Computer hardware software: Computer

Showing posts with label Computer. Show all posts

Wednesday, August 19, 2009

Devices and Drivers.

Diposkan oleh Hart di 6:25 PM . Wednesday, August 19, 2009

0 komentar

Label: Computer

5 Devices and Drivers.

5.1 What are they?

Devices are presented as special files in /dev
Devices are either block or character special files
Any peripheral is seen by Unix as a device
Even memory is a device (/dev/kmem and /dev/mem)
Devices are created with mknod just as directories are created with mkdir
Devices have major and minor number
The major number represents the device driver
The minor number represents the instance of a device of the type specified by the major device number
Devices are created by /dev/MAKEDEV script (SunOS 5.x creates devices at boot time; use boot -r)

Here is an example of the contents of the /dev directory.

The Small Computer System Interface (pronounced "scuzzy") specification was developed to allow up to 7 devices to be intelligently controlled by each interface rather than the computer. SCSI adapters are common on most workstations today as part of the motherboard.

Uses 50 pin "Centronics" style connectors
Devices daisy-chained to form a "bus" topology
Only one SCSI device should be terminated - the final one (the bus is also terminated internally)
SCSI controller occupies address 7 - all other devices can use addresses 0 through 6 (addresses do not have to be contiguous, e.g. can use 1, 2 and 4 for devices)
Addresses must be unique

5.3 Disk Special File Names (standard /usr partition)

Table 3: Disk Special File Names
--------------------------------------------------------------------------------
              BSD           System V.4        SunOS 4.1.3  IRIX             
--------------------------------------------------------------------------------
File Name        /dev/rdisk0g  /dev/rdsk/c1d0s2  /dev/rsd0g   /dev/rdsk/dks0d0s2
Raw access mode  /dev/rdisk0g  /dev/rdsk/c1d0s2  /dev/rsd0g   /dev/rdsk/dks0d0s2
Device Type      /dev/rdisk0g  /dev/rdsk/c1d0s2  /dev/rsd0g   /dev/rdsk/dks0d0s2
Drive #          /dev/rdisk0g  /dev/rdsk/c1d0s2  /dev/rsd0g   /dev/rdsk/dks0d0s2
Disk Partition   /dev/rdisk0g  /dev/rdsk/c1d0s2  /dev/rsd0g   /dev/rdsk/dks0d0s2
Controller #                   /dev/rdsk/c1d0s2               /dev/rdsk/dks0d0s2
--------------------------------------------------------------------------------

OSF/1 (Digital Unix) and Digital Ultrix look similar to BSD style, while SunOS 5.x uses System V.4 style device files but also provides BSD style device names via use of symbolic links (for backward compatibility with SunOS 4.x).

5.3.1 Particular naming schemes for SCSI discs

SunOS 4.x - /dev/sdAP
SunOS 5.x - /dev/[r]dsk/cCtAd0sS
Digital Unix - /dev/[r]rzNP
Linux - /dev/sdLK
Where: A = SCSI address, C = Controller number, K = DOS primary/extended partition, L = drive letter "a" through "h", N = 8 * controller # + SCSI address, P = BSD-style partition, S = System V-style slice
[Note: Linux device names and portioning is quite different from other flavors of Unix. Partition 0, or no partition number, refers to the whole drive. Partitions 1-4 are DOS primary partitions, while partitions 5-8 are extended DOS partitions.]

5.4 Common "tricks" with devices.

Example of association between /dev/*tape and tape device
Example of association between /dev/floppy and high-density floppy device

5.5 Example: Adding a tape drive to a Digital Unix system

Determine the "unit number" of the device(assume first SCSI bus, SCSI ID of tape drive is 5)

N = (8 * SCSI bus #) + SCSI target #
= (8 * 0) + 5
= 5

Create device entries

# cd /dev
# ./MAKEDEV tz5
MAKEDEV: special file(s) for tz5:
rmt0l
rmt0h
rmt0m
rmt0a
nrmt0l
nrmt0h
nrmt0m
nrmt0a

5.6 Example Problems

Determine the number of inodes on the root partition (See "man df"). How many more files can you create on that partition?
Determine the device names of all devices on your system
If you have a tape drive, how do you specify use of non-rewind mode? How do you specify the high-density mode?
If you were to add a new CD-ROM drive or SCSI tape device (assuming you don't have either yet), what would its device name be? (Check in /dev/MAKEDEV to see how its device files are created.)

www.washington.ed

Klik disini untuk melanjutkan »»

Printing.

Diposkan oleh Hart di 6:24 PM .

0 komentar

Label: Computer

17 Printing.

Steps to set up a local printer on your Unix workstation.

Physically connect the printer to the computer (for serial ports, you may need a null modem cable)
For serial line printers, create or modify an entry in the terminal line configuration file
Configure the proper files on the system to communicate correctly with the proper port
Create a spooling directory and accounting files for this print queue
Set up proper filter programs (if necessary)
Configure the printer system to allow printing to your new device
Enable printing on the new device
Send a print job to test the printer

17.1 BSD spooling.

The lpr system uses a single printer capabilities file to control printing; which device, what filter to use, baud rates, form feeds, remote host and remote device name, etc. The lpr system can work over a network.

lpr - queues print jobs
lprm - removes print jobs form queue
lpq - shows jobs in print queue
lpc - printer control program
lpd - printer daemon
/etc/printcap - printer configuration file describing all printers on this host (and possibly other remote hosts)
Put entry in /etc/ttys (/etc/ttytab under SunOS 4.1.3) for serial port with status off, type unknown and keyword none.

17.1.1 BSD printcap file.

Here is an example /etc/printcap file Note that this is for a Postscript printer. It needs special filters to convert ordinary text into Postscript output. The software to do this, Transcript, is available free to campus systems. The Transcript install program made this printcap entry.

17.2 System V printing.

The lp system uses scripts that control the printer devices. (System V.4 adds remote printing and PostScript capabilities)

lp - initiates print requests
cancel - cancels pending print requests
lpstat - to list queue contents and show status
accept - allows lp to accept requests
reject - prevents lp from accepting requests
enable - activates named printer
disable - disables named printer
lpadmin - configures lp spooling system
lpsched - line printer scheduling daemon
/usr/spool/lp/model - directory where model files are kept

17.3 AIX queueing.

AIX supports the BSD and System V printer commands and adds extra functionality by integrating printing with its general queueing system.

www.washington.edu

Klik disini untuk melanjutkan »»

Installing Terminals & Modems.

Diposkan oleh Hart di 6:23 PM .

0 komentar

Label: Computer

16 Installing Terminals & Modems.

A few facts about (ASCII or "dumb") terminals and modems:

Terminals and modems are asynchronous devices
Most use RS-232 standards (such as they are)
Terminals and modems used for logins must deal with getty
Modems used for both dial-in and dial-out have special needs
Asynchronous data transfer is usually much slower than ethernet
Official limit for RS-232 lines is 50 feet
Most workstations and desktop Unix systems only have two async ports

16.1 Pins used for RS-232 serial connections.

Table 8: RS-232 pin assignments
-----------------------------------------------------------------------------------
Pin  Name  Function                        Pin  Name  Function                       
-----------------------------------------------------------------------------------
1    FG    Field ground                    14   STD   Secondary transmitted data     
2    TD    Transmitted data                15   TC    Transmitted clock              
3    RD    Received data                   16   SRD   Secondary received data        
4    RTS   Request to send                 17   RC    Received clock                 
5    CTS   Clear to send                   18         (Not assigned)                 
6    DR    Data set ready                  19   SRTS  Secondary request to send      
7    SG    Signal ground                   20   DTR   Data terminal ready            
8    DCD   Data carrier detect             21   SQ    Signal quality detector        
9          Positive test voltage           22   RI    Ring indicator                 
10         Negative test voltage           23   DRS   Data rate selector             
11         (Not assigned)                  24   SCTE  Serial clock transmit external 
12   SDCD  Secondary data carrier detect   25   BUSY  Busy                           
13   SCTS  Secondary clear to send                                                   
-----------------------------------------------------------------------------------

Most of these pins have no practical use, except:

Ground pins 1 (FG) and/or 7 (SG) are used
If only one ground is used, it should be 7
Pins 2 (TD), 3 (RD) and one ground pin must be used
Pins 4 (RTS) and 5 (CTS) may be used for HW handshaking
Modems commonly use pins 6 (DSR) and 20 (DTR)

When installing cables in walls/conduit, it is best to use straight-through cables using all 25 pins and use smaller, specialized (e.g., null modem) cables or converters between the ends of the routed cable and the devices.

16.2 Equipment types.

DTE - Data Terminal Equipment (computers are usually DTE)
DCE - Data Communications Equipment (modems are always DCE)

Connecting a modem to a computer is different than connecting two computers together.

16.3 Hardware handshaking (RTS/CTS).

DTR - "Ready to communicate"
Tells modem that computer is ready/able to communicate - if this signal drops, modem should hang up.
DSR - "Ready to receive data"

Tells computer that modem can accept data (ignored by many U.S Unix systems which use DCD instead).

DCD - "Have remote carrier"

Dropped signal means that modem lost connection to other system.

RTS (Request to Send) and CTS (Clear to Send) lines used to "throttle" transmission (lines not shown)

16.4 Software Handshaking (XON/XOFF).

XOFF (ASCII Control-S)
Used to tell other side to stop transmitting data.
XON (ASCII Control-Q)
Used to tell other side that it is OK to continue transmitting data.

Since hardware handshaking is implemented in the serial port hardware, it is far more efficient and reliable. This is because:

the time delay between transmission of XOFF character and actual halting of transmission can cause buffer overflow and lost data (especially at very high baud rates)
transmitted data may contain XON/XOFF characters which fool the hardware

16.5 Steps in installing terminals/modems

Physically connect the terminal/modem to the computer (DTE<->DTE or DTE<->DCE)
Determine the special file in /dev that communicates with the terminal/modem
With terminals, make sure a termcap or terminfo entry exists for this terminal (you may need to create one)
Add/modify an entry in the proper configuration files
Force init to reread the terminal configuration information (kill -HUP 1 or init -q)
Dial-in/dial-out modems are a special case(May need to send modem initialization codes and save to non-volatile memory using tip or cu)

16.6 /etc/ttys file

Here is an example /etc/ttys file from a BSD-style system (a NeXT). The uncommented lines with "on" in the fifth column are active and will have associated getty processes. The second field (between the " ") points to entries in the /etc/gettytab file.

www.washington.edu

Klik disini untuk melanjutkan »»

Configuring the kernel.

Diposkan oleh Hart di 6:10 PM .

0 komentar

Label: Computer

14 Configuring the kernel.

14.1 Why?

Not necessary with most modern UNIX systems, except when you:

add or remove a type of hardware, or
add/remove some subsystems (e.g., NFS, ISO9660, SLIP/PPP)

14.2 Basic Steps

Make sure you understand the hardware on your system (e.g., disc/tape drives, network interface, mice)
Create/edit the configuration file in the conf directory (usually /sys/conf or /usr/sys/conf).
Run config in conf directory.
Use make depend and make kernel-name to create the new kernel.
Rename the old kernel and copy the new one into / to test it out. If it fails, reboot with the old kernel.

14.3 Examples of generating an Ultrix kernel

Example configuration file
Example of doconfig command output

www.washington.edu

Klik disini untuk melanjutkan »»

Unix System Security.

Diposkan oleh Hart di 6:09 PM .

0 komentar

Label: Computer

13 Unix System Security.

Securing any computer system involves many steps, including:

Knowing how the system may be attacked
Knowing how to protect against these attacks
Monitoring your system
Teaching users how to be "safe" and getting them to work with you
Knowing what to do when you detect you've been hit

13.1 Knowing how the system may be attacked

The best place to start is by reading articles, such as:

13.1.1 Detecting an attack

Common methods of attack include:

System crashes
- Repeat crashes usually hardware related
- Read log files/console for panic reasons
- Any patterns (e.g., time of day) should raise suspicion
New accounts
- Especially with UID 0
New files
- With setuid/setgid bits or root ownership
- Hidden directories (e.g., "..." or with control characters in the name, such as backspace)
Modified file
- System programs (e.g., login, sh, csh, ps)
- Configuration files (e.g., /etc/rc, /etc/aliases, /etc/hosts.equiv)
- User files (e.g., .login, .cshrc, .history, .rhosts)
Poor Performance
- May indicate password cracking or packet sniffing programs
- Programs to use: ps, iostat, vmstat, pstat, sar, netstat
Denial of service
- Exhaustion of finite resources
  - File space on partitions (e.g., filling /tmp)
  - inode table
  - process table
  - open files
  - virutal memory
  - network services
- Destruction of data
  - Deleting user files/system configuration files/system programs

13.2 Knowing how to protect against these attacks

Make sure you've applied all recommended security patches to your system.

Security Patches FAQ

Learn about, and use, tools and papers from sources such as these:

The COAST project at Purdue University
The National Institute of Standards and Technology's (NIST)Computer Security Division (CSD)
Unix Security Information from the Advanced Laboratory Workstation Project at the National Institute of Health (NIH)
The Computer Emergency Response Team (CERT)
Computer and Network Security Reference Index (Note: this site is in Australia)

Only provide as much access as is necessary:

Put access controls on IP services with tcp_wrapper
Remove IP services you don't really need, such as fingerd, sendmail, and tftp

13.3 Monitoring your system

At the very least, log access with something like tcp_wrapper - add to effectiveness by logging to another host (see "man syslogd")
Read your log files, or use a tool like swatch
Detect modified programs with tripwire

13.4 Teaching users how to be "safe" and getting them to work with you

Select Good Passwords (and change them regularly)
Take care with .rhosts files
Don't share accounts/passwords (one person, one account)
Understand how to safely use the X Window System

13.5 Knowing what to do when you detect you've been hit

Have security policies in place. COAST has example security policies, including examples from several Universities.
There are some good guidelines in RFC1244 (chapters 5 and 6) on post-incident response, but it also provides much information on developing policies and procedures
Send email to help@cac.washington.edu to report the incident
Gather and preserve evidence - it may be needed by law enforcement investigators

13.6 Unix System Security Checklist

This Unix System Security Checklist can serve as a tool to help you with improving and auditing the security of your systems.

13.7 Vendor Security/Patch Web Sites

Silicon Graphics -- http://www.sgi.com/Support/security/security.html
IBM -- http://www.ibm.com/Security/html/resources.html
Digital Equipment -- http://www.service.digital.com/patches/index.html
Sun -- http://sunsolve.sun.com/
RedHat (Linux) -- http://www.redhat.com/docs/errata.html
Microsoft -- http://www.microsoft.com/security/

13.8 Computer Security related sites on the Internet

http://crimelab.com/bugtraq/bugtraq.html (Bugtraq archive)
http://www.cs.purdue.edu/coast/coast.html (Purdue's COAST home page)
http://csrc.ncsl.nist.gov/ (NIST Clearning Security Resource Clearinghouse)
http://www.openmarket.com/info/intindex/ (Internet Facts)
http://www.dct.ac.uk/www/books/hacker-crackdown/hacker.html(Hacker Crackdown book)
http://www-ns.rutgers.edu/www-security/reference.html(Rutgers WWW Security References)
http://www.commerce.net:8000/directories/jumpstation/sectools.html(Electronic Commerce Jumpstation - Security Tools)
http://www.underground.org/
http://www.alw.nih.gov/Security/security-docs.html (NIH web pages)
http://www.faqs.org/faqs/sgi/faq/security/l (SGI Security FAQ)
http://sites.inka.de/~W1012/freefire-l/tools.html (Freefire project)

13.9 Example Problems and Reading

Get a copy of Crack (a password cracker) from cert.sei.cmu.edu and run it against your /etc/passwd file. See how many passwords it can break.
Get a copy of COPS (a system security checker) from cert.sei.cmu.edu and run it on your system to see what it finds. You may wish to set this up so it runs under cron to regularly check your system.
Here are some interesting articles/papers on system security issues.

www.washington.edu

Klik disini untuk melanjutkan »»

Using an NFS server.

Diposkan oleh Hart di 6:08 PM .

0 komentar

Label: Computer

12 Using an NFS server.

12.1 NFS "exporting" (server side).

Server host must first be configured to allow your host to mount directories

/etc/exports defines the directories that are exported and which hosts are allowed to mount them(SunOS 5.x uses /etc/dfs/dfstab in slightly different way)
exportfs is used to make directories available for mounting(SunOS 5.x systems use the share and unshare commands)
/etc/xtab lists information about currently exported directories
mountd processes mount requests, verifying that requesting clients are allowed to mount by reading the /etc/xtab file

Here is an example of an /etc/exports file.

12.2 NFS mounting (client side).

Your host must then mount the remote directories

showmount will show mountable file systems on remote machines(Here is an example of using showmount)
mount command used to mount directories, e.g.

mount host.dept.washington.edu:/usr/man/usr/man
mount host.dept.washington.edu:/usr/users/home

/etc/fstab contains list of all file systems mounted by default

Can use mount -p to help build /etc/fstab entries

Tabell 7: Commonly used NFS mount flags
-----------------------------------------------------------------------
Flag      Description                                                   
-----------------------------------------------------------------------
ro        Mount the file system read-only                               
rw        Mount the file system read/write (only if server exports as   
         writable)                                                     
bg        If the server doesn't respond, keep trying the mount in the   
         background - may also hang startup scripts, or cause          
         strange failures, if they rely on files in these file systems 
hard      Blocks processes accessing files until server can respond     
         (may look like your shell has "hung")                         
soft      Processes trying to access files get an error message if      
         server is not responding                                      
intr      Allows user to abort a blocked access (returns error also)    
timeo=    Timeout period (in tenths of a second) for requests           
retrans=  Specify number of times to retry requests before return       
         ing an error when soft mount used.                            
-----------------------------------------------------------------------

12.3 Gotchas! with NFS

Ownership represented by numeric UID/GID values, which correspond to logins viathe /etc/passwd file on both client and server!(What if UIDs don't match?)
Security is a problem (e.g., can chown be used to give files away?).See Unix System Security Checklist for details.
NFS is a "stateless" protocol. What happens if the server goes down?
- "NFS: stale file handle" error message means re-mount file systems
- "Hard mount" is "Energizer Bunny" mode. Client keeps trying, and trying, and trying.... Unless interrupts allowed, client will "hang" until server comes back up
- "Soft mount" means client gets an error message.
File locking can be a problem.
Easy to "waste" bandwidth by transferring files twice!(e.g., ftp to/from an NFS mounted file system on a client)
Forgetting to use -xdev (or -mount, etc)., when using find.
Differences in maximum block sizes between client/server file systems can cause programs to crash

12.4 Related Articles

"How to Develop a Distributed Filesystem Model," Michael S. Hill, Sys Admin, August 1996
"Hidden Dangers of NFS Mounting Foreign File Systems," Doug Morris, Sys Admin, August 1996

www.washington.edu

Klik disini untuk melanjutkan »»

Networking.

Diposkan oleh Hart di 6:06 PM .

0 komentar

Label: Computer

11 Networking.

11.1 UW network concepts.

The predominant networking protocols for world-wide internetworking are the TCP/IP protocols
UW campus backbone only routes IP traffic
The Domain Name System (DNS) is used to reference hosts instead of IP addresses (e.g., rtfm.mit.edu)
UW campus is subnetted (128.95.subnet.host)
Subnets are connected by routers (campus standard address for gateway router is 128.95.subnet.100)
Individual network connections within the building are usually served by ethernet multi-port repeaters (empr)
The campus backbone is part of NorthWestNet, one of many regional network access providers who in turn connect to one of many national networks (NorthWestNet connects to MCInet).
All these tens of thousands of smaller networks with millions of connected hosts make up the Internet (a.k.a. "The Net")

You can find information about the Internet at many sites. Try looking at what is stored at ftp.merit.edu. Here are some other interesting statistics on the Internet.

11.2 Example of subnetted network.

This diagram shows an example of a subnetted network.

11.3 Network topologies.

Here is a description of the technical details of Ethernet networks. The most common topologies on this campus are:

Star (e.g., twisted pair ethernet, or 10BaseT). This is the type of network technology currently recommended by C&C and what we would install today.
Bus (e.g., thin ethernet, or 10 Base 2). The older standard for inexpensive Ethernet networks, but still found in many places on campus.
Ring (e.g., Token Ring, FDDI, CDDI)

11.4 DNS name service.

Host name + Domain = Fully Qualified Domain Name

E.g., host stimpy in domain cac.washington.edu has a fully qualified domain name (FQDN) of stimpy.cac.washington.edu

Host name set in rc files using hostname command

# hostname ren

Resolver configuration file is /etc/resolv.conf

domain cac.washington.edu
nameserver 128.95.120.1
nameserver 128.95.112.1
nameserver 128.101.101.101

DNS is not related to Sun's NIS/NIS+, although they can work together.

SunOS 4.x: get replacement libraries from ftp.cac:/pub/sun-fix. SunOS 5.x users need to modify /etc/nsswitch.conf.

11.5 ISO vs. TCP/IP protocol stacks.

11.6 Protocols, ports, and servers.

Protocol numbers defined in /etc/protocols
Port numbers for services defined in /etc/services
Servers are managed by the Internet daemon inetd
Servers are defined in /etc/inetd.conf

To force inetd to reread its configuration file, send it a -HUP signal, like this:

# ps -aux | grep inetd
root 111 0.0 1.7 1.44M 344K ? S 0:00 (inetd)
root 4451 0.0 1.0 1.52M 208K p2 S 0:00 grep inetd
# kill -HUP 111 # ...for BSD
# killall -HUP inetd # ...for System V

11.7 Configuring the ethernet interface (BSD).

/etc/rc or /etc/rc.local
Here is an example of the part of the /etc/rc.local file that configures the ethernet interface.

11.8 Configuring the ethernet interface (System V).

/etc/init.d/network

11.9 Configuring the networking software.

Make entry in /etc/hosts for your host and IP address
Register your DNS name
(Get IP addresses and Domain Names from your departmental network administrator, or from campus network administrators by sending email to netops@cac.washington.edu )
Set up the DNS resolver configuration file
Make sure the netmask is 255.255.255.0 (0xffffff00)
Make sure the broadcast address is128.95.subnet.255 (use 128.95.subnet.0 for Sun computers)

Here is an example of setting up the network interface for a Sun computer.

11.10 User commands.

telnet
ftp
rlogin
rsh
rcp
rwho
ruptime

11.11 Public domain utilities/facilities.

Anonymous ftp
Log in as user name of ftp or anonymous, and using your email address (e.g., name@host.dept.washington.edu) as the password.
gopher/xgopher
archie/xarchie
Xmosaic
WAIS
These utilities and facilities are described in detail in Whole Internet: User's Guide & Catalog, Internet Companion: a Beginner's Guide to Global Networking, and Internet Passport.

11.12 Standard diagnostic tools.

netstat
The netstat utility can be used to determine the name of your interface and to check the routing table to see if your gateway is accessible.
ifconfig
The ifconfig utility is used to configure (or check the configuration of) your network interface.
ping
Tells if you can send/receive packets with another Internet host.
arp
Exercises the name resolution mechanism and reports IP/ethernet addresses. (Here are some Ethernet codes, in case you need them).

11.13 Public domain diagnostic tools.

lsof
A useful tool for finding which processes have open file handles, it also helps find which processes have open sockets. This is very handy for identifying processes involved in network connectivity problems. Available from ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
dig
An alternative to nslookup. It has a method of doing reverse name lookups, which can be handy in determining the name of hosts that are sending packets across your subnet. Available from ftp://venera.isi.edu/pub/.
traceroute
Traces the route of UDP packets from your host to another host. Can be used to diagnose "no answer" and "network unreachable" error messages from TCP/IP utilities. [Usually] shows all interfaces that packets go through. Available from ftp://ftp.ee.lbl.gov/traceroute.tar.
tcpdump
"Network" or "protocol" analyzer that lets you see some/all packets that are traversing your subnet. Allows you to select or filter packets "promiscuously." Available from ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
tcpview
Motif version of the tcpdump utility. Produced by C&C for use here on campus. Available from ftp://ftp.cac.washington.edu/pub/noc-tools/tcpview.
etherman/interman/packetman
X Windows programs to monitor ethernet, IP, and packet level traffic on your subnet. Available in binary form for Ultrix 4.2/4.3 and SunOS 4.1.3 (sun4c) from ftp://tfp.cs.curtin.edu.au/pub/netman.
getethers
Builds a table of Ethernet numbers, host names and manufacturer suitable for use as an /etc/ethers file. Available from ftp://harbor.ecn.purdue.edu/pub/davy/

11.14 Public domain security tools.

nmap
Network mapping toolhttp://www.insecure.org/nmap/index.html
trinux
All the network monitoring tools you need, on a two-floppy, RAM disc based, Linux distribution! (Can even boot on a laptop). Available from http://www.trinux.org/
tcp wrapper (a.k.a. tcpd)
This utility adds access control and logging features to TCP/IP services. It is available in source code form for most popular Unix implementations from ftp://cert.org/pub/tools/tcp_wrappers/.
smrsh
This program provides a more secure mechanism for shell execution from other programs such as sendmail. It is avaiable as C code with a man page from ftp://cert.org/tools/smrsh.

11.15 Useful information

Klik disini untuk melanjutkan »»

Adding new users.

Diposkan oleh Hart di 6:05 PM .

0 komentar

Label: Computer

10 Adding new users.

Steps involved (usually automated).

Determine login name, user ID (UID), group ID (GID) & netgroup (if using NIS or NIS+)
Enter data in /etc/passwd file
Assign password
Set account parameters (e.g., password aging, account expiration, quotas)
Create home directory
Copy initialization files
Set file ownerships and protections (use chown, chgrp, chmod commands)
Add user to other facilities (quota system, aliases file)
Perform other site-specific initialization tasks
Test new account

10.1 Fields in the /etc/passwd file.

logname:passwd:uid:gid:user info:home:shell

10.2 Fields in the /etc/group file.

group:passwd:gid:members

10.3 Choosing passwords.

One of the best algorithms to use is to take two non-related words, separate them with a punctuation character, mix in some upper-case characters, and perhaps reverse one of the words. E.g.,

DOg.tenT (mixed upper/lower case)
t00l%p0nd (zeros instead of "O")
p33l*BOARd (substitute numeric for alpha)
tned-Pile (reversed first word)

10.4 Shell initialization files.

C shell: .cshrc, .login, .logout, /etc/cshrc,/etc/cshrc.std
Borne shell: .profile, /etc/profile,/etc/profile.std
Skeleton files: in /usr/skel, /etc/skel, or/etc/security directories

10.5 Automating account creation.

sysadm (System V)
passmgmt (System V)
useradd (System V.4)
adduser, addgroup (Some BSD, OSF/1)
SMIT (AIX)
nu (NeXTStep)
Public domain scripts

10.6 Disabling and/or removing user accounts.

Remove or modify entry in /etc/passwd
Remove entry in NIS/NIS+ maps
Remove $HOME/.rhosts files
Remove mail spool file
Remove from mail aliases file
Remove any cron or at jobs
Remove directory

10.7 Related articles

"Developing Common Login Scripts," Dinah McNutt, Unix Review, December 1995, p73. (includes sample .profile file for the Korn shell)

www.washington.edu

Klik disini untuk melanjutkan »»

Startup/Shutdown.

Diposkan oleh Hart di 6:05 PM .

0 komentar

Label: Computer

9 Startup/Shutdown.

9.1 Boot Phases.

ROM monitor may run some simple hardware diagnostics and finds boot device
ROM monitor loads/runs bootstrap loader
Bootstrap loader loads/runs kernel (PID 0)
Kernel may perform more elaborate diagnostics, then checks root file system
Kernel mounts root file system, then starts init(PID 1)
Operator may need to switch to multi-user mode
init runs initialization scripts (rc scripts)
getty/login produces prompts on terminals (or graphics system starts up) and system is ready to go

This example of the output of System V style ps will help identify these processes.

9.2 Starting a boot.

Autoboot from power-on
Boot command from ROM monitor

9.3 BSD single-user mode vs. multi-user mode.

Berkeley UNIX has just two operating states: single-user mode and multi-user mode.

9.4 System V run levels.

System V has several states, or "run levels"
Use who -r to see current run level

# who -r
. run-level 2 Mar 5 15:32 2 0 S
Table 6: System V Run Levels
-------------------------------------------------------------------------------------------
Run Level  Names and Uses                                                                   
-------------------------------------------------------------------------------------------
0          Powerdown state; conditions where it is safe to turn the power off.              
1          Administrative state.                                                            
s or S     Single-user mode.                                                                
2          Multi-user mode; Normal operating state for isolated,                            
          non-networked systems.                                                           
3          Remote File Sharing (RFS) state. Alternative state for networking use. (Normal   
          multi-user state for OSF/1; other Sys V may use state 2).                        
4          User-definable state. (Also not normally used; state 2 used instead).            
5          Firmware state; Used for some types of maintenance on some systems.              
6          Shutdown and reboot state; used to reboot the system from some other running     
          state (s, 2, 3 or 4) to state 0 then immediately back to normal operating state. 
-------------------------------------------------------------------------------------------

9.5 Initialization scripts.

The initialization scripts, usually written in Borne shell (BSD, System V) or Korn shell (AIX) perform the following tasks:

Sets computer's hostname (BSD and some System V)
Sets time zone (System V only)
Checks unmounted discs with fsck (only in multi-user mode)
Mounts the system's disc partitions
Removes files from the /tmp directory
Starts up daemons and network services
Turns on accounting and quotas (if used)
Configures network interface(s)
Starts windowing system and window-based login (on graphics workstations)

9.6 BSD rc files.

/etc/rc (multi-user initialization)
/etc/rc.local (site-specific initialization)
/etc/rc.boot (NeXTStep single-user initialization and primary SunOS initialization file)
/etc/rc.single (under SunOS single-user mode starts shell; under SunOS multi-user mode runs/etc/rc)
/etc/rc.net, /etc/rc.tcpip, /etc/rc.pci,/etc/rc.ncs (AIX)

Here is an example of a BSD style /etc/rc.local file.

9.7 System V initialization files.

init reads /etc/inittab to find what to execute
Initialization files stored in /etc/init.d
Links made into /etc/rc0.d, /etc/rc2.d, etc.

Here is an example of a simple initialization file, the /etc/init.d/lp file.

9.8 OSF/1 initialization files.

Same as System V, but...
Initialization files stored in /sbin/init.d
Links made into /sbin/rc0.d, /sbin/rc2.d, etc.

9.9 System V initialization

This diagram shows the process of initialization under System V style Unix.

9.10 Shutting down

(WARNING! Never just turn the computer off!)

Notify users (use wall and/or /etc/motd to announce shutdown, if not done for you)
Disable logins under BSD (create /etc/nologin, if not done for you by shutdown)
BSD: shutdown time message

# shutdown +60 "Shutting down for weekly backups"
# shutdown now "There's water coming through the ceiling"

System V: shutdown -gn -ilevel [-y]

# shutdown -g60 -iS
# shutdown -g0 -i0 -y

reboot command (BSD, some System V, OSF/1)
halt command (BSD, some System V, OSF/1)

9.11 System crashes.

Hardware failures
Power failures/surges
Environmental problems
I/O problems (including filled partitions)
Software problems (kernel faults, bugs, programs)

9.12 System won't boot.

Always wait at least ten seconds when power cycling
Same causes as above
Errors in initialization scripts
Improperly configured kernel

www.washington.edu

Klik disini untuk melanjutkan »»

Backups.

Diposkan oleh Hart di 6:04 PM .

0 komentar

Label: Computer

8 Backups.

8.1 Media types

Here are some average example prices as of February 1998:

Table 4: Backup media comparison
----------------------------------------------------------
Type         Drive price  Media price  Capacity   Price/MB 
                                      (MB)                
----------------------------------------------------------
Floppy disc  $150         $0.50        2.88       $0.17    
QIC          $300         $20          250        $0.08    
Jaz drive    $600         $125         2,000      $0.0625  
9 track      $? (2)       $10          160        $0.06    
CD-R (3)     $100         $12          660        $0.018   
Hard disc    $100         $100  (1)    8,200      $0.01    
DLT (4)      $4,000       $70          30,000     $0.002   
8mm [video]  $2,200       $9           5,100      $0.0018  
4mm [DAT]    $1,800       $7           5,500      $0.0013  
----------------------------------------------------------

(1) Since media cost equals the drive cost, this option is about the same overall price as any type of tape drive system. Although not as flexible as tape, it is much faster, is random access, and is immediately bootable!
(2) Not very common anymore, but still here for comparison
(3) While only useful for one write operation per CD, the media lifetime of CD-ROM is on the order of 50 years vs. ~5yrs for magnetic tapes
(4) Digital Linear Tape (DLT). With compression, capacity can exceed 70GB/tape. Tapes are designed to take far more reads/writes than 4mm/8mm tapes.

8.2 Utilities.

dump/restore - backs up file systems, has interactive mode, can do incremental backups, maintains "sparse files", is most commonly used utility
cpio - can back up individual files/directories, handles special files, packs data tighter than tar, skips bad spots on media on restore, use with find (some versions of find have -cpio option for this purpose)
tar - backs up directory trees, does not back up special files, poor error handling with media errors, does not pack blocks (GNU tar solves some of these problems)
dd - copies/converts files, can go from one medium to another, processes whole entity or select blocks, can swap bytes and do ASCII/EBCDIC conversions
rmt - used for remote tape operations
Here is an email message comparing several backup utilities.

8.3 Backup Model.

A useful backup model suggested by 3M is the "Grandfather, Father, Son" principle. This scheme uses a total of ten units of backup media (where a unit is sufficient to backup the entire system) to provide up to twelve weeks of coverage.

Label ten sets of media with these labels: Monday, Tuesday, Wednesday, Thursday, Friday 1, Friday 2, Friday 3, Month 1, Month 2, Month 3.

Start the cycle on a Friday. Do a full backup onto the Friday 1 media.

Every Monday through Thursday, use the appropriately labelled media to do an incremental backup.

Each Friday, use the next Friday media set to do another full backup, continuing to use the Monday through Thursday incremental scheme.

Every forth Friday, use one of the monthly media sets (Month 1 through Month 3) to do the full backup.

After four months you start the sequence over again. Write the date used on the media each time, and watch error rates, to ensure you recycle tapes before they become unreadable.Backup Model (Example).

Table 5: Example Backup Schedule
------------------------------------------------
Monday     Tuesday  Wednesday  Thursday  Friday  
------------------------------------------------
Monday     Tuesday  Wednesday  Thursday  Friday1 
Monday...  ...                           Friday2 
...        ...                           Friday3 
                                        Month1  
                                        Friday1 
                                        Friday2 
                                        Friday3 
                                        Month2  
                                                
------------------------------------------------

8.4 Copying partitions/portions of file systems.

Example using dump

# dump 0df 100000 - /oldtree |
(cd /newtree; restore xf -)

Specify a very high density parameter (d 100000) to make dump think it's dumping to a very high-capacity "tape." Otherwise, dump may stop in mid-copy and demand that you mount a new "tape."

Example using tar

# (cd /oldroot; tar cvf - ./dir) |
(cd /newroot; tar xf -)

Make sure directories have proper ownership and protection masks after transferring (especially when done across systems)

8.5 Determining a backup strategy

Assumption: The next time you sit down at your system, you find that the hard drive has crashed or a cracker has done an "rm -rf /" while you were gone.

How many drives and partitions do you have?
What does each partition hold? How unique is it?
How often do the contents change?
How likely is the disc to fail? (E.g., a six year old i386)
How much does it cost to replace the contents?
How much can your media hold?
How do you to recover, since you can't boot from disc anymore?
How long does it take to back up/restore? (How much time can you afford?)
What if you only need to restore some files?

8.6 Example Problems

Do a backup to tape/floppy disc using the cbackup script. After you do this, first make sure it worked by listing the contents using the clist script, then restore a set of files to the /tmp directory using the crestore script to make sure you can get them back. (This describes the three scripts).

www.washington.edu

Klik disini untuk melanjutkan »»

Adding a disc drive.

Diposkan oleh Hart di 6:02 PM .

0 komentar

Label: Computer

7 Adding a disc drive.

There is never enough disk space. The minute a new disk is added to the system, it is half full, or so it seems. Getting users to clean up their disk space is as difficult as getting a teenage boy to clean up his room. Therefore, the system administrator will occasionally have to install new disk drives.

7.1 Disc drive terminology.

The circular plate coated with magnetic media is called a platter - drives usually have several platters
The heads ride on a microscopic film of air on the platter surface - all heads move together
The platters spin rapidly and the heads move in and out to position on a track - this action is called seeking
Each track is made up of a number of sectors
The collection of tracks under all of the heads is called a cylinder
When a head touches the surface of a platter, it is called a head crash - this is a Bad Thing (go buy a new disc and get out your last backup!)
Discs are logically divided up (by groupings of cylinders or sectors) into partitions -partitions usually overlap
File systems occupy entire partitions (not all partitions have file systems, e.g. the swap partition)
Every file system has a superblock which contains information such as the file system's label, size, and total number of inodes

This diagram shows an idealized disc drive. Here is an example of how several file systems on three disc drives might be mounted.

7.2 Steps in adding a disc drive.

Make a device entry in /dev for the new disc (use /dev/MAKEDEV)
Make an entry in /etc/disktab (4.2 BSD) or /etc/device.tab (System V.4) for your new disc
Set the SCSI address to a legal, unused SCSI id
Connect the drive to the SCSI bus
Make sure the disc is formatted/partitioned correctly
Make files systems using newfs or mkfs
Make an entry in /etc/fstab for the new partitions
Mount the new partitions
Transfer file systems (if necessary)
Do site specific configurations (e.g., BSD quotas)

7.3 Commands for determining device names/numbers

SunOS 4.x/5.x - dmesg
IRIX - hinv
OSF/1 (Digital Unix), Ultrix - uerf

7.4 Commands for partitioning/formatting drives

SunOS 4.x/5.x - format
IRIX - fx
OSF/1 - disklabel (gets partition information from /etc/disktab)
Ultrix - chpt, rzdisk
Linux - fdisk

7.5 Commands for examining partition information

SunOS 4.x - dkinfo
SunOS 5.x, IRIX - prtvtoc
Ultrix - chpt
Linux - fdisk

7.6 Example BSD partitioning.

BSD systems usually use 8 partitions (labelled "a" through "h")

Example Eagle disc partitions
------------------------------------
Partition  Cylinders  Typical use    
------------------------------------
a          0-15       /              
b          16-86      Swap           
c          0-841      Entire disc    
d          391-407    Alternate Root 
e          408-727                   
f          728-841                   
g          391-841    /usr           
h          87-390                    
------------------------------------

There are several possible ways of creating file systems on these partitions. Here is a diagram of three alternatives.

7.7 Example System V partitioning.

System V systems number their partitions 0 through 7. (Example from IRIX system)

# prtvtoc c0t0d0s2
* c0t0d0s2 partition map
*
* Dimensions:
* 512 bytes/sector
* 84 sectors/track
* 15 tracks/cylinder
* 1260 sectors/cylinder
* 1658 cylinders
* 1656 accessible cylinders
*
* Flags:
* 1: unmountable
* 10: read-only
*
* First Sector Last
* Partition Tag Flags Sector Count Sector Mount Directory
0 2 00 0 103320 103319 /
1 3 01 103320 132300 235619
2 5 00 0 2086560 2086559
5 6 00 235620 1106280 1341899 /opt
6 4 00 1341900 437220 1779119 /usr
7 4 00 1779120 307440 2086559 /usr/openwin

7.8 The Berkeley /etc/disktab file.

Here is an example of an /etc/disktab file used here in C&C for Ultrix systems. The descriptions of the entries can be found in the man pages for disktab (see "man disktab").

7.9 The SunOS format.dat file.

SunOS uses a file called format.dat. This example is from the sun-managers email list.

7.10 /etc/fstab file (System V).

blck-spcl-file mnt-loc [fstype] [options]
/dev/root / efs rw,raw=/dev/rroot 0 0
/dev/usr /usr efs rw,raw=/dev/rusr 0 0

7.11 /etc/fstab file (4.3 BSD).

blck-spcl-file mnt-loc fstype opts dump-freq passno
/dev/sd0a / 4.3 rw,noquota,noauto 0 1

7.12 /etc/fstab file (ULTRIX).

blck-spcl-file:mnt-loc:type:dump-freq:passno:fstype:options
/dev/ra0a:/:rw:1:1:ufs::

7.13 Partitioning considerations

When a file system approaches 100% full, fragmentation tends to occur in the newly created files. If they stick around, and are used frequently, this can have an adverse effect on disc I/O.
When a file system on a partition fills up, you can't create any more files. Period. The glass is full. This means that any programs that need to create files here will start to fail. This means you might want to put your Usenet news spool on a partition other than, say, / (where the operating system usually keeps /tmp) or /usr (where you may have home directories).
The inode table is fixed in size. It does not get bigger to accommodate more files. You may have plenty of space left, but with no more inodes available, you can't create any more files. (Same problem as disc filled.)
If a partition will have a high percentage of predominately large files, or a high percentage of predominately small files, the default block size may not efficiently allow the files to be organized on disc.

7.14 Remaking a disc partition

Dismount file system

# umount /data

Backup file system (assumes 6250 BPI tape density and length factor of 24000)

# dump 0ds 6250 24000 /dev/disk2g

Check to see the backup is good

# restore t

Remake the file system (assumes m2694esa 1.1gb 3.5" Fujitsu drive per disktab example)

# newfs -b 16384 /dev/rdisk2g M2694ESA

Mount the new file system

# mount /data

Restore files

# cd /data
# restore r

7.15 Example Problems and Reading

www.washington.edu

Klik disini untuk melanjutkan »»

Hardware maintenance tips.

Diposkan oleh Hart di 6:00 PM .

0 komentar

Label: Computer

6 Hardware maintenance tips.

Some simple ideas that will help keep your hardware alive and healthy.

Shutdown, then power off the system before changing any part or plug (exceptions: serial port devices and ethernet interfaces)
Use anti-static mat and/or wrist strap
Be firm but gentle when seating boards, chips, connectors, etc.
Keep it clean, especially air filters & ventilation paths
Leave it powered up all the time (exception: video display)
Don't drink anything around your machinery
Put a power surge suppressor on the power line
Avoid vibrations and shocks (e.g., avoid stacking components

www.washington.edu

Klik disini untuk melanjutkan »»

Tuesday, July 28, 2009

How to Clean a Computer : How to Clean a Computer Heat Sink

Diposkan oleh Hart di 11:47 PM . Tuesday, July 28, 2009

0 komentar

Label: Computer

Klik disini untuk melanjutkan »»

Wednesday, July 22, 2009

Learn how to use Computer Internet and Search Engines.

Diposkan oleh Hart di 6:50 PM . Wednesday, July 22, 2009

0 komentar

Label: Computer

Welcome to Computer Internet and Search Engines page. This page is dedicated to explain what is Internet and howto use search engines to find information on the Internet. Also list of Internet search engines that can be used to find information.

What is the Internet?

The Internet is basically a bunch of computers linked together through a network so computer users in different locations canhave access to the same information. Most people use a modem linking their computer to an internet service provider (ISP) through the phone line. Web pages are files stored on computers located all over the world.
google_protectAndRun("render_ads.js::google_render_ad", google_handleError, google_render_ad);

Computer Internet Security
Internet is the main source for computer viruses. visit computervirus removal page for more information on this.
The Internet is a client-server system. Your computer is the client, and the computer which stores the data is the server. When you click onto a website, your computer requests the web page from the specific server storing that file. That server sends the data you've requested over the internet to your computer. Your web browser interprets the data and displays it on your computer screen.

Types of Internet connections

Dial-up
In dial-up connections you have to use your phone line to dial-in and get the connection from your Internet service provider. The main disadvantage is that you your phone line is blocked while you are surfing the net.

High speed Internet connections
There are many high speed Internet connections available now. Click here to read more on high speed Internet connections.

What is web hosting?
Web hosting is the process of loading web pages to public server computers, where everybody can access. Yahoo web hosting service is one of the best in the industry.
google_protectAndRun("ads_core.google_render_ad", google_handleError, google_render_ad);

What are Search Engines?
People use Search Engines to find information and web sites.Ex: Yahoo, Google, MSN.
How to find exact information from Search Engines?
There are few advance ways to find out exactly what you want fromInternet Search Engines. Click here to learn more on advance search engine and Google search terms.

www.preventiveguru.com

Klik disini untuk melanjutkan »»