Copy RSA keys to all Solaris zones & restart ssh service

This is a simple script to copy SSH RSA keys to all standard zones and restarting ssh services on all .

i am not going to explain how to create public RSA keys. Also assume that RSA key is copied to global zone.

usage : create file with script, give exicute permission & run example.sh <ip>

#!/bin/bash
ipaddress=$1
IFS=$’\n’ read -d ” -ra name < <(ssh “$ipaddress” zoneadm list -cv | awk ‘NR > 2{print $4}’ )
IFS=$’\n’ read -d ” -ra state < <(ssh “$ipaddress” zoneadm list | awk ‘NR > 1’ )

for i in “${!name[@]}”;do
ssh $ipaddress mkdir -p “${name[$i]}”/root/.ssh
ssh $ipaddress chmod 700 “${name[$i]}”/root/.ssh
echo “copying RSA keys on : ${state[$i]}”
echo “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4T+N21GzKnYgCh9sC72qhOYKjbjHRyp5GqWPDGSfUkhmk8iJRAS2hhcP5lZ1x6fc/cNzqETQ98sjdKm59PB7MSJQ12WMHTc7wtuBdh7+wE0ZlWsjGfEvzCaWIXNUhh2hK2ZUq7XMZ5QR2E+j2uWTJKsZmQyf4
A5z8nLTAtL2CKQamxZskABttpXkxx7gm+yc8coJB8nhOr6Q4KsyDcEmjGAFwbjiBKyefUIiMroP0PtZPI/8EYtwtP/Cm79BFzhJtOl/VGqTvlab+1IQeO54/ztL0gg7C0zTwNTKODTrCNh+nIj6Fk6/CjyX0Qg9xWd7BRr1oUbI5yMvg3wLD66tEw== root@kwtprgateone01
” | ssh $ipaddress “cat >> “${name[$i]}”/root/.ssh/authorized_keys”
ssh $ipaddress chmod 600 “${name[$i]}”/root/.ssh/authorized_keys
echo “changing ssh configuration files on: ${state[$i]}”
ssh $ipaddress “cat ${name[$i]}/root/etc/ssh/sshd_config | sed ‘s/PermitRootLogin no/PermitRootLogin yes/g’ > ${name[$i]}/root/tmp/sshd_config ; cp ${name[$i]}/root/tmp/sshd_config ${name[$i]}/root/e
tc/ssh/sshd_config”
echo “Restarting ssh service on : ${state[$i]}”
ssh $ipaddress “zlogin ${state[$i]} svcadm restart ssh”
done

How to audit solaris commands like rm,mv,cron,zip… as realtime

HI

we faced one issue in production solaris machine like someone/some program is deleting one directory sometimes. I decided to explore more on this and finally found Dtrace , that comes with solaris bundle

 

Dtrace:

DTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kerneland application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) and has been ported to several other Unix-like systems.

 

DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes. It can also provide much more fine-grained information, such as a log of the arguments with which a specific function is being called, or a list of the processes accessing a specific file.

 

Here i am showing some simple script to trace the commands and send output to file. After that we can logrotate that based on size bcoz this will dump huge lines of putput

 

create a file with below script and start that script with nohup, that’s it

 

 

dtrace -qn ‘syscall::unlink*:entry { printf(“%d, %s, %Y, %s\n”, uid, execname, walltimestamp, copyinstr(arg0));}syscall::fsat:entry  /arg0 == 5 / { printf(“%d, %s, %Y ,%s\n”, uid, execname, walltime

stamp, copyinstr(arg2));}’ | tee -a /var/tmp/spora.log