Anyway, most admins know how to find the largest files inside a single directory:

du -sk * | sort -n

The other day I needed to find the largest of over 10k+ files spread across hundreds of directories. So with a little command combo magic, I used this:

for i in `find . -type f`; do du -sk $i; done | sort -n

Which runs a du -sk on every single file within the current directory and all sub-directories, pipes it to a sort, with the last files being output to the screen being the largest.

Looking at it again today, I guess I probably could have removed the for loop and just done:

du -sk `find . -type f` | sort -n

Testing it out real quick shows that it works; however, if you have as many files as I had to go through, you would have quickly exhausted du and it would have complained:

-bash: /usr/bin/du: Argument list too long

So it looks like the for loop was needed after all. Personally, I love running for loops on the command line.

Happy Father’s Day to all you fathers out there!

The other section I wonder about but doesn’t really apply to my blog, is for blogs with multiple authors. His code says:

if (1 == $comment->user_id)

which only highlights the comments of the admin user - who may not even be the original author. Someday, when I’m a WordPress hacker, I’ll tell you what the correct line should be, or some other guru can add it. But there should be something like:

if ($article->user_id == $comment->user_id)

Again I don’t know what the right variable for the $article->user_id would be. If you take the time to figure it out, let us know.

First, check what your swap space is already set to:

# swap -l
swapfile dev swaplo blocks free
/dev/dsk/c1t0d0s1 61,1 8 4194288 4194288

In this case, it is set to 2 GB (4194288 x 512 bytes = 1.99999237 gigabytes) and is set to partition 1 on the first drive.

So in this example, I added a 4 GB drive and ran devfsadm. Format shows the second drive available:

# format
Searching for disks…done

AVAILABLE DISK SELECTIONS:
0. c1t0d0
/pci@0,0/pci1000,30@10/sd@0,0
1. c1t1d0
/pci@0,0/pci1000,30@10/sd@1,0

Next, the drive needs some partitions, so we use fdisk (after choosing 1, the new drive):

format> fdisk
No fdisk table exists. The default partition for the disk is:

a 100% “SOLARIS System” partition

Type “y” to accept the default partition, otherwise type “n” to edit the
partition table.
y

format> part

PARTITION MENU:
….

partition> print
Current partition table (original):
Total disk cylinders available: 2044 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0
1 unassigned wm 0 0 (0/0/0) 0
2 backup wu 0 - 2044 3.99GB (2045/0/0) 8376320
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 - 0 2.00MB (1/0/0) 4096
9 unassigned wm 0 0 (0/0/0) 0

partition> 0
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0

Enter partition id tag[unassigned]: swap
Enter partition permission flags[wm]:
Enter new starting cyl[1]:
Enter partition size[0b, 0c, 1e, 0.00mb, 0.00gb]: 1021c

partition> 1
Part Tag Flag Cylinders Size Blocks
1 unassigned wm 0 0 (0/0/0) 0

Enter partition id tag[unassigned]: swap
Enter partition permission flags[wm]:
Enter new starting cyl[1]: 1022
Enter partition size[0b, 0c, 1025e, 0.00mb, 0.00gb]: 1021c

partition> print
Volume: swap
Current partition table (unnamed):
Total disk cylinders available: 2044 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks
0 swap wm 1 - 1021 1.99GB (1021/0/0) 4182016
1 swap wm 1022 - 2042 1.99GB (1021/0/0) 4182016
2 backup wu 0 - 2043 3.99GB (2044/0/0) 8372224
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 - 0 2.00MB (1/0/0) 4096
9 unassigned wm 0 0 (0/0/0) 0
partition> label
Ready to label disk, continue? y
partition> quit
format> label
Ready to label disk, continue? y
format> quit

Now to add the partitions as swap space:

swap -a /dev/dsk/c1t1d0s0
swap -a /dev/dsk/c1t1d0s1

And check that it is now available:

swap -l
swapfile dev swaplo blocks free
/dev/dsk/c1t0d0s1 61,1 8 4194288 4194288
/dev/dsk/c1t1d0s0 61,64 8 4182008 4182008
/dev/dsk/c1t1d0s1 61,65 8 4182008 4182008

Now we need to add them to /etc/vfstab so that they are used after a reboot by /sbin/swapadd. This one was already in there:

/dev/dsk/c1t0d0s1 - - swap - no -

So then we add the additional partitions:

/dev/dsk/c1t1d0s0 - - swap - no -
/dev/dsk/c1t1d0s1 - - swap - no -

If you decide to delete your old swap swap, use the `swap -d` command and don’t forget to change your dump space with `dumpadm -d`.

/etc/nodename
/etc/inet/hosts
/etc/hostname.hme0 (change hme0 to whatever the network interface name is)

Another piece that makes sense to change, although not necessary is the dump space where you save crash dumps. To fix this is also easy:

cd /var/crash
mv oldname newname
dumpadm -s /var/crash/newname

To change the IP, all you need to do is change the IP address in /etc/hosts.

Note: /etc/inet/ipnodes may also need to be changed when using IPv6.

First, you had to provide all of the details on the company from the registered number of incorporation, location of incorporation, etc., but then there was a 13 page contract and then after you get that to them they ask for a legal opinion letter from a registered attorney in the location of the company’s incorporation verifying the company’s identity.  Who knows, they may want more after that - I’ll never know.  This was enough for the company to decide they no longer wanted one.  I called up the billing department and was able to get a refund pretty quickly.

I then purchased a standard SSL and had a new certificate the next day.  I don’t think I would ever recommend the EV certificate again.

openssl req -noout -text -in domain.com.csr

Update: I’m sure you’re all wondering what the problem was! Well, I was copying and pasting the CSR from gedit into their web form. For some reason, gedit was doing something with the text that was not visible - ok, maybe it was visible, perhaps it could have been the color syntax highlighting?   I wouldn’t think that would copy over, and it looked correct in their web form.  Anyway, I simply `cat` the CSR in a terminal window and copied that over and it worked perfectly.

pkgchk <package name>

If it doesn’t return anything that package is fine. If you want to make sure it is checking the files you can always use the -v parameter:

pkgchk -v <package name>

If you want to validate all of the packages on the system, don’t add any parameters (of course, you can always use -v here, but then you won’t be able to keep track of the errors.

pkgchk

Of course, just because something comes up doesn’t mean that you’ve been hacked or anything, just that someone or something has modified the particular file since it was installed. You will need to go through each of the files it finds and decide if that is normal or not for your own individual installation. You can also just check file attributes only (-a) or file content only (-c).

Note: Since all of the errors that pkgchk finds are sent to standard error, you need to make sure you redirect standard error to a file if you want to save the contents somewhere. So to save to a file you may want to run something like this:

pkgchk > /root/pkgchk.errors 2>&1

Follow up - How do you easily list what packages are installed on your system (rpm -qa)? With the pkginfo command without any parameters!

useradd -c “nagios system user” -d /usr/local/nagios -m nagios
chown nagios:nagios /usr/local/nagios/
cd /usr/local/src # or wherever you like to put source code
wget http://internap.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
wget http://internap.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz
gunzip nagios-plugins-1.4.11.tar.gz
tar -xvf nagios-plugins-1.4.11.tar
gunzip nrpe-2.12.tar.gz
tar -xvf nrpe-2.12.tar

First we’ll compile the nagios plugins:

cd nagios-plugins-1.4.11
./configure
make
make install
chown -R nagios:nagios /usr/local/nagios/libexec
cd ..

Run a quick check to make sure the plugins are working:

/usr/local/nagios/libexec/check_disk -w 10 -c 5 -p /

Next, we’ll compile NRPE. Normally at this point we would just run `cd nrpe-2.12; ./configure`. Unfortunately, the configure script can not find the SSH headers and libraries on Solaris 10. You get errors like this:

checking for SSL headers… configure: error: Cannot find ssl headers

checking for SSL libraries… configure: error: Cannot find ssl libraries

The answer to this is, of course, to tell configure where to find them:

cd nrpe-2.12
./configure –with-ssl=/usr/sfw/ –with-ssl-lib=/usr/sfw/lib/

Currently there is a bug in 2.12 that it assumes that all systems have 2 syslog facilities that Solaris doesn’t have, so if you try and compile it generates the following errors:

nrpe.c: In function `get_log_facility’:
nrpe.c:617: error: `LOG_AUTHPRIV’ undeclared (first use in this function)
nrpe.c:617: error: (Each undeclared identifier is reported only once
nrpe.c:617: error: for each function it appears in.)
nrpe.c:619: error: `LOG_FTP’ undeclared (first use in this function)
*** Error code 1
make: Fatal error: Command failed for target `nrpe’
Current working directory /usr/local/src/nrpe-2.12/src
*** Error code 1
make: Fatal error: Command failed for target `all’

Unfortunately, the fix at this time is to comment out the code that calls these two facilities, lines 616-619, in src/nrpe.c:

/*else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTHPRIV;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_FTP;*/

Now it will compile:

# make all
cd ./src/; make ; cd ..
gcc -g -O2 -I/usr/sfw//include/openssl -I/usr/sfw//include -DHAVE_CONFIG_H -o nrpe nrpe.c utils.c -L/usr/sfw/lib/ -lssl -lcrypto -lnsl -lsocket ./snprintf.o
gcc -g -O2 -I/usr/sfw//include/openssl -I/usr/sfw//include -DHAVE_CONFIG_H -o check_nrpe check_nrpe.c utils.c -L/usr/sfw/lib/ -lssl -lcrypto -lnsl -lsocket

*** Compile finished ***

Next install the new binaries:

# make install
cd ./src/ && make install
make install-plugin
.././install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec
.././install-sh -c -m 775 -o nagios -g nagios check_nrpe /usr/local/nagios/libexec
make install-daemon
.././install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/bin
.././install-sh -c -m 775 -o nagios -g nagios nrpe /usr/local/nagios/bin

Optionally, if you want to use the sample config file run (Recommended if you don’t already have a standard config):

# make install-daemon-config
./install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc
./install-sh -c -m 644 -o nagios -g nagios sample-config/nrpe.cfg /usr/local/nagios/etc

Modify the nrpe.cfg file with your settings:

vi /usr/local/nagios/etc/nrpe.cfg

With Solaris 10, we don’t use either inetd or xinetd, but SMF. Thankfully, we can convert inetd entires into the SMF repository with the inetconv command. So first, add the following entry to /etc/services:

nrpe 5666/tcp # NRPE

Then add the following line to the end of /etc/inet/inetd.conf:

nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i

Next, we need to convert it to SMF:

# inetconv
nrpe -> /var/svc/manifest/network/nrpe-tcp.xml
Importing nrpe-tcp.xml …Done
# inetconv -e
svc:/network/nrpe/tcp:default enabled

Check to make sure it went online:

# svcs svc:/network/nrpe/tcp:default
STATE STIME FMRI
online 15:53:39 svc:/network/nrpe/tcp:default
# netstat -a | grep nrpe
*.nrpe *.* 0 0 49152 0 LISTEN

Check the default installed parameters:

# inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name=”nrpe”
endpoint_type=”stream”
proto=”tcp”
isrpc=FALSE
wait=FALSE
exec=”/usr/sfw/sbin/tcpd -c /usr/local/nagios/etc/nrpe.cfg -i”
arg0=”/usr/local/nagios/bin/nrpe”
user=”nagios”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10

Change it so that it uses tcp_wrappers:

# inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE

And check to make sure it took effect:

# inetadm -l svc:/network/nrpe/tcp:default
SCOPE NAME=VALUE
name=”nrpe”
endpoint_type=”stream”
proto=”tcp”
isrpc=FALSE
wait=FALSE
exec=”/usr/sfw/sbin/tcpd -c /usr/local/nagios/etc/nrpe.cfg -i”
arg0=”/usr/local/nagios/bin/nrpe”
user=”nagios”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
tcp_wrappers=TRUE
default connection_backlog=10

Modify your hosts.allow and hosts.deny to only allow your nagios server access to the NRPE port. Note that tcpd always looks at hosts.allow first, so even though we specify that everyone is rejected in the hosts.deny file, the ip addresses specified in hots.allow are allowed.
/etc/hosts.allow:

nrpe: LOCAL, 10.0.0.45

/etc/hosts.deny:

nrpe: ALL

Finally, check to make sure you have everything installed correctly (should return version information):

/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12

Optionally, modify any firewalls between your nagios server and the remote host to allow port 5666.
Don’t forget to configure your nagios server to check your new service.

cp /usr/lib/breg/data/RegistrationProfile.properties /tmp
vi /tmp/ RegistrationProfile.properties

Fill in the appropriate settings, then run the following command:

# /usr/sbin/sconadm register -a -r /tmp/RegistrationProfile.properties
sconadm is running
Authenticating user …
finish registration!

Note: If you can’t find /usr/lib/breg/data/RegistrationProfile.properties, just create a file in /tmp with the following values (since it has your Sun Online password in it, make sure you set the file permissions to 400) :

userName=
password=
hostName=
subscriptionKey= (if you don’t include this you only get security updates)
portalEnabled=false
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=

Now you can update your system using the smpatch command which will download and install the updates for you:

# smpatch analyze
119253-24 SunOS 5.10_x86: System Administration Applications Patch
124631-15 SunOS 5.10_x86: System Administration Applications, Network, and Core Libraries Patch
121431-22 SunOS 5.8_x86 5.9_x86 5.10_x86: Live Upgrade Patch
119535-13 SunOS 5.10_x86: Flash Archive Patch
119255-52 SunOS 5.10_x86: Install and Patch Utilities Patch
125387-04 SunOS 5.10_x86: aac driver patch
119813-07 X11 6.6.2_x86: Freetype patch
127887-05 SunOS 5.10_x86: ipf patch
126267-01 SunOS 5.10_x86: ibd patch
126648-02 SunOS 5.10_x86: InfiniBand patch
128029-04 SunOS 5.10_x86: e1000g patch
…

# smpatch update
119253-24 has been validated.
124631-15 has been validated.
121431-22 has been validated.
119535-13 has been validated.
119255-52 has been validated.
125387-04 has been validated.
119813-07 has been validated.
127887-05 has been validated.
126267-01 has been validated.
126648-02 has been validated.
128029-04 has been validated.
…
Installing patches from /var/sadm/spool…
119253-24 has been applied.
124631-15 has been applied.
NOTICE: Patch 121431-22 cannot be installed because it is typed as “interactive” which is prohibited by policy.
119535-13 has been applied.
119255-52 has been applied.
NOTICE: Update 125387-04 cannot be applied at this time since it is typed as “single user” which is disallowed by installation policy.
NOTICE: Patch 125387-04 cannot be installed until the next system shutdown.
119813-07 has been applied.
NOTICE: Update 127887-05 cannot be applied at this time since it is typed as “reboot immediate” which is disallowed by installation policy.
NOTICE: Patch 127887-05 cannot be installed until the next system shutdown.
126267-01 has been applied.
126648-02 has been applied.
128029-04 has been applied.
…
ID’s of the updates that are disallowed by installation policy have been
written to file
/var/sadm/spool/disallowed_patch_list

One or more updates that you installed requires a system shutdown to activate it. To initiate the system shutdown, you must use one of the following commands:
o Drop to the firmware prompt - init 0 or shutdown -i 0
o Power down the system - init 5 or shutdown -i 5
o Restart the system - init 6 or shutdown -i 6

Reboot to install additional patches (obviously during a maintenance window):

# init 6

Here’s what you will see on the console during the reboot: