HP Support Information Digests =============================================================================== o IT Resource Center World Wide Web Service =============================================================================== Digest Name: monthly HP-UX technical tips digest Created: Wed Nov 15 3:10:06 PST 2000 Table of Contents: Document ID Title --------------- ----------- 3100377531 OB II: barcode scan does not recognize backup tapes 2100065360 OB II: removing unwanted database extension files 3100434500 OB II: re-establishing tape protection 2100067383 UNIX: Major differences between trusted and non-trusted system 3100413742 OB II: ejecting a tape from the drive, via the command line or 3100418195 Sys Adm: adding static routes to the network The documents are listed below. ------------------------------------------------------------------------------- Document ID: 3100377531 Date Loaded: 20001114 Title: OB II: barcode scan does not recognize backup tapes PROBLEM When a barcode scan is performed at OmniBack II (OB II) 3.1, the scan ignores the tapes that are not currently being used by the backup. The software marks those slots as 'available', because it does not recognize the tapes. This causes odd problems, such as eject or insert errors when other jobs place a tape in this slot. Other problems include losing the tape (since the database is not updated when it is returned), so the tape simply does not exist until the next scan. Why does this problem occur? CONFIGURATION Operating System - HP-UX Version - 11.0 Hardware System - HP9000 Subsystem - OmniBack II (OB II) 3.1 RESOLUTION The barcode scan in the hardware DOES NOT check the tapes in the drives. Therefore, if a barcode scan is performed during a backup (and tapes are in the drives), OmniBack will not get those barcodes back, and will not know that the tapes are in the autochanger. DO NOT perform barcode scans of the autochanger during a backup. -----End of Document ID: 3100377531------------------------------------------ Document ID: 2100065360 Date Loaded: 20001114 Title: OB II: removing unwanted database extension files PROBLEM How are database extension files removed at OmniBack II (OB II) 3.0? CONFIGURATION Operating System - HP-UX Version - 11.0 Subsystem - OmniBack II (OB II) 3.0 RESOLUTION Perform the following procedure to remove unwanted database extension files: Note: writeascii and readascii (Steps 7 and 17) are the time consuming parts of this operation. Each step typically takes 8 to 12 hours for a medium-sized database. 1. omnidbutil -purge Note: Wait for completion. 2. omnidbcheck 3. Perform a database backup. 4. omnidbutil -extendinfo Note: Note the size and location of all files. 5. Stop and start OB II: omnisv.sh stop omnisv.sh start 6. Create ASCII backup directories: For example: /tmp/omni/ascii/cdb, /tmp/omni/ascii/mmdb 7. omnidbutil -writeascii -mmdb /tmp/omni/ascii/mmdb -cdb /tmp/omni/ascii/cdb 8. omnidbinit 9. cd /var/opt/omni/db 10. Stop OB II: omnisv.sh stop 11. mv catalog catalog.orig 12. cp -R /opt/omni/newconfig/var/opt/omni/db/catalog . Note: Step 12 is a very important step. 13. Start OB II: omnisv.sh start 14. Limit size of primary fvers.dat to original size: omnidbutil -maxsize Note: The value comes from the information gathered in Step 4. This is an optional step. 15. If necessary, create extension files with new location and sizes: omnidbutil -extend -maxsize (optional) 16. Verify the result of Step 15: omnidbutil -extendinfo 17. omnidbutil -readascii -mmdb /tmp/omni/ascii/mmdb -cdb /tmp/omni/ascii/cdb 18. omnidbcheck [-extended] 19. Stop and start OB II: omnisv.sh stop omnisv.sh start 20. Test a backup operation. 21. Delete the unwanted extension files. -----End of Document ID: 2100065360------------------------------------------ Document ID: 3100434500 Date Loaded: 20001031 Title: OB II: re-establishing tape protection PROBLEM After performing a backup with OB II (OmniBack II) 3.10, the tape was removed from the drive, and then the tape was recycled. Please answer the following questions: A. What happens when a tape is recycled? --AND-- B. What steps are used to re-establish tape protection? CONFIGURATION Operating System - HP-UX Version - 10.20 Subsystem - OB II (OmniBack II) 3.10 RESOLUTION Here are the answers to the above questions: A. Recycling removes all data protection for a tape by making an entry in the database. However, recycling does not write anything on the tape. The data on the tape is not changed. --AND-- B. To re-establish tape protection: Change protection via the GUI (Graphical User Interface): - Monitor (opens OmniBack II Session Monitor window) - View, Previous Sessions -> Select Sessions ... (opens Select Previous Sessions window) - Select Criteria. - Click the List button (returns to OB II Session Monitor window listing sessions). - Select a session. - Select Actions. Under Actions, perform one of the following procedures: Note: Both Data Protection and Catalog Protection can be changed for a session. The Data Protection applies to the whole tape. The overall protection on the tape is equal to the highest level of protection applied to any of the sessions that are on the tape. 1. - Change Data Protection (protects data on the tape)... (opens Change Data Protection window) - Select new protection. - Click OK. - Close the Monitor window. --OR-- 2. - Change Catalog Protection (protects backup information in the Catalog)... (opens Change Catalog Protection window) - Select new protection. - Click OK. - Close the Monitor window. Change protection via the CLI (Command Line Interface): 1. Change Data Protection (protects data on the tape)... omnidb -session -change_protection Protection --OR-- 2. Change Catalog Protection (protects backup information in the Catalog)... omnidb -session -change_catprotection Protection Where "Protection" = none days n weeks n until Date permanent ALT KEYWORDS protections recycle -----End of Document ID: 3100434500------------------------------------------ Document ID: 2100067383 Date Loaded: 20001031 Title: UNIX: Major differences between trusted and non-trusted systems PROBLEM What are the differences between trusted and non-trusted UNIX systems? CONFIGURATION Operating System - HPUX RESOLUTION The following information lists the MAJOR differences between trusted and non-trusted systems: 1. A trusted system allows system auditing to be turned on. System auditing enables the ability to trace every system call issued by each user on the system. Non-trusted systems run with system auditing disabled. 2. Trusted systems have improved password management. Below is a list of password management features: a. Specification of a grace period and expiration period for passwords. b. The ability to specify system-wide password aging. c. The ability to specify an absolute account life. d. The ability to disable accounts after repeated login failures. e. Passwords lengths of up to forty (40) characters. f. The ability to access a random password generator. 3. Trusted systems have additional login restrictions, while non-trusted systems do not. Below are the features of trusted system login restrictions: a. In addition to account disabling, the account may also be locked. b. Setting accounts to be accessed only at certain times of the day. c. The ability to specify account location access. In other words, account access at specific devices, workstations, and so on. d. The ability to specify a single-user boot password. Note: These login restrictions are NOT available on NON-TRUSTED systems. 4. A trusted system has shadowed passwords, while a non-trusted system does not have shadowed passwords. Shadowed passwords are kept in locations other than /etc/passwd. This prevents users from viewing the /etc/passwd file and determining which accounts do not have passwords. This also prevents hackers from running "password cracker programs" against passwords in the /etc/passwd file. For more information, please refer to the following document: "Administering Your HP-UX Trusted System" The document is located at the following web site: http://www.docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html Locate the "Description of the HP-UX Trusted System" section in the left menu. The following two pages contain more information: o What is a Trusted System? o What is C2-Level Trusted Mode? -----End of Document ID: 2100067383------------------------------------------ Document ID: 3100413742 Date Loaded: 20001027 Title: OB II: ejecting a tape from the drive, via the command line or script PROBLEM Is there a way to enter a command at the command line, or include it in a script, that will determine if any tapes are left in a drive, and, if so, return it to its original slot? CONFIGURATION Operating System - HP-UX Version - 11.0 Hardware System - HP9000 Series - L2000 Subsystem - OB II (OmniBack II) RESOLUTION The command mc(1M) should accomplish the desired task. Here is a description: The command mc refers to the media changer manipulation utility. The mc utility provides users with a command-line interface to send media manipulation commands to an autoloader or media changer device. It takes element types as arguments to most of the options. The valid element types (element_types) are: D Specifies a Data Transfer (DT) element. I Specifies an Import/Export (IE) element. M Specifies a Medium Transport (MT) element. S Specifies a Storage (ST) element. The /usr/sbin/mc command was introduced to manipulate media autoloaders. First of all, when using the 'mc' command, be aware of the following options: s - source d - destination D - drive S - slot Before moving a tape, execute the mc command to see where each device is loaded: # mc -p /dev/rmt/c0t3d1 -r DS DT_slot_1 EMPTY ST_slot_1 FULL ST_slot_2 FULL ST_slot_3 FULL ST_slot_4 FULL ST_slot_5 FULL ST_slot_6 FULL Now, for example, execute the following command to move a tape from slot 5 to drive 1: # mc -p /dev/rmt/c0t3d1 -s S5 -d D1 The following output shows the new arrangement of the tapes: # mc -p /dev/rmt/c0t3d1 -r DS DT_slot_1 FULL ST_slot_1 FULL ST_slot_2 FULL ST_slot_3 FULL ST_slot_4 FULL ST_slot_5 EMPTY ST_slot_6 FULL Also, the mt(1) command may be used either at the command line or in a script. Here is an example: # mt -t /dev/ offline -----End of Document ID: 3100413742------------------------------------------ Document ID: 3100418195 Date Loaded: 20001019 Title: Sys Adm: adding static routes to the network PROBLEM What steps are taken to add a static route to the network? CONFIGURATION Operating System - HP-UX Version - 10.20 Hardware System - HP9000 Series - K-Class Subsystem - System Administration RESOLUTION The command used to add a static route to the network is route add. Below is the route add command syntax: route add [net|host] destination_ip [netmask subnet_mask#]gateway_ip [count] The word "net" is used when the destination_ip is a network or subnet ip (as opposed to a particular host). In contrast, if the destination is a particular host, then the net option can be skipped and the destination IP can be inserted. Including a subnet mask is optional. In the case that the subnet mask needs to be added, then the word "netmask" should precede the subnet mask number. The count is 1 if the gateway is a remote system, and the count is 0 if the gateway is the local system itself. Here are examples of route add: - Route to a subnet/network with the netmask specified, and the gateway is a remote host: % route add net 1.2.3.0 netmask 255.255.255.0 1.2.4.11 1 - Route to a subnet/network with the netmask specified, and the gateway is the localhost itself: % route add net 1.2.3.0 netmask 255.255.255.0 1.2.4.14 0 - Route to a subnet/network without the netmask specified, and the gateway is a remote host: % route add net 1.2.3.0 1.2.4.11 1 - Route to a subnet/network without the netmask specified, and the gateway is the localhost itself: % route add net 1.2.3.0 1.2.4.14 0 - Route to a specific host and the gateway is remote: % route add 1.2.3.4 1.2.3.11 1 - Route to a specific host and the gateway is the localhost itself: % route add 1.2.3.4 1.2.3.14 0 After adding the route at the command line, the changes need to be reflected in the /etc/rc.config.d/netconf file to make it permanent. vi /etc/rc.config.d/netconf and modify the following variables: ROUTE_DESTINATION ROUTE_GATEWAY ROUTE_MASK ROUTE_ARGS ROUTE_COUNT Each route that is configured in the system will have a set of these five variables. Initially, in the netconf file, one set of these variables will already be in place. Each variable in this first set will have the [0] after the variable name, indicating that these five variables are defining the first route (usually the route to the default gateway). Example: ROUTE_DESTINATION [0] ROUTE_GATEWAY [0] ROUTE_MASK [0] ROUTE_ARGS [0] ROUTE_COUNT [0] If more than one route is being defined for this system, then create a new set of these five variables and increase the number in the array by one (so the second set of these variables will have a [1], the third set a [2], etc...) The values that are set for these variables will depend on the route statement that is being added. These five variables are supplying information to the route statement the system is going to execute. ROUTE_DESTINATION is set to what the network variable in the route command was set to (default gateway_ip or net network/subnet IP or just the destination system's IP) ROUTE_GATEWAY is set to the gateway_ip variable ROUTE_MASK is set to the subnet mask; this is optional. It can be left blank if a subnet mask does not need to be specified. It will take the default subnet mask of the interface it uses. ROUTE_ARGS is normally not configured. ROUTE_COUNT is set to 1 if the gateway is remote and 0 if the gateway is the local system. For example, a 10.20 system administrator has manually configured the system to talk to two different routers using the following commands: % route add default 15.1.1.1 1 Note: This command sets up the default router. % route add net 192.1.1 netmask 255.255.255.0 15.1.1.2 1 Note: This command tells the system that it should send all network traffic going to any node which belongs to the 192.1.1 network through the 15.1.1.2 router. In the netconf file, two sets of route variables need to be defined. ROUTE_DESTINATION[0]=default ROUTE_GATEWAY[0]=15.1.1.1 ROUTE_ARGS[0]= ROUTE_MASK[0]= ROUTE_COUNT[0]=1 ROUTE_DESTINATION[1]="net 192.1.1" ROUTE_GATEWAY[1]=15.1.1.2 ROUTE_ARGS[1]= ROUTE_MASK[1]=255.255.255.0 ROUTE_COUNT[1]=1 After configuring these variables, test them out via the following steps: When there are no network connections on the system, issue the following command to flush the system routing tables: route -f The netconf file now needs to be re-read, and the routing table re-established: /sbin/init.d/net start Finally, make sure that the new routes are setup in the system's routing table. netstat -rn Note: Only perform these tasks from the console and while no other users are on the system! -----End of Document ID: 3100418195------------------------------------------