Tuesday Apr 17, 2012

Remote Desktop from Solaris to Windows

Building rdesktop on Solaris 10

[Read More]

Sunday Jan 09, 2011

trackerd

I've upgraded my laptop to the latest Oracle Solaris 11 Express (snv_151a X86) and at a first glance, I've to say that seems a good step forward respect to my previous OpenSolaris... but ... Like all good nerds, I was exploring the new system, playing with configurations and installing the typical nerd software I need, while I stumbled on a process (eating a lot of CPU and RAM): /usr/bin/trackerd that I've never seen on my previous OpenSolaris installation...
Nothing special, is not a virus or an E.T.: is just the default GNOME indexing/tracking tool that from this release is installed and enabled by default:


root-AT-vesuvio:~# pkg info tracker
          Name: library/desktop/search/tracker
       Summary: Desktop search tool
   Description: Desktop search tool
      Category: Applications/System Utilities
         State: Installed
     Publisher: solaris
       Version: 0.5-DOT-11
 Build Release: 5.11
        Branch: 0.151.0.1
Packaging Date: Fri Nov 05 05:52:57 2010
          Size: 3.09 MB
          FMRI: pkg://solaris/library/desktop/search/tracker@0.5.11,5.11-0.151.0.1:20101105T055257Z
root@vesuvio:~#


Since I'm very conscious about my CPU clock cycles/RAM bits, and my nerd software doesn't like CPU/MEM spikes that could be easily triggered from that software I simply removed the package:


root@vesuvio:~# pkg uninstall tracker
                Packages to remove:     1
           Create boot environment:    No
               Services to restart:     2
PHASE                                        ACTIONS
Removal Phase                                373/373

PHASE                                          ITEMS
Package State Update Phase                       1/1
Package Cache Update Phase                       1/1
Image State Update Phase                         2/2
root@vesuvio:~#



I admit that this solution may sound a bit 'extreme', but I really don't like/use this piece of software. I do not like that kind of programs running in background, browsing and crawling the directories of your HD to index the content of your documents, pictures, emails etc. This could be a nice feature to have on an average end-user desktop/station, not for a laptop that I mainly use as my nerd-lab test bench ;-)


People interested in using this tool can find plenty of ways of throttling down the CPU/MEM resources, excluding directories or assigning specific paths to monitor, etc...



  • Tracker Project home page on GNOME

  • HOWTO that explains how to customize the tracker daemon behaviour

Monday May 31, 2010

cacao and cacao_2

[root@cnode ~]# netstat -naf inet | grep 11162
127.0.0.1.11162       \*.\*                0      0 49152      0 LISTEN
[root@cnode ~]#


[root@cnode ~]# ps -aef | grep cacao
    root  1817     1   0 14:53:28 ?           0:00 /usr/lib/cacao/lib/tools/launch -w /var/cacao/instances/default -L 16384 -P /va
[root@cnode ~]# pargs 1817
1817:   /usr/lib/cacao/lib/tools/launch -w /var/cacao/instances/default -L 16384 -P /va
argv[0]: /usr/lib/cacao/lib/tools/launch
argv[1]: -w
argv[2]: /var/cacao/instances/default
argv[3]: -L
argv[4]: 16384
argv[5]: -P
argv[6]: /var/run/cacao/instances/default/run/hb.pipe
argv[7]: -f
argv[8]: -U
argv[9]: root
argv[10]: -G
argv[11]: sys
argv[12]: --
argv[13]: /usr/jdk/jdk1.5.0_18/bin/java
argv[14]: -Xms4M
argv[15]: -Xmx128M
argv[16]: -Dcom.sun.management.jmxremote
argv[17]: -Dfile.encoding=utf-8
argv[18]: -Djava.endorsed.dirs=/usr/lib/cacao/lib/endorsed
argv[19]: -classpath
argv[20]: /usr/share/lib/jdmk/jdmkrt.jar:/usr/share/lib/jdmk/jmxremote_optional.jar:/usr/lib/cacao/lib/cacao_cacao.jar:/usr/lib/cacao/lib/cacao_j5core.jar:/usr/lib/cacao/lib/bcprov-jdk14.jar
argv[21]: -Djavax.management.builder.initial=com.sun.jdmk.JdmkMBeanServerBuilder
argv[22]: -Dcacao.print.status=true
argv[23]: -Dcacao.config.dir=/etc/cacao/instances/default
argv[24]: -Dcacao.monitoring.mode=smf
argv[25]: -Dcom.sun.cacao.ssl.keystore.password.file=/etc/cacao/instances/default/security/password
argv[26]: com.sun.cacao.container.impl.ContainerPrivate
[root@cnode ~]#


[root@cnode ~]# cacaoadm status
default instance is DISABLED at system startup.
Smf monitoring process:
1817
1818
Uptime: 0 day(s), 1:13
[root@cnode ~]# cacaoadm list-params
snmp-adaptor-port=11161
snmp-adaptor-trap-port=11162
jmxmp-connector-port=11162
commandstream-adaptor-port=11163
rmi-registry-port=11164
secure-webserver-port=11165
java-flags=-Xms4M -Xmx128M -Dcom.sun.management.jmxremote -Dfile.encoding=utf-8 -Djava.endorsed.dirs=/usr/lib/cacao/lib/endorsed
micro-agent=false
java-home=/usr/jdk/jdk1.5.0_18
jdmk-home=/usr/share/lib/jdmk
nss-lib-home=/usr/lib/mps/secv1
nss-tools-home=/usr/sfw/bin
retries=4
log-file-limit=1000000
log-file-count=3
log-file-append=true
enable-instrumentation=false
user=root
group=sys
network-bind-address=127.0.0.1
watchdog-heartbeat-timeout=60
[root@cnode ~]#



[root@cnode ~]# cacaoadm stop
[root@cnode ~]# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 129.157.108.81 netmask fffffe00 broadcast 129.157.109.255
        ether 8:0:20:c3:cf:b8
[root@cnode ~]# cacaoadm set-param network-bind-address=129.157.108.81
[root@cnode ~]# cacaoadm list-params
snmp-adaptor-port=11161
snmp-adaptor-trap-port=11162
jmxmp-connector-port=11162
commandstream-adaptor-port=11163
rmi-registry-port=11164
secure-webserver-port=11165
java-flags=-Xms4M -Xmx128M -Dcom.sun.management.jmxremote -Dfile.encoding=utf-8 -Djava.endorsed.dirs=/usr/lib/cacao/lib/endorsed
micro-agent=false
java-home=/usr/jdk/jdk1.5.0_18
jdmk-home=/usr/share/lib/jdmk
nss-lib-home=/usr/lib/mps/secv1
nss-tools-home=/usr/sfw/bin
retries=4
log-file-limit=1000000
log-file-count=3
log-file-append=true
enable-instrumentation=false
user=root
group=sys
network-bind-address=129.157.108.81
watchdog-heartbeat-timeout=60
[root@cnode ~]# cacaoadm start
[root@cnode ~]# netstat -naf inet | grep 11162
129.157.108.81.11162       \*.\*                0      0 49152      0 LISTEN
[root@cnode ~]#






Solaris and core files

[mm206378-AT-sr1-emln03-04 /net/cores.central/cores/dir27/71037750/20090516]$ grep "conn=121227 op=2 msgId=141" access
[16/May/2009:00:42:19 -0500] conn=121227 op=2 msgId=141 - MOD dn="uid=mammy22g, ou=RegisteredUsers, ou=People, o=nextel.com"
[16/May/2009:02:37:44 -0500] conn=121227 op=2 msgId=141 - RESULT err=0 tag=103 nentries=0 etime=6925.169930 csn=4a0e6ee1000000670000

[mm206378-AT-sr1-emln03-04 /net/cores.central/cores/dir27/71037750/20090516]$ head access
[15/May/2009:22:57:53 -0500] conn=107402 op=1 msgId=9079 - SRCH base="ou=registeredusers,ou=people,o=nextel.com" scope=2 filter="(uid=heatherwilson1983)" attrs="uid cn sn givenName reggender reghintquestion reghintanswer mail reginoutemailoption postalCode st ppcity c ppbirthdate nxtptn nxtimei nxtindustrycode nxtbusinessrole nxtincome nxtbusinesscust nxtmanagedaccount nxtupsubscriberaddressid nxtaccount regnickname pplangpreference ppregion regstreetaddress1 regstreetaddress2 accountadmins objectClass nxtphonetype regcompanyname userPassword nxtconfirmationcode nxtemailverified"
[15/May/2009:22:57:53 -0500] conn=107403 op=-1 msgId=-1 - fd=87 slot=87 LDAP connection from 10.214.117.27:17547 to 144.226.242.7 (allowed by  rule: ALL:10.214.117.)
[15/May/2009:22:57:53 -0500] conn=107403 op=0 msgId=39348 - BIND dn="uid=6LN, ou=Special Users, o=nextel.com" method=128 version=3
[15/May/2009:22:57:53 -0500] conn=107403 op=0 msgId=39348 - RESULT err=0 tag=97 nentries=0 etime=0.000780 dn="uid=6ln,ou=special users,o=nextel.com"
[15/May/2009:22:57:53 -0500] conn=107403 op=1 msgId=39349 - SRCH base="ou=registeredusers,ou=people,o=nextel.com" scope=2 filter="(nxtptn=9193521611)" attrs="uid givenName sn regstreetaddress1 regstreetaddress2 ppcity st postalCode mail nxtemailverified reginoutemailoption nxtptn nxtupsubscriberaddressid nxtimei nxtphonetype"
[15/May/2009:22:57:53 -0500] conn=107403 op=1 msgId=39349 - RESULT err=0 tag=101 nentries=0 etime=0.000390
[15/May/2009:22:57:53 -0500] conn=107403 op=2 msgId=39350 - UNBIND
[15/May/2009:22:57:53 -0500] conn=107403 op=2 msgId=-1 - closing from 10.214.117.27:17547 - U1 - Connection closed by unbind client -
[15/May/2009:22:57:53 -0500] conn=107403 op=-1 msgId=-1 - closed.
[15/May/2009:22:57:53 -0500] conn=107404 op=-1 msgId=-1 - fd=87 slot=87 LDAP connection from 10.214.117.27:52005 to 144.226.242.7 (allowed by  rule: ALL:10.214.117.)
[mm206378-AT-sr1-emln03-04 /net/cores.central/cores/dir27/71037750/20090516]$ tail access
[16/May/2009:02:37:49 -0500] conn=137659 op=2 msgId=3 - UNBIND
[16/May/2009:02:37:49 -0500] conn=137659 op=2 msgId=-1 - closing from 10.214.117.6:37222 - U1 - Connection closed by unbind client -
[16/May/2009:02:37:49 -0500] conn=137659 op=-1 msgId=-1 - closed.
[16/May/2009:02:37:49 -0500] conn=137657 op=1 msgId=2624 - RESULT err=0 tag=101 nentries=1 etime=0.626520
[16/May/2009:02:37:49 -0500] conn=137657 op=2 msgId=2625 - UNBIND
[16/May/2009:02:37:49 -0500] conn=137657 op=2 msgId=-1 - closing from 10.214.117.23:21280 - U1 - Connection closed by unbind client -
[16/May/2009:02:37:49 -0500] conn=137657 op=-1 msgId=-1 - closed.
[16/May/2009:02:37:51 -0500] conn=137660 op=-1 msgId=-1 - fd=87 slot=87 LDAP connection from 10.214.117.21:21294 to 144.226.242.7 (allowed by  rule: ALL:10.214.117.)
[16/May/2009:02:37:51 -0500] conn=137660 op=0 msgId=2629 - BIND dn="uid=6JN, ou=Special Users, o=nextel.com" method=128 version=3
[16/May/2009:02:37:51 -0500] conn=137660 op=0 msgId=2629 - RESULT err=0 tag=97 nentries=0 etime=0.000880 dn="uid=6jn,ou=special users,o=nextel.com"
[mm206378@sr1-emln03-04 /net/cores.central/cores/dir27/71037750/20090516]$ grep -c "BIND dn="uid=6JN" access
>
[mm206378@sr1-emln03-04 /net/cores.central/cores/dir27/71037750/20090516]$ grep -c "BIND dn=\\"uid=6JN" access
12830
[mm206378@sr1-emln03-04 /net/cores.central/cores/dir27/71037750/20090516]$ grep -c MOD access
5579
[mm206378@sr1-emln03-04 /net/cores.central/cores/dir27/71037750/20090516]$

----------------------------------
shsh

COREADM_GLOB_PATTERN=
COREADM_GLOB_CONTENT=default
COREADM_INIT_PATTERN=core
COREADM_INIT_CONTENT=default
COREADM_GLOB_ENABLED=no
COREADM_PROC_ENABLED=yes
COREADM_GLOB_SETID_ENABLED=no
COREADM_PROC_SETID_ENABLED=no
COREADM_GLOB_LOG_ENABLED=no  

(2:18:04 PM) Marco Milo: and what's the output of coreadm <DS_PID> so we have the exaxt settings also for the specific process...
(2:18:51 PM) ft96309@im.sun-DOT-com/SUN-N52RZ0V6L0W:        ahhhh, we have been doing $gcore -o <file.out> <pid>    
(2:19:51 PM) ft96309@im.sun-DOT-com/SUN-N52RZ0V6L0W:        should i do the command as you list it above?    
(2:20:15 PM) Marco Milo: yes, just to see what are the settings of coreadm for our Directory Server process
(2:20:51 PM) ft96309@im.sun-DOT-com/SUN-N52RZ0V6L0W:
/tmp: ps -ef|grep slapd
dsee 20491     1   0   May 08 ?          18:40 /ldap/dsee61/ds6/lib/64/ns-slapd -D /ldap/slapd-smps -i /ldap/slapd-smps/logs/p
dsee  5515 13942   0 07:19:27 pts/4       0:00 grep slapd
dsee 23348     1   2 15:53:09 ?        1216:42 /ldap/dsee61/ds6/lib/64/ns-slapd -D /ldap/dsee6-nol -i /ldap/dsee6-nol/logs/pid
/tmp: coreadm 23348                                                                                                                  23348:  core    default 
(2:22:26 PM) Marco Milo: what was the output of coreadm?

 coreadm
 global core file pattern:
 global core file content: default
 init core file pattern: core
 init core file content: default
 global core dumps: disabled
 per-process core dumps: enabled
 global setid core dumps: disabled
 per-process setid core dumps: disabled
 global core dump logging: disabled


gcore -c all -o <OUT_FILE> <PID>

ACI debugging on:
# dsconf set-log-prop -p 6330 error level:err-acl

ACI debugging off:
# dsconf set-log-prop -p 6330 error level:default


5-digit:  x44403
passcode: 8765762

  866-545--5227    
(12:16:43 PM) vt98645-muppets:        pin 2486862

Thursday May 07, 2009

Make X listen on external TCP ports (Solaris and OpenSolaris)


In Solaris 10 and OpenSolaris X Server is enabled per default and controlled via SMF (Service Management Facility):



# ps -aef | grep Xsun
root 4767 4764 0 15:10:44 ? 0:01
/usr/openwin/bin/Xsun :0 -defdepth 24 -nolisten tcp -nobanner -auth
/var/dt/A:0


# svcs -xv cde-login

svc:/application/graphical-login/cde-login:default (CDE login)

State: online since Thu May 07 15:10:43 2009

See: man -M /usr/dt/share/man -s 1 dtlogin

See: /var/svc/log/application-graphical-login-cde-login:default.log

Impact: None.

#



The default installation doesn't makes the X Server listen on the TCP port:



# netstat -naf inet | grep 6000

#



and this is indeed a noticeable security feature, but sometimes it's
also useful having the X Server available and responsive on TCP.


X properties are defined in the /application/x11/x11-server service;
and we can see all the properties with the following command:


# svccfg -s /application/x11/x11-server listprop
options                       application
options/default_depth         integer  24
options/server                astring  /usr/openwin/bin/Xsun
options/server_args           astring
options/stability             astring  Evolving
options/value_authorization   astring  solaris.smf.manage.x11
options/tcp_listen            boolean  false
fs-local                      dependency
fs-local/entities             fmri     svc:/system/filesystem/local
fs-local/grouping             astring  require_all
fs-local/restart_on           astring  none
fs-local/type                 astring  service
network-service               dependency
network-service/entities      fmri     svc:/network/service
network-service/grouping      astring  require_all
network-service/restart_on    astring  none
network-service/type          astring  service
name-services                 dependency
name-services/entities        fmri     svc:/milestone/name-services
name-services/grouping        astring  require_all
name-services/restart_on      astring  refresh
name-services/type            astring  service
general                       framework
general/action_authorization  astring  solaris.smf.manage.x11
general/entity_stability      astring  Evolving
start                         method
start/exec                    astring  "/lib/svc/method/x11-server -d 0 -c %i %m"
start/timeout_seconds         count    0
start/type                    astring  method
stop                          method
stop/exec                     astring  ":kill -TERM"
stop/timeout_seconds          count    10
stop/type                     astring  method
tm_common_name                template
tm_common_name/C              ustring  "X Window System server"
tm_man_Xserver                template
tm_man_Xserver/manpath        astring  /usr/openwin/share/man
tm_man_Xserver/section        astring  1
tm_man_Xserver/title          astring  Xserver
tm_man_Xsun                   template
tm_man_Xsun/manpath           astring  /usr/openwin/share/man
tm_man_Xsun/section           astring  1
tm_man_Xsun/title             astring  Xsun
tm_man_Xorg                   template
tm_man_Xorg/manpath           astring  /usr/X11/share/man
tm_man_Xorg/section           astring  1
tm_man_Xorg/title             astring  Xorg


In particular the switch that controls whether or not the X server has to listen on the TCP is:



# svccfg -s /application/x11/x11-server listprop options/tcp_listen

options/tcp_listen boolean false

#



So in this case we would like to enable with the following command:



# svccfg -s svc:/application/x11/x11-server setprop options/tcp_listen = true

# svccfg -s /application/x11/x11-server listprop options/tcp_listen

options/tcp_listen boolean true

#



and stop/start the cde-login service to make the change effective:



# svcadm disable cde-login

# svcadm enable cde-login



and now we see the different behaviour:



# ps -aef | grep Xsun

root 4844 4834 1 15:22:07 ? 0:00 /usr/openwin/bin/Xsun :0 -defdepth 24 -nobanner -auth /var/dt/A:0-N_aqCj

#



and also that the service is listening on the tcp port:



# netstat -naf inet | grep 6000

\*.6000 \*.\* 0 0 49152 0 LISTEN

\*.6000 \*.\* 0 0 49152 0 LISTEN

#



now it displays that the server is listening also on the TCP port 6000, and we can connect to X from outside.


About

Marco Milo

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today