Archive

Monthly Archives: July 2012

This post will in short describe how to setup an Encrypted Filesystem on AIX 6.1.

EFS offers 2 modes of operation:

Root Admin mode
This is the default mode. Root can reset user and group keystore passwords.

Root Guard mode
Root doeas not have access to user’s encrypted files and cannot change their passwords.

Note: NFS exports of EFS filesystems are not supported.

1. Prerequisites:
RBAC has to be enabled. Should be by default on AIX 6.1. If not use chdev to enable it.

# lsattr -El sys0 | grep RBAC
enhanced_RBAC   true         Enhanced RBAC Mode        True

CryptoLite needs to be installed

# lslpp -l | grep clic       
  clic.rte.kernext           4.7.0.1  COMMITTED  CryptoLite for C Kernel
  clic.rte.lib               4.7.0.1  COMMITTED  CryptoLite for C Library
  clic.rte.kernext           4.7.0.1  COMMITTED  CryptoLite for C Kernel

2. EFS Commands:

efsenable – Enables EFS on a given system. This is run only once
efskeymgr – Encryption Key Management tool
efsmgr – File encryption and decryption
Read More

This post will describe, how to configure Filesystem space usage monitoring using IBM Reliable Scalable Cluster Technology.
After the configuration is compleate the specified user will receive notifications if a treshold of a monitored filesystesm has been reached.

First we need to select a condition that should be monitored. The list of predefined conditions that are available can be shown using the command:

# lscondition
...
"/var space used"                   "Not monitored" 
"/tmp space used"                   "Not monitored"     
...

To list details about a condition use:

# lscondition "/var space used"
Displaying condition information:

condition 1:
        Name                        = "/var space used"
        MonitorStatus               = "Not monitored"
        ResourceClass               = "IBM.FileSystem"
        EventExpression             = "PercentTotUsed > 90"
        EventDescription            = "An event will be generated when more than 90 percent of the total space in the /var directory is in use."
        RearmExpression             = "PercentTotUsed < 75"
        RearmDescription            = "The event will be rearmed when the percent of the space used in the /var directory falls below 75 percent."
        SelectionString             = "Name == \"/var\""
        Severity                    = "i"
        NodeNames                   = {}
        MgtScope                    = "l"
        Toggle                      = "Yes"
        EventBatchingInterval       = 0
        EventBatchingMaxEvents      = 0
        BatchedEventRetentionPeriod = 0
        BatchedEventMaxTotalSize    = 0
        RecordAuditLog              = "ALL"

Read More

This post wil describe how to install a Ifix using NIM on a client. You may also use smitty nim.

1. I assume you have a existing LPP_Source and a defined client.

# lsnim -l LPP_61_TL7
LPP_61_TL7:
   class       = resources
   type        = lpp_source
   arch        = power
   Rstate      = ready for use
   prev_state  = unavailable for use
   location    = /export2/aix61ml7/lpps
   simages     = yes
   alloc_count = 0
   server      = master

Put your Ifix into the emgr/ppc directory into the LPP_Source

 # cd /export2/aix61ml7/lpps
 # mkdir -p emgr/ppc 
 # ls
 RPMS      emgr      installp  usr
....

 # ls emgr/ppc
 IV16587s02.epkg.Z

Now install the fix on the client

Operation    This is a Ifix Installation        LPP source name     Client
       |                  |                                   |          | 
# nim -o cust -a filesets=E:IV16587s02.epkg.Z -a lpp_source=LPP_61_TL7 power2

Initializing log /var/adm/ras/emgr.log ...
EPKG NUMBER       LABEL               OPERATION              RESULT            
===========       ==============      =================      ==============    
1                 IV16587s02          INSTALL                SUCCESS           
ATTENTION: system reboot is required. Please see the "Reboot Processing"
sections in the output above or in the /var/adm/ras/emgr.log file.
Return Status = SUCCESS

Read More