Tuesday, April 19, 2011

Installation de HP-UX v11.x with Screenshots



Installation de HP-UX v11.x

Figure 2  Choix du clavier :
31/3160

  • Enter the number of the keyboard language you are using. Then press Enter. This selection determines the key layout of the console keyboard.
Welcome Screen 


=====================================================
 Welcome to Ignite-UX !

Use the  key to navigate between fields, and the arrow keys
within fields. Use the  key to select an item.
Use the  or  to pop-up a choices list. If the
menus are not clear, select the "Help" item for more information.

 Hardware Summary : System Model : 9000/712/80
 +----------------------------------------------------------+ [ Scan Again ]
 | Disks : 4 ( 5.8GB) | Floppies : 1 | LAN cards : 2 |
 | CDs : 1 | Tapes : 0 | Memory : 32Mb |
 | Graphics Ports : 1 | IO Buses : 2 | | [ H/W Details ]
 +----------------------------------------------------------+

 [ Install HP-UX ]

 [ Run a Recovery Shell ]

 [ Advanced Options ]


 [ Reboot ] [ Help ]

=====================================================


This Terminal User Interface (TUI) screen summarizes the information found by an initial scan of your target hardware.
  • Tab to "H/W Details" and press Enter to get a detailed scan of your hardware. (You can also do the same thing by pressing D — see the next NOTE). 
  • Tab to "Install HP-UX" and press Enter to continue with configuring the installation. 
  • Tab to "Run a Recovery Shell" to manually run HP-UX commands, for example, in order to recover a system that has crashed. From the interactive shell, the /sbin/loadfile command can be used to load commands that you may need to recover the system. This function is for advanced users only. 
  • Tab to "Advanced Options" to get version information and to make changes in process controls.

Tips for using the TUI (character) interface :
  • If you prefer to use the keyboard to manipulate the Install interface, you can do so by typing the underlined letter of an item (such as "I" for Install HP-UX). 
  • For general screen help, choose the Help button at the bottom of each screen. For context-sensitive help, press f1 or Ctrl-f
  • Use Ctrl-k to get navigation key help.

If you selected "H/W Details" in the "Welcome" screen, you will see the following detailed scan of your target hardware : 
31/3161

If you selected "Install HP-UX" in the "Welcome" screen, you will see the following :
========================================================
 User Interface and Media Options

 This screen lets you pick from options that will determine if an
 Ignite-UX server is used, and your user interface preference.

 Source Location Options :
 [ * ] Media only installation
 [ ] Media with Network enabled (allows use of SD depots)
 [ ] Ignite-UX server based installation

 User Interface Options :
 [ * ] Guided Installation (recommended for basic installs)
 [ ] Advanced Installation (recommended for disk and filesystem management)
 [ ] Remote graphical interface running on the Ignite-UX server

 Hint : If you need to make LVM size changes, or want to set the
 final networking parameters during the install, you will
 need to use the Advanced mode (or remote graphical interface).




 [ OK ] [ Cancel ] [ Help ]

========================================================


  • Select the Source-Location of installation, by typing an "*" in the box. 
  • Select among the User Interface options to designate where you intend to control the installation from. A Remote graphical interface assumes that you have an Ignite-UX server configured and available.
    If you only wish to access an SD depot over the network, then you should choose Media with Network enabled.... You will then be able to specify the SD depot later during the media install.
    The third selection requiring a network server be configured and available.

      Select Guided Installation. This has the following characteristics :
        Instructions for each procedure.
        "Mainstream" configuration.
        Default disk layout (e.g., no detailed LVM formatting).
(You will not see this screen if you are doing a media-only installation).
Figure 4  netmedia 
31/3162

You can enter networking information on this screen. When you have entered the needed information, tab to OK and press Enter.
Guided Installation 

If you selected the Guided Installation from the User Interface Options menu, you will be using the Task Wizard illustrated here. The Task Wizard is intended to provide help for a first-time user of Ignite-UX by providing on-screen explanation and a limited number of steps to accomplish a basic installation.
Note that the Task Wizard is available only on a client-managed (standalone) installation, and is presented in character-mode (TUI).
31/3163

In TUI mode, you will be able to use the keyboard to navigate. Press Ctrl-K
for detailed keyboard help at any time.
HP-family terminals display function key labels (also called softkey labels) at the bottom of the window. These labels vary depending on the type of window being displayed, but the functions off1-f4 are consistent :
Key            Meaning
       f1             Help on Context
       f2             Alt  (a modifier key)
       f3             Select/Unselect
       f4            Menubar on/off
To navigate in a typical TUI screen, you will be doing the following :
  1. Highlight the field you want, using Tab, if necessary.
  2. Press Enter to open a list in a selector field.
  3. Use the up/down arrow keys to highlight a selection.
  4. Press Enter again to select the item.
  5. Tab to the next field.
    • You may also have to take some action, such as select OK or Modify in order to activate your selection. You can use the local help for the screen (f1 or Help) to get specific information. 
    • As a shortcut to specifying an action, you can type the underlined letter of an item (such as "C" for Cancel) to activate the item without highlighting it.
31/3164

This screen enables you to select a system environment, such as CDE ("Common Desktop Environment") to interact with on the target system. Select Next to continue to a following screen. Select Back to return to a previous screen. On the last screen, you will select Finish to execute the installation.
If you want to cancel out of the process at any time, select Cancel. You will see the choices shown above.
The rest of the wizard screens let you do the following tasks :
  • Select a root disk. 
  • Specify the amount of root swap space. 
  • Select a file system type. 
  • Specify root volume group disks. 
  • Select a language(s). 
  • Select a user license. 
  • Select Additional Software. 
  • Pre-install disk information. (To allow you to exclude disks from the install.) 
  • Pre-install check information. (To allow you to review errors or warnings.) 
  • System Summary. (To allow you to see a summary of the install configuration prior to executing it.)
31/3165

If you want to leave the Task Wizard mode at any time, select the Cancel button, or press C. You will have the choices illustrated above.
You may want to leave the Task Wizard in order to do more advanced disk configuration or to add hardware, for example, in which case you can restart Ignite-UX in advanced mode in this screen.
Advanced Media Installation (TUI) 

If you choose to run an advanced interface for the media install, you will see the following on the system you are installing : 
31/3166

Helping  Other  People  Excel  (Laxman J)

Thursday, April 14, 2011

HP-UX 11.0 Installation Checklist and ready server.


HP-UX 11.0 Installation Checklist
This document is to be used as a guide to help create a secure HP-UX 11.0 Internet ready server. Since this is to be a secure install it is advisable that the server remain off the network/internet until it has been completely configured. You will need to have some way to transfer files so the system will need either a tape drive or a cdrom physically attached. It is also advisable not to have a C compiler installed on the system. (While this won’t stop a determined hacker it will make it just a little bit harder for them.) Since the machine will not have a compiler you will need to do the compiles on a different machine and transfer the binaries between them.




Complete Hp-Ux real time Documentation

·    Hp-Ux Backups

Helping  Other  People  Excel


Hp-Ux APPENDIX – Network Parameters


APPENDIX B – Network Parameters
ip_send_redirects – causes the machine not to emit any ICMP redirect Packets. Under normal operation this probably won’t have significant security implications.
ip_ire_flush_interval and arp_cleanup_interval – control how long information will live in the system’s ARP cache. The ARP cache maintains a mapping between Ethernet addresses and IP address. The default values are 10 minutes (?????). Lowering these values can help prevent some ARP spoofing attacks but at the cost of more ARP traffic on your local LAN and possibly reduced performance. Think carefully before you change these variables.
ip_forward_directed_broadcast – caused the machine to not transmit packets which are destined for a broadcast network address. If the machine is being used as a gateway between several networks this can help you from being used as an intermediary network in a "smurf" type network attach. The machine will still respond to broadcast packets directed at any LAN it may be connected to.
ip_forward_src_routed – prevents the machine from forwading any packets that have the source routing option turned on.
ip_forwarding – turning off ip_forwarding prevents the machine from accepting and forwarding on packets that are not destined for one of it’s local interface addresses. Such a feature can be used by attackers to bypass other network security measures.
tcp_ip_abort_cinterval – this is how long the kernel will wait for a TCP connection to be completed (in milliseconds). Tuning this value down can also help your system resist SYN flooding attacks.
You can use the following commands to view various information concerning Network parameter.
ndd –h sup – display all the parameters that are supported by HP.
ndd –h unsup – display all the parameter that are not supported by HP. Becareful modifying these!
ndd –c - set tunable parameters
APPENDIX C – Example secure /etc/fstab
/dev/vg00/lvol3 / hfs defaults 0 1
/dev/vg00/lvol1 /stand hfs nosuid 0 1
/dev/vg00/lvol4 /tmp hfs defaults 0 2
/dev/vg00/lvol5 /home hfs nosuid 0 2
/dev/vg00/lvol6 /opt hfs ro 0 2
/dev/vg00/lvol7 /usr hfs ro 0 2
/dev/vg00/lvol8 /var hfs nosuid 0 2
APPENDIX D – Sample SSHD Startup Script
#!/sbin/sh
#
# start up secure shell deaemon - sshd
#
PATH=/usr/sbin:/usr/bin:/sbin
export PATH
rval=0
case $1 in
'start_msg')
echo "Starting the sshd"
;;
'stop_msg')
echo "Stopping the sshd"
;;
'start')
if [ -f /etc/rc.config.d/sshd_config ]
then
/opt/openssh2/sbin/sshd -f /etc/rc.config.d/sshd_config
else
echo "ERROR: /etc/rc.config.d defaults file MISSING"
fi
;;
'stop')
kill `cat /opt/openssh2/etc/sshd.pid`
;;
*)
echo "usage: $0 {start|stop|start_msg|stop_msg}"
rval=1
;;
esac
exit $rval

Helping  Other  People  Excel

APPENDIX A – HP-UX 11.0 Supported Systems


APPENDIX A – HP-UX 11.0 Supported Systems
Model
32-bit
64-bit
Workstations:


Series 700: 712, 715/64/80/100/100XC, 725/100
X

B132L, B132L+, B160L, B180L
X

B1000, B2000

X
C100, C110, C160L
X

C160, C180, C180XP, C200, C240, C360
X
X
C3000, C3600

X
J200, J210, J210XC
X

J280, J282, J2240
X
X
J5000, J5600, J6000, J7000

X
Servers:


A180, A180C
X

A400, A5xx

X
Dx10, Dx20, Dx30, Dx50, Dx60
X

Dx70, Dx80, Dx90
X
X
E, F, G, H, I (all)
X

Kx00, Kx10, Kx20
X

Kx50, Kx60, Kx70, Kx80
X
X
L1000, L2000, L3000

X
N4000/360, N4000/440, N4000/550

X
R380, R390
X
X
T500, T520
X

T6xx
X
X
V22xx, V2500, V2600

X
Enterprise Parallel Servers: EPS22, EPS23, EPS40
X
X

Hp-Ux Backups

Backups
Create a Golden Image – use make_tape_recovery to create a bootable system recovery tape for an LVM or whole disk system while it is up and running. When a system has a logical volume layout, the recovery tape will only include data from the root volume group, plus data from any Non-root volume group containing /usr. Data not in the root volume group must be backed up and recovered using normal backup utilities. This golden image can be used to restore a non-bootable system with little or not user intervention, restore a system in the event of a hardware failure, clone software from one system to another.
Make_recovery is part of the Ignite-UX product. It can be downloaded from www.software.hp.com/products/IUX/download.html. More detailed installation instructions can be found atwww.software.hp.com/products/IUX/install_instructions.html.
Installing Ignite-UX
  1. ____ Downloaded software from www.software.hp.com/products/IUX/download.html
  2. ____ Copy ignite11_11.00.tar to /tmp
  3. ____ /usr/bin/bdf – Make sure you have at least 50 mb of free space in /opt
  4. ____ /usr/sbin/swinstall -s /conv/tara/ignite11_11_00.tar \*
Create a golden image
  1. ____/opt/ignite/bin/make_tape_recovery -AvC -d /dev/rmt/0m
Physical Security
It is extremely important that a unix server be placed in a secure environment. It is a fact that anyone who has physical access to the machine can fairly easily gain root access.
  1. ____ The server should be installed in a locked environmentally controlled data center with restricted access to the server.
  2. ____ If possible the data center should have cameras installed to monitor all activity.
  3. ____ The keyboard should be situated away from any cameras, windows or prying eyes.
  4. ____ The system should be attached to a UPS with monitoring software that will shutdown the server when power to the UPS has been interrupted.
  5. ____ Backup tapes should be kept in a secure environment.

Hp-Ux LSOF software


LSOF
This utility is used to list files, sockets, etc opened by processes. It also gives a large amount of other related information that can select by process ID, username or filename.
  1. ____ Download 32 bit version of the software from HP-UX Software porting site,http://hpux.connect.org.uk/hppd/hpux/Sysadmin/lsof-4.55/
  2. ____ /usr/contrib/bin/gunzip lsof-4.51-sd-11.00.depot.gz
  3. ____ /usr/sbin/swinstall -s lsof-4.51-sd-11.00.depot \*
  1. ____ The 64 bit version binaries can be found atftp://vic.cc.purdue.edu/pub/tools/unix/lsof/binaries/hpux/B.11.00/64/9000_800/
  2. ____ /usr/contrib/bin/gunzip lsof_4.55.gz
  3. ____ /usr/bin/mv lsof_455 to /opt/lsof/bin