[root@localhost banping]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

查看现有的策略：

[root@localhost banping]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8000
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:23
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

如果要重新配置，先清空之前的策略：

[root@localhost banping]# iptables -F
[root@localhost banping]# iptables -X
[root@localhost banping]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

先配置开放22端口，否则如果是远程登入的，会把自己关在外面：

[root@localhost banping]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT

然后丢弃所有的input，根据需要配置开放的就行了：

[root@localhost banping]# iptables -P INPUT DROP
[root@localhost banping]# iptables -P OUTPUT ACCEPT
[root@localhost banping]# iptables -P FORWARD ACCEPT

然后要保存一下：

[root@localhost banping]# /etc/rc.d/init.d/iptables save
将当前规则保存到 /etc/sysconfig/iptables：[确定]

重启防火墙服务：

[root@localhost banping]# service iptables restart
清除防火墙规则：[确定]
把 chains 设置为 ACCEPT 策略：filter [确定]
正在卸载 Iiptables 模块：[确定]
应用 iptables 防火墙规则：[确定]
载入额外 iptables 模块：ip_conntrack_netbios_ns [确定]

除了用iptables命令，也可以直接编辑/etc/sysconfig/iptables文件，最终的配置结果可能如下，：

[root@localhost banping]# vi /etc/sysconfig/iptables

# Generated by iptables-save v1.3.5 on Thu Apr 29 17:28:08 2010
*filter
:INPUT DROP [3:349]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5585:947488]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 172.16.0.1 -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 172.16.0.2 -i eth0 -j ACCEPT
-A INPUT -s 172.16.0.3 -i eth0 -j ACCEPT
COMMIT
# Completed on Thu Apr 29 17:28:08 2010

可见，这里的配置允许指定的IP访问22端口，开放80端口，不限制下边的两个IP进行连接。

首先去下载软件，地址分别是

http://java.sun.com/javase/downloads/index.jsp

和

http://tomcat.apache.org/

注意选择自己需要的合适的版本，比如我下载的是apache-tomcat-5.5.23.tar.gz和jdk-6u18-linux-x64-rpm.bin.gz，然后上传到/tmp目录下。

安装JDK：

[root@tomcat1 tmp]# sh jdk-6u18-linux-x64-rpm.bin

Sun Microsystems, Inc. Binary Code License Agreement

for the JAVA SE DEVELOPMENT KIT (JDK), VERSION 6

......

Do you agree to the above license terms? [yes or no]
           yes
Unpacking...
Checksumming...
Extracting...

......

Press Enter to continue.....
Done.

安装完成后，JDK被安装在/usr/java目录下。这个版本会在当前路径下安装javaDB，以前的版本不会。

安装tomcat ：

[root@tomcat1 tmp]# tar -zxvf apache-tomcat-5.5.23.tar.gz

然后会在当前路径下生成apache-tomcat-5.5.23文件夹，把它mv或cp到你想要的路径即可。

[root@tomcat1 tmp]# cp -a apache-tomcat-5.5.23 /usr/local/

然后配置环境变量：

[root@tomcat1 tmp]# vi /etc/profile

#set java environment
JAVA_HOME=/usr/java/jdk1.6.0_18
export TOMCAT_HOME=/usr/local/apache-tomcat-5.5.23

CLASSPATH=.:$JAVA_HOME/lib/tools.jar
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME CLASSPATH PATH

[root@tomcat1 tmp]# source /etc/profile

查看java的版本号已经生效了：

[root@tomcat1 tmp]# java -version
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)

测试tomcat ：

[root@tomcat1 tmp]# cd /usr/local/apache-tomcat-5.5.23/bin/

[root@tomcat1 bin]# ./startup.sh
Using CATALINA_BASE:   /usr/local/apache-tomcat-5.5.23
Using CATALINA_HOME:   /usr/local/apache-tomcat-5.5.23
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-5.5.23/temp
Using JRE_HOME:       /usr/java/jdk1.6.0_18

打开网页查看8080端口就能看到可爱的猫了。

p5a1@/#snap -r

The following directories and files will be deleted:
-----------------------------------------------------------
/tmp/ibmsupt/general (directory)
/tmp/ibmsupt/other (directory)
/tmp/ibmsupt/testcase (directory)
/tmp/ibmsupt/ssa (directory)
/tmp/ibmsupt/pcixscsi (directory)
/tmp/ibmsupt/snap.pax.Z (file)

Do you want me to remove these directories (y/n)? y
Removing... done.

如果以前未做过snap，会提示：

nothing to clean up

清理完成后可以开始收集：

p5a1@/#snap -gbLc
/var/adm/ras/trcfile: No such file or directory
Checking space requirement for general information.... done.
.********Checking and initializing directory structure
Creating /tmp/ibmsupt/svCollect directory tree... done.
Creating /tmp/ibmsupt/client_collect directory tree... done.
Creating /tmp/ibmsupt/lvm directory tree... done.
Creating /tmp/ibmsupt/ssa directory tree... done.
Creating /tmp/ibmsupt/general directory tree... done.
Creating /tmp/ibmsupt/general/diagnostics directory tree... done.
Creating /tmp/ibmsupt/pcixscsi directory tree... done.
Creating /tmp/ibmsupt/testcase directory tree... done.
Creating /tmp/ibmsupt/other directory tree... done.
********Finished setting up directory /tmp/ibmsupt

Checking Space requirement for svCollect
The script svCollect is not executable in /usr/lib/ras/snapscripts
Checking Space requirement for client_collect
Checking space requirement for ssa information.......... done.
Checking space requirement for logical volume manager information......
Checking space requirement for Enhanced CLVM information..../tmp/ch.log.* not found
done.
Checking for enough free space in filesystem... done.

/var/adm/ras/trcfile: No such file or directory
Gathering general system information............ done.
Gathering platform/scanout information.done.
Gathering svCollect data
The script svCollect is not executable in /usr/lib/ras/snapscripts
Gathering client_collect data
Gathering pcixscsi system information........... done.
Gathering ssa system information.......... done.
Gathering logical volume manager information..........
Gathering Enhanced CLVM information..../tmp/ch.log.* not found
done.

Creating compressed pax file...
Starting pax/compress process... Please wait... done.

-rw-------   1 0        0           1259857 Jan 20 09:24 snap.pax.Z

可以根据需要指定不同的参数，b是收集 SSA 信息，f是收集文件系统信息：

p5a1@/#snap -gLfc
/var/adm/ras/trcfile: No such file or directory
Checking space requirement for general information.................................. done.
.********Checking and initializing directory structure
Creating /tmp/ibmsupt/svCollect directory tree... done.
Creating /tmp/ibmsupt/client_collect directory tree... done.
Creating /tmp/ibmsupt/lvm directory tree... done.
Creating /tmp/ibmsupt/filesys directory tree... done.
Creating /tmp/ibmsupt/general directory tree... done.
Creating /tmp/ibmsupt/general/diagnostics directory tree... done.
Creating /tmp/ibmsupt/pcixscsi directory tree... done.
Creating /tmp/ibmsupt/testcase directory tree... done.
Creating /tmp/ibmsupt/other directory tree... done.
********Finished setting up directory /tmp/ibmsupt

Checking Space requirement for svCollect
The script svCollect is not executable in /usr/lib/ras/snapscripts
Checking Space requirement for client_collect
Checking space requirement for filesys information................done.
Checking space requirement for logical volume manager information.....................
Checking space requirement for Enhanced CLVM information..../tmp/ch.log.* not found
done.
Checking for enough free space in filesystem... done.

/var/adm/ras/trcfile: No such file or directory
Gathering general system information......................done.
Gathering platform/scanout information.done.
Gathering svCollect data
The script svCollect is not executable in /usr/lib/ras/snapscripts
Gathering client_collect data
Gathering pcixscsi system information...........................
Gathering filesys system information........done.
Gathering logical volume manager information...............
Gathering Enhanced CLVM information..../tmp/ch.log.* not found
done.

Creating compressed pax file...
Starting pax/compress process... Please wait... done.

-rw-------   1 0        0           1383719 Jun 17 10:29 snap.pax.Z

收集完成后，通过ftp就可以拿下这个文件了：

Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\Documents and Settings\banping>ftp 172.16.0.62
Connected to 172.16.0.62.
220 p5a1 FTP server (Version 4.2 Thu Jul 12 13:39:06 CDT 2007) ready.
User (172.16.0.62:(none)): root
331 Password required for root.
Password:
230-Last unsuccessful login: Sat Jan 16 09:43:39 BEIST 2010 on /dev/pts/0 from i
user.banping.com
230-Last login: Tue Jan 19 09:10:37 BEIST 2010 on ftp from user.banping.com
230 User root logged in.
ftp> bin
200 Type set to I.
ftp> get /tmp/ibmsupt/snap.pax.Z
200 PORT command successful.
150 Opening data connection for /tmp/ibmsupt/snap.pax.Z (1259857 bytes).
226 Transfer complete.
ftp: 收到 1259857 字节，用时 0.09Seconds 13402.73Kbytes/sec.

去user用户的document目录下就能拿到这个文件了。

[root@linux local]# cd /etc/xinetd.d
[root@linux xinetd.d]# ls
chargen cups-lpd daytime-udp echo-udp gssftp krb5-telnet rsync time-udp
chargen-udp daytime echo eklogin klogin kshell time

编辑gssftp文件，将server_args改为-l，将disable改为no：

[root@linux xinetd.d]# vi gssftp

# default: off
# description: The kerberized FTP server accepts FTP connections \
# that can be authenticated with Kerberos 5.
service ftp
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/kerberos/sbin/ftpd
#server_args = -l -a
server_args = -l
log_on_failure += USERID
#disable = yes
disable = no
}

重启xinetd服务：

[root@linux xinetd.d]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

这时查看21端口已经打开：

[root@linux xinetd.d]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 22543/xinetd

如果防火墙没有打开端口，则开放21端口并重启防火墙服务：

[root@linux xinetd.d]# vi /etc/sysconfig/iptables

[root@linux xinetd.d]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]

这样ftp服务就可用了，可以使用linux系统用户登录，不过gssftp不够安全，临时应急或内部使用可以，稳定的FTP服务还是建议使用vsftp来搭建。

首先在用户的profile文件中开启记录功能：

[banping@linux ~]$ cd /home/banping/
[banping@linux ~]$ vi .bash_profile
# write log
exec /usr/bin/script -a -f -q /tmp/test/script-`date +%Y%m%d%k%M`.lst

这行脚本的意思是在/tmp/test目录下以时间为文件名来记录操作信息，由于是写在了.bash_profile文件中，用户登入到Linux系统的时候就会触发执行。

然后我们在/tmp下建立test目录存放操作日志信息即可：

[banping@linux tmp]# mkdir test

这样就实现了记录的功能，而要防止用户自行修改，我们可以设置这些文件只能被附加，不能被修改或删除：

[root@linux banping]# chattr +a .bash_profile

[root@linux tmp]# chattr +a -R test

这样登录用户就无法修改这些信息了，以下是一个简单的测试：

[root@tomcat tmp]# cd test
[root@tomcat test]# touch 1.txt
[root@tomcat test]# rm 1.txt
rm: remove regular empty file `1.txt'? y
rm: cannot remove `1.txt': Operation not permitted
[root@tomcat test]# cd ..
[root@tomcat tmp]# chattr -a -R test
[root@tomcat tmp]# cd test
[root@tomcat test]# rm 1.txt
rm: remove regular empty file `1.txt'? y

结合登录文件的安全保存和防火墙功能，可以实现一个简单而完整的安全审计解决方案。

查看网卡是否被内核识别：

[root@linux ~]# dmesg|grep -in eth
150:divert: not allocating divert_blk for non-ethernet device lo
239:divert: allocating divert_blk for eth0
240:e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
366:divert: not allocating divert_blk for non-ethernet device sit0
389:ADDRCONF(NETDEV_UP): eth0: link is not ready
390:e1000: eth0: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
391:ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
394:eth0: no IPv6 routers present

主机名称：

[root@linux ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=linux.banping.com

网卡参数：

[root@linux ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=172.16.0.255
HWADDR=00:50:56:82:2F:49
IPADDR=172.16.0.157
NETMASK=255.255.255.0
NETWORK=172.16.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=172.16.0.254

开机加载网卡模块：

[root@linux ~]# cat /etc/modprobe.conf
alias eth0 e1000
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptscsi
alias scsi_hostadapter2 mptspi
alias scsi_hostadapter3 mptsas
alias scsi_hostadapter4 mptscsih
alias scsi_hostadapter5 ata_piix

DNS服务器：

[root@linux ~]# cat /etc/resolv.conf
search banping.com
nameserver 172.16.0.1
nameserver 172.16.0.3
nameserver 172.16.0.5

IP与主机对应：

[root@linux ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
172.16.0.157    linux.banping.com      localhost

TCP/IP协议与端口的对应

[root@linux ~]# cat /etc/services

重启所有网络参数：

[root@linux ~]# /etc/init.d/network restart
Shutting down interface eth0:  [  OK  ]
Shutting down loopback interface:  [  OK  ]
Setting network parameters:  [  OK  ]
Bringing up loopback interface:  [  OK  ]
Bringing up interface eth0:  [  OK  ]

启用网卡：

[root@linux ~]# ifup eth0

停用网卡（慎用，否则可能导致你再也连不上了）：

[root@linux ~]# ifdown eth0

测试网卡：

[root@linux ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:50:56:82:2F:49
inet addr:172.16.0.157  Bcast:172.16.0.255  Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe82:2f49/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:506414 errors:0 dropped:0 overruns:0 frame:0
TX packets:1691 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:140448492 (133.9 MiB)  TX bytes:200009 (195.3 KiB)

设置IP地址：

[root@linux ~]# ifconfig eth0 172.16.0.157

首先查看正在监听的有哪些连接：

[root@linux ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      4638/portmap
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      8769/cupsd
tcp        0      0 0.0.0.0:600                 0.0.0.0:*                   LISTEN      4658/rpc.statd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      4878/sendmail: acce
tcp        0      0 :::22                       :::*                        LISTEN      4844/sshd

找到对应的启动程序：

[root@linux ~]# which rpc.statd
/sbin/rpc.statd

使用rmp处理：

[root@linux ~]# rpm -qf /sbin/rpc.statd
nfs-utils-1.0.6-87.EL4

[root@linux ~]# ls /etc/init.d/nfs*
/etc/init.d/nfs  /etc/init.d/nfslock
[root@linux ~]# /etc/init.d/nfslock status
rpc.statd (pid 4658) is running...
[root@linux ~]# /etc/init.d/nfs status
rpc.svcgssd is stopped
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped

关闭该程序：

[root@linux ~]# /etc/init.d/nfslock stop
Stopping NFS statd: [  OK  ]

这时已经看不到nfs程序了：

[root@linux ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      4638/portmap
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      8769/cupsd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      4878/sendmail: acce
tcp        0      0 :::22                       :::*                        LISTEN      4844/sshd

同样的办法处理internet打印的服务：

[root@linux ~]# which cupsd
/usr/sbin/cupsd
[root@linux ~]# rpm -qf /usr/sbin/cupsd
cups-1.1.22-0.rc1.9.27

[root@linux ~]# rpm -qc cups |grep init
/etc/rc.d/init.d/cups

[root@linux ~]# /etc/rc.d/init.d/cups stop
Stopping cups: [  OK  ]
[root@linux ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      4638/portmap
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      4878/sendmail: acce
tcp        0      0 :::22                       :::*                        LISTEN      4844/sshd

但是现在只是关闭这些服务程序，这些程序重启后还会自动起来。

这时需要用Linux的chkconfig命令设置run level，将3和5这2个纯文本和X window的level关闭：

[root@linux ~]# chkconfig --list|grep portmap
portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off

[root@linux ~]# chkconfig --level 35 portmap off
[root@linux ~]# chkconfig --list|grep portmap
portmap         0:off   1:off   2:off   3:off   4:on    5:off   6:off

[root@linux ~]# chkconfig --list|grep cups
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups-config-daemon      0:off   1:off   2:off   3:on    4:on    5:on    6:off
cups-lpd:       off
[root@linux ~]# chkconfig --level 235 cups off
[root@linux ~]# chkconfig --list|grep cups
cups            0:off   1:off   2:off   3:off   4:on    5:off   6:off
cups-config-daemon      0:off   1:off   2:off   3:on    4:on    5:on    6:off
cups-lpd:       off

[root@linux ~]# chkconfig --list|grep rpc
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off

[root@linux ~]# chkconfig --level 35 rpcidmapd off
[root@linux ~]# chkconfig --level 35 rpcgssd off
[root@linux ~]# chkconfig --list|grep rpc
rpcidmapd       0:off   1:off   2:off   3:off   4:on    5:off   6:off
rpcgssd         0:off   1:off   2:off   3:off   4:on    5:off   6:off

[root@linux ~]# chkconfig --list|grep sendmail
sendmail        0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@linux ~]# chkconfig --level 35 sendmail off
[root@linux ~]# chkconfig --list|grep sendmail
sendmail        0:off   1:off   2:on    3:off   4:on    5:off   6:off

再重启发现只有我们想要的SSH服务了：

[root@linux ~]# reboot

Broadcast message from root (pts/1) (Wed Nov 18 15:35:37 2009):

The system is going down for reboot NOW!

[root@linux ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      4759/sshd

但是发现现在虽然SSH可用，但日志记录了以下内容：

[root@linux ~]# cat /var/log/secure

Nov 18 16:13:55 linux sshd[4785]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.

这可能是ipv4与ipv6冲突造成的，修改配置文件即可：

[root@linux ~]# vi /etc/ssh/sshd_config

Port 22
#Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::

当然，这里的ssh服务的安全性还需要进一步配置，本文不再详述。

首先配置远程主机（172.16.0.8）：

远程主机要使用udp协议514端口接收信息：

[root@erpdevdb ~]# grep 514 /etc/services
shell           514/tcp         cmd             # no passwords used
syslog          514/udp

配置可接收remote信息：

[root@erpdevdb ~]# vi /etc/sysconfig/syslog

# SYSLOGD_OPTIONS="-m 0"
SYSLOGD_OPTIONS="-m 0 -r"

重启syslogd服务：

[root@erpdevdb ~]# /etc/init.d/syslog restart
Shutting down kernel logger: [  OK  ]
Shutting down system logger: [  OK  ]
Starting system logger: [  OK  ]
Starting kernel logger: [  OK  ]

查看：

[root@erpdevdb ~]# netstat -tlunp
Active Internet connections (only servers)

udp        0      0 0.0.0.0:514                 0.0.0.0:*                               5599/syslogd

防火墙开放514端口：

[root@erpdevdb sysconfig]# vi /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -p udp -m udp --dport 514 -j ACCEPT

[root@erpdevdb sysconfig]# service iptables restart
Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: filter [  OK  ]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: [  OK  ]

远程主机（172.16.0.8）要配置的就这么多，下面看要被记录的登录主机（172.16.0.15）的配置：

[root@linux log]# vi /etc/syslog.conf

# transfer log file to remote machine
*.*                                                     @172.16.0.8

很简单，这样就可以了。

下面简单测试一下，在登录主机退出并重新登录后，查看远程主机（172.16.0.8）上记录的信息:

[root@erpdevdb sysconfig]# cat /var/log/secure
Nov 16 11:33:46 172.16.0.15 sshd[20534]: Accepted password for root from ::ffff:172.16.0.18 port 3894

可见信息已被记录到远程主机了，其他的message等信息也是如此。

1、用户定义的页面空间(User-defined paging spaces)
2、未挂接的文件系统(unmounted file systems)
3、裸设备(raw devices)

当使用mksysb时，有时需要把一些数据文件系统排除在映像之外,可通过编辑
/etc/exclude.rootvg文件来实现，比如我要排除/tmp：

# cat /etc/exclude.rootvg
^./tmp/

然后使用-e标志来执行mksysb

# mksysb -e /dev/rmt0
Creating information file (/image.data) for rootvg.
Creating tape boot image..............
bosboot: Boot image is 29316 512 byte blocks.
Creating list of files to back up.
Backing up 2679 files.....
2679 of 2679 files (100%)
0512-038 mksysb: Backup Completed Successfully.
bosboot: Boot image is 29316 512 byte blocks.

我这里排除的文件系统如下：

ERPDB1@/home/oracle>cat /etc/exclude.rootvg
^./backup_softs/
^./orasofts_bak/
^./orabak/
^./ora_arch/

备份方法：可通过smitty窗口或直接用命令行：
1，aix下可通过smitty mksysb -> Backup Device or File 选项设置备份目标地址（可选择磁带设备或文件系统），这里也可设置其他参数：

ERPDB1@/home/oracle>smitty mksysb

                                                         Back Up the System

Type or select values in entry fields.
Press Enter AFTER making all desired changes.

                                                        [Entry Fields]
    WARNING:  Execution of the mksysb command will
              result in the loss of all material
              previously stored on the selected
              output medium. This command backs
              up only rootvg volume group.

* Backup DEVICE or FILE                              [/dev/rmt0]
  Create MAP files?                                   no
  EXCLUDE files?                                      no
  List files as they are backed up?                   no
  Verify readability if tape device?                  no 
  Generate new /image.data file?                      yes
  EXPAND /tmp if needed?                              no
  Disable software packing of backup?                 no
  Backup extended attributes?                         yes
  Number of BLOCKS to write in a single output       []  
     (Leave blank to use a system default)

注意这里的EXCLUDE files?要设置为yes才能使上面的/etc/exclude.rootvg文件指定的排除文件生效。

第二种方式就是直接用命令行了，效果一样：

/usr/bin/mksysb -i  -e /dev/rmt0

要注意的是要选择好备份的时间，因为在备份过程中，应用程序可能会增删一些文件导致备份无法完全成功，这里记录一下碰到过的错误：

Creating information file (/image.data) for rootvg.

 

Creating tape boot image.......
bosboot: Boot image is 36911 512 byte blocks.
.

 

Creating list of files to back up..
Backing up 148474 files..............................
4301 of 148474 files (2%)..............................
23191 of 148474 files (15%)..............................
30763 of 148474 files (20%)..............................
34831 of 148474 files (23%)..............................
68121 of 148474 files (45%)..............................
68402 of 148474 files (46%)..............................
71022 of 148474 files (47%)..............................
81052 of 148474 files (54%)..............................
94251 of 148474 files (63%)..............................
100426 of 148474 files (67%)..............................
117739 of 148474 files (79%)..............................
131841 of 148474 files (88%)..............cannot access ./etc/perf/daily/xmwlm.090114: A file or directory in the path name does not
 exist.
.....
0512-003 mksysb may not have been able to archive some files.
The messages displayed on the Standard Error contained additional
information.

这是因为/etc/perf/daily/ 下的文件只保留7天，可能备到那个文件的时候正好被删除了，所以提示找不到。还碰到过这样的提示：

78871 of 144459 files (54%).........cannot access ./u01/agent10g/sysman/emd/upload/rawdata.dat: A file or directory in the path name
 does not exist.
 cannot access ./u01/agent10g/sysman/emd/upload/mgmt_ha_mttr.dat: A file or directory in the path name does not exist.

 p5b1@/#ls -l /u01/agent10g/sysman/emd/upload/rawdata.dat
-rw-r-----   1 oracle   oinstall      29912 Jan 22 08:35 /u01/agent10g/sysman/emd/upload/rawdata.dat
p5b1@/#ls -l /u01/agent10g/sysman/emd/upload/mgmt_ha_mttr.dat
ls: 0653-341 The file /u01/agent10g/sysman/emd/upload/mgmt_ha_mttr.dat does not exist.
 

p5a1@/#lsattr -El sys0
SW_dist_intr    false              Enable SW distribution of interrupts              True
autorestart     true               Automatically REBOOT system after a crash         True
boottype        disk               N/A                                               False
capacity_inc    1.00               Processor capacity increment                      False
capped          true               Partition is capped                               False
conslogin       enable             System Console Login                              False
cpuguard        enable             CPU Guard                                         True
dedicated       true               Partition is dedicated                            False
ent_capacity    7.00               Entitled processor capacity                       False
frequency       528000000          System Bus Frequency                              False
fullcore        false              Enable full CORE dump                             True
fwversion       IBM,SF240_320      Firmware version and revision levels              False
id_to_partition 0X800009DA2CB00001 Partition ID                                      False
id_to_system    0X800009DA2CB00000 System ID                                         False
iostat          false              Continuously maintain DISK I/O history            True
keylock         normal             State of system keylock at boot time              False
log_pg_dealloc  true               Log predictive memory page deallocation events    True
max_capacity    8.00               Maximum potential processor capacity              False
max_logname     9                  Maximum login name length at boot time            True
maxbuf          20                 Maximum number of pages in block I/O BUFFER CACHE True
maxmbuf         0                  Maximum Kbytes of real memory allowed for MBUFS   True
maxpout         33                 HIGH water mark for pending write I/Os per file   True
maxuproc        2048               Maximum number of PROCESSES allowed per user      True
min_capacity    4.00               Minimum potential processor capacity              False
minpout         24                 LOW water mark for pending write I/Os per file    True
modelname       IBM,9117-570       Machine name                                      False
ncargs          6                  ARG/ENV list size in 4K byte blocks               True
nfs4_acl_compat secure             NFS4 ACL Compatibility Mode                       True
pre430core      false              Use pre-430 style CORE dump                       True
pre520tune      enable             Pre-520 tuning compatibility mode                 True
realmem         41943040           Amount of usable physical memory in Kbytes        False
rtasversion     1                  Open Firmware RTAS version                        False
sed_config      select             Stack Execution Disable (SED) Mode                True
systemid        IBM,026565FBF      Hardware system identifier                        False
variable_weight 0                  Variable processor capacity weight                False

p5a1@/#uname -a
AIX p5a1 3 5 00C6********
p5a1@/#lsdev -Cc adapter
ent0      Available 06-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent1      Available 06-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent2      Available 09-08 10/100/1000 Base-TX PCI-X Adapter (14106902)
ent3      Available 0C-08 10/100/1000 Base-TX PCI-X Adapter (14106902)
fcs0      Available 0A-08 FC Adapter
fcs1      Available 0E-08 FC Adapter
ide0      Available 0D-08 ATA/IDE Controller Device
lai0      Available 0G-00 GXT135P Graphics Adapter
sa0       Available 08-08 IBM 8-Port EIA-232/RS-422A (PCI) Adapter
sisscsia0 Available 04-08 PCI-X Ultra320 SCSI Adapter
sisscsia1 Available 07-08 PCI-X Dual Channel Ultra320 SCSI Adapter
sisscsia2 Available 0B-08 PCI-X Ultra320 SCSI Adapter
usbhc0    Available 05-08 USB Host Controller (33103500)
usbhc1    Available 05-09 USB Host Controller (33103500)
vsa0      Available       LPAR Virtual Serial Adapter
p5a1@/#bindprocessor -q
The available processors are:  0 1 2 3 4 5 6 7 8 9 10 11 12 13

p5a1@/#lsattr -El mem0
goodsize 40960 Amount of usable physical memory in Mbytes False
size     40960 Total amount of physical memory in Mbytes  False

p5a1@/#vmstat 2 10

System configuration: lcpu=14 mem=40960MB

kthr    memory              page              faults        cpu
----- ----------- ------------------------ ------------ -----------
r  b   avm   fre  re  pi  po  fr   sr  cy  in   sy  cs us sy id wa
2  0 7237693 2750115   0   0   0   0    0   0 1488 35830 3558 27  2 71  0
2  0 7237814 2749990   0   0   0   0    0   0 1541 28606 3507 25  2 73  0
4  0 7238386 2749413   0   0   0   0    0   0 3589 55684 9367 27  4 69  0
4  0 7238425 2749370   0   0   0   0    0   0 4165 74666 10643 35  5 60  0
2  0 7239861 2747930   0   0   0   0    0   0 3120 36350 7388 15  3 81  1
1  0 7241937 2745849   0   0   0   0    0   0 3486 48216 9367 15  4 81  0
1  0 7241932 2745850   0   0   0   0    0   0 3464 39903 9464  6  4 90  0
2  0 7241924 2745854   0   0   0   0    0   0 3237 45543 9262 12  3 84  0
0  0 7242286 2745487   0   0   0   0    0   0 1377 20957 4400  3  2 95  0
0  0 7240801 2746968   0   0   0   0    0   0 3331 42043 9504 11  3 85  0
p5a1@/#lsps -s
Total Paging Space   Percent Used

p5a1@/#/usr/es/sbin/cluster/clstat -a
clstat - HACMP Cluster Status Monitor
-------------------------------------

Cluster: xmjf   (1127707120)
Tue Sep 22 09:42:00 BEIST 2009
State: UP               Nodes: 2
SubState: STABLE
Node: p5a1              State: UP
Interface: p5a1rac (0)               Address: 20.20.20.62
State:   UP
Resource Group: oracle                       State:  On line

Node: p5b1              State: UP
Interface: p5b1rac (0)               Address: 20.20.20.65
State:   UP
Resource Group: oracle                       State:  On line

p5a1@/#instfix -i |grep ML
All filesets for 5.3.0.0_AIX_ML were found.
All filesets for 5300-01_AIX_ML were found.
All filesets for 5300-02_AIX_ML were found.
All filesets for 5300-03_AIX_ML were found.
All filesets for 5300-04_AIX_ML were found.
All filesets for 5300-05_AIX_ML were found.
All filesets for 5300-06_AIX_ML were found.

# sar -P ALL 2 10

AIX p55a 3 5 000221F3D600    05/13/10

System configuration: lcpu=16  mode=Capped

10:20:16 cpu    %usr    %sys    %wio   %idle   physc
10:20:18  0        0       1       0      99    0.56
1        0       1       0      99    0.44
2        0       4       0      95    0.54
3        0       1       0      99    0.46
4        0       1       0      99    0.54
5        0       1       0      99    0.47
6        0       4       0      96    0.53
7        0       1       0      99    0.46
8        0       1       0      99    0.54
9        0       1       0      99    0.47
10        0       1       0      99    0.53
11        0       1       0      99    0.47
12        0       2       0      98    0.54
13        0       1       0      99    0.46
14        0       5       0      95    0.55
15        0       1       0      99    0.45
-        0       2       0      98    8.00
10:20:20  0        0       2       0      98    0.56
1        0       1       0      99    0.44
2        0       4       0      96    0.54
3        0       1       0      99    0.46
4        0       1       0      99    0.53
5        0       1       0      99    0.47
6        0       4       0      96    0.54
7        0       1       0      99    0.46
8        0       1       0      99    0.53
9        0       1       0      99    0.47
10        0       1       0      99    0.53
11        0       1       0      99    0.47
12        0       1       0      99    0.54
13        0       1       0      99    0.46
14        0       5       0      94    0.56
15        0       1       0      99    0.44
-        0       2       0      98    8.00
10:20:22  0        0       1       0      99    0.56
1        0       1       0      99    0.44
2        0       5       0      95    0.54
3        0       1       0      99    0.46
4        0       1       0      99    0.54
5        0       1       0      99    0.47
6        0       4       0      96    0.54
7        0       1       0      99    0.46
8        0       1       0      99    0.53
9        0       1       0      99    0.47
10        0       1       0      99    0.54
11        0       1       0      99    0.47
12        0       2       0      98    0.52
13        0       1       0      99    0.46
14        0       4       0      96    0.55
15        0       1       0      99    0.45
-        0       2       0      98    7.99