Oracle Solaris 11 Auditing

Important files to know: /etc/security/audit_class and /etc/security/audit_event

Important Commands to know: auditconfig , auditrecord

Location for Auditing Logs : /var/audit/

auditconfig -getflags

auditconfig -getnaflags (Get non-attributable flag)

auditconfig -getplugin   (To determine which plugins are active)

auditconfig -lspolicy ( List of policies)

auditconfig -getpolicy 

auditconfig -setpolicy -cnt (Removing the cnt policy)

auditrecord -c lo (To determine the type of records included under the lo class. Option -c is for selecting the class as mentioned in audit_class)

Configuring Solaris Zones in VCS Clusters

I have been thinking from quite a while for providing the High Availability to Non-Global zones Vertias Clusters.

Lets see , how we can configure the same.

In Vertias Cluster, Assuming that the non global zone will be on a shared storage and we are configuring a failover or a parallel Service Group.

Configure a parallel service group with required storage resources (DiskGroup,Volume, Mount, etc.) to mount the zone root on the nodes. Set the required dependency between storage resources (DiskGroup->Volume->Mount).
sysA# hagrp -add zone_grp
sysA# hagrp -modify zone_grp Parallel 1 (This step is not included while configuring failover)
sysA# hagrp -modify zone_grp SystemList sysA 0 sysB 1
sysA# hares -add zone_dg DiskGroup zone_grp
sysA# hares -add zone_vol Volume zone_grp
sysA# hares -add zone_mnt Mount zone_grp
sysA# hares -link zone_mnt zone_vol
sysA# hares -link zone_vol zone_dg

Bring the service group online on all the nodes. This command mounts the zone root on all the nodes.
sysA# hagrp -online zone_grp -any  (Parallel)
sysA# hagrp -online zone_grp -sysA  (Failover)

Boot the local zone on all the nodes outside VCS.
sysA# zoneadm -z local-zone1 boot
sysB# zoneadm -z local-zone2 boot

Run the hazonesetup utility with correct arguments on all the nodes successively.(Parallel)
sysA# hazonesetup -g zone_grp -r zone_res -z local-zone1 -p password -a -l -s sysA,sysB
sysB# hazonesetup -g zone_grp -r zone_res -z local-zone2 -p password -a -l -s sysA,sysB

Run the hazonesetup utility with correct arguments on all the nodes successively.(Failover)
sysA# hazonesetup -g zone_grp -r zone_res -z local-zone1 -p password -a  -s sysA,sysB
sysB# hazonesetup -g zone_grp -r zone_res -z local-zone2 -p password -a  -s sysA,sysB

Set the proper dependency between the Zone resource and other storage
resources. The Zone resource should depend on storage resource
(Mount->Zone).
sysA# hares -link zone_res zone_mnt

How-to for simple SysAdmin tasks which gets performed differently on Solaris 11

The previous behavior of modifying a configuration file to configure naming services no longer works. 

How a system will get information on hosts, users? 
On Solaris 10 - Update /etc/nsswitch.conf

On Solaris 11 
#svccfg -s svc:/system/name-service/switch:default


How a system will be able to resolve the hostname resolution with DNS?
On Solaris 10 - Update /etc/resolv.conf

On Solaris 11
# svccg
svc:> select /network/dns/client
svc:/network/dns/client> setprop config/options = "ndots:2,retrans:3,retry:1"
svc:/network/dns/client> listprop config/options
config/options astring     ndots:2,retrans:3,retry:1
# svcadm refresh dns/client

How to change the hostname of the system?
On Solaris 10- Update /etc/nodename

On Solaris 11
# svccfg -s svc:/system/identity:node setprop config/nodename = astring: nodename
# svcadm refresh svc:/system/identity:node

# svcadm restart svc:/system/identity:node

How to change or configure Locale and the timezone?

Solaris 11 -changing locale
# svccfg -s svc:/system/environment:init setprop environment/LANG = astring: fr_FR.UTF-8# svcadm refresh svc:/system/environment

Solaris 11- For changing Timezone
# svccfg -s timezone:default setprop timezone/localtime= astring: US/Mountain

# svcadm refresh timezone:default

How to set default route on Solaris 10 vs 11?
On Solaris 10,
You need to update /etc/defaultrouter

Oracle Solaris 11, you can persistently set the default route for a system,
route -p add default ip-address

Few Important Solaris 11 process

The below are the few important processes which does not require any administration but important to know.

fsflush	System daemon that flushes pages to disk
init	Initial system process that starts and restarts other processes and SMF components
intrd	System process that monitors and balances system load due to interrupts
kmem_task	System process that monitors memory cache sizes
pageout	System process that controls memory paging to disk
sched	System process that is responsible for OS scheduling and process swapping
vm_tasks	System process with one thread per processor that balances and distributes virtual memory related workloads across CPUs for better performance.
zpool-pool-name	System process for each ZFS storage pool containing the I/O taskq threads for the associated pool

Understanding the Boot Process of Solaris 11 -First Cloud Ready OS

##Boot Process on Sparc Platforms.##

The boot process can be divided in 4 parts in Sparc Platforms. However the last three steps are common on the SPARC and x86 hardwares.

1. OpenBoot PROM phase
-The OpenBoot Program starts looking for a filesystem reader, it reads the partition map on the boot disk, called a VTOC , at sector 0 . The utility will find and load a file reader from sectors 0-15 , an area called the boot block.
-Now it can find and read the boot archive , a collection of configuration files and driver code that prepares the system to load and execute the kernel program.

Imp1 : We can override the values that are passed as defaults to the kernel by running  " boot -a " 
Imp2: We can also change the running state or the logging level of Solaris 11 system using "boot -m "

boot -m milestone=<milestone> ( none | all | single-user |multi-user|multi-user-server ] -For setting run state.
boot -m [quiet|verbose|debug]   --For Logging

##Boot Process on x86 Platforms.##
In x86 boot process the BIOS call the Master Boot Record (MBR) , 512-byte construct that includes support for a partition table and bootstrap code. The MBR provides support for multibooting, a practice of putting multiple operating systems on a single disk.

The x86 counterpart to the OBP boot utility is the GRUB(Grand Unified Boot Loader)

2. Booter phase
At this point the boot archive file gets read. it comes in a sequence before a file system is available, which is why system needs a special file reader, identified by bootfs variable , to begin with.

Imp: There are three important variables which are being passed.
-bootfs - Locates the file system reader. (variable value eg: rpool/ROOT/solaris)
-kernel -This variable locates the kernel program (variable value eg: /platform/i86pc/kernel/amd64/unix
-module - This variable locates the boot archive file (variable value eg: /platform/i86pc/amd64/boot_archive )

3. Ramdisk phase 
The Ramdisk component is a file in ISO format that is mounted and used as a stand-alone, read-only filesystem. It contains drivers and configuration files which setup the earliest stanges of initalizing the kernel program.

Imp: Boot archive is the ramdisk image.

4. Kernel phase
Once those drivers supports the root file system and can attach it to the root device specified in system setup. The kernel then extracts the remaining primary modules from the boot archive, initializes itself, mounts the real root file system, then discards the boot archive. Once initialized, the kernel program can call other programs that build the system to a user-accessible state.

In details:
Once the kernel is loaded, it starts the UNIX system, mounts the necessary file systems from vfstab and  runs /usr/sbin/init to bring the system to the “initdefault” state specified in /etc/inittab. 

When the system is booted, init is invoked and the following occurs. First, it reads the properties for the svc:/system/environment:init service. Among these properties are values for locale-related environments, such as LANG or LC_CTYPE. init then looks in /etc/inittab for the initdefault entry 

Inittab Important Entires
ap::sysinit:/usr/sbin/autopush -f /etc/iu.ap
smf::sysinit:/lib/svc/bin/svc.startd    >/dev/msglog 2<>/dev/msglog </dev/console

p3:s1234:powerfail:/usr/sbin/shutdown -y -i5 -g0 >/dev/msglog 2<>/dev/msglog

Lets understand each of the top two important entries.
ONE   ap::sysinit:/usr/sbin/autopush -f /etc/iu.ap
The autopush command configures the list of modules to be automatically pushed onto the stream when a device is opened. It can also be used to remove a previous setting or get information on a setting.

cat iu.ap  -This file contains 
#        major     minor       lastminor        modules
          wc            -1                 0                  ldterm  ttcompat

          qcn            0             255                 ldterm  ttcompat

The mentioned modules in the file are present in /kernel/drv directory. For example wc.conf is mentioned in the /kernel/drv and the modules will be loaded accordingly.

SECOND

smf::sysinit:/lib/svc/bin/svc.startd    >/dev/msglog 2<>/dev/msglog </dev/console

svc.startd is the master restarter daemon for Service Management Facility (SMF) and the default restarter for all services. svc.startd starts, stops, and restarts services based on administrative requests, system failures, or application failures

So, Now lets understand what is boot-archive.
When we install Solaris 11, the system creates the archive by copying key files from the root filesystem . And when ever we make any configuration change which might affect one of these files, so it's important to keep boot archive in sync with the root filesystem copy before shutting down.(sync using update-archive command )

Imp: In solaris 11 the bootadm utility is used to perform the below task.
SPARC: bootadm list-archive and update-archive
x86 : bootadm list-archive | update-archive | list-menu |set-menu

Imp: