Reduce ARP caching time in Sun Solaris using ndd

Networking, security Add comments

Apr 242008

ARP attacks are the easiest attacks that can be launched on a network or a Server causing a

Denial of Service. One of those things that can be done on the Sun Solaris Operating System is

to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays

in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the

hacker.

The default time that ARP entries are cached in a Sun Solaris system is 5 mins.

However, this can be reduced to lower level (say 3mins). This means that the number of ARP

requests and ARP replies to and from the server will increase as a result. So, before modifying

the caching time, check if this can cause andy congestion on your network.

To set the ARP cache time period

solaris# ndd -set /dev/arp arp_cleanup_interval 180000

The above command sets the interval to 3 minutes (1min is equal to 60000ms). Now, all the ARP

entries are flushed at a faster rate (every 3mins)

For this change to persist across reboots, add this command onto the init scripts in /etc/rc2.d

directory for your network interface (where all the required ndd commands are run).

Display/Add/Delete/modify ARP entries in ARP Table

Networking Add comments

Apr 242008

Not so often we would end up troubleshooting or manipulating ARP and ARP tables in Sun

Solaris. However, following are some of the useful commands which can help when required.

The following commands will help you display,modify,add,delete ARP entries in Sun Solaris

ARP table.

Display ARP table

sunsolaris# arp -a Net to Media Table: IPv4

Device IP Address Mask Flags Phys Addr

pcn0 192.168.0.1 255.255.255.255 00:18:4d:f8:a4:6e

pcn0 192.168.0.2 255.255.255.255 00:13:ce:85:0e:e1

pcn0 sunsolaris 255.255.255.255 SP 00:0c:29:d3:76:89

pcn0 BASE-ADDRESS.MCAST.NET 240.0.0.0 SM 01:00:5e:00:00:00

Delete an ARP entry

sunsolaris# arp -d 192.168.0.1 192.168.0.1 (192.168.0.1) deleted

To verify the entry indeed is deleted

sunsolaris# arp -a

Net to Media Table: IPv4

Device IP Address Mask Flags Phys Addr

pcn0 192.168.0.2 255.255.255.255 00:13:ce:85:0e:e1

pcn0 solaris10 255.255.255.255 SP 00:0c:29:d3:76:89

pcn0 BASE-ADDRESS.MCAST.NET 240.0.0.0 SM 01:00:5e:00:00:00

You can see the ARP entry for 192.168.0.1 is longer found.

Add a Static entry

sunsolaris# arp -s 192.168.0.1 00:18:4d:f8:a4:6e

Syntax is

arp -s HOSTNAME MAC-Address

where

pub publishes the ARP entries to other hosts on the network

temp Temporary entry

trail Allows Trailer Encapsulations to be sent to host

You can also read static entries from a file. This can come handy if you decide that all ARP

entries are static and no ARP requests are sent and received from the system. You can add the

static entries onto a file and add the arp command onto the network init scripts in /etc/rc2.d/

To read from file

sunsolaris# arp -f /etc/host_mac

where /etc/host_mac is my file name from where the ARP entries are read.

To check the current ARP caching time

sunsolaris# ndd -get /dev/arp arp_cleanup_interval

500000

where 500000 in milliseconds indicates 5mins

To modify ARP Cache timing, click here

Linux rebuild the initial ramdisk image

by Vivek Gite on April 19, 2006

Q: I think I am missing some driver or my initial ramdisk is corrupted for running kernel how do I Rebuild

the initial ramdisk image under Linux?

A: You need ramdisk if you have added new hardware devices such as SCSI or FibreChannel controller to

your server as the ramdisk contains the necessary modules (i.e. drivers) to initialize hardware driver. If

you modified the /etc/modprob.conf (or modules.conf) file then you need to execute special script

called mkinitrd.

The mkinitrd script constructs a directory structure that can serve as an initrd root file system. It then

generates an image containing that directory structure using mkcramfs, which can be loaded using the

initrd mechanism. The kernel modules for the specified kernel version will be placed in the directory

structure. If version is omitted, it defaults to the version of the kernel that is currently running.

Find out your kernel version:

# uname -r

2.6.15.4

Make backup of existing ram disk:

# cp /boot/initrd.$(uname -r).img /root

To create initial ramdisk image type following command as the root user:

# mkinitrd -o /boot/initrd.$(uname -r).img $(uname -r)

# ls -l /boot/initrd.$(uname -r).img

You may need to modify grub.conf to point out to correct ramdisk image, make sure following line

existing in grub.conf file:

initrd /boot/initrd.img-2.6.15.4.img

When the system boots using an initrd image created by mkinitrd command, the linuxrc will wait for an

amount of time which is configured through mkinitrd.conf, during which it may be interrupted by

pressing ENTER. After that, the modules specified in will be loaded.

mkinitrd force-lvm-probe /boot/initrd-2.6.18-92.el5.img 2.6.18-92.el5

Troubleshooting Common Boot Issues

This document (3864925) is provided subject to the disclaimer at the end of this document.

Environment

Novell SUSE Linux Enterprise Server 10 Novell SUSE Linux Enterprise Server 9 Novell SUSE Linux Enterprise Server 8 Novell Open Enterprise Server (Linux based)

Situation

This document is intended as a general guideline for troubleshooting system boot issues. Please read and evaluate the entire document prior to contacting Novell Technical Support.

Resolution

Symptom: Regardless of the kernel selected to boot (failsafe or default), a kernel panic stops the system from booting.

Error(s): RAMDISK: Couldn't find a valid RAM disk image starting at 0. VFS: Cannot open a root device "sda2" or unknown-block(0,0)

Please append a correct"root=" boot option Kernel panic - not syncing: VFS: Cannot open a root device

"sda2" or unknown-block(0,0)

Probable Cause: A corrupted or missing initrd.

Resolution:

1. Boot Installed System*.

2. Login as root.

3. Verify that the / (root) and /boot (if used) filesystems are mounted. The mount

command should supply sufficient information. If not, comparing its output with

the contents of /etc/fstab should.

4. Run mkinitrd.

5. Reboot.

Symptom: The system fails to boot and prompts for the root password.

Error(s): error on stat() /dev/hdb3: No such file or directory Failed to open the device'/dev/hdb3' : No such file or directory fsck.reiserfs /dev/hdb3 failed (status 0x8). Run manually!

fsck failed for at least one filesystem (not /).

Probable cause:

Invalid/etc/fstabentry, /dev/hdb3 is a non-existent device.

Resolution:

1. Enter the root password to enter maintenance mode. 2. Remount the root filesystem as read-write:

mount -o rw,remount /

3. Edit /etc/fstab and remove the non-existent device entry. Comparing the

output of fdisk -l may provide additional guidance for the non-existent device.

4. [CTRL]+[D] reboots.

Symptom: The system simply hangs after POST. The screen is completely blank. The option to Boot Installed System* is not available.

Error(s):

If Rescue System is attempted, and fdisk -l run, no partitions are seen. If parted is

used, and check run,Error: Partition doesn't existis returned.

Probable cause: The MBR has been damaged or corrupted.

Resolution:

1. Boot Installed System*. 2. Login as root. 3. Reinstall GRUB:

grub-install bootdevicepath (e.g. /dev/sda)

4. Reboot.

-or-

1. If Boot Installed System* is unavailable, the most likely probable cause is that the partition table is damaged or corrupt, no recovery is possible unless a previous backup of the partition table is available.

Symptom: When the system boots, an error message is seen, and the system locks. Sometimes the screen just goes black or the server reboots. Sometimes all that is seen is the grub

details screen halted after trying to load the/boot/initrd(see below).

Error(s): No setup signature found ... initrd /boot/initrd [Linux-initrd @ 0x1fc38000, 0x2a7ab8 bytes]

Probable cause:

Damaged or corrupted kernel in/boot.

Resolution:

1. Boot Installed System*.

2. Login as root.

3. Install a valid kernel rpm. This can be had from the selected installation medium

(under /suse/arch) or from our website at http://www.novell.com/download

(search the patches section for kernel-).

rpm -Uvh --force kernel-type-revision-arch.rpm

4. Reboot.

Symptom:

The system boots up toSystem Boot Control: Running

/etc/init.d/boot.local, then gracefully reboots.

Error(s): None.

Probable cause: Corrupted or misconfigured boot script.

Resolution:

1. At the GRUB menu, type in

init=/bin/bash

on the Boot Options line.

2. Edit /etc/init.d/boot.local and modify or remove the corrupted or

misconfigured line. 3. Reboot.

Symptom: Once exited from a virtual console, the console is not respawned. The console prompt just blinks.

Error(s): INIT: no more processes left in this runlevel

Probable cause:

Corrupt or misconfigured/etc/inittab

Resolution:

1. Login as root.

2. Edit /etc/inittab and change any tty configuration(s) from once to respawn.

3. Reboot or pkill -1 init.

Symptom: The kernel panics after trying to mount the root filesystem.

Error(s): Waiting for device /dev/sda1 to appear: . ok rootfs: major=8 minor=1 devn=2049 rootfs: /sys/block/sda/sda1 major=8 minor=1 devn=2049

mount: unknown filesystem type 'swap' umount: /dev: device is busy Kernel panic - not syncing: Attempted to kill init! Kernel panic: VFS: Unable to mount root fs on sda1

Probable cause:

Corrupt or misconfigured/boot/grub/menu.lst.

Resolution:

1. Boot Installed System*.

2. Login as root.

3. Edit /boot/grub/menu.lst.

4. Modify the kernel parameter root= to point to the correct root partition. fdisk -

l should provide sufficient guidance to determine the root filesystem.

5. Reboot.

Symptom:

The system boots to the GRUB prompt (grub>).

Error(s): None.

Probable cause:

Corrupt or missing/boot/grub/menu.lstfile.

Resolution:

1. Boot Installed System* -or- if sufficiently familiar with GRUB, manually boot the system.

2. Login as root.

3. Verify the existence of /boot/grub/menu.lst.

If existing, but misnamed, rename it. If corrupt, delete it and Repair Installed System** (just the Boot Loader Configuration check should be sufficient). If missing, Repair Installed System** (just the Boot Loader Configuration check should be sufficient).

4. Reboot.

Symptom: The system boots, but filesystems are not mounted. Many mount-related errors are seen during boot.

Error(s): Mostly mount-related error messages are seen during boot. startproc: mount returned not-zero exit status startproc: /proc not mounted, failed to mount: No such file or

directory failed

Probable cause:

The mount binary is either corrupt or missing.

Resolution:

1. Either Repair Installed System** -or - the following. 2. Boot into rescue mode (Rescue System) from the selected installation medium.

3. Login as root.

4. Manually mount the root filesystem (i.e., mount /dev/sda2 /mnt). fdisk -l

should provide sufficient information to determine the correct partition.

5. Copy in a valid mount binary from the Rescue System.

6. Reboot.

Symptom: The system boots, but login fails.

Error(s): INIT: no more processes left in this runlevel INIT: /etc/inittab[xx]: missing action field

Probable cause:

Corrupt or misconfigured/etc/inittab

Resolution:

1. Login as root.

2. Edit /etc/inittab and change any tty configuration(s) to include an action

(once or respawn) in the action field (third column).

3. Reboot or pkill -1 init.

Symptom: The system boots, but only to a GRUB screen, then hangs.

Error(s): GRUB Hard Disk Error

Probable Cause: As the full GRUB prompt is not achieved, the problem lies somewhere in GRUB stage1.

The /boot/grub/stage1file may be missing or corrupted.

Solution:

1. Boot Installed System*.

2. Login as root.

3. Copy /usr/lib/grub/stage1 to/boot/grub/stage1.

4. Reinstall GRUB:

grub-install bootdevicepath(e.g., /dev/sda).

5. Reboot.

-or-

1. Boot Installed System*.

2. Login as root.

3. Identify the installed version of GRUB:

rpm -q grub

4. Remove the installed version. E.g.,

rpm -ev --nodeps grub-0.97-16.1

5. Reinstall the grub package. This can be had from the selected installation

medium (under /suse/arch) or from our website at

http://www.novell.com/download (search the patches section for grub).

rpm -Uvh grub-version.rpm.

6. Reinstall GRUB:

grub-install bootdevicepath(e.g.,/dev/sda).

Symptom: The system either doesn't boot, or boots, but some modules aren't loaded and/or some devices are undetected.

Error(s): FATAL: Error insertingmodulename(modulepath): Unknown symbol in

module, or unknown parameter (see dmesg). modulename: Unknown symbol symbolname

Probable cause: Occasionally, when modules are updated, the modules dependency

file/lib/modules/kernelversion/modules.depis improperly configured or

corrupted prior to updating the initial ramdisk.

Resolution:

1. Boot Installed System*.

2. Login as root.

3. Run depmod to regenerate the modules dependency file.

4. Run mkinitrd to generate a new initial RAM disk image.

5. Reboot.

Symptom: EVMS is used for the root filesystem. The system doesn't boot, with errors related to finding the root filesystem.

Error(s): Waiting for device /dev/evms/lvm2/system/root to appear: ... not

found

Probable cause: The initial RAM disk image lacks EVMS support.

Resolution:

1. Boot the rescue system and enter the shell. 2. Probe EVMS information:

echo "probe" | evms -s

3. Query devices:

echo "q:d" | evms -s

4. Query volumes:

echo "q:v" | evms -s

This should display the name your root container.

5. Mount the root filesystem (note the comma in the mount command):

mkdir -p /old echo "mount:/dev/evms/lvm2/system/root,/old" | evms -s

6. The contents of the old root filesystem should be visible now:

ls -l /old/

7. Enter the environment of the installed system:

chroot /old

8. Generate a new inital RAM disk, with EVMS support:

/sbin/mkinitrd -f evms

9. Exit the environment of the installed system through [CTRL]+[D]. 10. Reboot.

Status

Top Issue

Additional Information

* Boot Installed System is the process of using a SuSE Linux Enterprise Server installation medium to boot the installed system. These are the steps:

1. Boot the system off of the selected installation medium (CD/DVD in most cases). This medium should be the same (or later) revision level as the installed system. I.e., if the installed system is SLES9SP2, the installation medium should be SLES9SP2 or later.

2. At Welcome screen, Installation should be selected in place of Boot from Hard Disk.

3. Select the desired Language. 4. Accept the License Agreement(s) (if prompted).

5. At the Installation Mode screen, select Boot Installed System. On SLES10 and later, click on the [Other] button to see these options.

**Repair Installed System is a process similar to Boot Installed System and provides a more automatic repair process. In some cases, when a broader approach to fixing the issue is needed (sledgehammer rather than scalpel), Repair Installed System is the desired process. These are the steps:

1. Boot the system off of the selected installation medium (CD/DVD in most cases). This medium should be the same (or later) revision level as the installed system. I.e., if the installed system is SLES9SP2, the installation medium should be SLES9SP2 or later.

2. At Welcome screen, Installation should be selected in place of Boot from Hard Disk.

3. Select the desired Language. 4. Accept the License Agreement(s) (if prompted). 5. At the Installation Mode screen, select Repair Installed System. On SLES10,

click on the [Other] button, on SLES11 click on the [Expert Tools] button to see these options.

Reinstall a corrupted boot partition.

Submitted by system on Sun, 08/08/2010 - 13:21

Issue

In a system where the "/boot" partition is a separate partition, when /boot is corrupted or be

formatted mistakenly, you can not boot the system but do not want to reinstall the whole

system.

Environment

Red Hat Enterprise Linux, CentOS, Fedora/ /boot partition is installed on the first partition of your first disk x86 architecture

Resolution

Reinstall /boot partition manually with the following steps:

1. Boot the system into rescue mode with the help of CD or DVD:

At boot prompt, type "linux rescue".

This will start the rescue mode program.

You will be prompted for your keyboard and language requirements.

Enter these values as

you would during the installation of Red Hat Enterprise Linux.

Next, a screen will appear telling you that the program will now attempt to find a Red Hat

Enterprise Linux installation to rescue. Select "Continue" on this screen.

2. At the "sh-3.1" prompt, chroot to /mnt/sysimage:

# chroot /mnt/sysimage

3. Make sure the boot partition is labeled as described in /etc/fstab. (Assuming the boot partition

is /dev/sda1):

# e2label /dev/sda1 /boot

4. Make sure the boot partition is mounted:

# mount /dev/sda1 /boot

5. Mount the CD to install the following rpms:

# mkdir /mnt/iso

# mount -o loop,ro /dev/hdc /mnt/iso

# cd /mnt/iso/Server

# rpm -Uvh --replacefiles --replacepkgs grub-0.97-13.i386.rpm

# rpm -Uvh --replacefiles --replacepkgs redhat-logos-4.9.16-1.noarch.rpm

# rpm -ivh --replacefiles --replacepkgs kernel-2.6.18-8.el5.i686.rpm

6. Install the GRUB:

# grub-install /dev/sda

7. If /boot/grub/grub.conf is lost, you need to create it manually. The following is a sample of

grub.conf, please make sure the the file "vmlinuz-2.6.18-8.el5" and "initrd-2.6.18-8.el5.img"

exist under the directory of /boot (which should be installed after step 4).

8. default=0

timeout=5

splashimage=(hd0,0)/grub/splash.xpm.gz

hiddenmenu

title Red Hat Enterprise Linux (2.6.18-8.el5)

root (hd0,0)

kernel /vmlinuz-2.6.18-8.el5 ro root=LABEL=/

initrd /initrd-2.6.18-8.el5.img

9. Make a soft link to grub.conf:

# cd /boot/grub

# ln -s grub.conf menu.lst

Then reboot the system.