Hacktopia

1. Detach each submirror

ex. metadetach -f d0 d20
d0: submirror d20 is detached

2. Clear each submirror

ex. metaclear d20
d20: Concat/Stripe is cleared

3. Delete the db replica on the failed drive (you can find the replica output by issuing metadb command with no arguments):

ex. metadb -d c0t2d0s7

4. Remove failed drive. Replace with new drive.

5. Run the format command and place the correct partition table, using the layout of the non-replaced drive.

6. re-create the metadb replica on the new disk

ex. metadb -a c0t2d0s7

7. Run metainit for each replaced submirror

ex. metainit d21 1 1 c0t2d0s1
d21: Concat/Stripe is setup

8. Run metattach for each submirror

ex. metattach d0 d20
d0: submirror d20 is attached

ex. metattach d1 d21
d1: submirror d21 is attached

Say you have a new machine, and it is not on NIS or LDAP, it needs to be really secure and only have local accounts. So you need to make a bunch of local accounts, but you need to leave for lunch in a half hour. Well simply use this short simple script to make them and set the proper permissions in a matter of seconds. Below is a sample script, I suggest calling is something like createuserhomedir.sh. We are assuming that there is a file called users which has all the user’s name that we want to make in the same directory as the script.

#!/bin/sh
mkdir=/bin/mkdir

echo “echoing users”
cat ./users
echo “end echoing users”
echo “Making Home Directories”
for i in `cat ./users`
do
mkdir /export/home/$i
echo “Fixing Permissions For $i Home DIR’s”
chown -R $i:other /export/home/$i
done

The script below I wrote to edit a sudo file in a production environment.

#!/bin/sh
## Written By: BAB

## The purpose of this script is to make it so in a big EMERGENCY
## apps support or other approved body can be given access with out
## paging systems support unnecessarily. Great for hotwiring the sudo map!
##
## Script Name: Hot Wire
##
# Edits: changed script so that it will check if you can push to a machine before a username is entered not after the username is asked for. -BAB

#
#
## variables
DATE=`/usr/bin/date`

echo
echo “Enter the user names that needs to have FULL access through sudo”
echo “user names are entered in the form”
echo
echo EXAMPLE
echo “USER NAMES:userone,usertwo,userthree”
echo
echo “Then you will be asked to enter a machine.”
echo ” Only ONE machine name is allowed.”
echo “MACHINE:\c”
read machine

pushed=`ssh root@$machine grep emergencyacessusers /usr/local/etc/sudoers |wc -l`

if [ $pushed != 1 ]
then
echo “Not able to push to $machine - Page Systems for assistance.”
else

echo “USERNAMES:\c”
read usernames

#pushed=`ssh root@$machine grep emergencyacessusers /usr/local/etc/sudoers |wc -l`

#if [ $pushed != 1 ]
# then
# echo “Not able to push to $machine - Page Systems for assistance.”
# else

echo
echo “ALERT ALERT ALERT ALERT ”
echo “The sudoers hotwire file can only be run once ”
echo ” in a 24 hour period per a machine ”
echo “It resets every day at 9am ”

echo “Are you sure you want to allow $usernames to have full Access to machine $machine”
echo “Anything besides yes will Quit!”
echo
echo “yes ?:\c”
read yesno
if [ "$yesno" = "yes" ]
then
echo “pushing temporary sudo changes”
ssh root@$machine “sed ‘/EMERGENCYACCESS/s/emergencyacessusers/$usernames/’ /usr/local/etc/sudoers > /tmp/tempsudo-local” ## cat into temp file so sed does not clober orig file
if [ $? != 0 ]
then
echo “SUDOERS FILE COULD NOT BE PUSHED, POSSIBLE SERVER IS DOWN $DATE - Users:$usernames - Machine:$machine” >> /tmp/tempsudolog-now
else
ssh root@$machine “cat /tmp/tempsudo-local > /usr/local/etc/sudoers” ## Replace current list because of how sed works
if [ $? != 0 ]
then
echo “SUDOERS FILE COULD NOT BE PUSHED, POSSIBLE SERVER IS DOWN $DATE - Users:$usernames - Machine:$machine” $DATE >> /tmp/tempsudolog-now
else
ssh root@$machine “mailx -s ‘Hot Wire - SUDO PUSH’ alert@company.com < /usr/local/etc/sudoers”
if [ $? != 0 ]
then
echo “COULD NOT SEND MAIL. - $DATE - Users:$usernames - Machine:$machine” >> /tmp/tempsudolog-now
else
echo “$DATE - Users:$usernames - Machine:$machine” >> /tmp/tempsudolog-now
echo “SUDOERS file pushed successfully”
fi
fi
fi
cat /tmp/tempsudolog-now >> /opt/scripts/tempsudolog
rm /tmp/tempsudolog-now
else
echo “EXITED - ROOT SUDO PUSH ABORTED”
fi
fi

Below is a script that I put together to log into multipliable machines via ssh to grab the uptime of the machine. In this situation the machines are all Solaris of either 8,9,10. There is no reason that this script or any other script that I write can not be used on linux or any other *NIX with out a tiny bit of modification. I try to put plenty of comments into my scripts so they are easy to understand.

#!/bin/sh
# Written By: BAB
#Purpose: To gather the uptime from Unix machiens and present it in a readable fashion in order of uptime
#This is to be run from one central machine becuase that is where the ssh keys are set up from
#Prerequisites: ssh, sort, echo, nawk
#Files Used:uptime-before, and uptime-sorted. uptime-before is where all the machine names and uptime is stored before they are sorted and up in uptime-sorted
#Example Output: machine_name uptime, each on new line starting with shortest uptime, machines with <24 hours can show up not in their proper location because 17 hours is greater then 12 days!

DATE=`/usr/bin/date`

echo “” > uptime-before

echo “Starting to gather uptime”

#add additional files with machine names to the end of the cat command below. The files should have one machine name (host name translatable via DNS) per a line
for server in `cat /opt/scripts/sudo/sudoserver_list /opt/scripts/sudo/stagingserver_list /opt/scripts/sudo/non_sudo_server`
do
uptime=`ssh root@$server uptime | nawk ‘{print $3}’ `

echo “$server $uptime” >> uptime-before
done
echo “done getting uptime”

echo “$DATE” > uptime-sorted
sort -u uptime-before | sort +1 -n >> uptime-sorted

mailx -s “Weekly uptime report” manager@company.com < /opt/scripts/uptime-sorted

Below is a script that I wrote to back up a bunch of files, tar them and then compress them. Why use two different programs, tar and zip, because it is the UNIX way. Use one specialty program to do one thing, and one thing very well. If you put too many features into your UNIX programs then they just grow too monstrous and unmanageable like Windows (just a example).

#!/bin/bash#Written By: BAB
#The purpose of this script is to back up all directories listed, compress the directories, encript the directories, and send them to a remote site.
#compressioin /bin/bzip2
#archiving /bin/tar
#encription /usr/bin/gpg

ZIP=/bin/bzip2
TAR=/bin/tar
ENCRYPT=/usr/bin/gpg
RM=/usr/bin/rm
DATE=`/usr/bin/date +%m/%d/%Y`

BACKUPDIRS=/home/one /home/two
BACKUPNAME=server-backup$DATE
REMOTESERVER=server.com

REMOTEUSERNAME=username

GPGNAME=my name

echo “starting backup”

echo ” AKA tar”

$TAR -cf $BACKUPNAME.tar $BACKUPDIRS

echo “Starting zip”
$ZIP -z $BACKUPNAME.tar

echo “starting encryption”
$ENCRYPT –encrypt –recipient ‘$GPGNAME’ BACKUPNAME.tar

echo “sending to remote site one”
scp FILE $REMOTEUSERNAME@REMOTESERVER:~

echo “doing cleanup”
$RM $BACKUPNAME.tar.gpg
echo “cleanup done”

echo “Backup Complete!”

#echo “Decripting the file”
#gpg –output foo.txt –decrypt foo.txt.gpg

# echo “Usage: $0 {-encript -decript}” >&2
# exit 1
# ;;
#esac

#exit 0