利用mksysb进行系统备份有什么好处
环境 产品:RS/6000
软件: AIX
问题 利用mksysb进行系统备份有什么好处
解答 IBM AIX UNIX 与其它的 UNIXs 系统相比, 有两个不同的特征:ODM (object database manager) 及 LVM (logical volume manager). 一般而言, 用cpio 或 tar 的指令亦可以备份 volume groups , 但对於完整的系统而言, cpio 及 tar 在 restore 时并不会正确的完成. 而正在使用中的系统,如果企图去执行 restore 的动作, 有可能会造成目前的环境 crash. 利用 mksysb 来备份到磁带时, 可制作一个可开机的磁带, 并且可以正常的还原作业系统的 ODM 及 LVM .
如何平稳地停止AIX系统运行?
环境 产品:RS/6000
软件: AIX
问题 如何平稳地停止AIX系统运行?
解答 您可以使用 shutdown 或是 reboot 指令来将服务及系统离线.
shutdown 指令有许多参数来控制如何停止系统. 依照预设值, 它会警告使用者1分钟, 接着终止运行中的处理程序, 同步化档案系统, 并且停止CPU的动作. 您可以用 -r 参数来使系统关机后立即开机, 或是下 reboot 指令.
# shutdown -m +5 系统五分钟后关闭至单一使用者模式
# shutdown -r 关机后重新开机
# shutdown now 立即关机
# shutdown -k 放弃关机
如何解决AIX上不能增加新用户,错误讯息 3004-687
环境 产品:RS/6000
软件版本: Aix 3.2, 4.x
问题 AIX上不能增加新用户,错误讯息 3004-687
解答 本文供了排除以下错误的建议:
- 增加新用户出错
- 错误信息3004-687 表明用户不存在
--------------------------------------------------------------------------------
排错建议:
1. 检查root文件系统是否已满?
2. 检查:
- /etc/passwd 文件中是否有空行
- /etc/passwd 文件中是否部分行语法不正确
- nobody 使用者是否遗失或其group为-2. 该行应该如下:
nobody:!:4294967294:4294967294::/:
3. 如果以上均正确,检查/etc/security目录中的以下档案的权限许可:
档案 权限
------------------------
.ids -rw-------
environ -rw-r-----
limits -rw-r-----
passwd -rw-------
user -rw-r-----
4. 以下的命令对除错也很有帮助(查MAN来获得详细的帮助)
usrck -t ALL
pwdck -t ALL
grpck -t ALL
5. 在mkuser.default 文件中的umask属性是八进位,但不要有前置0,所以:
umask=77 正确,转成八进位 077.
umask=077 错误,转成八进位制 063.
6. 如果以上都正确,关机并重开进入维护模式,对root 和 user档案系统做fsck。
在Korn Shell中要如何设定 prompt 才会显示出目前所在的目录?
环境 产品:RS/6000
软件: AIX
问题 在Korn Shell中要如何设定 prompt 才会显示出目前所在的目录?
解答 本文所述方法针对Korn Shell
把下面这行加入你的 .profile 中:
PS1='$PWD $ '
如果你只想显示最後一个部分,可以用
PS1='${PWD##*/} $ '
对于JESMSG,在SDSF进入该JESMSG显示屏幕,进行类似于上述2中的操作即可.
/var/adm/wtmp档案太大怎么办
环境 产品:RS/6000
软件:AIX
问题 /var/adm/wtmp文件保存所有用户登录的讯息,随著时间会增长到很大,/var/adm/wtmp档案太大时怎么办?
解答 /var/adm/wtmp档案太大时,有时需要清理或编辑整理。
要清理它,执行cp /dev/null /var/adm/wtmp.
要编辑整理部分清理,用fwtmp命令先将文件wtmp变成ASCII格式的档案dummy.file:
/usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file,
编辑之後用
/usr/sbin/acct/fwtmp -ic < dummy.file > /var/adm/wtmp
再将ASCII文件转变成二进位文件.
JESMSG显示屏幕,进行类似于上述2中的操作即可.
2001/06 AIX安全防范有关的补丁(APAR)
环境 AIX V4.3
问题 2001/06 AIX安全防范有关的补丁(APAR)
解答 以下列出了AIX当前(2001/06)的安全防范有关的补丁(APAR)。如果想下载所有这些补丁,可通过在网站 http://techsupport.services.ibm.com/rs6k/fixdb.html 上指定以下的一个APAR包号来获得:
AIX 4.3: IY19897 (updated 6/2001)
========================================================
AIX 4.3 APARs
IX72045 CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED
IX72553 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING
IX73077 SECURITY: FTP BOUNCE VULNERABILITY
IX73214 SECURITY: TELNET DENIAL OF SERVICE ATTACK
IX73438 SECURITY: VULNERABILITY IN DTAPPGATHER
IX73586 SECURITY HOLE IN FTP, TFTP, UTFTP
IX73836 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOG IN
IX73951 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS
IX73961 PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY
IX74296 PROGRAMS USING LEX GENERATED SOURCE COREDUMP
IX74599 SECURITY: VULNERABILITY IN DIGEST
IX74793 SECURITY HOLE IN TN3270
IX74802 CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K
IX75275 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS
IX75554 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES
IX75564 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH
IX75566 SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS
IX75761 BAD FILE HANDLE CAN CRASH LOCK DAEMON
IX75840 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ
IX75864 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES
IX76015 NFS V2 DOES HANDLE 65535 AS A UID
IX76039 SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY
IX76040 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS
IX76049 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE
IX76960 BIND: CERT ADVISORY CA-98.05
IX76962 BIND: CERT ADVISORY CA-98.05
IX77338 SECURITY: SORT CREATES INSECURE TEMPORARY FILES
IX77508 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE
IX77592 SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES
IX78071 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS
IX78202 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.
IX78248 SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX78349 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG
IX78564 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER
IX78612 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.
IX78646 SECURITY: RC.NET.SERIAL CREATES INSECURE TEMPORARY FILES
IX78719 NFS V2 DOES NOT HANDLE 65535 AS A UID
IX78732 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN
IX79136 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS
IX79139 SECURITY: ACLPUT/ACLEDIT CREATE INSECURE TEMPORARY FILES
IX79679 "RCP SECURITY PROBLEM"
IX79681 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS
IX79682 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS
IX79683 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS
IX79700 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS
IX79701 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS
IX79857 SECURITY HOLE
IX79909 NSLOOKUP CORE DUMPS WITH LONG STRINGS
IX79979 SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX80036 SECURITY: CRON CREATES INSECURE LOCK FILE
IX80387 SECURITY: INSECURE CREATION OF LPD LOCK FILE
IX80391 SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS
IX80447 SECURITY: BUFFER OVERFLOWS IN IMAPD
IX80470 SECURITY: PTRACE() PROBLEM WITH SET-GID PROGRAMS
IX80510 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS
IX80543 SECURITY:LIBNSL BUFFER OVERRUNS
IX80548 SECURITY: RAS SCRIPTS SHOULDN'T FOLLOW SYMLINKS
IX80549 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES
IX80762 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES
IX80792 SECURITY: BUFFER OVERFLOWS IN IMAPD
IX81058 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS
IX81077 SECURITY: TTYLOCK() ALLOWS CREATION OF WORLD-READABLE FILES
IX81078 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS
IX81442 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD
IX81507 SECURITY: MORE VULNERABILITIES IN PCNFSD
IX81999 POST COMMAND SHOULD NOT BE SUID
IX82002 FORCE REXECD USER PRIVILEDGES
IX83752 SECURITY: VULNERABILITY IN AUTOFS
IX84493 SECURITY: VULNERABILITY IN SETGID EXECUTABLES
IX84642 SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD)
IX85233 SECURITY : MAILBOX GETS CORRUPTED
IX85556 SECURITY: BUFFER OVERFLOW IN FTP CLIENT
IX85600 BOOTP: CERT ADVISORY
IX86845 SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER
IX87016 REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME
IX87669 NULL MBUF CAN CRASH SYSTEM IN NFS CODE
IX87727 STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS
IX88021 ADD FINGER TIMEOUT
IX88263 SECURITY: SNAP MAY LEAK SENSITIVE INFORMATION
IX88633 SECURITY: INSECURE TEMPORARY FILES IN /SBIN/RC.BOOT
IX89182 LICENSE SERVER HANGS
IX89415 SECURITY: XAUTH IS BROKEN IN 4.3.X
IX89419 SECURITY: BUFFER OVERFLOW IN DTSPCD
IX89687 SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES
IY00892 INSECURE TEMPORARY FILES IN BOS.PERF PACKAGING SCRIPT
IY01439 SECURITY: INSECURE TEMPORARY FILES IN /ETC/RC.POWERFAIL
IY02120 SECURITY: BUFFER OVERFLOW IN NSLOOKUP
IY02397 SECURITY: NON-ROOT USERS CAN USE PTRACE TO CRASH THE SYSTEM
IY02944 SECURITY: BUFFER OVERFLOW IN "DTACTION -U"
IY03849 SECURITY: VULNERABILITY IN TTSESSION
IY04477 SECURITY BUFFER OVERFLOWS IN FTPD
IY04865 SECURITY: NON-ROOT USERS CHANGE SYS INFO VIA SNMPD
IY05249 SECURITY: BUFFER OVERFLOWS IN SNMPD
IY05772 SECURITY: POSSIBLE BUFFER OVERFLOW IN AIXTERM TITLE HANDLING
IY05851 NAMED8: SECURITY VULNERABILITIES IN BIND
IY06059 GENFILT CANNOT FILTER PORT NUMBERS > 32767
IY06367 SECURITY: VULNERABILITY IN DTPRINTINFO
IY06589 BUG IN GET_SEQNUM
IY06694 SECURITY: ANOTHER BUFFER OVERFLOW IN DTSPCD
IY06697 SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY AGAIN
IY06814 CRASH IN FLTR_IN_CHK() M_COPYDATA()
IY06817 XDM HAS TROUBLE WITH LONG PASSWORDS
IY07265 CHSEC ALLOWS NON-ADMIN USR TO CHANGE ADMIN USER ATTRIBUTES
IY07425 IN CERTAIN CASES, LIBQB ROUTINE CAN CAUSE CORE DUMP
IY07831 SECURITY: BUFFER OVERFLOW IN SETCLOCK
IY07832 SECURITY: ANOTHER BUFFER OVERFLOW IN PORTMIR
IY08128 SECURITY: VULNERABILITY IN MKATMPVC
IY08143 SECURITY: BUFFER OVERFLOWS IN ENQ COMMAND
IY08606 SECURITY: BUFFER OVERFLOW IN _XAIXREADRDB
IY08812 SECURITY: BUFFER OVERFLOW IN SETSENV
IY09514 SECURITY: VULNERABILITY IN FRCACTRL
