Ó²ÅÌÊý¾Ý»Ö¸´µ¼º½
RAIDÊý¾Ý»Ö¸´µ¼º½
 | ÍøÕ¾Ê×Ò³ | Êý¾Ý»Ö¸´×ÊÁÏ | Êý¾Ý»Ö¸´Èí¼þ | ×ÉѯÁôÑÔ | Êý¾Ý»Ö¸´²©¿Í | Êý¾Ý»Ö¸´ÂÛ̳ | 
Êý¾Ý»Ö¸´Èí¼þÏÂÔØ
Êý¾Ý»Ö¸´·þÎñ Êý¾Ý»Ö¸´ Êý¾Ý»Ö¸´±¨¼Û Êý¾Ý»Ö¸´Åàѵ Êý¾Ý»Ö¸´ÊµÑéÊÒ Êý¾Ý»Ö¸´Ñо¿³É¹û Êý¾Ý»Ö¸´·þÎñÁªÏµ·½Ê½
ÄúÏÖÔÚµÄλÖ㺠±±ÑÇÊý¾Ý»Ö¸´¼¼ÊõÕ¾ >> Êý¾Ý»Ö¸´×ÊÁÏ >> ·þÎñÆ÷Óë´æ´¢¼¼Êõ >> ÎÄÕÂÕýÎÄ
´æ´¢ÈëÃÅ»ù´¡£ºHP-UX°²È«¼Ó¹ÌʹÓÃÊÖ²á            ¡¾×ÖÌ壺С ´ó¡¿
´æ´¢ÈëÃÅ»ù´¡£ºHP-UX°²È«¼Ó¹ÌʹÓÃÊÖ²á
×÷ÕߣºØýÃû    ÎÄÕÂÀ´Ô´£º´æ´¢Ê±´ú    µã»÷Êý£º    ¸üÐÂʱ¼ä£º2007-03-21

 Ò»¡¢ »ù±¾ÏµÍ³¹ÜÀí

    1¡¢³£ÓÃÃüÁî

    1. # ioscan -fn

    Áгö¸÷I/O¿¨¼°É豸µÄËùÓÐÏà¹ØÐÅÏ¢£ºÈçÂß¼­µ¥ÔªºÅ£¬Ó²¼þµØÖ·¼°É豸ÎļþÃûµÈ¡£

    2. # ps -ef

    ÁгöÕýÔÚÔËÐеÄËùÓнø³ÌµÄ¸÷ÖÖÐÅÏ¢£ºÈç½ø³ÌºÅ¼°½ø³ÌÃûµÈ¡£

    3. # netstat -rn

    ÁгöÍø¿¨×´Ì¬¼°Â·ÓÉÐÅÏ¢µÈ¡£

    4. # lanscan

    ÁгöÍø¿¨×´Ì¬¼°ÍøÂçÅäÖÃÐÅÏ¢¡£

    5. # bdf

    ÁгöÒѼÓÔصÄÂß¼­¾í¼°Æä´óСÐÅÏ¢¡£

    6. # mount

    ÁгöÒѼÓÔصÄÂß¼­¾í¼°Æä¼ÓÔØλÖá£

    7. # uname -a

    ÁгöϵͳID ºÅ£¬OS°æ±¾¼°Óû§È¨ÏÞµÈÐÅÏ¢¡£

    8. # hostname

    ÁгöϵͳÍøÂçÃû³Æ¡£

    9. # pvdisplay -v /dev/dsk/c*t*d*

    ÏÔʾ´ÅÅ̸÷ÖÖÐÅÏ¢£¬Èç´ÅÅÌ´óС£¬°üº¬µÄÂß¼­¾í£¬É豸Ãû³ÆµÈ¡£

    10. # vgdisplay -v /dev/vg00

    ÏÔʾÂß¼­¾í×éÐÅÏ¢£¬Èç°üº¬ÄÄЩÎïÀíÅ̼°Âß¼­¾íµÈ¡£

    11. # lvdisplay -v /dev/vg00/lvol1

    ÏÔʾÂß¼­¾í¸÷ÖÖÐÅÏ¢£¬Èç°üº¬ÄÄЩÅÌ£¬ÊÇ·ñÓоµÏñµÈ¡£

    2¡¢ÍøÂç¹ÊÕÏÕï¶Ï

    1. ÈçÐèÐÞ¸ÄÍøÂçµØÖ·¡¢Ö÷»úÃûµÈ£¬Ò»¶¨ÒªÓÃset_parms ÃüÁî

    # set_parms hostname
    # set_parms ip_address

    2. ²é¿´Íø¿¨×´Ì¬£º lanscan

    Hardware Station Crd Hardware Net-Interface
    Path Address In# state nameunit state
    8/20/5/1 0x0800097843FB 0 up lan0 up

    3. È·ÈÏÍøÂçµØÖ·£º

    # ifconfig lan0

    4. Æô¶¯Íø¿¨£º

    # ifconfig lan0 up

    5. ÍøÂ粻ͨµÄÕï¶Ï¹ý³Ì£º

    lanscan ²é¿´Íø¿¨ÊÇ·ñÆô¶¯(up)

    ping ×Ô¼ºÍø¿¨µØÖ·(ip µØÖ·)

    pingÆäËü»úÆ÷µØÖ·£¬È粻ͨ£¬ÔÚÆä»úÆ÷ÉÏÓÃlanscan ÃüÁîµÃÖªstation address£¬È»ºólinkloop station_address À´È·ÈÏÍøÏß¼°¼¯³ÉÆ÷ÊÇ·ñÓÐÎÊÌâ¡£

    ÔÚͬһÍøÖУ¬ subnetmask Ó¦Ò»Ö¡£

    6. ÅäÖÃÍø¹Ø

    ÊÖ¶¯¼ÓÍø¹Ø£º

    /usr/sbin/route add default 20.08.28.98 1

    °ÑÍø¹Ø×Ô¶¯¼ÓÈëϵͳÖÐ

    vi /etc/rc.config.d / netconf
    £º
    ROUTE_DESTINATION [0]=default
    ROUTE_GATEWAY [0]=20.08.28.98
    ROUTE_COUNT [0]=1
    :
    /sbin/init.d/net ½«Ö´ÐУº
    /usr/sbin/route add default 20.08.28.98 1

    ÃüÁînetstat -rn ²é¿´Â·Óɱí

    ÁíÍâÒ²¿ÉÓÃset_parms addl_netwrk À´Éèȱʡ·ÓÉ¡£

    ¶þ¡¢°²È«°²×°HP-UX

    1¡¢ ½¨ÒéÔÚ°²×°ÅäÖùý³ÌÖУ¬²»ÒªÁ¬½Óµ½Èκβ»ÐÅÈεÄÍøÂçÖС£

    2¡¢ ¾¡¿ÉÄÜÑ¡Ôñ×îС°²×°

    3¡¢ ¾¡¿ÉÄܲ»Òª°²×°NFS, X window, SNMPµÈ×é¼þ£¨ÊÓ¾ßÌåÐèÇó¶ø¶¨£©

    4¡¢ °²×°Íê±Ï£¬ÔòʹÓÃϵͳÃüÁî²é¿´×´Ì¬¡£

    # uname ?Ca £¨°æ±¾ÐÅÏ¢£©

    # bdf £¨Âß¼­¾í״̬£©

    # ps ?Cef £¨½ø³Ì״̬£©

    # netstat -anf inet £¨¶Ë¿Ú״̬£©

    5¡¢ °²×°¸÷ÖÖÇý¶¯µÈ

    6¡¢ °²×°×îеIJ¹¶¡¡£

    http://us.itrc.hp.com

    °²×°²¹¶¡Ê±Òª×¢ÒâHPµÄ²¹¶¡ÓëÓ²¼þÀàÐͺÍϵͳ°æ±¾¶¼Ïà¹Ø£¬¼ì²é²¢°²×°ËùÓÐÐèÒªµÄ²¹¶¡¡£È·ÈÏÐèÒªswlist -l fileset.

    Èý¡¢ÏµÍ³»ù±¾ÅäÖÃ

    ²Ù×÷ϵͳ°²×°²¢´òÉϲ¹¶¡ºó£¬ÐèÒª×öһЩ´ëÊ©À´¶Ôϵͳ½øÐÐһЩÅäÖá£

    ɾ³ý±£´æµÄ²¹¶¡£¨¿ÉÑ¡£©

    ȱʡÇé¿öÏ£¬²¹¶¡°²×°Íê»áÔÚ/var/adm/sw/save/ϱ¸·ÝËùÓеIJ¹¶¡¡£¿ÉÒÔÑ¡Ôñɾ³ýÕâЩ²¹¶¡Îļþ£¬µ«Ò»µ©É¾³ý¾Íû·¨Ê¹ÓÃswremoveжÔز¹¶¡ÁË¡£

    # swmodify -x patch_commit=true '*.*'

    ת»»ÎªÒ»¸ö¿ÉÐÅϵͳ£º

    # /usr/lbin/tsconvert
    Creating secure password database...
    Directories created.
    Making default files.
    System default file created...
    Terminal default file created...
    Device assignment file created...
    Moving passwords...
    secure password database installed.
    Converting at and crontab jobs...
    At and crontab files converted.

    ¸Ä±äÈ«¾ÖÌØȨ

    HP-UX ÓÐÒ»¸öÌØȨ×飬¿ÉÒÔ·ÖÅä¸øÒ»¸ö×éÌØȨ(²Î¼ûprivgrp(4)). ȱʡÇé¿öÏ£¬CHOWNÊÇ·ÖÅä¸øËùÓÐ×éµÄÒ»¸öÈ«¾ÖÌØȨ£º

    $ getprivgrp
    global privileges: CHOWN

    /sbin/init.d/set_prvgrpÔÚϵͳÆô¶¯Ê±Ö´ÐÐ/usr/sbin/setprivgrp -f /etc /privgroup. ¿ÉÒÔ´´½¨Ò»¸öÅäÖÃÎļþ£¬É¾³ýËùÓеÄÈ«¾ÖÌØȨ (see setprivgrp(1m)):

    # getprivgrp
    global privileges: CHOWN
    # echo -n >/etc/privgroup
    # chmod 400 /etc/privgroup
    # /sbin/init.d/set_prvgrp start
    # getprivgrp
    global privileges:

    ÉèÖÃĬÈÏumask.

    ת»»µ½¿ÉÐÅϵͳºó£¬Ä¬ÈÏumaskÒѾ­¸ÄΪ07077

    ÏÞÖÆrootÔ¶³ÌµÇ¼£¬Ö»ÄÜÓÉconsoleµÇ¼

    # echo console > /etc/securetty
    # chmod 400 /etc/securetty

    ´ò¿ªinetdÈÕÖ¾¹¦ÄÜ

    ÔÚ/etc/rc.config.d/netdaemonsÖÐµÄ INETD_ARGS »·¾³±äÁ¿ÖÐÔö¼Ó£­l²ÎÊý:

    export INETD_ARGS=-l

    ɾ³ý²»ÐèÒªµÄϵͳαÕÊ»§

    # groupdel lp
    # groupdel nuucp
    # groupdel daemon
    # userdel uucp
    # userdel lp
    # userdel nuucp
    # userdel hpdb
    # userdel www
    # userdel daemon

    ¶ÔÓÚһЩ±£ÁôµÄϵͳαÕÊ»§È磺bin, sys£¬admµÈ, Ó¦µ±½«ÐèÒª½ûÖ¹ÕÊ»§µÄ**ÓÃNP´úÌ棬²¢²»ÌṩµÇ¼shell

    Example: bin:NP:60002:60002:No Access User:/:/sbin/noshell

    ½«rootÖ÷Ŀ¼´Ó/¸ÄΪ/root.

    ±à¼­/etc/passwd:

    root:*:0:3::/root:/sbin/sh

    ´´½¨Ä¿Â¼²¢ÐÞ¸ÄȨÏÞ:

    # mkdir /root
    # chmod 700 /root
    # mv /.profile /root
    # pwconv

    ËÄ¡¢½ûÖ¹ÍøÂç·þÎñ

    1¡¢½ûÖ¹inetd ·þÎñ

    ÓÉinternet·þÎñÆ÷¹ý³ÌinetdÆô¶¯µÄÍøÂç·þÎñÊÇÓÉÁ½¸öÅäÖÃÎļþ/etc/inet/servicesºÍ/etc/inet/inetd.confÀ´ÅäÖõġ£/etc/inet/servicesÎļþÖ¸¶¨Ã¿¸ö·þÎñµÄ¶Ë¿ÚºÅºÍ¶Ë¿ÚÀàÐÍ£¬¸ÃÅäÖÃÎļþµÄ²¿·ÖʾÀýÈçÏ£º

    ¡­
    ftp 21/tcp
    telnet 23/tcp
    smtp 25/tcp mail
    ¡­

    /etc/inet/inetd.confÎļþÖ¸¶¨·þÎñ¶ÔÓ¦µÄϵͳ·þÎñ³ÌÐò£¬¸ÃÅäÖÃÎļþ²¿·ÖʾÀýÈçÏ£º

    ¡­
    ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
    telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
    ¡­

    µ±ÒªÍ£Ö¹Ä³¸ö·þÎñ£¬Èçftp¡¢telnetµÈʱ£¬Ö»Òª×¢Ê͵ôÎļþ/etc/inet/servicesºÍ/etc/inet/inetd.confÖеÄÏàÓ¦ÌõÄ¿£¬Ò²¾ÍÊÇÔÚÄÇÒ»ÐеĿªÍ·¼ÓÉÏ££×Ö·û£¬È»ºóÈÃinetdÖØжÁÅäÖÃÎļþ£¬¹ý³ÌʾÀýÈçÏ£º

    # ps -ef |grep inetd
    root 149 1 0 Jan 18 ? 0:00 /usr/sbin/inetd -s
    root 24621 24605 0 15:53:01 pts/1 0:00 grep inetd
    # kill ?CHUP 149

    ÒÔÉϵÚÒ»ÌõÃüÁîÊÇΪÁË»ñµÃinetdµÄ½ø³ÌºÅ£¬Ê¾ÀýÖÐÊä³öµÄµÚ¶þÁÐÄÚÈݾÍÊǽø³ÌºÅ(149)£¬È»ºó½«¸Ã½ø³ÌºÅÌîÈëµÚ¶þÌõÃüÁîµÄÏàӦλÖá£

    ¿ÉÒÔʹÓÃlsof ?CiÀ´²é¿´¼àÌý½ø³ÌºÍ¶Ë¿ÚÐÅÏ¢:

    # lsof -i
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    syslogd 261 root 5u inet 0x10191e868 0t0 UDP *:syslog (Idle)
    rpcbind 345 root 4u inet 72,0x73 0t0 UDP *:portmap (Idle)
    rpcbind 345 root 6u inet 72,0x73 0t0 UDP *:49158 (Idle)
    rpcbind 345 root 7u inet 72,0x72 0t0 TCP *:portmap (LISTEN)
    sendmail: 397 root 5u inet 0x10222b668 0t0 TCP *:smtp (LISTEN)
    snmpdm 402 root 3u inet 0x10221a268 0t0 TCP *:7161 (LISTEN)
    snmpdm 402 root 5u inet 0x10222a268 0t0 UDP *:snmp (Idle)
    snmpdm 402 root 6u inet 0x10221f868 0t0 UDP *:* (Unbound)
    mib2agt 421 root 0u inet 0x10223e868 0t0 UDP *:* (Unbound)
    swagentd 453 root 6u inet 0x1019d3268 0t0 UDP *:2121 (Idle)

    2¡¢½ûÖ¹ÆäËû·þÎñ

    ·ÀÖ¹syslogdÍøÂç¼àÌý

    °²×°PHCO_21023²¹¶¡¿ÉÒÔ¸øsyslogd¼ÓÉÏ-N²ÎÊý·ÀÖ¹ÍøÂç¼àÌý. ±à¼­/sbin/init.d/syslogdÐÞ¸ÄΪ /usr/sbin/syslogd -DN.

    ½ûÖ¹SNMP·þÎñ

    ±à¼­SNMPÆô¶¯Îļþ:

    /etc/rc.config.d/SnmpHpunix
    Set SNMP_HPUNIX_START to 0: SNMP_HPUNIX_START=0
    /etc/rc.config.d/SnmpMaster
    Set SNMP_MASTER_START to 0: SNMP_MASTER_START=0
    /etc/rc.config.d/SnmpMib2
    Set SNMP_MIB2_START to 0: SNMP_MIB2_START=0
    /etc/rc.config.d/SnmpTrpDst
    Set SNMP_TRAPDEST_START to 0: SNMP_TRAPDEST_START=0

    ½ûÖ¹sendmail½ø³Ì

    ±à¼­/etc/rc.config.d/mailservs:

    export SENDMAIL_SERVER=0

    ½ûÖ¹rpcbind½ø³Ì

    # rm /sbin/rc1.d/K600nfs.core
    # rm /sbin/rc2.d/S400nfs.core
    # mv /usr/sbin/rpcbind /usr/sbin/rpcbind.DISABLE

    Îå¡¢Îļþϵͳ°²È«

    1¡¢¼ì²éSet-id³ÌÐò

    # find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -ld {} \;
    # chmod u-s /usr/sbin/swinstall
    # chmod u-s /usr/sbin/vgcreate
    # chmod u-s /sbin/vgcreate

    ¿ÉÒÔ²ÉÓÃÏÂÁз½·¨£¬½«ËùÓÐÎļþµÄset-idλȥµô£¬È»ºó¶ÔһЩÐèÒªµÄ³ÌÐòµ¥¶À¼ÓÉÏsuid루¿É¸ù¾ÝÇé¿öÑ¡Ôñ£©:

    # find / -perm -4000 -type f -exec chmod u-s {} \;
    # find / -perm -2000 -type f -exec chmod g-s {} \;
    # chmod u+s /usr/bin/su
    # chmod u+s /usr/bin/passwd

    ²ÉÓÃÕâÖÖ·½·¨ºó£¬ÆÕͨÓû§½«ÎÞ·¨Ê¹ÓúܶàϵͳÃüÁÈçbdf, uptime £¬arpµÈ:

    $ bdf /dev/vg00/lvol3
    bdf: /dev/vg00/lvol3: Permission denied

    2. ÐÞ¸ÄÖØÒªÎļþȨÏÞ

    # chmod 1777 /tmp /var/tmp /var/preserve £¨¼ÓÉÏÕ³ÖÍ룩
    # chmod 666 /dev/null

    Áù¡¢ÍøÂç²ÎÊýµ÷Õû

    ÀûÓÃnddÃüÁ¿ÉÒÔ¼ì²â»òÕ߸ü¸ÄÍøÂçÉ豸Çý¶¯³ÌÐòµÄÌØÐÔ¡£ÔÚ/etc/rc.config.d/nddconfÆô¶¯½Å±¾ÖÐÔö¼ÓÒÔϸ÷ÌõÃüÁȻºóÖØÆôϵͳ£¬¿ÉÒÔÌá¸ßÍøÂçµÄ°²È«ÐÔ¡£

    ¸ñʽÈçÏ£º

    /usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
    Network device
    Parameter
    Default value
    Suggested value
    Comment
    /dev/ip
    ip_forward_directed_broadcasts
    1
    0

    ²»×ª·¢¶¨Ïò¹ã²¥°ü

    /dev/ip
    ip_forward_src_routed
    1
    0

    ²»×ª·¢Ô­Â·ÓÉ°ü

    /dev/ip
    ip_forwarding
    2
    0

    ½ûÖ¹°üת·¢

    /dev/ip
    ip_pmtu_strategy
    2
    1

    ²»²ÉÓÃecho-request PMTU²ßÂÔ

    /dev/ip
    ip_send_redirects
    1
    0

    ²»·¢ICMPÖض¨Ïò°ü

    /dev/ip
    ip_send_source_quench
    1
    0

    ²»·¢ICMPÔ´½áÊø°ü

    /dev/tcp
    tcp_conn_request_max
    20
    500

    Ôö¼ÓTCP¼àÌýÊý×î´óÖµ£¬Ìá¸ßÐÔÄÜ

    /dev/tcp
    tcp_syn_rcvd_max
    500
    500
    HP SYN flood±£»¤
    /dev/ip
    ip_respond_to_echo_broadcast
    1
    0

    ²»ÏìÓ¦ICMP echoÇëÇó¹ã²¥°ü

    ÓÉÓÚnddµ÷ÓÃÇ°£¬ÒѾ­Æô¶¯Íø¿¨²ÎÊý£¬ËùÒÔ¿ÉÄܲ»ÄÜÕýÈ·ÉèÖá£

    ¿ÉÒÔ²ÉÓÃÏÂÁз½·¨£¬½¨Á¢Ò»¸öÆô¶¯½Å±¾¡£

    # cp /tmp/secconf /etc/rc.config.d
    # chmod 444 /etc/rc.config.d/secconf
    # cp /tmp/sectune /sbin/init.d
    # chmod 555 /sbin/init.d/sectune
    # ln -s /sbin/init.d/sectune /sbin/rc2.d/S009sectune

ÎÄÕ¼È룺Ʈ    ÔðÈα༭£ºÆ® 
  • ÉÏһƪÎÄÕ£º

  • ÏÂһƪÎÄÕ£º ûÓÐÁË
  • ¡¾·¢±íÆÀÂÛ¡¿¡¾¼ÓÈëÊղء¿¡¾¸æËߺÃÓÑ¡¿¡¾´òÓ¡´ËÎÄ¡¿¡¾¹Ø±Õ´°¿Ú¡¿
    ÍøÓÑÆÀÂÛ£º£¨Ö»ÏÔʾ×îÐÂ10Ìõ¡£ÆÀÂÛÄÚÈÝÖ»´ú±íÍøÓѹ۵㣬Óë±¾Õ¾Á¢³¡Î޹أ¡£©
    ¹ØÓÚÎÒÃÇ | RAIDÊý¾Ý»Ö¸´ | ÓÑÇéÁ´½Ó | RSSÉú³É | XMLÉú³É | ÎÄÕÂHTMLµØͼ | ÏÂÔØHTMLµØͼ

    È«¹úͳһ¿Í·þµç»°:4006-505-808
    ×ܲ¿µç»°£º010-82488636 ÓÊÏä:ycf@frombyte.com
    ¹«Ë¾µØÖ·£º±±¾©Êк£µíÇøÓÀ·á»ùµØ·á»ÛÖз7ºÅвÄÁÏ´´Òµ´óÏÃB×ù205ÊÒ
    ¾©ICP±¸05011939
    dÏ'