SecurePlatform Tips v1.0
This document does assume a basic knowledge of Linux.
Authors:
Brian Linder
SE Manager, NJ/PA
[email protected]
Jon Paine
Professional Services (UK)
[email protected]
***************************************************
Virtual Consoles During Install :
Alt-F1
Alt-F2
Alt-F3
Alt-F4
These keystrokes switch you between the virtual consoles of Linux. This is particularly useful during Installation of SPLAT to see progress.
Find Files:
find / -size +10000k (Find any file larger than 10000K)
find $FWDIR -name '*.elg' -size -500k (Find *.elg files smaller than 500k)
find /home/david -mtime -2 -name '*.c' (Find files modified less than 2 days ago)
find /home/david -mmin -10 -name '*.c' (Find files modified less than 10 mins ago)
find $FWDIR -name *.C -exec grep "pattern" '{}' /dev/null \; -print (Find ”pattern” in *.C files under $FWDIR)
du –k | sort –nr | head -20
This will display the size of all
folders beneath on the system, sort them in numerical order and display
the 20 largest entries. ”/” will show all directories on all
filesystems. ”$FWDIR” will only show directories therein. The man page
contains more information and there are several very good online
tutorials for find available.
Login Directly to Expert Mode:
chsh –s /bin/bash admin Go directly to expert mode, skiping the restricted cpshell. Permanent change.
chsh –s /bin/cpshell admin Revert the change.
See What Traffic Was Dropped But Not Logged:
fw ctl zdebug + drop | grep
Allow admin user to scp files to the SPLAT box:
grep admin /etc/scpusers | wc –l
If 0, then do this:
echo admin >> /etc/scpusers
Any user can be substituted for admin. WinSCP users: In order to use
WinSCP, you must also issue the following to change admin’s shell to
bash:
chsh –s /bin/bash admin
Note: This is a security risk as this bypasses cpshell for this user. Use with caution.
Run a command from the shell repetitively:
Repeat a particular command until :
watch –-interval=5 (commands) Note: output cannot be redirected to a file.
To have more flexibility use:
while true;
do
sleep 5
(commands)
done
All commands should be followed by a Carriage Return. Example commands could be
ls –lh *.elg
cpwd_admin list
echo >> ~/routes.txt ; zdump utc >> ~/routes.txt; netstat –rn >> ~/routes.txt
Rediretion of output is fully supported.
Force Interface Speed/Duplex (Not gigabit):
There are three tools to do this from
the shell. Ethtool, mii_tool and eth_set. ’eth_set’ is preferred and
survives a reboot. The others do not.
eth_set [interface] [<10h|10f|100h|100f|1000h|1000f|autoneg>]
ethtool -s DEVNAME speed 10|100|1000 duplex full|half autoneg off|on
mii-tool [-VvRrwl] [-A media,... | -F media] [interface ...]
mii-tool eth1 -F 100baseTx-FD will force the eth1 interface to 100 Mbps link speed, full duplex.
mii-tool eth0 -F 10baseT-HD will force eth0 to 10Mbps link speed and half duplex.
Ethtool and mii-tool commands can be put at the end of /etc/rc.local startup script to survive a reboot.
Please note the Gigabit Ethernet standard requires the use of
autonegotiation to establish the master-slave signal timing control
required to make the link operational. Do not use these commands to
disable autonegotiation for Gigabit links.
Conflicts Between SNX/VM, SmartPortal and SPLAT WebUI:
SNX and Visitor Mode conflict with the default SPLAT admin GUI port of 443. To remedy:
webui enable 445 (moves it to 445)
or, for a better security:
webui disable
Find out the features of a SKU per whatever cp.macro is on your SPLAT box:
cplic resolve_macro ::CPVP-VSI-100-NGX
Use this command to compare features of two SKUs:
cplic resolve_macro ::CPVP-VSI-100-NGX > VSI
cplic resolve_macro ::CPVP-VMC-100-NGX > VMC
diff VSI VMC
Some Performance Commands:
top
uptime
free
vmstat
cat /proc/sys/fs/file-max
cat /proc/sys/fs/file-nr,
cat /proc/interrupts (verify how IRQs are being balancing across CPUs)
About Connecting SPLAT to a Terminal Server:
Say you connect to the serial port via a
network console server. Basically, you telnet to the server on the
numbered port that you wish to connect to. This numbered port has RJ45
connection to a serial adapter on the device serial port.
Some
terminal servers detault to vt100 terminal emulation mode by default.
SPLAT installation takes place in ANSI terminal mode. This mismatch
causes the server to receive a string of characters that it did not
understand. Once you change the mode to ANSI on the console server (and
the client software - HyperTerminal) we were able to see the boot menu
correctly.
With --silent enabled (as it is by default) in /etc/grub.conf, you don't see the full boot menu unless you hit a key.
Compute a File Integrity Checksum:
md5sum [filename]
sha1sum [filename]
Useful Commands for Identifying Versions:
kernelversion
uname –a
ver
fw ver
cpshared_version
Watch Appended Data to a Log File (or any file) on the Fly:
tail –f /var/log/messages
Create a Text File from the Command line – Quick and Dirty:
cat > myfile
(type a line)
(type a line)
(etc.)
EOF (Hit Ctrl-D)
Useful Networking Commands:
ifconfig –a
netstat –rn (route)
netstat –i (interface errors)
netstat –an (all stats, but do not resolve service names)
netstat –antp (which processes listening on which ports)
View the first (or last) Few Lines in a File:
head -10 filename (See first 10 lines)
tail -5 filename (See last 5 lines)
wc –l (Count the lines in a file)
Output a File, Doing a Search-Replace on the Fly:
Replace all occurrences of x with y in fname, and output it to newfname:
cat fname | sed ’1,$s/x/y/g’ > newfname
Log a Message in /var/log/messages:
syslog:
logger
logger [options] [message...]
TCP/IP command. Add entries to the system log (via syslogd). If no
message is given on the command line, standard input is logged.
Clever Use of Directory Listings:
cd /etc
ls –la | grep host (show all files with host in the filename)
ls –la | grep host | grep –v hosts (show all files with host, but not hosts)
Quick and Dirty ’tar’ tutorial:
Create a tar backup of a directory – using relative file names:
cd /whichdir
tar cvzf myfile.tgz ./*
List the tar archive:
cd /whichdir
tar tvzf myfile.tgz
Extract the tar archive to a directory:
cd /myrestoredir
tar xzvf myfile.tgz
Create a tar backup of a directory – using absolute file names (use carefully!)
cd /whichdir
tar cvzf myfile.tgz /etc/*
Restore a tar backup of a directory – using absolute file names (use carefully!)
cd /whichdir
tar xvzf myfile.tgz
Mount a CD-ROM:
mount /dev/cdrom
cd /mnt/cdrom
When you are done:
umount /dev/cdrom
Note: You can’t eject the CD-ROM until you umount it.
Mounting an ISO from the local filesystem:
mount -t iso9660 -o loop ~/singlecd.iso /mnt/cdrom
Singlecd.iso assumed to be in the home directory ”~/”.
Mount a USB drive in SPLAT:
modprobe usb-storage Load the module for usb mass storage (once per re-boot): (Plug in the USB key)
dmesg | more Look in dmesg for the device node to mount from. Likely to be SDB1 or SDD1)
mount -t vfat /dev/sdb1 /mnt/usb Mount the volume (/dev/whatever designation from above) (Copy files to or from /mnt/usb)
umount /mnt/usb Unmount when finished
Syntax of the Crontab:
# Use the hash sign to prefix a comment
# +---------------- minute (0 - 59)
# | +------------- hour (0 - 23)
# | | +---------- day of month (1 - 31)
# | | | +------- month (1 - 12)
# | | | | +---- day of week (0 - 7) (Sunday=0 or 7)
# | | | | |
# * * * * * command to be executed
Nobody can ever remember this, so refer to the man pages or online tutorials.
File Types and Execution Path Checking:
which cpstop (which cpstop will be executed based on the shell path)
file cpstop (what kind of file is cpstop – script? complied executable?)
file `which cpstop` (use command substitution to combine the two commands)
basename filename (strip the path off of a filename)
Determine the Hardware Compatibility of a particular PCI NIC:
Need to determine HCL compliance of a PCI device? Before opening an SR, perform:
lspci -nv
lspci -vv
lsmod
Correleate vendor/device with http://pci-ids.ucw.cz or http://www.pcidatabase.com/
Determine the NIC driver version you are using:
cat /etc/modules.conf
ethtool –i eth0
See What Files Changed During any Operation:
du –k | sort –nr > before
(perform the command)
du –k | sort –nr > after
diff before after
Investigate Check Point Configuration from the Command Line:
$CPDIR/bin/cpprod_util -?
cpwd_admin list
Using cpinfo to Re-create a SmartCenter (not supported):
You can do this partially. The cpinfo
should have a copy of most of the files in the conf directory. Infoview
will let you drag files from it onto a folder on your machine.
What I do is take these files
objects_5_0.C
rulebases_5_0.fws
fwauth.NDB
*.W
(maybe asm.c if necessary)
Put them on a machine that has the same IP and hostname as the original
management server, overwriting the existing files in $FWDIR/conf.
Remove $FWDIR/conf/applications.* and $FWDIR/conf/CPMILinks* (this is
important or else it will not work) and then cpstop;cpstart and you
should be able login and have the objects and rules and users from the
old management server. This method does not preserve the SIC database,
however, so you’ll have to reset SIC on any modules you have. I don’t
think that the cpinfo contains enough info to save the SIC database, but
not sure since I haven’t really tried to do it before.
Recovering a Forgotten SPLAT Password:
1. If you know the Expert Mode password,
but not any of the user passwords, go to Maintenance Mode. The Expert
Mode password is also used to access Maintenance Mode. Once in
Maintenance Mode, issue the cpshell command. Use the adduser command to
create a new user, whose password is known. If you don't have the option
of creating a new user, you're probably stuck following the steps for
when you know neither the Standard Mode nor the Expert Mode password
(see #3 below).
2. If you know a user's Standard Mode password,
but you've forgotten the Expert Mode password, things get a little
trickier, but not too bad. I used a bootable Linux distro (tested with
Knoppix & F.I.R.E.).
a) boot to CD
b) mount the hard disk ( mount /dev/hda2 /mnt/hda2 )
c) edit the SecurePlatform passwd file - change the user's default shell from cpshell to bash (see tip above)
d) boot to SecurePlatform & login with the user you just modified; you get a bash prompt
e) use the passwd command to change the Expert Mode password
f) edit passwd & change the user's default shell back to cpshell
I tested this using a special user created for the test and also with admin.
No problems either way.
3. If you don't know the Standard Mode password and you don't know the
Expert Mode password, things are even trickier, but you can still get
in.
You'll need access to another SecurePlatform installation and a bootable Linux distro for this one.
a) go to a SecurePlatform box where you know the passwords
b) copy the /etc/passwd and /etc/shadow files to a floppy
c) go to the SecurePlatform machine where you don't know the passwords and boot to your bootable Linux CD
d) mount the hard disk and the floppy with passwd and shadow files
e) move the existing passwd and shadow files to .old
f) copy the passwd and shadow files from the floppy to your SecurePlatform machine
g) edit passwd and change the user's default shell from cpshell to bash
h) boot to SecurePlatform and login using the user you just modified;
you get a bash prompt. You may also get an error message if the user
doesn't have a home directory - you should still be able to login
i) use the passwd command to change the Expert Mode password
j) edit /etc/passwd & change the user's default shell back to cpshell
I also changed the permissions on passwd & shadow to match their
original permissions. For passwd, the original permissions were 644. For
shadow, the original permissions were 400.
Additonal Notes for HP/Compaq:
"The Compaq/HP servers use the Smart Array 5i controller which uses the
cciss driver. It was loading, but not seeing any drives. Also, the CD
ROM was stalling during load as it was trying to load as a SCSI device,
and it was not on the controller. Here is what I had to do:
Boot Knoppix by entering boot:knoppix26 atapicd
Once the sytem was up:
cd /dev
MAKEDEV cciss (caps needed) and it created like 100 objects under /dev/cciss
Mounted the drive with mount –o rw /dev/cciss/c0d0p3 /mnt/tmp
It appears that c0d0p1 (partition 1) is the boot partition, c0d0p2
(partition 2) is the swap space, and c0d0p3 (partition 3) is the
application drive."
BONUS: Recovering a Forgotten IPSO Password:
Recovery a Nokia lost password:
You must have local serial console access to the unit to perform this procedure.
1. Boot system into single user mode. To do this reboot or power cycle
the machine, When you see the line " boot: " you must enter "-s" before
it goes into multiuser mode. (you have about 10 seconds)
* on a ip330 or ip650 you need to type boot -s at the BOOTMGR prompt*
2. After it boots, it will ask you "Enter pathname of shell or RETURN for sh:", press Enter key.
3. Type "/etc/overpw" in the # prompt. It will ask if you want continue, type "y".
In
IPSO 3.1.3 systems and earlier, it will ask you to put a floppy disk
into the floppy drive to make sure you have physical access to the box.
Put a floppy disk into the floppy drive and press Enter key. IPSO 3.1.4
and later does not ask this question.
In IPSO 3.4 and above,
/etc/overpw will ask you to set a password. The admin password defaults
to no password in earlier versions of IPSO.
4. Continue to boot to multiuser mode.
5. Login as admin. If a password is required, you will be asked for one.
6. Use the dbpasswd command to set a new password:
nokia[admin]# dbpasswd admin newpassword ""
(Note that the "" is necessary to specify (NULL) as the old password.)
Then, save this new password to the configuration file so that you can log into Network Voyager:
nokia[admin]# dbset :save
See What Traffic Was Dropped But Not Logged:If 0, then do this:
echo admin >> /etc/scpusers
Any user can be substituted for admin. WinSCP users: In order to use WinSCP, you must also issue the following to change admin’s shell to bash:
chsh –s /bin/bash admin
Note: This is a security risk as this bypasses cpshell for this user. Use with caution.
Run a command from the shell repetitively:watch –-interval=5 (commands) Note: output cannot be redirected to a file.
To have more flexibility use:
while true;
do
sleep 5
(commands)
done
All commands should be followed by a Carriage Return. Example commands could be
ls –lh *.elg
cpwd_admin list
echo >> ~/routes.txt ; zdump utc >> ~/routes.txt; netstat –rn >> ~/routes.txt
Rediretion of output is fully supported.
Force Interface Speed/Duplex (Not gigabit):eth_set [interface] [<10h|10f|100h|100f|1000h|1000f|autoneg>]
ethtool -s DEVNAME speed 10|100|1000 duplex full|half autoneg off|on
mii-tool [-VvRrwl] [-A media,... | -F media] [interface ...]
mii-tool eth1 -F 100baseTx-FD will force the eth1 interface to 100 Mbps link speed, full duplex.
mii-tool eth0 -F 10baseT-HD will force eth0 to 10Mbps link speed and half duplex.
Ethtool and mii-tool commands can be put at the end of /etc/rc.local startup script to survive a reboot.
Please note the Gigabit Ethernet standard requires the use of autonegotiation to establish the master-slave signal timing control required to make the link operational. Do not use these commands to disable autonegotiation for Gigabit links.
Conflicts Between SNX/VM, SmartPortal and SPLAT WebUI:
SNX and Visitor Mode conflict with the default SPLAT admin GUI port of 443. To remedy:
webui enable 445 (moves it to 445)
or, for a better security:
webui disable
Find out the features of a SKU per whatever cp.macro is on your SPLAT box:
cplic resolve_macro ::CPVP-VSI-100-NGX
Use this command to compare features of two SKUs:
cplic resolve_macro ::CPVP-VSI-100-NGX > VSI
cplic resolve_macro ::CPVP-VMC-100-NGX > VMC
diff VSI VMC
Some Performance Commands:
top
uptime
free
vmstat
cat /proc/sys/fs/file-max
cat /proc/sys/fs/file-nr,
cat /proc/interrupts (verify how IRQs are being balancing across CPUs)
About Connecting SPLAT to a Terminal Server:
Say you connect to the serial port via a
network console server. Basically, you telnet to the server on the
numbered port that you wish to connect to. This numbered port has RJ45
connection to a serial adapter on the device serial port.
Some
terminal servers detault to vt100 terminal emulation mode by default.
SPLAT installation takes place in ANSI terminal mode. This mismatch
causes the server to receive a string of characters that it did not
understand. Once you change the mode to ANSI on the console server (and
the client software - HyperTerminal) we were able to see the boot menu
correctly.
With --silent enabled (as it is by default) in /etc/grub.conf, you don't see the full boot menu unless you hit a key.
Compute a File Integrity Checksum:
md5sum [filename]
sha1sum [filename]
Useful Commands for Identifying Versions:
kernelversion
uname –a
ver
fw ver
cpshared_version
Watch Appended Data to a Log File (or any file) on the Fly:
tail –f /var/log/messages
Create a Text File from the Command line – Quick and Dirty:
cat > myfile
(type a line)
(type a line)
(etc.)
EOF (Hit Ctrl-D)
Useful Networking Commands:
ifconfig –a
netstat –rn (route)
netstat –i (interface errors)
netstat –an (all stats, but do not resolve service names)
netstat –antp (which processes listening on which ports)
View the first (or last) Few Lines in a File:
head -10 filename (See first 10 lines)
tail -5 filename (See last 5 lines)
wc –l (Count the lines in a file)
Output a File, Doing a Search-Replace on the Fly:
Replace all occurrences of x with y in fname, and output it to newfname:
cat fname | sed ’1,$s/x/y/g’ > newfname
Log a Message in /var/log/messages:
syslog:
logger
logger [options] [message...]
TCP/IP command. Add entries to the system log (via syslogd). If no
message is given on the command line, standard input is logged.
Clever Use of Directory Listings:
cd /etc
ls –la | grep host (show all files with host in the filename)
ls –la | grep host | grep –v hosts (show all files with host, but not hosts)
Quick and Dirty ’tar’ tutorial:
Create a tar backup of a directory – using relative file names:
cd /whichdir
tar cvzf myfile.tgz ./*
List the tar archive:
cd /whichdir
tar tvzf myfile.tgz
Extract the tar archive to a directory:
cd /myrestoredir
tar xzvf myfile.tgz
Create a tar backup of a directory – using absolute file names (use carefully!)
cd /whichdir
tar cvzf myfile.tgz /etc/*
Restore a tar backup of a directory – using absolute file names (use carefully!)
cd /whichdir
tar xvzf myfile.tgz
Mount a CD-ROM:
mount /dev/cdrom
cd /mnt/cdrom
When you are done:
umount /dev/cdrom
Note: You can’t eject the CD-ROM until you umount it.
Mounting an ISO from the local filesystem:
mount -t iso9660 -o loop ~/singlecd.iso /mnt/cdrom
Singlecd.iso assumed to be in the home directory ”~/”.
Mount a USB drive in SPLAT:
modprobe usb-storage Load the module for usb mass storage (once per re-boot): (Plug in the USB key)
dmesg | more Look in dmesg for the device node to mount from. Likely to be SDB1 or SDD1)
mount -t vfat /dev/sdb1 /mnt/usb Mount the volume (/dev/whatever designation from above) (Copy files to or from /mnt/usb)
umount /mnt/usb Unmount when finished
Syntax of the Crontab:
# Use the hash sign to prefix a comment
# +---------------- minute (0 - 59)
# | +------------- hour (0 - 23)
# | | +---------- day of month (1 - 31)
# | | | +------- month (1 - 12)
# | | | | +---- day of week (0 - 7) (Sunday=0 or 7)
# | | | | |
# * * * * * command to be executed
Nobody can ever remember this, so refer to the man pages or online tutorials.
File Types and Execution Path Checking:
which cpstop (which cpstop will be executed based on the shell path)
file cpstop (what kind of file is cpstop – script? complied executable?)
file `which cpstop` (use command substitution to combine the two commands)
basename filename (strip the path off of a filename)
Determine the Hardware Compatibility of a particular PCI NIC:
Need to determine HCL compliance of a PCI device? Before opening an SR, perform:
lspci -nv
lspci -vv
lsmod
Correleate vendor/device with http://pci-ids.ucw.cz or http://www.pcidatabase.com/
Determine the NIC driver version you are using:
cat /etc/modules.conf
ethtool –i eth0
See What Files Changed During any Operation:
du –k | sort –nr > before
(perform the command)
du –k | sort –nr > after
diff before after
Investigate Check Point Configuration from the Command Line:
$CPDIR/bin/cpprod_util -?
cpwd_admin list
Using cpinfo to Re-create a SmartCenter (not supported):
You can do this partially. The cpinfo
should have a copy of most of the files in the conf directory. Infoview
will let you drag files from it onto a folder on your machine.
What I do is take these files
objects_5_0.C
rulebases_5_0.fws
fwauth.NDB
*.W
(maybe asm.c if necessary)
Put them on a machine that has the same IP and hostname as the original
management server, overwriting the existing files in $FWDIR/conf.
Remove $FWDIR/conf/applications.* and $FWDIR/conf/CPMILinks* (this is
important or else it will not work) and then cpstop;cpstart and you
should be able login and have the objects and rules and users from the
old management server. This method does not preserve the SIC database,
however, so you’ll have to reset SIC on any modules you have. I don’t
think that the cpinfo contains enough info to save the SIC database, but
not sure since I haven’t really tried to do it before.
Recovering a Forgotten SPLAT Password:
1. If you know the Expert Mode password,
but not any of the user passwords, go to Maintenance Mode. The Expert
Mode password is also used to access Maintenance Mode. Once in
Maintenance Mode, issue the cpshell command. Use the adduser command to
create a new user, whose password is known. If you don't have the option
of creating a new user, you're probably stuck following the steps for
when you know neither the Standard Mode nor the Expert Mode password
(see #3 below).
2. If you know a user's Standard Mode password,
but you've forgotten the Expert Mode password, things get a little
trickier, but not too bad. I used a bootable Linux distro (tested with
Knoppix & F.I.R.E.).
a) boot to CD
b) mount the hard disk ( mount /dev/hda2 /mnt/hda2 )
c) edit the SecurePlatform passwd file - change the user's default shell from cpshell to bash (see tip above)
d) boot to SecurePlatform & login with the user you just modified; you get a bash prompt
e) use the passwd command to change the Expert Mode password
f) edit passwd & change the user's default shell back to cpshell
I tested this using a special user created for the test and also with admin.
No problems either way.
3. If you don't know the Standard Mode password and you don't know the
Expert Mode password, things are even trickier, but you can still get
in.
You'll need access to another SecurePlatform installation and a bootable Linux distro for this one.
a) go to a SecurePlatform box where you know the passwords
b) copy the /etc/passwd and /etc/shadow files to a floppy
c) go to the SecurePlatform machine where you don't know the passwords and boot to your bootable Linux CD
d) mount the hard disk and the floppy with passwd and shadow files
e) move the existing passwd and shadow files to .old
f) copy the passwd and shadow files from the floppy to your SecurePlatform machine
g) edit passwd and change the user's default shell from cpshell to bash
h) boot to SecurePlatform and login using the user you just modified;
you get a bash prompt. You may also get an error message if the user
doesn't have a home directory - you should still be able to login
i) use the passwd command to change the Expert Mode password
j) edit /etc/passwd & change the user's default shell back to cpshell
I also changed the permissions on passwd & shadow to match their
original permissions. For passwd, the original permissions were 644. For
shadow, the original permissions were 400.
Additonal Notes for HP/Compaq:
"The Compaq/HP servers use the Smart Array 5i controller which uses the
cciss driver. It was loading, but not seeing any drives. Also, the CD
ROM was stalling during load as it was trying to load as a SCSI device,
and it was not on the controller. Here is what I had to do:
Boot Knoppix by entering boot:knoppix26 atapicd
Once the sytem was up:
cd /dev
MAKEDEV cciss (caps needed) and it created like 100 objects under /dev/cciss
Mounted the drive with mount –o rw /dev/cciss/c0d0p3 /mnt/tmp
It appears that c0d0p1 (partition 1) is the boot partition, c0d0p2
(partition 2) is the swap space, and c0d0p3 (partition 3) is the
application drive."
BONUS: Recovering a Forgotten IPSO Password:
Recovery a Nokia lost password:
You must have local serial console access to the unit to perform this procedure.
1. Boot system into single user mode. To do this reboot or power cycle
the machine, When you see the line " boot: " you must enter "-s" before
it goes into multiuser mode. (you have about 10 seconds)
* on a ip330 or ip650 you need to type boot -s at the BOOTMGR prompt*
2. After it boots, it will ask you "Enter pathname of shell or RETURN for sh:", press Enter key.
3. Type "/etc/overpw" in the # prompt. It will ask if you want continue, type "y".
In
IPSO 3.1.3 systems and earlier, it will ask you to put a floppy disk
into the floppy drive to make sure you have physical access to the box.
Put a floppy disk into the floppy drive and press Enter key. IPSO 3.1.4
and later does not ask this question.
In IPSO 3.4 and above,
/etc/overpw will ask you to set a password. The admin password defaults
to no password in earlier versions of IPSO.
4. Continue to boot to multiuser mode.
5. Login as admin. If a password is required, you will be asked for one.
6. Use the dbpasswd command to set a new password:
nokia[admin]# dbpasswd admin newpassword ""
(Note that the "" is necessary to specify (NULL) as the old password.)
Then, save this new password to the configuration file so that you can log into Network Voyager:
nokia[admin]# dbset :save
Some Performance Commands:uptime
free
vmstat
cat /proc/sys/fs/file-max
cat /proc/sys/fs/file-nr,
cat /proc/interrupts (verify how IRQs are being balancing across CPUs)
About Connecting SPLAT to a Terminal Server:Some terminal servers detault to vt100 terminal emulation mode by default. SPLAT installation takes place in ANSI terminal mode. This mismatch causes the server to receive a string of characters that it did not understand. Once you change the mode to ANSI on the console server (and the client software - HyperTerminal) we were able to see the boot menu correctly.
With --silent enabled (as it is by default) in /etc/grub.conf, you don't see the full boot menu unless you hit a key.
Compute a File Integrity Checksum:sha1sum [filename]
No comments:
Post a Comment