8/9/2019 13044539-base-system-aix-51

1/18

Base system (CD)

Straightforward. Insert CD #1 and proceed. To override an existing system on the

harddisk, press reset button and re-boot in maintenance mode, selected by key position(25Ts and such) or pressing F5 (for 43P-120 (7248) systems) orF1 (all others I know of)

during boot. On systems w/o keyboard or with simple ASCII terminals you usebootlist -m normal cd0bootlist -m normal -oshutdown -Fr

When prompted, you should select En_US as language and the default keyboard.

You might use the Configuration Assistant(once it appears) as suggested (for root

password and time adjustment), but skip TCP/IP configuration and paging space

adjustment until later.

Additional Software (CD)

By default only a minimum AIX system is installed. Here is what is needed in addition.

You use the smit tool to select installation media and additional SW to be installed. It's

straightforward. You should use thepreview feature prior to a real install, in order tocheck space requirements and prerequisites. For a really useful system the following SW

is needed:

from the AIX 5.1 Base CDs:

o bos.adt

o bos.compat (termcap)

o bos.dosutil

o bos.gameso bos.net

o bos.perf

o bos.sysmgt (except NIM master, GUI, spot)

o Java.rte

o X11 (including font server, Unicode fonts)

o bos.txt TranScript tools

o perfagent.tools

o perl.rte

o printers.rte

o sysmgt.*

o devices.common.IBM.fddi

o OpenGL (common and device specific, in particular GXT2000, GXT250)

o PEX-PHIGS (common and device specific, in particular GXT2000,

GXT250)

stuff from the AIX 5.1 Expansion CDs

stuff from the AIX 5.1 Documentation CDs

from the AIX 4.3.3 BonusPak CDs

8/9/2019 13044539-base-system-aix-51

2/18

o UMS stuff

from the Ultimedia 2.1.2 CDs

o UMS speech & demo stuff

from the AIX 5.1 ToolBox CD

(goes into /opt)

o openssl-0.9.6go db

o glib,openldap

o gtk+,libjpeg,libpng,libtiff

o hexedit,less,lsof,mc,mtools,pine,prngd,rsync,sudo,unzip

o vim-common,transfig

o xmcd,vim-enhanced,vnc

C compiler

o Version 6

if the machine should serve as LoadLeveler repository and/or central manager:

LoadLeveler 2.2 from CD plus generic fixes 2.2.0.24/2.2.0.23

Some basic customizations

CD installation should be complete now, the next steps are best performed across the

network, possibly from some other machine with full desktop/X11 capabilities. To

achieve that you need the following:

On a 100 Mbps net a 100Mbps NIC (p630) should apparently be reconfigured:

smitty - Devices - Communication - Ethernet Adapter - Adapter -

Change / Show Characteristics of an Ethernet Adapter

Transmit descriptor queue size [1024] +#Receive descriptor queue size [1024] +#Software transmit queue size [8192] +#Receive buffer pool size [1024] +#Media Speed Auto_Negotiation +

IP name and name resolution

smit - Communications Applications and Services - TCP/IP - MinimumConfiguration & Startup

Select your adapter and insert your internet address, e.g.:

* HOSTNAME [bioxxxx]* Internet ADDRESS (dotted decimal) [140.181.yyy.zzz]Network MASK (dotted decimal) [255.255.192.0]

* Network INTERFACE en0NAMESERVER

Internet ADDRESS (dotted decimal) [140.181.96.29]

http://www-aix.gsi.de/~bio/DOCS/aixc6000install.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixc6000install.html

8/9/2019 13044539-base-system-aix-51

3/18

DOMAIN Name [gsi.de]Default GATEWAY Address [140.181.96.1](dotted decimal or symbolic name)Your CABLE Type N/A +START Now yes +

to allow multiple name servers the file /etc/resolv.conf should look like

domain gsi.denameserver 140.181.96.29nameserver 140.181.96.11nameserver 140.181.96.69

corresponding to rzserv1, rzserv2, clri6e.

1. /.rhosts

exists to allow root access from some bio and GSI machines. The general format

is2. .gsi.de root3. .gsi.de loadl

Make sure that the root access enabled machines are in that file (copy it over from

an already installed machine).

1. /etc/netsvc.conf

is needed to ensure fast domain name resolution. Should look like2. hosts=local=auth,nis,bind

sendmail stuff

You might copy over an appropriate /etc/sendmail.cf. If not yet done one should close

the open relay in Sendmail:

Edit /usr/samples/tcpip/sendmail/cf/aix433.mc to:

divert(0)dnlOSTYPE(aix433)dnlDOMAIN(generic)dnl# all outgoing mail to SMART_HOSTdefine(`SMART_HOST', `rzserv1')dnl# all incoming mail to MAIL_HUBdefine(`MAIL_HUB', `rzserv1')dnl# all sent mail masqueraded to be from this hostMASQUERADE_AS(gsi.de)dnl# masquerade the envelope of the mails as wellFEATURE(`masquerade_envelope')dnl

8/9/2019 13044539-base-system-aix-51

4/18

# mailers used, always declare at the end of the fileMAILER(local)dnlMAILER(smtp)dnlMAILER(uucp)dnl

cd /usr/samples/tcpip/sendmail/cfm4 ../m4/cf.m4 aix433.mc > /tmp/sendmail.cf.new

In /tmp/sendmail.cf.new

comment out the lines

Fw/etc/sendmail.cwFR-o /etc/mail/relay-domains

Copy /tmp/sendmail.cf.new to /etc/sendmail.cf

refresh subsystem sendmail.

Additional (open source) Software

These should be installed locally on each machine, in the /local/ directory. You may

copy it over from an already installed machine:rcp -r -p /local /local

Otherwise, here's the todo-list for building from scratch (needs furthercustomization later

on). Note that unfortunately most installations go into /usr/local, which often is NFS-

mounted. So ensureln -s /local /usr/local

then follow the usual installation procedures.

From the Bull sitejpeg,xpm,gtk+,libpcap,tiff,zlibabi,ethereal-0.8.11.0,gnu.ghostscript-5.10.,gnu.ghostview-3.5.8.,ImageMagick nedit-5.3.0.0,xfig-3.2.3.0,xpaint,xpdf-0.9.0.0,xv-3.10.1.0,openssh3.7.1.0

These are self-extracting archives: chmod u+x openssh-3.7.1.0.exe

openssh-3.7.1.0.exe

inutoc ./ # creates a toc, if not there

creates a bff and an asc PGP file. With these files smitty - Install is your

friend.

From the IBM siteacroread, mozilla,netscape 7

These are tar'ed and zipped files: gzip -cd Mozilla.base.tar.gz | tar -xvf -

http://www-aix.gsi.de/~bio/DOCS/aix510custom.htmlhttp://www.bullfreeware.com/http://www-1.ibm.com/servers/aix/products/bonuspack/aix5l/wpcontent.htmlhttp://www-aix.gsi.de/~bio/DOCS/aix510custom.htmlhttp://www.bullfreeware.com/http://www-1.ibm.com/servers/aix/products/bonuspack/aix5l/wpcontent.html

8/9/2019 13044539-base-system-aix-51

5/18

inutoc ./ # creates a toc, if not there

which are finally smit-able.

From herea2ps,antiword, joe, monitor, nmap,tcp_wrappers.7.6plusipv6

These are tar'ed and zipped files (which go into ./usr/local): uncompress tcp_wrappers.7.6plusipv6.tar.Z

cd /

tar -xvf tcp_wrappers.7.6plusipv6.tar

newsyslog

script to rollover syslog versions from one day to the other(as of 8-Aug-2003) .

newdsmlog

As newsyslog, but fortsm logs

Additional Software from GSI Installation server (if

needed)

Before installing the SW using the smit tool you have to mount the installation directory

first:mount filesv2:/usr/sys/inst.images /mnt

or, from remote CD-ROM (provided a CD is inserted):mount filesv2:/cdrom/sys/inst.images /mnt

To install

ADSM/TSM1. select /mnt/tivoli as installation directory and select the client software

(the API is apparently not necessary, as is the web client).

2. copy the GSI-supplied startup script startdsmc from an already installed

machine.Note that the path in the (old) ADSM is /usr/lpp/adsm/bin/

whereas the new TSM uses /usr/tivoli/tsm/client/ba/bin/3. mkdir /local/etc4. mkdir /var/adsm

5.

6. Logfile

A system logfile is kept in /var/adsm/dsmsched.log. In order to save

space in the /var filesystem a cron job should be scheduled e.g. at 3 a.m.to rename the log file by appending a version number running from 0

through 5. This way the last week's logs are kept. A script/local/bin/newdsmlog actually doing the job is located here (or copy it

over from an already installed machine).

What's next ?

http://aixpdslib.seas.ucla.edu/allpackages.htmlhttp://www-aix.gsi.de/~bio/DOCS/newsysloghttp://www-aix.gsi.de/~bio/DOCS/newdsmloghttp://aixpdslib.seas.ucla.edu/allpackages.htmlhttp://www-aix.gsi.de/~bio/DOCS/newsysloghttp://www-aix.gsi.de/~bio/DOCS/newdsmlog

8/9/2019 13044539-base-system-aix-51

6/18

For a NIM based clone installation most things are already in place and well configured

(which is the idea behind cloning). In this case, consider it as check list.

Network related services

1. Network configurationo On a 10 Mbps neto smitty - Devices - Communication - Ethernet Adapter -

Adapter - Change / Show Characteristics of an EthernetAdapter

oo HARDWARE TRANSMIT queue size [64]

+#o HARDWARE RECEIVE queue size [32]

+#o RECEIVE buffer poof size [384]

+#o Media Speed

10_Half_Duplex +o On a 100 Mbps neto smitty - Devices - Communication - Ethernet Adapter -

Adapter - Change / Show Characteristics of an EthernetAdapter

oo TRANSMIT queue size [8192]

+#o HARDWARE RECEIVE queue size [256]

+#o RECEIVE buffer pool size [384]

+#o Media Speed

Auto_Negotiation +o Inter-Packet Gap [96]

+#o Enable ALTERNATE ETHERNET address no

+o ALTERNATE ETHERNET address

[0x000000000000] +o Enable Link Polling no

+o Time interval for Link Polling [500]

+#

o IP name and name resolutiono smit - Communications Applications and Services - TCP/IP -

Minimum Configuration & Startup

Select your adapter and insert your internet address, e.g.:

* HOSTNAME[bioxxxx]* Internet ADDRESS (dotted decimal)[140.181.yyy.zzz]

8/9/2019 13044539-base-system-aix-51

7/18

Network MASK (dotted decimal)[255.255.192.0]* Network INTERFACE en0NAMESERVER

Internet ADDRESS (dotted decimal)[140.181.96.29]

DOMAIN Name[gsi.de]Default GATEWAY Address

[140.181.96.1](dotted decimal or symbolic name)Your CABLE Type N/A

+START Now yes

+

o to allow multiple name servers the file /etc/resolv.conf should look

like

o domain gsi.deo nameserver 140.181.96.29o nameserver 140.181.96.11o nameserver 140.181.96.69

corresponding to rzserv1, rzserv2, clri6e.

2. /etc/rc.tcpip

Comment out the start ofsnmpd and dpid2.

3. /.rhosts

exists to allow root access from some bio and GSI machines. The general format

is

4. .gsi.de root5. .gsi.de loadl

Make sure that the root access enabled machines are in that file (copy it over from

an already installed machine).

Time services

1. The file /etc/ntp.conf must contain the entries:2. server 140.181.96.113. server 140.181.96.29

4. #5. # Drift file. Dieser File muss in einem durch den Daemon

beschreibbaren6. # Verzeichnis sein. Symbolische Links sind nicht erlaubt, da der

Daemon7. # zunaechst einen temporaeren File erzeugt und diesen dann

umbenennt.8. #9. driftfile /var/etc/ntp.drift

10. In addition:

8/9/2019 13044539-base-system-aix-51

8/18

11.mkdir /var/etc12.startsrc -s xntpd

13. Do not forget to activate the ntp-line in /etc/rc.tcpip.

14. The file /etc/environment should define the correct time zone:15.TZ=CET-1CED-2,M3.5.0,M10.5.0

Security issues (as of November 2001)

1. chmod o-x /usr/bin/ypcat

2. in the /etc/inetd.conf file:

Disable all services (especially ttdbserver) except ftp, telnet, shell and

login, enable ftp-logging, change default ftp umask:3.4. ftp stream tcp6 nowait root /local/bin/tcpd6

ftpd -l -u0775. telnet stream tcp6 nowait root /local/bin/tcpd6

telnetd -a

6. shell stream tcp6 nowait root /local/bin/tcpd6rshd7. login stream tcp6 nowait root /local/bin/tcpd6

rlogind

8. /etc/inittab

For security reasons several services should be disabled (place a colon (':') at the

beginning of a line):9.10.:writesrv11.:imnss12.:imqss13.:l214.:l3

15.:l416.:l517.:l618.:l719.:l820.:l9

httpdlite is needed for documentation display, otherwise it should be disabled

too.

21. In /etc/rc.local22.

23.# set network options to improve performance and security24.echo "Setting network options"25.# protection against SYN flood attacks26./usr/sbin/no -o clean_partial_conns=127.# protection against ICMP redirects28./usr/sbin/no -o ipignoreredirects=129.# protection against illegal access via source routing30./usr/sbin/no -o ipsendredirects=031./usr/sbin/no -o ipsrcroutesend=032./usr/sbin/no -o ipsrcrouteforward=0

8/9/2019 13044539-base-system-aix-51

9/18

33./usr/sbin/no -o ip6srcrouteforward=034./usr/sbin/no -o tcp_pmtu_discover=035./usr/sbin/no -o udp_pmtu_discover=0

36. Enable logging of all successful logins1. Create/check/etc/security/authlog:2.

3. #!/usr/bin/ksh4. # /etc/security/authlog: syslog all successfull logins5. /usr/bin/logger -t tsm -p auth.info "$@ logged in from

$(/usr/bin/tty) (${DISPLAY})"

and allow root only:

chmod 700 /etc/security/authlog

6. In /etc/security/login.cfg7. AUTHLOG:8. program = /etc/security/authlog

9. In /etc/security/userchange the auth2 attribute in the default stanza:

10.auth2 = AUTHLOG

11. for logins via CDE /etc/dt/config/Xsession.d/dtlog:12.#!/usr/bin/ksh13.# /etc/dt/config/Xsession.d/dtlog: log dtlogins14./usr/bin/logger -t dtlogin -p auth.info "${LOGNAME} logged

in from (${DISPLAY})"

15. In syslog.conf on an ordinary bio-machine16. auth.debug @biolog

will send login info to the logging machine, currently biors6a.

IMPORTANT: do not use this on the logging machine itself, it wellgenerate in infite loop of syslogs ! Instead, do as described in the next

item.

17. In syslog.conf on the logging machine, currently biors6a18. auth.debug /var/adm/syslog.auth

19. Strangely, you have to "generate" the log file20.touch /var/adm/syslog.auth

21. Ensure syslog.auth is covered in the /local/bin/newsyslog script

User, group and NIS services

1. smit - Communications Applications and Services - NFS - NetworkInformation Service (NIS) - Change NIS Domain Name of this Host

2. * Domain name of this host [BIO_NIS]3. * CHANGE domain name take effect both

+4. now, at system restart or both?

5. If the machine should receive NIS client services:smit - Communications Applications and Services - NFS - Network

8/9/2019 13044539-base-system-aix-51

10/18

Information Service (NIS) - Configure / Modify NIS - Configurethis Host as a NIS Client

6. * START the NIS client now, both+

7. at system restart, or both?8. NIS server - required if there are no []

+9. NIS servers on this subnet

Then a directory /var/yp/binding should contain the two files BIO_NIS.1 and

BIO_NIS.2. Be patient, this might take some time.

10. /etc/passwd

on a NIS client should contain only root stuff and end with the entry:11.+::0:0:::

12. /etc/security/passwd

on a NIS client should contain only root stuff.

13. /etc/group

on a NIS client should contain only root stuff and end with:14.+:

which forces lookup on the NIS master or slave server.

On a NIS server it should define the groups bio, loadl, biodev, thdev, thoper.

15. change the number of licensed users (64 or larger):16.smit - System Environments - Change / Show Number of Licensed

Users17.18. Maximum number of FIXED licenses [64]

#

19. FLOATING licensing off+

File systems

1. local (JFS) filesystems

/var and /tmp should be 48MB (98304) in size for a big clone, probably only

24MB (49152) for a small one.2. remote filesystems, mounted via autofs

These are user, scratch and data filesystems, as well as /usr/local. Copy the

following autofs maps from an already installed AIX 5.1.0 machine.3. /etc/auto.u4. /etc/auto.d5. /etc/auto.s6. /etc/auto.nfs7. /etc/auto.apps # except app server, currently biori6y8. /etc/auto.bioapps # except app server, currently biori6y9. /etc/auto_master # except app server, currently biori6y

8/9/2019 13044539-base-system-aix-51

11/18

To enable Biophysics commercial apps (WordPerfect, applixware, etc.)/etc/auto.bioapps must have entries like

APPLIX -ro,vers=3,proto=tcp biori6y:/bioapps/APPLIX

10. Additional links are needed:11.ln -s /nfs/clri6c/local.AIX /usr/local

12. and some links might have to be removed:13.rm /u14.mkdir /u

15. For a new machine the GSI operating group (E.Stiel@gsi.de) has to be informed

to regularly update the autofs maps on this machine. Also, it must be allowed to

mount filesystems on the servers filesv1 and filesv2 (M.Feyerabend@gsi.de).

16. The file systems /d/bio and /s/bio should have the attributes17.drwxrwsr-x 37 root bio 1024 Jan 23 18:19 bio

so that each bio group member can create files.

Load Leveler

Version 2.2, bio-owned installation ( old Version 1.3 here)

1. must be mounted according to the following entry in /etc/filesystems2. /usr/lpp/LoadL:3. dev = "/usr/lpp/LoadL"4. vfs = nfs5. nodename = biori6y6. mount = true7. options = ro,bg,soft,intr

8. account = false

9. the following links must exist10. ln -s /usr/lpp/LoadL/full/lib/libllapi.a /usr/lib/libllapi.a11. ln -s /usr/lpp/LoadL/full/lib/libllmulti.a /usr/lib/libllmulti.a12. ln -s /usr/lpp/LoadL/full/lib/llapi_shr.o /usr/lib/llapi_shr.o

13. and the directories14.mkdir /var/loadl15.mkdir /var/loadl/execute16.mkdir /var/loadl/log17.mkdir /var/loadl/spool

18. a local configuration file /var/loadl/LoadL_config.local should exist. Adapt

the following entries:

o for a 1 CPU machine:o BackgroundLoad = 2.0o HighLoad = 2.5o MAX_STARTERS = 1

o for a 2 CPU machine:o BackgroundLoad = 2.0o HighLoad = 2.5o MAX_STARTERS = 2

o for a 4 CPU machine:

mailto:E.Stiel@gsi.demailto:M.Feyerabend@gsi.dehttp://www-aix.gsi.de/~bio/DOCS/aixll13install.htmlmailto:E.Stiel@gsi.demailto:M.Feyerabend@gsi.dehttp://www-aix.gsi.de/~bio/DOCS/aixll13install.html

8/9/2019 13044539-base-system-aix-51

12/18

o BackgroundLoad = 4.0o HighLoad = 4.5o MAX_STARTERS = 4

where the last line determines the number of simultaneous jobs.

19. in /etc/rc.local20.#start LoadLeveler21./usr/lpp/LoadL/full/bin/llctl start

to start the LoadLeveler on boot. Outcomment this line when LoadLeveler shouldnot run.

22. configure bio as LoadLeveler user id

the file /etc/LoadL.cfg must exist:23. LoadLUserid = bio24. LoadLGroupid = bio25. LoadLConfig = /u/bio/LoadL_config

and the admin files /u/bio/LoadL_admin/u/bio/LoadL_config

X11, CDE and user interface stuff

1. The file /usr/lpp/X11/defaults/xserverrc should contain the line2. EXTENSIONS=" -bs -d 24:mir0 -d 24:lai0 -d 24:mtn0 -d 24:mint0 -d

24:mojl0 "

to enable backing store and 24bit colours for special graphics cards (here

GXT2000P, GXT135P, GXT3000P, GXT550P and GXT4500, respectively), ifinstalled.

3. CDE configuration

Path definitions in /etc/dt/config/Xsession.d/0010.dtpaths

Actual icons and datatypes in /u/bio/.dt/appconfig

4. adjust screen resolution (for machines with graphic cards)5. smit - Devices - Graphics Displays - Select the Display Type

choose momitor, then

Select the Display Resolution and Refresh Rate

6. adjust keyboard properties (for machines with keyboards)7. smit - Devices - Graphic Input Devices - Keyboard - Change / Show

Characteristics of the Keyboard8. Keyboard repeat rate [30]

+#9. Keyboard repeat delay 250

+

8/9/2019 13044539-base-system-aix-51

13/18

10. Alarm volume off+

11. Clicker volume off+

12. Extended keyboard identifier none+

or on command line

chhwkbd -r'30' -d'250' -a'0' -c'0'

Miscellaneous configuration files

1. /etc/inittab

o The console should be activated before NIS services:o rctcpip:2:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start

TCP/IP daemonso cons:0123456789:respawn:/usr/sbin/getty /dev/consoleo rcnfs:2:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS

Daemons

otherwise the machine won't boot if NIS can't be activated.

o The line for local services must be present:o diagd:2:once:/usr/lpp/diagnostics/bin/diagd >/dev/console

2>&1o rclocal:2:once:/etc/rc.local # starting local serviceso dt:2:wait:/etc/rc.dt

o The Install Assistent should be disabledo :install_assist:2:wait: ...

2. /etc/rc.local

ensure that3. chmod g+x4. chmod u+x

5. /etc/.kshrc and /local/bin/.kshrc

contains some ksh settings:6. #7. tty=`tty`8. tty=`basename $tty`9.10.set -o emacs # Emacs-artige Kommandohistory11.alias __A='^P' # Damit man auch mit den Pfeiltasten an

die alten12.alias __B='^N' # Kommandos herankommt.13.alias __C='^F'14.alias __D='^B'15.alias __H='^A'16.#alias __E=''17.18.alias dir='ls -l'19.#alias rm='rm -i'20.#alias cp='cp -i'

8/9/2019 13044539-base-system-aix-51

14/18

21.alias tim='date "+%d-%h-%y %T"'22.alias node=hostname23.alias h=history24. # to pass this setting to dtterm too25.export LIBPATH=.:/local/lib:/usr/lib:/lib:/usr/local/lib:$LIBPATH26.

27. /etc/profile should contain the lines28.if [ -x /local/bin/.profile ]29.then30. . /local/bin/.profile31.fi

where /local/bin/.profile is a system-wide profile copied from GSI's central

AIX cluster. Be sure that

chmod a+x

for both files. Also, to be on the safe side:

ln -s /local/bin/.profile /local/bin/profile

Some GSI-made shell scripts (e.g. ns for netscape) require these scripts to exist in

order to work properly.

32. /etc/qconfig

defines the printer queues and could be copied from the central AIX cluster.However, printing services are implemented via the rlpr mechanism anyway.

Note that it must not contain entries with /usr/lpd/aix*. Those will cause

WordPerfect startup to fail.

33. /etc/termcapstill needed ?should have the entries34.Id|dtterm|IBM dtterm Terminal:\35. :kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:\36. :tc=hft:37.If|aixterm|IBM aixterm Terminal:\38. :tc=hft:

in order forjoe to work correctly.

Ensure that

ln -s /usr/ccs/lib/libtermcap.a /lib/libtermcap.a

otherwise apps such as xemacs and IDL won't run

39. teach the outside world

the name of the machine (e.g. bioxxxx.gsi.de) has to be added

o in the file /distfile on the rdist managing machine

o in the file /u/bio/bin/rcpbio

o in the file /u/bio/bin/rshbio

8/9/2019 13044539-base-system-aix-51

15/18

o in all files /etc/hosts.equiv

o in all files /etc/X0.hosts

o in all files /etc/X1.hosts

The last 2 files control the X-server access from other hosts. Due to X-server

problems when the name server can't resolve the name of machines listed in thesefiles they should contain only GSI machines. This doesn't solve the problemcompletely (because the GSI name server might be down as well) but at least the

most likely case of external network breakdown is excluded.

Periodic background jobs

1. /etc/syslog.conf

defines the amount of system logging:2. mail.debug /usr/spool/mqueue/log3. *.debug /var/adm/syslog.debug

4. *.info /var/adm/syslog

Strangely, you have to "generate" the log files manually

touch /usr/spool/mqueue/logtouch /var/adm/syslog.debugtouch /var/adm/syslog

5. /local/bin/newsyslog

is a GSI-supplied shell script to rename previous versions of logfiles byappending a version number running from 0 through 5 This way the last week's

syslogs are kept.

6. cron jobsare scheduled for this and other tasks. Either copy over

/var/spool/cron/crontabs/root from an existing installation or do it

manually:7. crontab -e

the EDITOR is called, then the following entries should be entered/verified

0 3 * * * /local/bin/newsyslog0 3 * * * /local/bin/newdsmlog0 3 * * * /usr/sbin/skulker

0 11 * * * /usr/bin/errclear -d S,O 300 12 * * * /usr/bin/errclear -d H 90

Local mail system

1. In /etc/filesystems2. /var/spool/mail:3. dev = "/var/spool/mail.common"

8/9/2019 13044539-base-system-aix-51

16/18

4. vfs = nfs5. nodename = clri6a6. mount = false7. type = clri6a8. options = bg,hard,intr9. account = false10.

these entries mean that the mail filesystem is not automatically mounted during

the initial stages of the boot process.

11. Instead, in /etc/rc.local12.mount -t clri6a

does this at a later stage. Note that the directory /var/spool/mail must exist.

13. Ensure a proper/etc/sendmail.cf exists. Usually you get away with the IBM

supplied standard file, with the modifications concerning the

smart relay host:14.DSlxmta1.gsi.de

and the masquerading

DMgsi.de

Configure additional Software

monitor

Lookhere

lsof (still needed ??)

Ensure the proper link ln -s /local/bin/lsof_4.60 /local/bin/lsof

netscape (4.7,BonusPak version)

In the start-up shell script /usr/bin/netscape add an ampersand (&) to the end

of line starting the binary: ${MOZILLA_HOME}/us/netscape_aix4 "$@" &

netscape 7,Mozilla

In the start-up shell script /usr/netscape/base/netscape add an ampersand

(&) to the end of line starting the binary: exec ....... &

and

http://www-aix.gsi.de/~bio/DOCS/monitorcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/monitorcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/monitorcfg.html

8/9/2019 13044539-base-system-aix-51

17/18

ln -s /usr/netscape/base/netscape /usr/bin/netscape

Ditto formozilla.

prngdneeded for toolbox version?

To generate a random seed and a random device: cat /var/adm/syslog /var/adm/syslog.0 /var/adm/syslog.1 >

/local/etc/prngd-seed

mkssys -s prngd -p /local/sbin/prngd -a '-f -c/local/etc/prngd.conf -s /local/etc/prngd-seed /dev/egd-pool' -u0 -S -n 15 -f 9 -R -G local

Add to /etc/rc.local:

startsrc -s prngd

openssh, E.R. version (after cloning on every host new ssh-key pairs have to

be generated) ssh-keygen -t rsa1 -f /local/etc/ssh/ssh_host_key -N ""

ssh-keygen -t rsa -f /local/etc/ssh/ssh_host_rsa_key -N ""

ssh-keygen -t dsa -f /local/etc/ssh/ssh_host_dsa_key -N ""

/usr/bin/mkssys -s sshd -p /local/sbin/sshd -a '-D' -u 0 -S -n15 -f 9 -R -G local

startsrc -s sshd

/etc/rc.local should have an entry:

startsrc -s sshd

Ensure

ln -s /usr/bin/rsh /usr/ucb/remsh

openssh, Bull binary

(you may consult READMEs in /usr/local/lib/openssh-3.7.1.0 too/)

1. Create subsystem2. /usr/bin/mkssys -s sshd -p /local/sbin/sshd -a '-D -f

/local/etc/sshd_config' -u 0 -S -n 15 -f 9 -R -G local3. In /local/etc/ssh_config

enable ForwardX11

4. In /local/etc/sshd_config

allow X11Forwarding and specify the key files. Disable

UsePrivilegeSeparation unless the procedures described in

/usr/local/lib/openssh-3.7.1.0/READE.privsep are implemented.

It might be necessary to enable PidFile /local/etc/sshd.pid

8/9/2019 13044539-base-system-aix-51

18/18

5. After a fresh install new ssh-key pairs have to be generated:6. ssh-keygen -t rsa1 -f /local/etc/ssh/ssh_host_key -N ""7. ssh-keygen -t rsa -f /local/etc/ssh/ssh_host_rsa_key -N ""8. ssh-keygen -t dsa -f /local/etc/ssh/ssh_host_dsa_key -N ""9. startsrc -s sshd

10. /etc/rc.local should have a line like this:

11. startsrc -s sshd

(there's a script /etc/rc.openssh too, no clue what it's good for)

12. Note this version may need /usr/local/libexec/ssh-rand-helper

ghostscript

needs a path forgs_init.ps. In /local/bin/.profile:

exportGS_LIB=/local/share/ghostscript/5.10:/local/share/ghostscript/fonts

antiword

needs mapping files in directories /usr/share/antiword or$HOME/.antiword: ln -s /local/share/antiword /usr/share/antiword

Configure the TSM backup client

Lookhere

For machines with 2 system disks

For an installation from scratch (not clone) you maymirror a volume group.

For a clone installation from a mirrored source the bootlist should be adapted:bootlist -m normal -obootlist -m normal -o hdisk0 hdisk1

http://www-aix.gsi.de/~bio/DOCS/aixtsmcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixtsmcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixmirror.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixmirror.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixtsmcfg.htmlhttp://www-aix.gsi.de/~bio/DOCS/aixmirror.html