Professional Documents
Culture Documents
using ndd
Networking, security Add comments
Apr 242008
ARP attacks are the easiest attacks that can be launched on a network or a Server causing a
Denial of Service. One of those things that can be done on the Sun Solaris Operating System is
to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays
in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the
hacker.
The default time that ARP entries are cached in a Sun Solaris system is 5 mins.
However, this can be reduced to lower level (say 3mins). This means that the number of ARP
requests and ARP replies to and from the server will increase as a result. So, before modifying
the caching time, check if this can cause andy congestion on your network.
To set the ARP cache time period
solaris# ndd -set /dev/arp arp_cleanup_interval 180000
The above command sets the interval to 3 minutes (1min is equal to 60000ms). Now, all the ARP
entries are flushed at a faster rate (every 3mins)
For this change to persist across reboots, add this command onto the init scripts in /etc/rc2.d
directory for your network interface (where all the required ndd commands are run).
Not so often we would end up troubleshooting or manipulating ARP and ARP tables in Sun
Solaris. However, following are some of the useful commands which can help when required.
The following commands will help you display,modify,add,delete ARP entries in Sun Solaris
ARP table.
Display ARP table
sunsolaris# arp -a
Net to Media Table: IPv4
Device IP Address
Mask Flags Phys Addr
pcn0 192.168.0.1
255.255.255.255
00:18:4d:f8:a4:6e
pcn0 192.168.0.2
255.255.255.255
00:13:ce:85:0e:e1
pcn0 sunsolaris
255.255.255.255 SP 00:0c:29:d3:76:89
pcn0 BASE-ADDRESS.MCAST.NET 240.0.0.0
SM 01:00:5e:00:00:00
Delete an ARP entry
sunsolaris# arp -d 192.168.0.1
192.168.0.1 (192.168.0.1) deleted
To verify the entry indeed is deleted
sunsolaris# arp -a
Net to Media Table: IPv4
Device IP Address
Mask Flags Phys Addr
pcn0 192.168.0.2
255.255.255.255
00:13:ce:85:0e:e1
pcn0 solaris10
255.255.255.255 SP 00:0c:29:d3:76:89
pcn0 BASE-ADDRESS.MCAST.NET 240.0.0.0
SM 01:00:5e:00:00:00
You can see the ARP entry for 192.168.0.1 is longer found.
Add a Static entry
sunsolaris# arp -s 192.168.0.1 00:18:4d:f8:a4:6e
Syntax is
arp -s HOSTNAME MAC-Address <pub/temp/trail>
where
pub publishes the ARP entries to other hosts on the network
temp Temporary entry
trail Allows Trailer Encapsulations to be sent to host
You can also read static entries from a file. This can come handy if you decide that all ARP
entries are static and no ARP requests are sent and received from the system. You can add the
static entries onto a file and add the arp command onto the network init scripts in /etc/rc2.d/
Q: I think I am missing some driver or my initial ramdisk is corrupted for running kernel how do I Rebuild
the initial ramdisk image under Linux?
A: You need ramdisk if you have added new hardware devices such as SCSI or FibreChannel controller to
your server as the ramdisk contains the necessary modules (i.e. drivers) to initialize hardware driver. If
you modified the /etc/modprob.conf (or modules.conf) file then you need to execute special script
called mkinitrd.
The mkinitrd script constructs a directory structure that can serve as an initrd root file system. It then
generates an image containing that directory structure using mkcramfs, which can be loaded using the
initrd mechanism. The kernel modules for the specified kernel version will be placed in the directory
structure. If version is omitted, it defaults to the version of the kernel that is currently running.
2.6.15.4
Make backup of existing ram disk:
# cp /boot/initrd.$(uname -r).img /root
To create initial ramdisk image type following command as the root user:
# mkinitrd -o /boot/initrd.$(uname -r).img $(uname -r)
# ls -l /boot/initrd.$(uname -r).img
You may need to modify grub.conf to point out to correct ramdisk image, make sure following line
existing in grub.conf file:
initrd /boot/initrd.img-2.6.15.4.img
When the system boots using an initrd image created by mkinitrd command, the linuxrc will wait for an
amount of time which is configured through mkinitrd.conf, during which it may be interrupted by
pressing ENTER. After that, the modules specified in will be loaded.
Environment
Novell SUSE Linux Enterprise Server 10
Novell SUSE Linux Enterprise Server 9
Novell SUSE Linux Enterprise Server 8
Novell Open Enterprise Server (Linux based)
Situation
This document is intended as a general guideline for troubleshooting system boot
issues. Please read and evaluate the entire document prior to contacting Novell
Technical Support.
Resolution
Symptom:
Regardless of the kernel selected to boot (failsafe or default), a kernel panic stops the
system from booting.
Error(s):
RAMDISK: Couldn't find a valid RAM disk image starting at 0.
VFS: Cannot open a root device "sda2" or unknown-block(0,0)
Please append a correct"root=" boot option
Kernel panic - not syncing: VFS: Cannot open a root device
"sda2" or unknown-block(0,0)
Probable Cause:
A corrupted or missing initrd.
Resolution:
1. Boot Installed System*.
2. Login as root.
3. Verify that the / (root) and /boot (if used) filesystems are mounted. The mount
command should supply sufficient information. If not, comparing its output with
the contents of /etc/fstab should.
4. Run mkinitrd.
5. Reboot.
Symptom:
The system fails to boot and prompts for the root password.
Error(s):
error on stat() /dev/hdb3: No such file or directory
Failed to open the device'/dev/hdb3' : No such file or directory
fsck.reiserfs /dev/hdb3 failed (status 0x8). Run manually!
fsck failed for at least one filesystem (not /).
Probable cause:
Invalid/etc/fstabentry, /dev/hdb3 is a non-existent device.
Resolution:
1. Enter the root password to enter maintenance mode.
2. Remount the root filesystem as read-write:
mount -o rw,remount /
3. Edit /etc/fstab and remove the non-existent device entry. Comparing the
output of fdisk -l may provide additional guidance for the non-existent device.
4. [CTRL]+[D] reboots.
Symptom:
The system simply hangs after POST. The screen is completely blank. The option to
Boot Installed System* is not available.
Error(s):
If Rescue System is attempted, and fdisk -l run, no partitions are seen. If parted is
used, and check run,Error: Partition doesn't existis returned.
Probable cause:
The MBR has been damaged or corrupted.
Resolution:
1. Boot Installed System*.
2. Login as root.
3. Reinstall GRUB:
grub-install bootdevicepath (e.g. /dev/sda)
4. Reboot.
-or1. If Boot Installed System* is unavailable, the most likely probable cause is that the
partition table is damaged or corrupt, no recovery is possible unless a previous
backup of the partition table is available.
Symptom:
When the system boots, an error message is seen, and the system locks. Sometimes
the screen just goes black or the server reboots. Sometimes all that is seen is the grub
details screen halted after trying to load the/boot/initrd(see below).
Error(s):
No setup signature found ...
initrd /boot/initrd
[Linux-initrd @ 0x1fc38000, 0x2a7ab8 bytes]
Probable cause:
Damaged or corrupted kernel in/boot.
Resolution:
1. Boot Installed System*.
2. Login as root.
3. Install a valid kernel rpm. This can be had from the selected installation medium
(under /suse/arch) or from our website at http://www.novell.com/download
(search the patches section for kernel-).
rpm -Uvh --force kernel-type-revision-arch.rpm
4. Reboot.
Symptom:
The system boots up toSystem Boot Control: Running
/etc/init.d/boot.local, then gracefully reboots.
Error(s):
None.
Probable cause:
Corrupted or misconfigured boot script.
Resolution:
1. At the GRUB menu, type in
init=/bin/bash
on the Boot Options line.
2. Edit /etc/init.d/boot.local and modify or remove the corrupted or
misconfigured line.
3. Reboot.
Symptom:
Once exited from a virtual console, the console is not respawned. The console prompt
just blinks.
Error(s):
INIT: no more processes left in this runlevel
Probable cause:
Corrupt or misconfigured/etc/inittab
Resolution:
1. Login as root.
2. Edit /etc/inittab and change any tty configuration(s) from once to respawn.
3. Reboot or pkill -1 init.
Symptom:
The kernel panics after trying to mount the root filesystem.
Error(s):
Waiting for device /dev/sda1 to appear: . ok
rootfs: major=8 minor=1 devn=2049
rootfs: /sys/block/sda/sda1 major=8 minor=1 devn=2049
mount: unknown filesystem type 'swap'
umount: /dev: device is busy
Kernel panic - not syncing: Attempted to kill init!
Kernel panic: VFS: Unable to mount root fs on sda1
Probable cause:
Corrupt or misconfigured/boot/grub/menu.lst.
Resolution:
1.
2.
3.
4.
Symptom:
The system boots to the GRUB prompt (grub>).
Error(s):
None.
Probable cause:
Corrupt or missing/boot/grub/menu.lstfile.
Resolution:
1. Boot Installed System* -or- if sufficiently familiar with GRUB, manually boot the
system.
2. Login as root.
3. Verify the existence of /boot/grub/menu.lst.
If existing, but misnamed, rename it.
If corrupt, delete it and Repair Installed System** (just the Boot Loader
Configuration check should be sufficient).
If missing, Repair Installed System** (just the Boot Loader Configuration check
should be sufficient).
4. Reboot.
Symptom:
The system boots, but filesystems are not mounted. Many mount-related errors are
seen during boot.
Error(s):
Mostly mount-related error messages are seen during boot.
startproc: mount returned not-zero exit status
startproc: /proc not mounted, failed to mount: No such file or
directory failed
Probable cause:
The mount binary is either corrupt or missing.
Resolution:
1.
2.
3.
4.
Symptom:
The system boots, but login fails.
Error(s):
INIT: no more processes left in this runlevel
INIT: /etc/inittab[xx]: missing action field
Probable cause:
Corrupt or misconfigured/etc/inittab
Resolution:
1. Login as root.
2. Edit /etc/inittab and change any tty configuration(s) to include an action
(once or respawn) in the action field (third column).
3. Reboot or pkill -1 init.
Symptom:
The system boots, but only to a GRUB screen, then hangs.
Error(s):
GRUB Hard Disk Error
Probable Cause:
As the full GRUB prompt is not achieved, the problem lies somewhere in GRUB stage1.
The /boot/grub/stage1file may be missing or corrupted.
Solution:
1.
2.
3.
4.
5. Reboot.
-or1. Boot Installed System*.
2. Login as root.
3. Identify the installed version of GRUB:
rpm -q grub
4. Remove the installed version. E.g.,
rpm -ev --nodeps grub-0.97-16.1
5. Reinstall the grub package. This can be had from the selected installation
medium (under /suse/arch) or from our website at
http://www.novell.com/download (search the patches section for grub).
rpm -Uvh grub-version.rpm.
6. Reinstall GRUB:
grub-install bootdevicepath(e.g.,/dev/sda).
Symptom:
The system either doesn't boot, or boots, but some modules aren't loaded and/or some
devices are undetected.
Error(s):
FATAL: Error insertingmodulename(modulepath): Unknown symbol in
module, or unknown parameter (see dmesg).
modulename: Unknown symbol symbolname
Probable cause:
Occasionally, when modules are updated, the modules dependency
file/lib/modules/kernelversion/modules.depis improperly configured or
corrupted prior to updating the initial ramdisk.
Resolution:
1.
2.
3.
4.
5.
Symptom:
EVMS is used for the root filesystem. The system doesn't boot, with errors related to
finding the root filesystem.
Error(s):
Waiting for device /dev/evms/lvm2/system/root to appear: ... not
found
Probable cause:
The initial RAM disk image lacks EVMS support.
Resolution:
1. Boot the rescue system and enter the shell.
2. Probe EVMS information:
echo "probe" | evms -s
3. Query devices:
Status
Top Issue
Additional Information
* Boot Installed System is the process of using a SuSE Linux Enterprise Server
installation medium to boot the installed system. These are the steps:
1. Boot the system off of the selected installation medium (CD/DVD in most cases).
This medium should be the same (or later) revision level as the installed system.
I.e., if the installed system is SLES9SP2, the installation medium should be
SLES9SP2 or later.
2. At Welcome screen, Installation should be selected in place of Boot from Hard
Disk.
3. Select the desired Language.
4. Accept the License Agreement(s) (if prompted).
5. At the Installation Mode screen, select Boot Installed System. On SLES10 and
later, click on the [Other] button to see these options.
**Repair Installed System is a process similar to Boot Installed System and provides a
more automatic repair process. In some cases, when a broader approach to fixing the
issue is needed (sledgehammer rather than scalpel), Repair Installed System is the
desired process. These are the steps:
1. Boot the system off of the selected installation medium (CD/DVD in most cases).
This medium should be the same (or later) revision level as the installed system.
I.e., if the installed system is SLES9SP2, the installation medium should be
SLES9SP2 or later.
2. At Welcome screen, Installation should be selected in place of Boot from Hard
Disk.
3. Select the desired Language.
4. Accept the License Agreement(s) (if prompted).
5. At the Installation Mode screen, select Repair Installed System. On SLES10,
click on the [Other] button, on SLES11 click on the [Expert Tools] button to see
these options.
Issue
In a system where the "/boot" partition is a separate partition, when /boot is corrupted or be
formatted mistakenly, you can not boot the system but do not want to reinstall the whole
system.
Environment
Red Hat Enterprise Linux, CentOS, Fedora/
/boot partition is installed on the first partition of your first disk
x86 architecture
Resolution
Reinstall /boot partition manually with the following steps:
1. Boot the system into rescue mode with the help of CD or DVD:
At boot prompt, type "linux rescue".
This will start the rescue mode program.
You will be prompted for your keyboard and language requirements.
Enter these values as