdsk/c0t0d0


Like wise you can check for other device as follows

For lan

# ioscan –fnC lan

For fc (Fiber channel card)

#ioscan –fnC fc

For external bus

#ioscan –fnC ext_bus

Fro tape drive

#ioscan –fnC tape


To find the mac address of lancard run the below command

# lanscan
Hardware Station Crd Hdw Net-Interface NM MAC HP-DLPI DLPI
Path Address In# State NamePPA ID Type Support Mjr#
0/4/2/0 0x0017A451F55C 0 UP lan0 snap0 1 ETHER Yes 119
0/4/2/1 0x0017A451F55D 1 UP lan1 snap1 2 ETHER Yes 119

From the above output we need to focus on Address where address is the mac address of the lan


To find the ip address of the server

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 10.120.14.0 10.120.14.21 715862558 0 1061561099 0 0
lo0 4136 127.0.0.0 127.0.0.1 4983190 0 4983191 0 0

From the above output the ip address of the server is 10.120.14.21

# ifconfig lan0
lan0: flags=1843
inet 10.120.14.21 netmask ffffff00 broadcast 10.120.14.255


ERROR LOGS:

PATH
/var/adm/syslog/syslog.log

Cat the above command to check the errors in the server
#more /var/adm/syslog/syslog.log
PATH
/var/opt/resmon/log

Go the above mentioned path and check for latert event.log message in the server.

Do more, cat the eventlog message to find the detail information above the error.

For example.
# cat /var/adm/resmon/log/event.log


BACKUPMANGAMENT

Example
#bdf
Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol3 573440 270848 300240 47% /
/dev/vg00/lvol1 311296 133672 176328 43% /stand
/dev/vg00/lvol6 8388608 2748536 5596904 33% /var
/dev/vg00/lvol8 6356992 2528384 3800928 40% /usr
/dev/vg00/lvol10 6291456 2937886 3148640 48% /usr/sap/CEP
/dev/vg00/lvol5 4194304 1939104 2237624 46% /tmp

To take backup of /dev/vg00/lvol10 filesystem which is mounted in /usr/sap/CEP filesystem run the below command to do

# fbackup –i /usr/sap/CEP –f

To check the status of tape drive

# mt –f status

For example : tape device file = /dev/rmt/0mn

The check the status

#mt –f /dev/rmt/0mn status

Trusted systems

Trusted System

Characteristics/Advantages

1.Trusted system removes the passwd encryptions from the /etc/passwd file. It replaces the entry with a '*' character.

2.It also sets up a database under /tcb directory. tcb will be created. This directory is only readable by root. Trusted - encrypted passwords are NOT stored in /etc/passwd. They are instead stored in files in the /tcb/files/auth/ directory structure which is only readable by root. So its not possible for ordinary users to get the encrypted password, because weak paswords can easily be cracked.

3.SAM provides a variety of system security policies. You have control on how a new user can choose a password or if a new user will get a system-created password. You can enable password aging policies (and controlling them).

4.You can de-activate and re-activate user accounts

5.User accounts will be de-activated automatically, if the user performs several unsuccessful logins. Root can choose how many unsuccessful logins are allowed

6.User accounts will be de-activated automatically, if the user account is inactive for a period of time. Root can choose how many days of inactivity

7.When a new user logins the first time he needs an authorization number. After that he has to set his password first before entering any other command. The authorization number is given to root by SAM.

8.Root is not allowed to choose very simple passwords.

9.Converting a machine to trusted doesn’t require a reboot nor your application to be down but it is always better to convert when the system is quite(when application is down)

Pre-requirements

1.Make sure that all users password must not greater than 8 characters otherwise, after convert they will not be able to login with same password, if longer they will be truncated.

2.Note that conversion to trusted mode is not supported in NIS systems.

3.If you set Password Aging" to "Disabled" under "System Security Policies" before doing the conversion, your passwords won't automatically expire.
4.Backup your /etc/passwd before you do attempt to switch. Back up your file system for later recovery of user files.

5.ALWAYS run pwck prior to converting.

6.Always convert when the system is quite.

How to convert to trusted system

1.It is recommended to covert the system to a trusted system using Sam rather than the command line.
2.Using command it can be converted using tscovert –s
3.Convert to a trusted (secure) system:

Type SAM (in character mode):

#sam
The SAM main menu is displayed.
1.Highlight Auditing and Security.
2.Highlight Audited Events.
The following message is displayed as soon as you click on any of the auditing options for the first time:

a.
You need to convert to a Trusted System before proceeding.

Converting to a Trusted System does the following:

1. Creates a protected database on the system for storing
security information.

2. Moves user passwords in "/etc/password" to this database.

3. Replaces all password fields in "/etc/passwd" with "*".
Do you want to convert to a Trusted System now?

4.Click Yes

The system displays the following message:

Converting to a trusted system....

Successfully converted to a trusted system.

Press OK to continue.


The conversion program does the following:

Verify that the audit files are on your system:
Use swlist -l fileset to list the installed file sets. Look for the file set called SecurityMon which contains the auditing program files. To reduce the listing, you might try

swlist -l fileset | grep Security
In addition, verify that the following files (not specified in SecurityMon) also exist:
/etc/rc.config.d/auditing contains parameters to control auditing. You may modify this file with SAM or by hand.

/sbin/rc2.d/S760auditing is the script that starts auditing. It should not be modified.


After convertion to trusted system
When you change to a trusted system root can choose how many characters of a password are considered. If root changes the default of 8 characters, users may have to reset their passwords (using authorization numbers).

After conversion to a Trusted System, you are ready to use your audit subsystem and run your HP-UX system as a Trusted System. To enable auditing, run SAM and use the “Auditing and Security” window.
You may also enable auditing without running SAM, by manually editing the script in /etc/rc.config.d/auditing.

Next, you must also establish password control by setting the many password options available.

Your system is now converted to a trusted system.

Revert to untrusted system
1.We can easily go back from a trusted system using the command tsconvert –r
2.Recommeded using sam
3.Enter SAM
4.Go to "Auditing and Security".
5.Go to "Audited Events" “Audited System Calls”, and “Audited Users”
6.Choose "Action" --> "Unconvert the system."


Trouble after switching to trusted system

1.If you have applications that make use of /etc/passwd you will have some trouble a guess.
2.Another consideration, and the major headache is AUDITING
3.After switching to trusted mode, auditing is possible, but what is it you would like to audit?
4.Things to consider:

o What type of events will be monitored and what accounts (the more selected the more overhead on the system -- system performance can be a concern!) . There are so many events that can be monitored
o How much space are you will willing to sacrifice with audit logs? Do you plan to let them grow in their default location?
o How much data do you want to save and for how many days? Do you want to save it on tapes for a period of time or would you just discard older logs?

Tips to find out if the system is trusted

1.The tcb directory should exists and /etc/passwd should not show up encoded passwords.
2.A simple way for users to tell if their system has been converted to a Trusted system is to look for the ““last successful/unsuccessful login” message that is displayed by a Trusted System at user login.

SAR Command in hp-ux

The sar utility is short for System Activity Reporter. This system activity reporter is quite popular in HP/UX systems, and is now becoming available for AIX and Solaris dialects of UNIX. SAR has much of the same functionality as the vmstat utility, but provides additional details.

There are four main ways to invoke sar, each producing a different output display as shown in Table 2-5.

sar command arguments UNIX display output
sar –b Monitor UNIX buffer activity
sar –u Monitor CPU usage
sar –w RAM memory switching and swapping activity
sar –d Monitor disk usage

Note: Each dislect of UNIX has different display formats for the sar utility. For example, some of the argument flags in the Solaris are not available on HP/UX. Please check your UNIX-specific documentation for details on your UNIX server.
The output from sar reports usually shows a time-based snapshot of activity. This is true for all reports that you'll see in this section. When you issue the sar command, you pass two numeric arguments. The first represents the time interval between samples, and the second represents the number of samples to take.

For example:
sar –u 10 5

The sar command in this example is requesting five samples taken at 10-second intervals.

sar –u: The CPU Report

The sar –u command is very useful for seeing the overall CPU consumption over time. In the example that follows, I execute sar –u to see the state of the CPU. CPU time can be allocated into the following four sections: user mode, system mode, waiting on I/O, and idle.

root> sar -u 2 5
HP-UX corp-hp1 B.11.00 U 9000/800 12/25/00
07:18:44 %usr %sys %wio %idle
07:18:46 0 0 1 99
07:18:48 0 0 1 99
07:18:50 4 0 13 83
07:18:52 2 1 7 90
07:18:54 0 0 3 98
Average 1 0 5 93

sar –w: The Memory Switching and Swapping Activity Report
The sar –w command is especially useful if you suspect that your database server is experiencing a memory shortage. The following example shows the swapping activity report that you get from sar:

root> sar -w 5 5
HP-UX corp-hp1 B.11.00 U 9000/800 12/25/00
07:19:33 swpin/s bswin/s swpot/s bswot/s pswch/s
07:19:38 0.00 0.0 0.00 0.0 261
07:19:43 0.00 0.0 0.00 0.0 231
07:19:48 0.00 0.0 0.00 0.0 326
07:19:53 0.00 0.0 0.00 0.0 403
07:19:58 0.00 0.0 0.00 0.0 264
Average 0.00 0.0 0.00 0.0 297

The column descriptions for sar –w are as follows:
* swpin/s?Number of process swap-ins per second.
* swpot/s?Number of process swap-outs per second.
* bswin/s?Number of 512-byte swap-ins per second.
* bswot/s?Number of 512-byte swap-outs per second.
* pswch/s?Number of process context switches per second.

sar –b: The Buffer Activity Report

The sar -b command causes sar to report buffer activity, which equates to disk I/O activity and is especially useful if you suspect that your database is I/O bound. The report shows real disk I/O, and the interaction with the UNIX Journal File System (JFS) buffer. For example, below we see a sample of sar output over a 5-second interval:

>sar -b 1 5

HP-UX corp-hp1 B.11.00 U 9000/800 12/25/00
07:20:40 bread/s lread/s %rcache bwrit/s lwrit/s %wcache pread/s pwrit/s
07:20:41 0 72 100 6 7 14 0 0
07:20:42 0 3 100 3 3 0 0 0
07:20:43 0 3 100 0 9 100 0 0
07:20:44 0 26 100 6 12 50 0 0
07:20:45 0 19 100 3 15 80 0 0
Average 0 25 100 4 9 61 0 0

In the output shown here, you see the following data columns:

* Bread/s Number of physical reads from disk per second.
* lread/s?Number of reads per second from the UNIX JFS buffer cache.
* %rcache?Buffer cache hit ratio (for the UNIX JFS buffer cache) for read requests.
* bwrit/s?Number of physical writes to disk per second. This gives the DBA an indication of the overall write activity on the server.
* lwrit/s?Number of writes per second to the UNIX JFS buffer cache.
* %wcache?Buffer cache hit ratio (for the UNIX JFS buffer cache) for write requests.
* pread/s?Number of reads per second from disk. This is an excellent measure of the load on the I/O subsystem.
* pwrit/s?Number of writes per second to disk

The sar –b command is often used in reactive tuning when you want to correlate what is happening inside Oracle with what is happening on the database server. Now let’s turn our attention to the UNIX sadc utility