Solaris root password recovery

from http://www.softpanorama.org/Solaris/Security/solaris_root_password_recovery.shtml

1. Put the installation CD into the CDROM drive and turn the machine on
2. while booting, press the Stop and A key simultaneously; the Stop key
is at the top left on Sun Keyboards, or Send a CTRL-BREAK (CTRL-C) to the system if connecting thru the console; serial port.
3. Either way, you should get {ok} prompt
4. type boot cdrom s and hit return without the quotes.
5. The machine will be booting in a single user mode off of the cdrom
6. When you get the hash prompt #, type cd /tmp and hit Enter
7. Issue the command mkdir /mnt without the quotes and hit Enter. If any
errors, use the p option; e.g., mkdir p /tmp/mnt.
8. Issue the command mount /dev/dsk/c0t0d0s0 /tmp/mnt and hit Enter. This will mount the old root / partition which is allows to modify the shadow file.
9. If any errors with mount, run the command fsck /dev/rdsk/c0t0d0s0 y
without the quotes which should fix the disk problems. Mount using step 8
command.
10. Issue the command cd /tmp/mnt/etc and hit enter
11. Now you should be able to see the shadow file which you can edit or copy from the old version; you saved a copy right?
12. If you don t have the old password, just make the 2nd field blank
13. If you need to change the shell, edit password file.
14. Run fsck on other partitions as well such as /dev/rdsk/c0t0d0s7, etc.
15. halt and restart the machine, e.g., init 6, or shutdown g 0 y, or reboot, etc.
You should be able to login as before or just hit the enter for password.

廣告

Solaris: fix problem with "pkginfo"

pkginfo 出現 pkginfo file is corrupt or missing

please try the following (to get the info which pkginfo-file is corrupt) in
ksh or sh (login as root):
cd /var/sadm/pkg
for i in *
do
echo “============================================"
echo $i :
pkginfo -i $i
done
Examine the output for the wrong or missing pkginfo-file (located in the
directory /var/sadm/PKGNAME/pkginfo).
Then you have different ways to solve the problem.
– you can copy a working version of pkginfo-file from another machine to
your machine
– you can try to edit the wrong file
– you can try to install a newer patch to get a working pkginfo-file.

Solaris: DiskSuite OS Mirror

這個範例 好處是 Mirror 可以做的很漂亮
老實說不太喜歡用 GUI 拉出來的結果

由於 UFS 的限制 只能有 8 個 Slice
所以扣掉 swap metadb 及 slice2 就只能切 5 個
這邊我是切了 /, /var, /opt, /usr, /export/home

There are two disk c0t0d0 and c0t1d0
After install DiskSuite_4.2.1 and patch

Following is the file system layout.
c0t0d0s0 /
c0t0d0s1 swap
c0t0d0s3 /var
c0t0d0s4 (metaDB*3)
c0t0d0s5 /opt
c0t0d0s6 /usr
c0t0d0s7 /export/home

Meta Device Map

mirror c0t0d0 c0t1d0
s0 d0 d10 d20
s1 d1 d11 d21
s2 d2 d12 d22
s3 d3 d13 d23
s5 d5 d15 d25
s6 d6 d16 d26
s7 d7 d17 d27

Login as root

a. dump c0t0d0 to c0t1d0

# prtvtoc /dev/rdsk/c0t0d0s2 > boot-vtoc.tab
# fmthard -s boot-vtoc.tab /dev/rdsk/c0t1d0s2

you can combind the two command
prtvtoc /dev/rdsk/c0t0d0s2 | fmthard -s – /dev/rdsk/c0t1d0s2

b. create metadb
# metadb -afc 3 c0t0d0s4
# metadb -afc 3 c0t1d0s4

c. create meta device

# metainit -f d1 1 1 c0t0d0s0
# metainit -f d1 1 1 c0t0d0s1
# metainit -f d3 1 1 c0t0d0s3
# metainit -f d5 1 1 c0t0d0s5
# metainit -f d6 1 1 c0t0d0s6
# metainit -f d7 1 1 c0t0d0s7

# metainit d20 1 1 c0t1d0s0
# metainit d21 1 1 c0t1d0s1
# metainit d23 1 1 c0t1d0s3
# metainit d25 1 1 c0t1d0s5
# metainit d26 1 1 c0t1d0s6
# metainit d27 1 1 c0t1d0s7

# metainit d0 -m d10
# metainit d1 -m d 11
# metainit d3 -m d 13
# metainit d5 -m d 15
# metainit d6 -m d 16
# metainit d7 -m d 17
# metaroot d0
# lockfs -fa

d. modify /etc/vfstab with using meta device
#device device mount FS fsck mount mount
#to mount to fsck point type pass at boot options
#
#/dev/dsk/c0d0s2 /dev/rdsk/c0d0s2 /usr ufs 1 yes –
fd – /dev/fd fd – no –
/proc – /proc proc – no –
#/dev/dsk/c0t0d0s1 – – swap – no –
/dev/md/dsk/d1 – – swap – no –
#/dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no –
/dev/md/dsk/d0 /dev/md/rdsk/d0 / ufs 1 no –
#/dev/dsk/c0t0d0s6 /dev/rdsk/c0t0d0s6 /usr ufs 1 no –
/dev/md/dsk/d6 /dev/md/rdsk/d6 /usr ufs 1 no –
#/dev/dsk/c0t0d0s1 /dev/rdsk/c0t0d0s1 /var ufs 1 no –
/dev/md/dsk/d3 /dev/md/rdsk/d3 /var ufs 1 no –
#/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 2 yes –
/dev/md/dsk/d7 /dev/md/rdsk/d7 /export/home ufs 2 yes –
#/dev/dsk/c0t0d0s5 /dev/rdsk/c0t0d0s5 /opt ufs 2 yes –
/dev/md/dsk/d5 /dev/md/rdsk/d5 /opt ufs 2 yes –
swap – /tmp tmpfs – yes –

# sync
# sync
# sync
# reboot

f. attach mirror

# metattach d0 d20
# metattach d1 d21
# metattach d3 d23
# metattach d5 d25
# metattach d6 d26
# metattach d7 d27

Sun OS dump

請依 file system layout 為準

root@acty # more dumpsys.sh
mt -f /dev/rmt/0c rewind
LOG=/export/home/root/log/dumpsys.log
date > $LOG 2>&1
ufsdump 0uf /dev/rmt/0cn /dev/md/rdsk/d0 >> $LOG 2>&1 #/
ufsdump 0uf /dev/rmt/0cn /dev/md/rdsk/d6 >> $LOG 2>&1 #/usr
ufsdump 0uf /dev/rmt/0cn /dev/md/rdsk/d7 >> $LOG 2>&1 #/export/home
date >> $LOG 2>&1