Monday, November 9, 2015

Booting procedure in Solaris SPARC architecture

                       Booting procedure in Solaris  SPARC architecture 




The different phases of solaris boot process are describing below.


Power on –> POST –>Boot Device (1-15) –>ufs boot loader –>Kernel –>/file system–>/sbin/init –> /svc/lib/svc.startd

Boot PROM base

The PROM displays the system identification number along with Banner,Hostid, macaddress,prompt chip release, version and physical memory size. This process also contains POST ( Power On Self Test) which is the hardware diagnosis routine and initializes the installed hardware.

We can see the POST messages in a serial through serial console . If serial console is not connected you can see the output of the POST through the command prtdiag -v

Sample output is given below















After the POST the PROM loads the boot compilation program called bootblk

Boot program phase



This phase will start reading the boot program which is available in 1 - 15 sector of the HDD. The OBP (Open Boot PROM) loads the primary boot program called bootblk from the boot device . ( if the bootblk is not present it has to be regenerated by running the command installgrub from a CDROM.)

ufsboot: This is a secondary boot program and this program loads the kernel core image files.

kernel: The kernel file location is /Platform/arch-i/kernel/sparkv9/unix ( if the processor is amd sparkv9 will change to amd etc) . As a part of kernel loading process the kernel banner will display including the kernel version number. The kernel initializes itself and reading modules with the help of ufsboot program untill it will load enough modules to mount the root file system . If the system complains not able to write to the root file system the booting procedure will struck in this phase.


The system parameters which is needed for booting is set at /etc/system file . Its main contents are given below


  • moddir: Changes path of kernel modules.
  • forceload: Forces loading of a kernel module.
  • exclude: Excludes a particular kernel module.
  • rootfs: Specify the system type for the root file system. (ufs is the default.)
  • rootdev: Specify the physical device path for root.
  • set: Set the value of a tuneable system parameter.
  • Init initialization phase



The kernel starts the PID 1 and which starts the /sbin/init process and internally this will starts /lib/svc/bin/svc.started which is responsible for below processes



a. configuring all network devices

b. mounting all file system

c. starts all network services

d. runs rc-scripts which brings the machine to multi user mode



In solaris 10 svc.startd is a separate boot process which is responsible for starting and stopping services during boot process. But the services which starts during start up and ends while down is configured in /etc/init.d directory



Different runlevels in solaris

Init s –>single user mode

Init 1 –> maintenance mode

Init 2 –> multiuser mode (NFS disabled)

Init 3 –> multiuser serve mode (NFS enable to share)

Init 4 –> not implemented for future purpose

Init 5 –> Shutdown & power off

Init 6 –> Shutdown & reboot

Init 0 –> Shutdown & skipped to ok prompt



All these processes as a nutshell i am providing you as a flowchart below










Posted by at No comments:
Labels:

Monday, November 2, 2015

Linux system hardening using python 2.6

 
Here i am providing a script to perform linux system hardening using python 2.6 . Most of the commands used in this script are shell commands which is packed using python processes.

########################################################################
#!/usr/bin/python

import os
import subprocess
import pw


active_services = ['autofs','auditd','crond','iscsi','iscsid','netfs','nfs','nfslock','ntpd','restorecond','snmpd','sshd','syslog','sysstat','acpid','anacron','atd','cpuspeed','lvm2-monitor','messagebus','ntpd','network'
'syslog','vncserver']

for i in active_services:

os.system ("chkconfig +i on")

out = os.system ("echo $?")

if (out == 0):

file = open("/tmp/linuxout.txt","a")
file.write("activated i in the system");
file.close


inactive_services = ['acpid','anacron','apmd','arptables_jf','arpwatch','atd','avahi-dnsconfd','bluetooth','conman','cups','cyrus-imapd','dc_client','dc_server',
'firstboot','dovecot','dund','haldaemon','hidd','hplip','isdn','iptables','ip6tables','winbind','wpa_supplicant','xfs','readahead_early','readahead_later']

for j in inactive_services:

os.system("chkconfig +j off")
out = os.system ("echo $?")

if (out == 0):

file = open("/tmp/linuxout.txt","a")
file.write("disabled j in the system");
file.close

##backing up important files

path = /linux_bkp

os.mkdir (path, 0755)

import shutil

 imp_files = ['/etc/pam.d/system-auth','/etc/grub.conf','/etc/inittab','/etc/sysctl.conf','/etc/sysconfig/init','etc/sysconfig/prelink','/etc/security/limits.conf','/etc/syslog.conf',
 '/etc/audit/audit.conf','/etc/audit/audit.rules','/etc/ssh/sshd_config','/etc/login.defs']

 dst = /linux_bkp

 for i in imp_files:

shutil.copy(i,dst)

file = open ("/tmp/linuxout.txt","a")
file.write("important file i is backedup in /linux_bkp");
file.close


#adding nodev in /dev/shm partition

nodev_chk1 = os.system("cat /etc/fstab|grep -i /dev/shm/|grep -i nodev|wc -l")
nodev_chk2 = os.system("mount|grep -i /dev/shm|grep nodev|wc -l")

i = 1

if i in ("nodev_chk1", "nodev_chk2"):

file = open ("/tmp/linuxout.txt","a")
file.write("nodev is already configured in /dev/shm");
file.close

else:

    os.system("mount -o remount,nodev,noexec,nosuid /dev/shm")

file = open ("/tmp/linuxout.txt","a")
file.write("nodev is configured in /dev/shm");
file.close



#adding nosuid in /dev/shm

nosuid_chk1 = os.system ("cat /etc/fstab |grep -i /dev/shm|grep -i nosuid |wc -l")
nosuid_chk2 = os.system ("mount |grep -i /dev/shm |grep -i nosuid |wc -l")
i = 1

if i in ("nosuid_chk1", "nosuid_chk2"):

file = open ("/tmp/linuxout.txt","a")
file.write("nosuid is already configured in /dev/shm");
file.close

else:

os.system("mount -o remount,nodev,noexec,nosuid /dev/shm")
file.close


#to check aide rpm installed or not

p = subprocess.Popen("rpm -qa |grep -i aide",shell=True)
p.communicate()
var1 = p.returncode

if ( var1 != 0 ):

os.system ("rpm --ivh aide*")

else:

file = open ("/tmp/linuxout.txt","a")
file.write("aide is already installed ")
file.close

#periodic execution of the file integrity

p = subprocess.Popen("crontab -l |grep -i aide",shell=True)

p.communicate()

var1 = p.returncode

if ( var1 != 0):

os.system ("crontab -l > mycron")

os.system ("echo"0 1 * * * /usr/sbin/aide -check" >> mycron")

os.system ("crontab mycron")

file = open ("/tmp/linuxout.txt","a")
file.write("Periodic execution of the file integrity is configured")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write("Periodic execution of the file integrity is already available")
file.close

#Set user and group owner for grub.conf

os.system ("chown:root:root/etc/grub.conf")

file = open ("/tmp/linuxout.txt","a")
file.write("user and group ownership is set for /etc/grub.conf")
file.close

#Set permission on /etc/groub.conf

os.system ("chmod og-rwx /etc/grub.conf")

file = open ("/tmp/linuxout.txt","a")
file.write ("permission is setted for /etc/grub.conf")
file.close

#set authentication for single user mode

p = subprocess.Popen("cat /etc/inittab|grep -i sulogin",shell=True)
p.communicate()
var1 = p.returncode

if (var1 != 0):

os.system("echo ~:S:wait:/sbin/sulogin >> /etc/inittab")

file = open ("/tmp/linuxout.txt","a")
file.write ("authentication is configured for single user mode")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("authentication is already configured for single user mode")
file.close


#Disable interactive boot

p = subprocess.Popen("grep 'PROMPT=no' /etc/sysconfig/init",shell=True)

p.communicate()

var1 = p.returncode

if (var1 == 0):

os.system("sed -i 's/PROMPT=yes/PROMPT=no/g' /etc/sysconfig/init")

file = open ("/tmp/linuxout.txt","a")
file.write ("Disabling interactive boot")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("Interactive boot is already disabled")
file.close

#Restrict Core Dumps

p = subprocess.Popen ("grep 'hard core 0'/etc/security/limits.conf",shell=True)
p.communicate()
var1 = p.returncode

p = subprocess.Popen ("grep 'fs.suid.dumpable = 0' /etc/sysctl.conf",shell=True)
p.communicate()
var2 = p.returncode

if ( var1 == 0 ) & ( var2 == 0):


file = open ("/tmp/linuxout.txt","a")
file.write ("core dump is already restricted in this server, no action required")
file.close

else:

os.system("echo * hard core 0 >> /etc/security/limits.conf")
os.system("echo fs.suid.dumpable = 0 >> /etc/sysctl.conf")

file = open ("/tmp/linuxout.txt","a")
file.write ("core dump is restricted in this server")
file.close

# Configure ExecShield

p = subprocess.Popen ("grep 'kernel.exec-shield = 1' /etc/sysctl.conf",shell=True)
p.communicate()

var1 = p.returncode

if ( var1 != 0 ):

os.system("echo kernel.exec-shield = 1 >> /etc/sysctl.conf")
file = open ("/tmp/linuxout.txt","a")
file.write ("execShild is configured ")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("execShild is configured already ")
file.close


#Disable Prelink

p = subprocess.Popen ("grep 'PRELINKING=no' /etc/sysconfig/prelink",shell=True)
p.communicate()
var1 = p.returncode

if ( var1 != 0 ):

os.system("sed -i 's/PRELINKING=yes/PRELINKING=no/g'  /etc/sysconfig/prelink")
file = open ("/tmp/linuxout.txt","a")
file.write ("prelink is disabled successfully ")
file.close

else:
file = open ("/tmp/linuxout.txt","a")
file.write ("prelink is already disabled")
file.close


#Remove telnet server

p = subprocess.Popen ("rpm -qa |grep telnet-server",shell=True)
p.communicate()
var1 = p.returncode

tntsev = os.system ("rpm -qa |grep -i telnet-server")

if ( var1 == 0 ):

os.system ("rpm -e $tntsev")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed  telnet server")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("telnet server is not installed")
file.close


#remove RSH server

p = subprocess.Popen ("rpm -qa |grep -i rsh-server",shell=True)
p.communicate()
var1 = p.returncode

rshsrv = os.system ("rpm -qa |grep -i rsh-server")

if ( var1 == 0 ):

os.system ("rpm -e $rshserv")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed  rsh server")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("rsh server is not installed")
file.close

#Remove NIS client

p = subprocess.Popen ("rpm-qa |grep -i ypbind",shell=True)
p.communicate()
var1 = p.returncode

ypbnd = os.system ("rpm -qa |grep -i ypbind")

if ( var1 == 0 ):

os.system ("rpm -e $ypbnd")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed NIS client")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("NIS client is not installed")
file.close

#remove NIS server

p = subprocess.Popen ("rpm-qa |grep -i ypserv",shell=True)
p.communicate()
var1 = p.returncode

ypserv = os.system ("rpm -qa |grep -i ypserv")

if ( var1 == 0 ):

os.system ("rpm -e $ypserv")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed NIS server")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("NIS server is not installed")
file.close

#remove TFTP

p = subprocess.Popen ("rpm-qa |grep -i tftp",shell=True)
p.communicate()
var1 = p.returncode

tftp = os.system ("rpm -qa |grep -i tftp")

if ( var1 == 0 ):

os.system ("rpm -e $tftp")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed TFTP server")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("TFTP server is not installed")
file.close


#remove talk

p = subprocess.Popen ("rpm-qa |grep -i talk",shell=True)
p.communicate()
var1 = p.returncode

tlk = os.system ("rpm -qa |grep -i talk")

if ( var1 == 0 ):

os.system ("rpm -e $tlk")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed TALK server")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("TALK server is not installed")
file.close



#remove Davecot

p = subprocess.Popen ("rpm -qa |grep -i davecot",shell=True)
p.communicate()
var1 = p.returncode

devct = os.system ("rpm -qa |grep -i davecot")

if ( var1 == 0 ):

os.system ("rpm -e $devct -nodeps")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed Davecot ")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("Davecot is not installed")
file.close

#remove samba

p = subprocess.Popen ("rpm -qa |grep -i samba",shell=True)
p.communicate()
var1 = p.returncode

smb = os.system ("rpm -qa |grep -i samba")

if ( var1 == 0 ):

os.system ("rpm -e $smb -nodeps")
file = open ("/tmp/linuxout.txt","a")
file.write ("removed samba ")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("samba is not installed")
file.close

##########secure network configuration###########

P = subprocess.Popen ("/sbin/sysctl net.ipv4.conf.all.send_redirects |grep 1",shell=True)
p.communicate ()
var1 = p.returncode
if ( var1 != 0):

os.system ("/sbin/sysctl -w net.ipv4.conf.all.send_redirects=0")
os.system ("/sbin/sysctl -w net.ipv4.conf.send_redirects=0")
file = open ("/tmp/linuxout.txt","a")
file.write ("Disabling send redirects")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("Send redirects configuration is failed")
file.close

#Enable TCP SYN Cookies

P = subprocess.Popen ("/sbin/sysctl net.ipv4.tcp_syncookies |grep 0",shell=True)
p.communicate ()
var1 = p.returncode
if ( var1 != 0):

os.system ("/sbin/sysctl -w net.ipv4.tcp_syncookies=1")
os.system ("/sbin/sysctl -w net.ipv4.route.flush=1")
file = open ("/tmp/linuxout.txt","a")
file.write ("Enabled TCP SYN cookies")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("Enabling TCP SYN cookies is failed")
file.close

#Disable IPv6

p = subprocess.Popen ("grep ipv6 /etc/modprobe.conf",shell=True)
p.communicate ()
var1 = p.returncode
if (var1 != 0):

os.system ("echo options ipv6 "disable=1" >> /etc/modprobe.conf")
file = open ("/tmp/linuxout.txt","a")
file.write ("Disabled ipv6")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("ipv6 is not enabled")
file.close

#Secure Logging and Auditing functions
#Configure /etc/syslog.conf

os.system ("echo auth,user.* /var/log/messages >> /etc/syslog.conf")
os.system("echo kern.* /var/log/kern.log >> /etc/syslog.conf")
os.system("echo daemon.* /var/log/daemon.log >> /etc/syslog.conf")
os.system ("echo syslog.* /var/log/syslog >> /etc/syslog.conf")
os.system("echo news,uucp,local0,local1,local2,local3,local4,local5,local6.* /var/log/unused.log >> /etc/syslog.conf")

p = subprocess.Popen ("pkill -HUP syslogd",shell=True)
p.communicate ()
var1 = p.returncode
if (var1 == 0):
file = open ("/tmp/linuxout.txt","a")
file.write ("syslog is configured succesfully")
file.close
else:
file = open ("/tmp/linuxout.txt","a")
file.write ("syslog configuration is failed")
file.close

#Create and Set Permissions on syslog Log Files

log_files = ['messages', 'kern.log', 'daemon.log', 'syslog']

os.system ("cd /var/log")

for i in log_files:

os.system ("chown -R root:root /var/log/$i")
os.system ("chmod og-rwx /var/log/$i")

file = open ("/tmp/linuxout.txt","a")
file.write ("permissions are set for log files")
file.close

#Enable auditd service

os.system ("chkconfig auditd on")

file = open ("/tmp/linuxout.txt","a")
file.write ("auditd service is enabled")
file.close

#configure auditd storage size

p = subprocess.Popen ("grep max_log_file = 5 /etc/audit/auditd.conf",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0):

os.system("sed -i 's/max_log_file = 5/#max_log_file = 5/g' /etc/audit/auditd.conf")
os.system ("echo max_log_file = MB >> /etc/audit/auditd.conf")
file = open ("/tmp/linuxout.txt","a")
file.write ("auditd storage size is configured")
file.close
else:

file = open ("/tmp/linuxout.txt","a")
file.write ("auditd storage size is already configured")
file.close

# Keep All Auditing Information

p = subprocess.Popen ("grep max_log_file_action /etc/audit/auditd.conf",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0):
os.system ("echo max_log_file_action = keep_logs >> /etc/audit/auditd.conf")
file = open ("/tmp/linuxout.txt","a")
file.write ("configure auditlog is successful")
file.close
else:

file = open ("/tmp/linuxout.txt","a")
file.write ("configure auditlog is failed")
file.close

#Record Events That Modify Date and Time Information

os_arch = os.system ("getconf LONG_BIT")

if (os_arch == 32):

os.system ("echo -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S clock_settime -k time-change >> /etc/audit/audit.rules")
os.system ("echo -w /etc/localtime -p wa -k time-change >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Date & time configuration details are recorded in audit logs")
file.close

else:

os.system ("echo -a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b64 -S clock_settime -k time-change >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S clock_settime -k time-change >> /etc/audit/audit.rules")
os.system ("echo -w /etc/localtime -p wa -k time-change >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Date & time configuration details are recorded in audit logs")
file.close

#record events that modify usr/group information

os.system ("echo -w /etc/group -p wa -k identity >> /etc/audit/audit.rules")
os.system("echo -w /etc/passwd -p wa -k identity >> /etc/audit/audit.rules")
os.system("echo -w /etc/gshadow -p wa -k identity >> /etc/audit/audit.rules")
os.system ("echo -w /etc/shadow -p wa -k identity >> /etc/audit/audit.rules")
os.system ("echo -w /etc/security/opasswd -p wa -k identity >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("User& group modification configuration details are recorded in audit logs")
file.close

#Record Events That Modify the System’s Network Environment

os_arch = os.system ("getconf LONG_BIT")

if (os_arch == 32):

os.system ("echo -a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/issue -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/issue.net -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/hosts -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/sysconfig/network -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("network configuration changes are recorded in auditlogs from now onwards")
file.close
else:
os.system ("echo -a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -a exit,always -F arch=b32 -S sethostname -S setdomainname -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/issue -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/issue.net -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/hosts -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("echo -w /etc/sysconfig/network -p wa -k system-locale >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("network configuration changes are recorded in auditlogs from now onwards")
file.close

#Collect Login and Logout Events

p = subprocess.Popen ("grep faillog /etc/audit/audit.rules",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0):
os.system ("echo -w /var/log/faillog -p wa -k logins >> /etc/audit/audit.rules")

p = subprocess.Popen ("grep lastlog /etc/audit/audit.rules",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0):
os.system ("echo -w /var/log/lastlog -p wa -k logins >> /etc/audit/audit.rules")

p = subprocess.Popen ("grep tallylog /etc/audit/audit.rules",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0)
os.system ("echo -w /var/log/tallylog -p -wa -k logins >> /etc/audit/audit.rules")

p = subprocess.Popen ("grep session /etc/audit/audit.rules",shell=True)
p.communicate ()
var1 = p.returncode
if (var1 != 0):
os.system("echo -w /var/log/btmp -p wa -k session >> /etc/audit/audit.rules")

os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("login and logout events are configured in auditlogs from now onwards")
file.close

#Collect Session Initiation Information

os.system ("echo -w /var/run/utmp -p wa -k session >> /etc/audit/audit.rules")
os.system ("echo -w /var/log/wtmp -p wa -k session >> /etc/audit/audit.rule")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("session initiation info are configured in auditlogs from now onwards")
file.close

#Collect Discretionary Access Control Permission Modification Events

os_arch = os.system ("getconf LONG_BIT")

if (os_arch == 32):
os.system ("echo -a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S chown -S fchown -S fchownat -Slchown -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S \ >> /etc/audit/audit.rules")
os.system ("echo lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("ACL modification info are configured in auditlogs from now onwards")
file.close

else:

os.system ("echo -a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=500 >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S \ >> /etc/audit/audit.rules")
os.system ("echo lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S \ >> /etc/audit/audit.rules")
os.system ("echo lremovexattr -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("ACL modification info are configured in auditlogs from now onwards")
file.close

#Collect Unsuccessful Unauthorized Access Attempts to Files

os_arch = os.system ("getconf LONG_BIT")

if (os_arch == 32):
os.system ("echo -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate \ >> /etc/audit/audit.rules")
os.system ("echo -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate \ >> /etc/audit/audit.rules")
os.system ("echo -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Collect Unsuccessful Unauthorized Access Attempts to Files is updated ")
file.close

else:

os.system ("echo -a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate \ >> /etc/audit/audit.rules")
os.system ("echo -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate \ >> /etc/audit/audit.rules")
os.system ("echo -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate \ >> /etc/audit/audit.rules")
os.system ("echo -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate \ >> /etc/audit/audit.rules")
os.system ("echo -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Collect Unsuccessful Unauthorized Access Attempts to Files is updated ")
file.close

#Collect Successful File System Mounts

os_arch = os.system ("getconf LONG_BIT")

if (os_arch == 32):

os.system ("echo -a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k mounts >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect Successful File System Mounts is configured in audit rules")
file.close

else:

os.system ("echo -a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k mounts >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect Successful File System Mounts is configured in audit rules")
file.close

#Collect File Deletion Events by User

os_arch = os.system ("getconf LONG_BIT")

if (os_arch == 32):

os.system ("echo -a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k delete >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect File Deletion Events by User is configured in audit rules")
file.close

else:

os.system ("echo -a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k delete >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 \ >> /etc/audit/audit.rules")
os.system ("echo -F auid!=4294967295 -k delete")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect File Deletion Events by User is configured in audit rules")
file.close

#Collect Changes to System Administration Scope (sudoers)

p = subprocess.Popen ("grep sudoers /etc/audit/audit.rules",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0):

os.system ("echo -w /etc/sudoers -p wa -k scope >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect Changes to System Administration Scope (sudoers) is configured in audit rules")
file.close
else:

file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect Changes to System Administration Scope (sudoers) is already configured in audit rules")
file.close

#Collect System Administrator Actions

p = subprocess.Popen ("grep sudo.log /etc/audit/audit.rules",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0):

os.system ("echo -w /var/log/sudo.log -p wa -k actions >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect  System Administration actions configured in audit rules")
file.close
else:

file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect  System Administration actions already configured in audit rules")
file.close

#Collect Kernel Module Loading and Unloading

p = subprocess.Popen ("grep modules /etc/audit/audit.rules",shell=True)
p.communicate ()
var1 = p.returncode

if (var1 != 0):

os.system ("echo -w /sbin/insmod -p x -k modules >> /etc/audit/audit.rules")
os.system ("echo -w /sbin/rmmod -p x -k modules >> /etc/audit/audit.rules")
os.system ("echo -w /sbin/modprobe -p x -k modules >> /etc/audit/audit.rules")
os.system ("echo -a always,exit -S init_module -S delete_module -k modules >> /etc/audit/audit.rules")
os.system ("pkill -HUP auditd")
file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect  kernel module loading and unloading is configured in audit rules")
file.close

else:

file = open ("/tmp/linuxout.txt","a")
file.write ("Configuration to Collect  kernel module loading and unloading is already configured in audit rules")
file.close


# Configure logrotate

p = subprocess.Popen ("ls -l /etc/logrotate.d/syslog",shell=True)
p.communicate()
var1 = p.returncode

if (var1 != 0):

os.system ("echo /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {daily compress } >> /etc/logrotate.d/syslogd")
file = open ("/tmp/linuxout.txt","a")
file.write ("logrotate is configured succesfully ")
file.close

else:

   file = open ("/tmp/linuxout.txt","a")
file.write ("logrotate is already configured ")
file.close

####Secure System Access, Authentication & Authorization#######

#enable cron in startup

 os.system ("chkconfig cron on")
 file = open ("/tmp/linuxout.txt","a")
 file.write ("enabled cron in startup ")
 file.close

 #set owner and group permission for cron.hourly,cron.daily,cron.monthly

os.system ("chown root:root /etc/cron.hourly")
os.system ("chmod og-rwx /etc/cron.hourly")
os.system ("chown root:root /etc/cron.daily")
os.system ("chmod og-rwx /etc/cron.daily")
os.system ("chown root:root /etc/cron.monthly")
os.system ("chmod og-rwx /etc/cron.monthly")
file = open ("/tmp/linuxout.txt","a")
file.write ("owner and group permission for cron.hourly and cron.daily,cron.monthly is configured")
file.close

#Set User/Group Owner and Permission on /etc/cron.d

os.system ("chown root:root /etc/cron.d")
os.system ("chmod og-rwx /etc/cron.d")
p = subprocess.Popen ("stat -c "%a %u %g" /etc/cron.d | egrep ".00 0 0",shell=True)
p.communicate()
var1 = p.returncode

if (var1 == 0):
file = open ("/tmp/linuxout.txt","a")
file.write (" User/Group Owner and Permission on /etc/cron.d is configured succesfully")
file.close
else:

file = open ("/tmp/linuxout.txt","a")
file.write (" User/Group Owner and Permission on /etc/cron.d is failed")
file.close

#Set SSH Protocol to 2

ssh_port = subprocess.check_output("cat /etc/ssh/ssh_config |grep Protocol |awk '{print $2}',shell=True")
if (ssh_prot == 1):
os.system ("sed -i 's/#Protocol 2,1/Protocol 2/g' /etc/ssh/sshd_config")
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol is succesfully changed from 2,1 to 2")
file.close
else:
os.system ("sed -i 's/Protocol 2,1/Protocol 2/g' /etc/ssh/sshd_config")
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol is changed from 2,1 to 2")
file.close

#Set LogLevel to VERBOSE

ssh_log = subprocess.check_output ("cat /etc/ssh/ssh_config |grep LogLevel |awk '{print $2}',shell=True")

if (ssh_log == INFO):
os.system ("sed -i 's/#LogLevel INFO /LogLevel VERBOSE/g'  /etc/ssh/sshd_config")
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol log level succesfully changed from INFO to VERBOSE")
file.close
else:
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol log level change is failed")
file.close

#Set Permissions on /etc/sshd_config

os.system ("chown root:root /etc/ssh/sshd_config")
os.system ("chmod 644 /etc/ssh/sshd_config")
p = subprocess.Popen ("stat -c "%a %u %g" /etc/ssh/sshd_config | egrep ".00 0 0"",shell=True)
p.communicate()
var1 = p.returncode
if (var1 == 0):
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol permission changed succesfully")
file.close
else:
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol permission change is failed")
file.close

#Set SSH MaxAuthTries to 5 or Less

ssh_tries = subprocess.check_output ("cat /etc/ssh/ssh_config |grep MaxAuthTries |awk '{print $2}',shell=True")

if (ssh_tries == 6):
os.system ("sed -i 's/#MaxAuthTries 6/MaxAuthTries 5/g'  /etc/ssh/sshd_config")
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol max tries are changed to 5 or less")
file.close
else:
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh protocol max tries are change is failed")
file.close

#Disable hostbased authentication in sshd



ssh_host = subprocess.check_output ("cat /etc/ssh/sshd_config |grep "HostbasedAuthentication no" |awk '{print $2}',shell=True")
if (ssh_host == no):
os.system ("sed -i 's/#HostbasedAuthentication no/HostbasedAuthentication no/g'  /etc/ssh/sshd_config")
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh hostbased authentication is disabled succesfully")
file.close
else:
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh hostbased authentication is disable is failed")
file.close

###########Adding alternate user in the system#############

username = raw_input("Please enter username:")
password = raw_input("Please enter password:")
try:
pwd.getpwnam(username)
except KeyError:
     os.system (useradd -m -p $password $username)
else:
     print "User, %s is already exists" %username
continue

#Disable SSH Root Login

ssh_root = subprocess.check_output ("cat /etc/ssh/sshd_config |grep PermitRootLogin |awk '{print $2}',shell=True")
if (ssh_root == yes):
os.system ("sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g'  /etc/ssh/sshd_config")
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh root login is disabled succesfully")
file.close
else:
file = open ("/tmp/linuxout.txt","a")
file.write ("ssh root login is already disabled ")
file.close

#Use Only Approved Ciphers

    os.system ("echo Ciphers aes128-ctr,aes192-ctr,aes256-ctr >> /etc/ssh/sshd_config")
    file = open ("/tmp/linuxout.txt","a")
file.write ("approved ciphers are configured succesfully")
file.close
#configure the banner

    file = open ("/etc/issue","a")
file.write ("""************************************************************NOTICE*** SECURITY POLICY****************************************************************
    WARNING! This is an  secure computer system and may be accessed only by authorized users. These computer systems are provided for business purposes and must be used in an ethical lawful manner. All data contained here is owned by company authority ., and may be monitored, examined, intercepted, blocked, deleted, captured and disclosed in any manner, by authorized personnel. Individuals or groups using this system in excess of their authorization will have all access terminated. Unauthorized use or misuse of this system is strictly prohibited and may be subject to disciplinary action.
    **************************************************************NOTICE*** SECURITY POLICY******************************************************""")
    file.close

p = subprocess.Popen ("grep Banner /etc/ssh/sshd_config",shell=True)
    p.communicate ()
    var1 = p.returncode
if (var1 == 0):
   os.system ("sed -i 's/Banner/#Banner/g' /etc/ssh/sshd_config")
os.system ("echo Banner /etc/issue >> /etc/ssh/sshd_config")
file = open ("/tmp/linuxout.txt","a")
       file.write ("banner is configured succesfully")
       file.close

else:

file = open ("/tmp/linuxout.txt","a")
       file.write ("banner is already configured ")
       file.close

###Configure PAM

p = subprocess.Popen ("grep ^password.*pam_cracklib.so.* /etc/pam.d/system-auth,shell=True")
p.communicate ()
var1 = p.returncode
    if (var1 == 0):
os.system ("sed -i 's/^password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so try_first_pass retry=3 minlen=14,dcredit=-1,ucredit=-1,ocredit=-1 lcredit=-1/g' /etc/pam.d/system-auth")
file = open ("/tmp/linuxout.txt","a")
file.write ("PAM is configured succesfully")
file.close
##Set Strong Password Creation Policy Using pam_passwdqc

P = subprocess.Popen ("grep ^password.*pam_passwdqc.so.* /etc/pam.d/system-auth,shell=True")
p.communicate ()
var1 = p.returncode
    if (var1 == 0):
os.system ("sed -i 's/^password.*requisite.*pam_passwdqc.so.*/password    requisite     pam_passwdqc.so min=disabled,disabled,16,12,8/g' /etc/pam.d/system-auth")
file = open ("/tmp/linuxout.txt","a")
file.write ("Strong password is configured succesfully in PAM")
file.close

###Upgrade Password Hashing Algorithm to SHA-512

p = subprocess.Popen ("authconfig --test|grep hasing|grep sha512,shell=True")
p.communicate ()
var1 = p.returncode
if (var1 == 0):
file = open ("/tmp/linuxout.txt","a")
file.write ("Password hashing algorithm is already avilable in this system")
file.close
else:
os.system ("authconfig --passalgo=sha512 --update")

###Limit Password Reuse

p = subprocess.Popen ("grep ^password.*pam_unix.so.* /etc/pam.d/system-auth,shell=True")
p.communicate ()
var1 = p.returncode
if (var1 == 0):
os.system ("sed -i 's/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=3/g' /etc/pam.d/system-auth")
file = open ("/tmp/linuxout.txt","a")
file.write ("Password reusing algoritham is configured in the system")
file.close
###Set Password Expiration Days

os.system ("sed -i 's/PASS_MAX_DAYS/#PASS_MAX_DAYS/g' /etc/login.defs")
os.system ("echo PASS_MAX_DAYS 90 >> /etc/login.defs")
os.system ("chage --maxdays 90 omadmin")
file = open ("/tmp/linuxout.txt","a")
file.write ("Password expiration date configured as 90 in the system")
file.close

###Set Password Change Minimum Number of Days

os.system ("sed -i 's/PASS_MIN_DAYS/#PASS_MIN_DAYS/g' /etc/login.defs")
os.system ("echo PASS_MIN_DAYS 7 >> /etc/login.defs")
os.system ("chage --mindays 7 omadmin")
file = open ("/tmp/linuxout.txt","a")
file.write ("Password change minimum number of days are configured as 7 in the system")
file.close

###Set Default Group Account (root)

  os.system ("usermod -g 0 root")
  dfpass = subprocess.check_output ("grep root /etc/passwd | awk -F ":" '{print $4}'")
    if (dfpass == 0):
file = open ("/tmp/linuxout.txt","a")
   file.write ("Default group account is configured for root)
file.close
###Set Warning Banner for Standard Login Services

p = subprocess.Popen ("cat /etc/motd |grep computer system,shell=True")
p.communicate ()
var1 = p.returncode
if (var1 != 0):
os.system ("echo "This is a secure computer system. Authorized uses only. All activity may be monitored and reported." >> /etc/motd")
os.system ("chown root:root /etc/motd")
os.system ("chown root:root /etc/issue")
os.system ("chmod 644 /etc/motd")
os.system ("chmod 644 /etc/issue")
       file = open ("/tmp/linuxout.txt","a")
       file.write ("Warning banner is configured","a")
   file.close




































































Posted by at No comments:
Labels:

Thursday, September 24, 2015

Disk replacement procedure in solaris 10

                  Disk replacement procedure in solaris 10 






If the disk need to be replaced from a solaris global zone server ,we need  to execute some procedures along with HDD replacement .  I am giving you the replacement procedure for the disk replacement for spark T3-2 server 


1. First we need to identify  the faulty drive using below command  as per this the disk 5000c50031f89323 is in predictive fault mode and need to be replaced 

*******************************************************************
#root@solaris-test>fmadm faulty
--------------- ------------------------------------  -------------- ---------
TIME            EVENT-ID                              MSG-ID         SEVERITY
--------------- ------------------------------------  -------------- ---------
Sep 03 09:12:29 cb61c63d-bbc9-eb1c-f247-e53e8c8573b8  DISK-8000-0X   Major

Host        : solaris-test
Platform    : ORCL,SPARC-T3-2   Chassis_id  : 1111BDRD7A
Product_sn  : 1111BDRD7A

Fault class : fault.io.disk.predictive-failure
Affects     : dev:///:devid=id1,sd@n5000c50031f89323//scsi_vhci/disk@g5000c50031f89323
                  faulted but still in service
FRU         : "/SYS/SASBP/HDD1" (hc://:product-id=ORCL,SPARC-T3-2:product-sn=1111BDRD7A:server-id=whts18600:chassis-id=1111BDRD7A:serial=0010527270S1--------

6SE270S1:part=SEAGATE-ST930003SSUN300G:revision=0B70/chassis=0/motherboard=0/hba=0/bay=1/disk=0)
                  faulty

Description : SMART health-monitoring firmware reported that a disk failure is
              imminent.

Response    : None.

Impact      : It is likely that the continued operation of this disk will
              result in data loss.

Action      : Use 'fmadm faulty' to provide a more detailed view of this event.
              Please refer to the associated reference document at
              http://sun.com/msg/DISK-8000-0X for the latest service procedures
              and policies regarding this diagnosis.

2. If we check the zpool status we will get the exact disk details 


#root@solaris-test > zpool status rpool
  pool: rpool
 state: ONLINE
status: The pool is formatted using an older on-disk format.  The pool can
        still be used, but some features are unavailable.
action: Upgrade the pool using 'zpool upgrade'.  Once this is done, the
        pool will no longer be accessible on older software versions.
 scan: none requested
config:

        NAME                         STATE     READ WRITE CKSUM
        rpool                        ONLINE       0     0     0
          mirror-0                   ONLINE       0     0     0
            c0t5000C50031F9FB07d0s0  ONLINE       0     0     0
            c0t5000C50031F89323d0s0  ONLINE       0     0     0

errors: No known data errors

3. We will get the actual path and disk id from below command 


#root@solaris-test > cfgadm -alv |grep c0t5000C50031F89323
c4::w5000c50031f89321,0        connected    configured   unknown    Client Device: /dev/dsk/c0t5000C50031F89323d0s0(sd1)

4. Now we need to unconfigure the disk 


#root@solaris-test >cfgadm -c unconfigure c4::w5000c50031f89321,0

5. Now we can see as the disk is in unconfigured state 


#root@solaris-test > cfgadm -al
Ap_Id                          Type         Receptacle   Occupant     Condition
c2                             fc-fabric    connected    configured   unknown
c2::50060e8006cfb113           disk         connected    configured   unusable
c2::50060e80166d5f37           disk         connected    configured   unknown
c3                             scsi-sas     connected    configured   unknown
c3::w5000c50031f9fb05,0        disk-path    connected    configured   unknown
c4                             scsi-sas     connected    configured   unknown
c4::w5000c50031f89321,0        disk-path    connected    unconfigured unknown

6. Now we need to replace the disk with new one 


7. After the disk replacement if we check we can see the new disk is in configured state 


#root@ solaris-test> cfgadm -al

c4                             scsi-sas     connected    configured   unknown
c4::w5000cca00ab91e01,0        disk-path    connected    configured   unknown

root@solaris-test> cfgadm -alv |grep c0t5000CCA00AB91E00d0
c4::w5000cca00ab91e01,0        connected    configured   unknown    Client Device: /dev/dsk/c0t5000CCA00AB91E00d0s0(sd6)

8. Now we need to copy the partition table from root disk to the new disk 


#root@solaris-test> prtvtoc /dev/rdsk/c0t5000C50031F9FB07d0s2 | fmthard -s - /dev/rdsk/c0t5000CCA00AC682C4d0s2
fmthard:  New volume table of contents now in place.

9. Now we need to  attach  the new disk with existing pool using below command ( you will get some warning which you can ignore now)


#root@solaris-test > zpool attach rpool c0t5000C50031F9FB07d0s0 c0t5000CCA00AC682C4d0s0
warning: device in use checking failed: Unknown error
Make sure to wait until resilver is done before rebooting.

We can check the status of the pool status using below command, (once the mirroring is completed resilvering message will clear )

root@solaris-test > zpool status rpool
  pool: rpool
 state: ONLINE
status: One or more devices is currently being resilvered.  The pool will
        continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
 scan: resilver in progress since Thu Sep 24 00:15:42 2015
    757M scanned out of 188G at 16.5M/s, 3h14m to go
    757M resilvered, 0.39% done
config:

        NAME                         STATE     READ WRITE CKSUM
        rpool                        ONLINE       0     0     0
          mirror-0                   ONLINE       0     0     0
            c0t5000C50031F9FB07d0s0  ONLINE       0     0     0
            c0t5000CCA00AC682C4d0s0  ONLINE       0     0     0  (resilvering)

errors: No known data errors

10. Now we need to install the boot disk .


#root@solaris-test > installboot -F zfs /usr/platform/`uname -i`/lib/fs/zfs/bootblk  /dev/rdsk/c0t5000CCA00AC682C4d0s0


After the above command execution if you check the status of the pool you can see the new disk is in place 



#root@ solaris-test > zpool status rpool

pool: rpool

state: ONLINE

status: The pool is formatted using an older on-disk format. The pool can

still be used, but some features are unavailable.

action: Upgrade the pool using 'zpool upgrade'. Once this is done, the

pool will no longer be accessible on older software versions.

scan: resilvered 188G in 0h58m with 0 errors on Thu Sep 24 01:14:30 2015

config:



NAME STATE READ WRITE CKSUM

rpool ONLINE 0 0 0

mirror-0 ONLINE 0 0 0

c0t5000C50031F9FB07d0s0 ONLINE 0 0 0

c0t5000CCA00AC682C4d0s0 ONLINE 0 0 0



errors: No known data errors




So disk is succesfully replaced and pool status is fine


Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)