Upload
sreekanth22063140
View
216
Download
0
Embed Size (px)
Citation preview
8/9/2019 13044539-base-system-aix-51
1/18
Base system (CD)
Straightforward. Insert CD #1 and proceed. To override an existing system on the
harddisk, press reset button and re-boot in maintenance mode, selected by key position(25Ts and such) or pressing F5 (for 43P-120 (7248) systems) orF1 (all others I know of)
during boot. On systems w/o keyboard or with simple ASCII terminals you usebootlist -m normal cd0bootlist -m normal -oshutdown -Fr
When prompted, you should select En_US as language and the default keyboard.
You might use the Configuration Assistant(once it appears) as suggested (for root
password and time adjustment), but skip TCP/IP configuration and paging space
adjustment until later.
Additional Software (CD)
By default only a minimum AIX system is installed. Here is what is needed in addition.
You use the smit tool to select installation media and additional SW to be installed. It's
straightforward. You should use thepreview feature prior to a real install, in order tocheck space requirements and prerequisites. For a really useful system the following SW
is needed:
from the AIX 5.1 Base CDs:
o bos.adt
o bos.compat (termcap)
o bos.dosutil
o bos.gameso bos.net
o bos.perf
o bos.sysmgt (except NIM master, GUI, spot)
o Java.rte
o X11 (including font server, Unicode fonts)
o bos.txt TranScript tools
o perfagent.tools
o perl.rte
o printers.rte
o sysmgt.*
o devices.common.IBM.fddi
o OpenGL (common and device specific, in particular GXT2000, GXT250)
o PEX-PHIGS (common and device specific, in particular GXT2000,
GXT250)
stuff from the AIX 5.1 Expansion CDs
stuff from the AIX 5.1 Documentation CDs
from the AIX 4.3.3 BonusPak CDs
8/9/2019 13044539-base-system-aix-51
2/18
o UMS stuff
from the Ultimedia 2.1.2 CDs
o UMS speech & demo stuff
from the AIX 5.1 ToolBox CD
(goes into /opt)
o openssl-0.9.6go db
o glib,openldap
o gtk+,libjpeg,libpng,libtiff
o hexedit,less,lsof,mc,mtools,pine,prngd,rsync,sudo,unzip
o vim-common,transfig
o xmcd,vim-enhanced,vnc
C compiler
o Version 6
if the machine should serve as LoadLeveler repository and/or central manager:
LoadLeveler 2.2 from CD plus generic fixes 2.2.0.24/2.2.0.23
Some basic customizations
CD installation should be complete now, the next steps are best performed across the
network, possibly from some other machine with full desktop/X11 capabilities. To
achieve that you need the following:
On a 100 Mbps net a 100Mbps NIC (p630) should apparently be reconfigured:
smitty - Devices - Communication - Ethernet Adapter - Adapter -
Change / Show Characteristics of an Ethernet Adapter
Transmit descriptor queue size [1024] +#Receive descriptor queue size [1024] +#Software transmit queue size [8192] +#Receive buffer pool size [1024] +#Media Speed Auto_Negotiation +
IP name and name resolution
smit - Communications Applications and Services - TCP/IP - MinimumConfiguration & Startup
Select your adapter and insert your internet address, e.g.:
* HOSTNAME [bioxxxx]* Internet ADDRESS (dotted decimal) [140.181.yyy.zzz]Network MASK (dotted decimal) [255.255.192.0]
* Network INTERFACE en0NAMESERVER
Internet ADDRESS (dotted decimal) [140.181.96.29]
http://www-aix.gsi.de/~bio/DOCS/aixc6000install.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixc6000install.html8/9/2019 13044539-base-system-aix-51
3/18
DOMAIN Name [gsi.de]Default GATEWAY Address [140.181.96.1](dotted decimal or symbolic name)Your CABLE Type N/A +START Now yes +
to allow multiple name servers the file /etc/resolv.conf should look like
domain gsi.denameserver 140.181.96.29nameserver 140.181.96.11nameserver 140.181.96.69
corresponding to rzserv1, rzserv2, clri6e.
1. /.rhosts
exists to allow root access from some bio and GSI machines. The general format
is2. .gsi.de root3. .gsi.de loadl
Make sure that the root access enabled machines are in that file (copy it over from
an already installed machine).
1. /etc/netsvc.conf
is needed to ensure fast domain name resolution. Should look like2. hosts=local=auth,nis,bind
sendmail stuff
You might copy over an appropriate /etc/sendmail.cf. If not yet done one should close
the open relay in Sendmail:
Edit /usr/samples/tcpip/sendmail/cf/aix433.mc to:
divert(0)dnlOSTYPE(aix433)dnlDOMAIN(generic)dnl# all outgoing mail to SMART_HOSTdefine(`SMART_HOST', `rzserv1')dnl# all incoming mail to MAIL_HUBdefine(`MAIL_HUB', `rzserv1')dnl# all sent mail masqueraded to be from this hostMASQUERADE_AS(gsi.de)dnl# masquerade the envelope of the mails as wellFEATURE(`masquerade_envelope')dnl
8/9/2019 13044539-base-system-aix-51
4/18
# mailers used, always declare at the end of the fileMAILER(local)dnlMAILER(smtp)dnlMAILER(uucp)dnl
cd /usr/samples/tcpip/sendmail/cfm4 ../m4/cf.m4 aix433.mc > /tmp/sendmail.cf.new
In /tmp/sendmail.cf.new
comment out the lines
Fw/etc/sendmail.cwFR-o /etc/mail/relay-domains
Copy /tmp/sendmail.cf.new to /etc/sendmail.cf
refresh subsystem sendmail.
Additional (open source) Software
These should be installed locally on each machine, in the /local/ directory. You may
copy it over from an already installed machine:rcp -r -p /local /local
Otherwise, here's the todo-list for building from scratch (needs furthercustomization later
on). Note that unfortunately most installations go into /usr/local, which often is NFS-
mounted. So ensureln -s /local /usr/local
then follow the usual installation procedures.
From the Bull sitejpeg,xpm,gtk+,libpcap,tiff,zlibabi,ethereal-0.8.11.0,gnu.ghostscript-5.10.,gnu.ghostview-3.5.8.,ImageMagick nedit-5.3.0.0,xfig-3.2.3.0,xpaint,xpdf-0.9.0.0,xv-3.10.1.0,openssh3.7.1.0
These are self-extracting archives: chmod u+x openssh-3.7.1.0.exe
openssh-3.7.1.0.exe
inutoc ./ # creates a toc, if not there
creates a bff and an asc PGP file. With these files smitty - Install is your
friend.
From the IBM siteacroread, mozilla,netscape 7
These are tar'ed and zipped files: gzip -cd Mozilla.base.tar.gz | tar -xvf -
http://www-aix.gsi.de/~bio/DOCS/aix510custom.htmlhttp://www.bullfreeware.com/http://www-1.ibm.com/servers/aix/products/bonuspack/aix5l/wpcontent.htmlhttp://www-aix.gsi.de/~bio/DOCS/aix510custom.htmlhttp://www.bullfreeware.com/http://www-1.ibm.com/servers/aix/products/bonuspack/aix5l/wpcontent.html8/9/2019 13044539-base-system-aix-51
5/18
inutoc ./ # creates a toc, if not there
which are finally smit-able.
From herea2ps,antiword, joe, monitor, nmap,tcp_wrappers.7.6plusipv6
These are tar'ed and zipped files (which go into ./usr/local): uncompress tcp_wrappers.7.6plusipv6.tar.Z
cd /
tar -xvf tcp_wrappers.7.6plusipv6.tar
newsyslog
script to rollover syslog versions from one day to the other(as of 8-Aug-2003) .
newdsmlog
As newsyslog, but fortsm logs
Additional Software from GSI Installation server (if
needed)
Before installing the SW using the smit tool you have to mount the installation directory
first:mount filesv2:/usr/sys/inst.images /mnt
or, from remote CD-ROM (provided a CD is inserted):mount filesv2:/cdrom/sys/inst.images /mnt
To install
ADSM/TSM1. select /mnt/tivoli as installation directory and select the client software
(the API is apparently not necessary, as is the web client).
2. copy the GSI-supplied startup script startdsmc from an already installed
machine.Note that the path in the (old) ADSM is /usr/lpp/adsm/bin/
whereas the new TSM uses /usr/tivoli/tsm/client/ba/bin/3. mkdir /local/etc4. mkdir /var/adsm
5.
6. Logfile
A system logfile is kept in /var/adsm/dsmsched.log. In order to save
space in the /var filesystem a cron job should be scheduled e.g. at 3 a.m.to rename the log file by appending a version number running from 0
through 5. This way the last week's logs are kept. A script/local/bin/newdsmlog actually doing the job is located here (or copy it
over from an already installed machine).
What's next ?
http://aixpdslib.seas.ucla.edu/allpackages.htmlhttp://www-aix.gsi.de/~bio/DOCS/newsysloghttp://www-aix.gsi.de/~bio/DOCS/newdsmloghttp://aixpdslib.seas.ucla.edu/allpackages.htmlhttp://www-aix.gsi.de/~bio/DOCS/newsysloghttp://www-aix.gsi.de/~bio/DOCS/newdsmlog8/9/2019 13044539-base-system-aix-51
6/18
For a NIM based clone installation most things are already in place and well configured
(which is the idea behind cloning). In this case, consider it as check list.
Network related services
1. Network configurationo On a 10 Mbps neto smitty - Devices - Communication - Ethernet Adapter -
Adapter - Change / Show Characteristics of an EthernetAdapter
oo HARDWARE TRANSMIT queue size [64]
+#o HARDWARE RECEIVE queue size [32]
+#o RECEIVE buffer poof size [384]
+#o Media Speed
10_Half_Duplex +o On a 100 Mbps neto smitty - Devices - Communication - Ethernet Adapter -
Adapter - Change / Show Characteristics of an EthernetAdapter
oo TRANSMIT queue size [8192]
+#o HARDWARE RECEIVE queue size [256]
+#o RECEIVE buffer pool size [384]
+#o Media Speed
Auto_Negotiation +o Inter-Packet Gap [96]
+#o Enable ALTERNATE ETHERNET address no
+o ALTERNATE ETHERNET address
[0x000000000000] +o Enable Link Polling no
+o Time interval for Link Polling [500]
+#
o IP name and name resolutiono smit - Communications Applications and Services - TCP/IP -
Minimum Configuration & Startup
Select your adapter and insert your internet address, e.g.:
* HOSTNAME[bioxxxx]* Internet ADDRESS (dotted decimal)[140.181.yyy.zzz]
8/9/2019 13044539-base-system-aix-51
7/18
Network MASK (dotted decimal)[255.255.192.0]* Network INTERFACE en0NAMESERVER
Internet ADDRESS (dotted decimal)[140.181.96.29]
DOMAIN Name[gsi.de]Default GATEWAY Address
[140.181.96.1](dotted decimal or symbolic name)Your CABLE Type N/A
+START Now yes
+
o to allow multiple name servers the file /etc/resolv.conf should look
like
o domain gsi.deo nameserver 140.181.96.29o nameserver 140.181.96.11o nameserver 140.181.96.69
corresponding to rzserv1, rzserv2, clri6e.
2. /etc/rc.tcpip
Comment out the start ofsnmpd and dpid2.
3. /.rhosts
exists to allow root access from some bio and GSI machines. The general format
is
4. .gsi.de root5. .gsi.de loadl
Make sure that the root access enabled machines are in that file (copy it over from
an already installed machine).
Time services
1. The file /etc/ntp.conf must contain the entries:2. server 140.181.96.113. server 140.181.96.29
4. #5. # Drift file. Dieser File muss in einem durch den Daemon
beschreibbaren6. # Verzeichnis sein. Symbolische Links sind nicht erlaubt, da der
Daemon7. # zunaechst einen temporaeren File erzeugt und diesen dann
umbenennt.8. #9. driftfile /var/etc/ntp.drift
10. In addition:
8/9/2019 13044539-base-system-aix-51
8/18
11.mkdir /var/etc12.startsrc -s xntpd
13. Do not forget to activate the ntp-line in /etc/rc.tcpip.
14. The file /etc/environment should define the correct time zone:15.TZ=CET-1CED-2,M3.5.0,M10.5.0
Security issues (as of November 2001)
1. chmod o-x /usr/bin/ypcat
2. in the /etc/inetd.conf file:
Disable all services (especially ttdbserver) except ftp, telnet, shell and
login, enable ftp-logging, change default ftp umask:3.4. ftp stream tcp6 nowait root /local/bin/tcpd6
ftpd -l -u0775. telnet stream tcp6 nowait root /local/bin/tcpd6
telnetd -a
6. shell stream tcp6 nowait root /local/bin/tcpd6rshd7. login stream tcp6 nowait root /local/bin/tcpd6
rlogind
8. /etc/inittab
For security reasons several services should be disabled (place a colon (':') at the
beginning of a line):9.10.:writesrv11.:imnss12.:imqss13.:l214.:l3
15.:l416.:l517.:l618.:l719.:l820.:l9
httpdlite is needed for documentation display, otherwise it should be disabled
too.
21. In /etc/rc.local22.
23.# set network options to improve performance and security24.echo "Setting network options"25.# protection against SYN flood attacks26./usr/sbin/no -o clean_partial_conns=127.# protection against ICMP redirects28./usr/sbin/no -o ipignoreredirects=129.# protection against illegal access via source routing30./usr/sbin/no -o ipsendredirects=031./usr/sbin/no -o ipsrcroutesend=032./usr/sbin/no -o ipsrcrouteforward=0
8/9/2019 13044539-base-system-aix-51
9/18
33./usr/sbin/no -o ip6srcrouteforward=034./usr/sbin/no -o tcp_pmtu_discover=035./usr/sbin/no -o udp_pmtu_discover=0
36. Enable logging of all successful logins1. Create/check/etc/security/authlog:2.
3. #!/usr/bin/ksh4. # /etc/security/authlog: syslog all successfull logins5. /usr/bin/logger -t tsm -p auth.info "$@ logged in from
$(/usr/bin/tty) (${DISPLAY})"
and allow root only:
chmod 700 /etc/security/authlog
6. In /etc/security/login.cfg7. AUTHLOG:8. program = /etc/security/authlog
9. In /etc/security/userchange the auth2 attribute in the default stanza:
10.auth2 = AUTHLOG
11. for logins via CDE /etc/dt/config/Xsession.d/dtlog:12.#!/usr/bin/ksh13.# /etc/dt/config/Xsession.d/dtlog: log dtlogins14./usr/bin/logger -t dtlogin -p auth.info "${LOGNAME} logged
in from (${DISPLAY})"
15. In syslog.conf on an ordinary bio-machine16. auth.debug @biolog
will send login info to the logging machine, currently biors6a.
IMPORTANT: do not use this on the logging machine itself, it wellgenerate in infite loop of syslogs ! Instead, do as described in the next
item.
17. In syslog.conf on the logging machine, currently biors6a18. auth.debug /var/adm/syslog.auth
19. Strangely, you have to "generate" the log file20.touch /var/adm/syslog.auth
21. Ensure syslog.auth is covered in the /local/bin/newsyslog script
User, group and NIS services
1. smit - Communications Applications and Services - NFS - NetworkInformation Service (NIS) - Change NIS Domain Name of this Host
2. * Domain name of this host [BIO_NIS]3. * CHANGE domain name take effect both
+4. now, at system restart or both?
5. If the machine should receive NIS client services:smit - Communications Applications and Services - NFS - Network
8/9/2019 13044539-base-system-aix-51
10/18
Information Service (NIS) - Configure / Modify NIS - Configurethis Host as a NIS Client
6. * START the NIS client now, both+
7. at system restart, or both?8. NIS server - required if there are no []
+9. NIS servers on this subnet
Then a directory /var/yp/binding should contain the two files BIO_NIS.1 and
BIO_NIS.2. Be patient, this might take some time.
10. /etc/passwd
on a NIS client should contain only root stuff and end with the entry:11.+::0:0:::
12. /etc/security/passwd
on a NIS client should contain only root stuff.
13. /etc/group
on a NIS client should contain only root stuff and end with:14.+:
which forces lookup on the NIS master or slave server.
On a NIS server it should define the groups bio, loadl, biodev, thdev, thoper.
15. change the number of licensed users (64 or larger):16.smit - System Environments - Change / Show Number of Licensed
Users17.18. Maximum number of FIXED licenses [64]
#
19. FLOATING licensing off+
File systems
1. local (JFS) filesystems
/var and /tmp should be 48MB (98304) in size for a big clone, probably only
24MB (49152) for a small one.2. remote filesystems, mounted via autofs
These are user, scratch and data filesystems, as well as /usr/local. Copy the
following autofs maps from an already installed AIX 5.1.0 machine.3. /etc/auto.u4. /etc/auto.d5. /etc/auto.s6. /etc/auto.nfs7. /etc/auto.apps # except app server, currently biori6y8. /etc/auto.bioapps # except app server, currently biori6y9. /etc/auto_master # except app server, currently biori6y
8/9/2019 13044539-base-system-aix-51
11/18
To enable Biophysics commercial apps (WordPerfect, applixware, etc.)/etc/auto.bioapps must have entries like
APPLIX -ro,vers=3,proto=tcp biori6y:/bioapps/APPLIX
10. Additional links are needed:11.ln -s /nfs/clri6c/local.AIX /usr/local
12. and some links might have to be removed:13.rm /u14.mkdir /u
15. For a new machine the GSI operating group ([email protected]) has to be informed
to regularly update the autofs maps on this machine. Also, it must be allowed to
mount filesystems on the servers filesv1 and filesv2 ([email protected]).
16. The file systems /d/bio and /s/bio should have the attributes17.drwxrwsr-x 37 root bio 1024 Jan 23 18:19 bio
so that each bio group member can create files.
Load Leveler
Version 2.2, bio-owned installation ( old Version 1.3 here)
1. must be mounted according to the following entry in /etc/filesystems2. /usr/lpp/LoadL:3. dev = "/usr/lpp/LoadL"4. vfs = nfs5. nodename = biori6y6. mount = true7. options = ro,bg,soft,intr
8. account = false
9. the following links must exist10. ln -s /usr/lpp/LoadL/full/lib/libllapi.a /usr/lib/libllapi.a11. ln -s /usr/lpp/LoadL/full/lib/libllmulti.a /usr/lib/libllmulti.a12. ln -s /usr/lpp/LoadL/full/lib/llapi_shr.o /usr/lib/llapi_shr.o
13. and the directories14.mkdir /var/loadl15.mkdir /var/loadl/execute16.mkdir /var/loadl/log17.mkdir /var/loadl/spool
18. a local configuration file /var/loadl/LoadL_config.local should exist. Adapt
the following entries:
o for a 1 CPU machine:o BackgroundLoad = 2.0o HighLoad = 2.5o MAX_STARTERS = 1
o for a 2 CPU machine:o BackgroundLoad = 2.0o HighLoad = 2.5o MAX_STARTERS = 2
o for a 4 CPU machine:
mailto:[email protected]:[email protected]://www-aix.gsi.de/~bio/DOCS/aixll13install.htmlmailto:[email protected]:[email protected]://www-aix.gsi.de/~bio/DOCS/aixll13install.html8/9/2019 13044539-base-system-aix-51
12/18
o BackgroundLoad = 4.0o HighLoad = 4.5o MAX_STARTERS = 4
where the last line determines the number of simultaneous jobs.
19. in /etc/rc.local20.#start LoadLeveler21./usr/lpp/LoadL/full/bin/llctl start
to start the LoadLeveler on boot. Outcomment this line when LoadLeveler shouldnot run.
22. configure bio as LoadLeveler user id
the file /etc/LoadL.cfg must exist:23. LoadLUserid = bio24. LoadLGroupid = bio25. LoadLConfig = /u/bio/LoadL_config
and the admin files /u/bio/LoadL_admin/u/bio/LoadL_config
X11, CDE and user interface stuff
1. The file /usr/lpp/X11/defaults/xserverrc should contain the line2. EXTENSIONS=" -bs -d 24:mir0 -d 24:lai0 -d 24:mtn0 -d 24:mint0 -d
24:mojl0 "
to enable backing store and 24bit colours for special graphics cards (here
GXT2000P, GXT135P, GXT3000P, GXT550P and GXT4500, respectively), ifinstalled.
3. CDE configuration
Path definitions in /etc/dt/config/Xsession.d/0010.dtpaths
Actual icons and datatypes in /u/bio/.dt/appconfig
4. adjust screen resolution (for machines with graphic cards)5. smit - Devices - Graphics Displays - Select the Display Type
choose momitor, then
Select the Display Resolution and Refresh Rate
6. adjust keyboard properties (for machines with keyboards)7. smit - Devices - Graphic Input Devices - Keyboard - Change / Show
Characteristics of the Keyboard8. Keyboard repeat rate [30]
+#9. Keyboard repeat delay 250
+
8/9/2019 13044539-base-system-aix-51
13/18
10. Alarm volume off+
11. Clicker volume off+
12. Extended keyboard identifier none+
or on command line
chhwkbd -r'30' -d'250' -a'0' -c'0'
Miscellaneous configuration files
1. /etc/inittab
o The console should be activated before NIS services:o rctcpip:2:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start
TCP/IP daemonso cons:0123456789:respawn:/usr/sbin/getty /dev/consoleo rcnfs:2:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS
Daemons
otherwise the machine won't boot if NIS can't be activated.
o The line for local services must be present:o diagd:2:once:/usr/lpp/diagnostics/bin/diagd >/dev/console
2>&1o rclocal:2:once:/etc/rc.local # starting local serviceso dt:2:wait:/etc/rc.dt
o The Install Assistent should be disabledo :install_assist:2:wait: ...
2. /etc/rc.local
ensure that3. chmod g+x4. chmod u+x
5. /etc/.kshrc and /local/bin/.kshrc
contains some ksh settings:6. #7. tty=`tty`8. tty=`basename $tty`9.10.set -o emacs # Emacs-artige Kommandohistory11.alias __A='^P' # Damit man auch mit den Pfeiltasten an
die alten12.alias __B='^N' # Kommandos herankommt.13.alias __C='^F'14.alias __D='^B'15.alias __H='^A'16.#alias __E=''17.18.alias dir='ls -l'19.#alias rm='rm -i'20.#alias cp='cp -i'
8/9/2019 13044539-base-system-aix-51
14/18
21.alias tim='date "+%d-%h-%y %T"'22.alias node=hostname23.alias h=history24. # to pass this setting to dtterm too25.export LIBPATH=.:/local/lib:/usr/lib:/lib:/usr/local/lib:$LIBPATH26.
27. /etc/profile should contain the lines28.if [ -x /local/bin/.profile ]29.then30. . /local/bin/.profile31.fi
where /local/bin/.profile is a system-wide profile copied from GSI's central
AIX cluster. Be sure that
chmod a+x
for both files. Also, to be on the safe side:
ln -s /local/bin/.profile /local/bin/profile
Some GSI-made shell scripts (e.g. ns for netscape) require these scripts to exist in
order to work properly.
32. /etc/qconfig
defines the printer queues and could be copied from the central AIX cluster.However, printing services are implemented via the rlpr mechanism anyway.
Note that it must not contain entries with /usr/lpd/aix*. Those will cause
WordPerfect startup to fail.
33. /etc/termcapstill needed ?should have the entries34.Id|dtterm|IBM dtterm Terminal:\35. :kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:\36. :tc=hft:37.If|aixterm|IBM aixterm Terminal:\38. :tc=hft:
in order forjoe to work correctly.
Ensure that
ln -s /usr/ccs/lib/libtermcap.a /lib/libtermcap.a
otherwise apps such as xemacs and IDL won't run
39. teach the outside world
the name of the machine (e.g. bioxxxx.gsi.de) has to be added
o in the file /distfile on the rdist managing machine
o in the file /u/bio/bin/rcpbio
o in the file /u/bio/bin/rshbio
8/9/2019 13044539-base-system-aix-51
15/18
o in all files /etc/hosts.equiv
o in all files /etc/X0.hosts
o in all files /etc/X1.hosts
The last 2 files control the X-server access from other hosts. Due to X-server
problems when the name server can't resolve the name of machines listed in thesefiles they should contain only GSI machines. This doesn't solve the problemcompletely (because the GSI name server might be down as well) but at least the
most likely case of external network breakdown is excluded.
Periodic background jobs
1. /etc/syslog.conf
defines the amount of system logging:2. mail.debug /usr/spool/mqueue/log3. *.debug /var/adm/syslog.debug
4. *.info /var/adm/syslog
Strangely, you have to "generate" the log files manually
touch /usr/spool/mqueue/logtouch /var/adm/syslog.debugtouch /var/adm/syslog
5. /local/bin/newsyslog
is a GSI-supplied shell script to rename previous versions of logfiles byappending a version number running from 0 through 5 This way the last week's
syslogs are kept.
6. cron jobsare scheduled for this and other tasks. Either copy over
/var/spool/cron/crontabs/root from an existing installation or do it
manually:7. crontab -e
the EDITOR is called, then the following entries should be entered/verified
0 3 * * * /local/bin/newsyslog0 3 * * * /local/bin/newdsmlog0 3 * * * /usr/sbin/skulker
0 11 * * * /usr/bin/errclear -d S,O 300 12 * * * /usr/bin/errclear -d H 90
Local mail system
1. In /etc/filesystems2. /var/spool/mail:3. dev = "/var/spool/mail.common"
8/9/2019 13044539-base-system-aix-51
16/18
4. vfs = nfs5. nodename = clri6a6. mount = false7. type = clri6a8. options = bg,hard,intr9. account = false10.
these entries mean that the mail filesystem is not automatically mounted during
the initial stages of the boot process.
11. Instead, in /etc/rc.local12.mount -t clri6a
does this at a later stage. Note that the directory /var/spool/mail must exist.
13. Ensure a proper/etc/sendmail.cf exists. Usually you get away with the IBM
supplied standard file, with the modifications concerning the
smart relay host:14.DSlxmta1.gsi.de
and the masquerading
DMgsi.de
Configure additional Software
monitor
Lookhere
lsof (still needed ??)
Ensure the proper link ln -s /local/bin/lsof_4.60 /local/bin/lsof
netscape (4.7,BonusPak version)
In the start-up shell script /usr/bin/netscape add an ampersand (&) to the end
of line starting the binary: ${MOZILLA_HOME}/us/netscape_aix4 "$@" &
netscape 7,Mozilla
In the start-up shell script /usr/netscape/base/netscape add an ampersand
(&) to the end of line starting the binary: exec ....... &
and
http://www-aix.gsi.de/~bio/DOCS/monitorcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/monitorcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/monitorcfg.html8/9/2019 13044539-base-system-aix-51
17/18
ln -s /usr/netscape/base/netscape /usr/bin/netscape
Ditto formozilla.
prngdneeded for toolbox version?
To generate a random seed and a random device: cat /var/adm/syslog /var/adm/syslog.0 /var/adm/syslog.1 >
/local/etc/prngd-seed
mkssys -s prngd -p /local/sbin/prngd -a '-f -c/local/etc/prngd.conf -s /local/etc/prngd-seed /dev/egd-pool' -u0 -S -n 15 -f 9 -R -G local
Add to /etc/rc.local:
startsrc -s prngd
openssh, E.R. version (after cloning on every host new ssh-key pairs have to
be generated) ssh-keygen -t rsa1 -f /local/etc/ssh/ssh_host_key -N ""
ssh-keygen -t rsa -f /local/etc/ssh/ssh_host_rsa_key -N ""
ssh-keygen -t dsa -f /local/etc/ssh/ssh_host_dsa_key -N ""
/usr/bin/mkssys -s sshd -p /local/sbin/sshd -a '-D' -u 0 -S -n15 -f 9 -R -G local
startsrc -s sshd
/etc/rc.local should have an entry:
startsrc -s sshd
Ensure
ln -s /usr/bin/rsh /usr/ucb/remsh
openssh, Bull binary
(you may consult READMEs in /usr/local/lib/openssh-3.7.1.0 too/)
1. Create subsystem2. /usr/bin/mkssys -s sshd -p /local/sbin/sshd -a '-D -f
/local/etc/sshd_config' -u 0 -S -n 15 -f 9 -R -G local3. In /local/etc/ssh_config
enable ForwardX11
4. In /local/etc/sshd_config
allow X11Forwarding and specify the key files. Disable
UsePrivilegeSeparation unless the procedures described in
/usr/local/lib/openssh-3.7.1.0/READE.privsep are implemented.
It might be necessary to enable PidFile /local/etc/sshd.pid
8/9/2019 13044539-base-system-aix-51
18/18
5. After a fresh install new ssh-key pairs have to be generated:6. ssh-keygen -t rsa1 -f /local/etc/ssh/ssh_host_key -N ""7. ssh-keygen -t rsa -f /local/etc/ssh/ssh_host_rsa_key -N ""8. ssh-keygen -t dsa -f /local/etc/ssh/ssh_host_dsa_key -N ""9. startsrc -s sshd
10. /etc/rc.local should have a line like this:
11. startsrc -s sshd
(there's a script /etc/rc.openssh too, no clue what it's good for)
12. Note this version may need /usr/local/libexec/ssh-rand-helper
ghostscript
needs a path forgs_init.ps. In /local/bin/.profile:
exportGS_LIB=/local/share/ghostscript/5.10:/local/share/ghostscript/fonts
antiword
needs mapping files in directories /usr/share/antiword or$HOME/.antiword: ln -s /local/share/antiword /usr/share/antiword
Configure the TSM backup client
Lookhere
For machines with 2 system disks
For an installation from scratch (not clone) you maymirror a volume group.
For a clone installation from a mirrored source the bootlist should be adapted:bootlist -m normal -obootlist -m normal -o hdisk0 hdisk1
http://www-aix.gsi.de/~bio/DOCS/aixtsmcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixtsmcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixmirror.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixmirror.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixtsmcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixmirror.html