inetd.conf file format

UNIX inetd.conf file format

——configuration file for inetd

A certain line might contain the following fields:

1. service name :::::: name of a valid service defined in file /etc/services
2. socket type :::::: usually a stream or dgram type
3. protocol :::::: a valid protocol defined in /etc/protocol
4. wait/swait/nowait :::::: specifies if the inetd server is a single or multi-threads  wait–>single   no wait –>multi
5. user :::::: user id to be used when the Inetd server is running
6. server program :::::: absolute path of the program executed by inetd
7. server program argument :::::: program arguments

———————————————————————————————————————————————

Read Full Post »

HPUX SD command accumulations

Software Distributor Commands collection

swlist -d @ /tmp/depot_location :::::: Verify if depot exists in depot location

swverify Prod :::::: Verify if Prod correctly installed

swlist -a state -l fileset Prod :::::: Verify if Prod correctly configured

swremove -d \* @ /tmp/MyDepot :::::: Remove MyDepot from the system

swcopy-s /source_depot product @ /tmp/location :::::: Copy product into /tmp/location

swpackage -d /target_depot -x target_type=tape -s /source_depot product :::::: re-package the product from the source_depot into target_depot

swpackage -s /depot/psf_file/ -d /tmp/my.depot :::::: Create an unregistered depot

Read Full Post »

Tie tech in Perl

hide an object class in a simple variable::::::{ tie $scalar, ‘package’, ARGUMENTS… }

——————————————————————————————————————————————————

The tie() function binds a variable to a class (package) that will provide the implementation for access methods for that variable. Once this magic has been performed, accessing a tied variable automatically triggers method calls in the proper class. The complexity of the class is hidden behind magic methods calls. The method names are in ALL CAPS, which is a convention that Perl uses to indicate that they’re called implicitly rather than explicitly–just like the BEGIN() and END() functions.

1. Tying scalar:::
2. Tying arrays:::
3. Tying hashes:::
4. Tying filehandle:::

——————————————————————————————————————————————————

Arrays::::::

Hashes::::::

FileHandles::::::

Read Full Post »

Apr 26th notebook — RBAC

Constrains that limit access to resources usually fit into 3 categories:

• Subject: The entity attempting to access the resource, under OS usually is a user or a process associated with a user
• Operation: An action performed on a resource, under OS usually is an application or a command — hpux.user.add
• Object: The target of the operation

———————————————————————————————————————————————————-

RBAC addresses these issues by grouping users with common authorization needs into roles.

Example operation after invoking privrun:::::

———————————————————————————————————————————————————-

Three steps to deploy RBAC::::::

1. Plan  roles for users
2. Plan authorizations for the roles
3. Plan the authorization to command mappings

Three steps to configure RBAC:::::::

1. Configure the roles::::::: roleadm to manage roles under HPUX, add/delete/modify/assign/revoke/list…
2. Configure the authorizations::::::: authadm to manage authorizations under HPUX, add/delete/assign/revoke/list…
3. Configure any additional commands:::::: cmdprivadm to edit a command’s authorization and privilege information, add/delete…

———————————————————————————————————————————————————-

RBAC can also use compartments to configure applications to run in a particular compartment.

Use only cmdprivadm command to configure compartments for commands, do not edit the /etc/rbac/cmd_priv directly, to update,

first delete the entry and then add the updated version back in.

Read Full Post »

Apr 23rd notebook — ADMIN

Compartment uses four kinds of configuration rules:

• file system rules
• IPC rules
• network rules
• miscellaneous rules

There are two kinds of rules: subject-centric or object-centric

Admins can use last command to read the file /var/adm/wtmp to check if any illegal user try to login

Admins can use who -u to list the currently logged on user



HPUX Authentication Modules Under PAM subsystem.

User could use passwd -l user to lock of forbid user.

Admin could use last -R to check abnormal super user log on.

Read Full Post »