HPASMCLI - Overview and Commands

hpasmcli stands for HP Server Management Application and Agents Command Line Interface


It comes with HP ProLiant Support Pack (PSP) and can be installed in HP ProLiant Servers to view, modify the BIOS / System settings such as  hyper-threading, boot sequence control, and UID LEDs, etc. It can also be used to display hardware status  of the HP ProLiant servers. 

It’s a scriptable command line interface for interacting with the hpasm management daemons.

hpasmcli is also usable for incorporating into shell scripts. Hpasmcli supports TAB completion of command names and has a history buffer that can be accessed using the up/down arrows. 

To get the basic information about server:

hpasmcli> show server

System        : ProLiant DL385 G1

Serial No.    : SGH532X0KK      

ROM version   : A05 06/14/2005

iLo present   : Yes

Embedded NICs : 2

NIC1 MAC: 00:14:38:4c:62:3e

NIC2 MAC: 00:14:38:4c:62:3d

Processor: 0

Name         : AMD Opteron

Stepping     : 2

Speed        : 2200 MHz

Bus          : 0 MHz

Socket       : 2

Level2 Cache : 1024 KBytes

Status       : Ok

Processor: 1

Name         : AMD Opteron

Stepping     : 2

Speed        : 2200 MHz

Bus          : 0 MHz

Socket       : 1

Level2 Cache : 1024 KBytes

Status       : Ok

Processor total  : 2

Memory installed : 1024 MBytes

ECC supported    : Yes

Verify the Automatic System Recovery values:

hpasmcli> show asr

ASR timeout is 10 minutes.
ASR is currently enabled.




To verify the boot order:


hpasmcli> show boot
First boot device is: CD-ROM.
One time boot device is: Not set.


To check the DIMM Information:


hpasmcli> show dimm
DIMM Configuration
------------------
Cartridge #:   0
Module #:      3
Present:       Yes
Form Factor:   9h
Memory Type:   12h
Size:          1024 MB
Speed:         400 MHz
Status:        Ok


Cartridge #:   0
Module #:      4
Present:       Yes
Form Factor:   9h
Memory Type:   12h
Size:          1024 MB
Speed:         400 MHz
Status:        Ok




To check the F1 Prompt:


hpasmcli> show f1
The POST F1 prompt is currently delayed.


To Verify the FANS:


hpasmcli> show fans
Fan  Location        Present Speed  of max  Redundant  Partner  Hot-pluggable
---  --------        ------- -----  ------  ---------  -------  -------------
#1   PROCESSOR_ZONE  Yes     NORMAL 18%     Yes        2        Yes           
#2   PROCESSOR_ZONE  Yes     NORMAL 18%     Yes        1        Yes           
#3   I/O_ZONE        Yes     NORMAL 18%     Yes        1        Yes           
#4   I/O_ZONE        Yes     NORMAL 18%     Yes        1        Yes           
#5   PROCESSOR_ZONE  Yes     NORMAL 18%     Yes        1        Yes           
#6   PROCESSOR_ZONE  Yes     NORMAL 18%     Yes        1        Yes           
#7   POWERSUPPLY_BAY Yes     NORMAL 18%     Yes        1        Yes           
#8   POWERSUPPLY_BAY Yes     NORMAL 18%     Yes        1        Yes           




To Verify the HT Status:


hpasmcli> show ht
Processor hyper-threading is currently disabled.




To view the IML Logs:


hpasmcli> show iml
The IML Log is empty.




hpasmcli> show ipl
IPL (Standard Boot Order)
-------------------------
#0 CDROM
#1 Floppy
#2 USBKEY
#3 HDD
#4 PXE




To check the Power Supply Status:


hpasmcli> show powersupply
Power supply #1
Present  : Yes
Redundant: No
Condition: Ok
Hotplug  : Supported


Power supply #2
Power Supply not present


To check the PXE status of the network cards:


hpasmcli> show pxe
PXE boot status (2 Embedded NICs):
NIC1: PXE enabled
NIC2: PXE disabled


To check the Serial Port status:


hpasmcli> show serial bios
BIOS console redirection port is currently set to COM1/9600.


hpasmcli> show serial bios
Embedded serial port A: COM1
Embedded serial port B: Disabled


hpasmcli> show serial virtual
The virtual serial port is currently COM2.


To check the temperature of the server:


hpasmcli> show temp
Sensor   Location              Temp       Threshold
------   --------              ----       ---------
#0        SYSTEM_BD             -          -       
#1        CPU#1                51C/123F   80C/176F 
#2        I/O_ZONE             52C/125F   62C/143F 
#3        CPU#2                46C/114F   80C/176F 
#4        PROCESSOR_ZONE       41C/105F   60C/140F 
#5        POWER_SUPPLY_BAY     41C/105F   51C/123F 


To check LED status:


hpasmcli> show uid
UID is currently off.


To check the Wake on LAN status:


hpasmcli> show wol
Wake-On-Lan is currently enabled.


To exit from hpasmcli:


hpasmcli> exit

Video Tutorial - Configuring Open LDAP Server in Linux

Video Tutorial - Patching Suse Linux Enterprise Server

Terminal servers at network command at windows 2008

Displays the available application terminal servers on the network.

QUERY TERMSERVER [servername] [/DOMAIN:domain] [/ADDRESS] [/CONTINUE]

  servername      Identifies a Terminal server.
  /DOMAIN:domain  Displays information for the specified domain (defaults
                  to the current domain).
  /ADDRESS        Displays network and node addresses.
  /CONTINUE       Does not pause after each screen of information.

Own Event Log create at Windows server 2008

EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid
[/L logname] [/SO srcname] /T type /D description

Description:
This command line tool enables an administrator to create a custom event ID and message in a specified event log.

Parameter List:
    /S    system           Specifies the remote system to connect to.

    /U    [domain\]user    Specifies the user context under which
                           the command should execute.

    /P    [password]       Specifies the password for the given
                           user context. Prompts for input if omitted.

    /L    logname          Specifies the event log to create
                           an event in.

    /T    type             Specifies the type of event to create.
                           Valid types: SUCCESS, ERROR, WARNING, INFORMATION.

    /SO   source           Specifies the source to use for the
                           event (if not specified, source will default
                           to 'eventcreate'). A valid source can be any
                           string and should represent the application
                           or component that is generating the event.

    /ID   id               Specifies the event ID for the event. A
                           valid custom message ID is in the range
                           of 1 - 1000.

    /D    description      Specifies the description text for the new event.

    /?                     Displays this help message.

Examples:
EVENTCREATE /T ERROR /ID 1000 /L APPLICATION /D "My custom error event for the application log"

EVENTCREATE /T ERROR /ID 999 /L APPLICATION /SO WinWord /D "Winword event 999 happened due to low diskspace"

EVENTCREATE /S system /T ERROR /ID 100 /L APPLICATION /D "Custom job failed to install"

EVENTCREATE /S system /U user /P password /ID 1 /T ERROR /L APPLICATION /D "User access failed due to invalid user credentials"

Database utilities at windows server 2008 core

Esentutl

DESCRIPTION: Database utilities for the Extensible Storage Engine for Microsoft

MODES OF OPERATION:

Defragmentation:  ESENTUTL /d {database name} [options]
             Recovery:  ESENTUTL /r {logfile base name} [options]
            Integrity:  ESENTUTL /g {database name} [options]
             Checksum:  ESENTUTL /k {file name} [options]
               Repair:  ESENTUTL /p {database name} [options]
            File Dump:  ESENTUTL /m[mode-modifier] {filename}
            Copy File:  ESENTUTL /y {source file} [options]

New Text edtior of Windows server 2008 core (Edlin)

Edlin, a line-oriented text editor.

EDLIN [drive:][path]filename [/B]

/B Ignores end-of-file (CTRL+Z) characters.

LDAP Management at windows server 2008 core

Dsmgmt facilitates managing AD DS/LDS application partitions, management
and control of the Flexible Single Master Operations (FSMO),
and cleaning up of metadata left behind by abandoned AD DCs/LDS instances,
those which are removed from the network without being uninstalled.

This is an interactive tool.

 Configurable Settings         - Manage configurable settings
 DS Behavior                   - View and modify AD DS/LDS Behavior
 Group Membership Evaluation   - Evaluate SIDs in token for a given user or
                                 group
 LDAP policies                 - Manage LDAP protocol policies
 Local Roles                   - Local RODC roles management
 Metadata cleanup              - Clean up objects of decommissioned servers
 Partition management          - Manage directory partitions
 Popups off                    - Disable popups
 Popups on                     - Enable popups
 Quit                          - Quit the utility
 Roles                         - Manage NTDS role owner tokens
 Security account management   - Manage Security Account Database - Duplicate
                                 SID Cleanup
 Set DSRM Password             - Reset directory service restore mode
                                 administrator account password

Default GPO Fix

Default GPO fix at Windows server 2008 core

Description: Recreates the Default Group Policy Objects (GPOs) for a domain

Syntax: DcGPOFix [/ignoreschema] [/Target: Domain | DC | BOTH]

/target: {Domain | DC | BOTH} Optional.
Specifies the GPO to be restored -- the Default Domain Policy GPO, the
default Domain Controllers Policy GPO, or both.

/ignoreschema: Optional.
Use this switch to have this tool ignore the schema version of the Active
Directory. Otherwise this tool will only work on the same schema version as
the Windows version in which the tool was shipped.

CSV file Command line at windows server 2008 core

CSV command line options at windows server 2008 core.

CSV Directory Exchange

General Parameters
==================
-i              Turn on Import Mode (The default is Export)
-f filename     Input or Output filename
-s servername   The server to bind to (Default to DC of computer's domain)
-v              Turn on Verbose Mode
-c FromDN ToDN  Replace occurences of FromDN to ToDN
-j path         Log File Location
-t port         Port Number (default = 389)
-u              Use Unicode format
-?              Help


Export Specific
===============
-d RootDN       The root of the LDAP search (Default to Naming Context)
-r Filter       LDAP search filter (Default to "(objectClass=*)")
-p SearchScope  Search Scope (Base/OneLevel/Subtree)
-l list         List of attributes (comma separated) to look for in an
                LDAP search
-o list         List of attributes (comma separated) to omit from input.
-g              Disable Paged Search.
-m              Enable the SAM logic on export.
-n              Do not export binary values


Import
======
-k              The import will go on ignoring 'Constraint Violation' and
                'Object Already Exists' errors


Credentials Establishment
=========================
Note that if no credentials is specified, CSVDE will bind as the currently
logged on user, using SSPI.

-a UserDN [Password | *]            Simple authentication
-b UserName Domain [Password | *]   SSPI bind method

Example: Simple import of current domain
csvde -i -f INPUT.CSV

Example: Simple export of current domain
csvde -f OUTPUT.CSV

Example: Export of specific domain with credentials
csvde -m -f OUTPUT.CSV
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
-r "(objectClass=user)"
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.

Windows server core Command - Change

Change Command at windows 2008 server core

CHANGE { LOGON | PORT | USER }

Change LOGON

Enable, disable, or drain session logins.

CHANGE LOGON {/QUERY | /ENABLE | /DISABLE | /DRAIN | /DRAINUNTILRESTART}

  /QUERY    Query current session login mode.
  /ENABLE   Enable user login from sessions.
  /DISABLE  Disable user login from sessions.
  /DRAIN    Disable new user logons, but allow reconnections to existing sessions.
  /DRAINUNTILRESTART    Disable new user logons until the server is restarted, but 
                        allow reconnections to existing sessions.

Change PORT

List or change COM port mappings for DOS application compatibility.

CHANGE PORT [portx=porty | /D portx | /QUERY]

  portx=porty  Map port x to port y.
  /D portx    Delete mapping for port x.
  /QUERY      Display current mapping ports.

Change USER

Change Install Mode.

CHANGE USER {/EXECUTE | /INSTALL | /QUERY}

  /EXECUTE  Enable execute mode (default).
  /INSTALL  Enable install mode.
  /QUERY    Display current settings.

ICACLS options at Windows 2008 server Core

Reset the NTFS Files/Folders Permissions at Windows using CACLS utility.


ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
store the the acls for the all matching names into aclfile for
later use with /restore.

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
[/C] [/L] [/Q]
applies the stored acls to files in directory.

ICACLS name /setowner user [/T] [/C] [/L] [/Q]
changes the owner of all matching names.

ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]
finds all matching names that contain an ACL
explicitly mentioning Sid.

ICACLS name /verify [/T] [/C] [/L] [/Q]
finds all files whose ACL is not in canonical for or whose
lengths are inconsistent with ACE counts.

ICACLS name /reset [/T] [/C] [/L] [/Q]
replaces acls with default inherited acls for all matching files

ICACLS name [/grant[:r] Sid:perm[...]]
[/deny Sid:perm [...]]
[/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q]
[/setintegritylevel Level:policy[...]]

/grant[:r] Sid:perm grants the specified user access rights. With :r,
the permissions replace any previouly granted explicit permissions.
Without :r, the permissions are added to any previously granted
explicit permissions.

/deny Sid:perm explicitly denies the specified user access rights.
An explicit deny ACE is added for the stated permissions and
the same permissions in any explicit grant are removed.

/remove[:[g|d]] Sid removes all occurrences of Sid in the acl. With
:g, it removes all occurrences of granted rights to that Sid. With
:d, it removes all occurrences of denied rights to that Sid.

/setintegritylevel [(CI)(OI)]Level explicitly adds an integrity
ACE to all matching files. The level is to be specified as one
of:

            L[ow]
            M[edium]
            H[igh]

Inheritance options for the integrity ACE may precede the level
and are applied only to directories.

/inheritance:e|d|r

        e - enables inheritance
        d - disables inheritance and copy the ACEs
        r - remove all inherited ACEs

Note:
Sids may be in either numerical or friendly name form. If a numerical
form is given, affix a * to the start of the SID.

/T indicates that this operation is performed on all matching
files/directories below the directories specified in the name.

/C indicates that this operation will continue on all file errors.
Error messages will still be displayed.

/L indicates that this operation is performed on a symbolic link
itself versus its target.

/Q indicates that icacls should supress success messages.

ICACLS preserves the canonical ordering of ACE entries:

            Explicit denials
            Explicit grants
            Inherited denials
            Inherited grants

perm is a permission mask and can be specified in one of two forms:
a sequence of simple rights:

                F - full access
                M - modify access
                RX - read and execute access
                R - read-only access
                W - write-only access

a comma-separated list in parenthesis of specific rights:

                D - delete
                RC - read control
                WDAC - write DAC
                WO - write owner
                S - synchronize
                AS - access system security
                MA - maximum allowed
                GR - generic read
                GW - generic write
                GE - generic execute
                GA - generic all
                RD - read data/list directory
                WD - write data/add file
                AD - append data/add subdirectory
                REA - read extended attributes
                WEA - write extended attributes
                X - execute/traverse
                DC - delete child
                RA - read attributes
                WA - write attributes

inheritance rights may precede either form and are applied
only to directories:

                (OI) - object inherit
                (CI) - container inherit
                (IO) - inherit only
                (NP) - don't propagate inherit

Examples:

icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.

icacls c:\windows\ /restore AclFile
- Will restore the Acls for every file within
AclFile that exists in c:\windows and its subdirectories

icacls file /grant Administrator:(D,WDAC)
- Will grant the user Administrator Delete and Write DAC
permissions to file

icacls file /grant *S-1-1-0:(D,WDAC)
- Will grant the user defined by sid S-1-1-0 Delete and
Write DAC permissions to file

Windows 2008 server core - Search

We can able to search file through command-line at Windows server 2008 Server Core.

WHERE [/R dir] [/Q] [/F] [/T] pattern...

Description:

Displays the location of files that match the search pattern.
By default, the search is done along the current directory and in the paths specified by the PATH environment variable.

Parameter List:

/R Recursively searches and displays the files that match the given
pattern starting from the specified directory.

/Q Returns only the exit code, without displaying the list
of matched files. (Quiet mode)

/F Displays the matched filename in double quotes.

/T Displays the file size, last modified date and time for all
matched files.

pattern Specifies the search pattern for the files to match. Wildcards * and ?
can be used in the pattern. The "$env:pattern" and "path:pattern"
formats can also be specified, where "env" is an environment variable
and the search is done in the specified paths of the "env" environment
variable. These formats should not be used with /R. The search is also
done by appending the extensions of the PATHEXT variable to the pattern.

/? Displays this help message.

NOTE:
The tool returns an error level of 0 if the search is successful, of 1 if the search is unsuccessful and of 2 for failures or errors.

Examples:
WHERE /?
WHERE myfilename1 myfile????.*
WHERE $windir:*.*
WHERE /R c:\windows *.exe *.dll *.bat
WHERE /Q ??.???
WHERE "c:\windows;c:\windows\system32:*.dll"
WHERE /F /T *.dll

SELinux - Overview and Configuration

SELinux Features:

• Restricts access by subjects (users and/or processes) to objects (files)
• Provides Mandatory Access Controls (MACs)
• MACs extend Discretionary Access Controls (DACs (Standard Linux Permissions))
• Stores MAC permissions in extended attributes of file systems
• SELinux provides a way to separate: users, processes (subjects), and objects, via labeling, and monitors/controls their interaction
• SELinux is integrated into the Linux kernel
• Implements sandboxes for subjects and objects
• Default RH5 implementation creates sandboxes (domains) for 'targeted' daemons and one sandbox (unconfined_t) for everything else
• SELinux is implemented/enabled by RHEL5, by default
• Operates in the following modes:

            a. Permissive - permission is always granted, but denials are logged in: /var/log/messages

            b. Enforcing - strictly enforces 'targeted' policy rules

            c. Disabled - Only DACs are applied

• Operating modes can be applied upon startup or while the system is running

SELinux Config files & Tools:

 1. sestatus - displays current SELinux status, including:

     a. policy name 'targeted'

     b. policy version '21'

     c. Operating mode: 'enforcing|permissive|disabled'

 2. /etc/sysconfig/selinux - primary startup|config file for SELinux

 3. /etc/selinux/targeted - top-level container for the 'targeted' policy

 4. setenforce = 0(permissive) 1(enforcing)

 5. '-Z' can be applied to the following commands to obtain SELinux context info:

      mv, cp, ls, ps, id

 6. chcon -R -t type <file> - applies SELinux label to file/directory

Note: If files(objects) lose their SELinux context, there are multiple ways to relabel them:

     1. 'touch /.autorelabel && reboot' - init will relable the system according to the 'targeted' policy

     2. 'fixfiles' - use to relabel objects (files) while the system is running

Note: List of daemons protected by the 'targeted' SELinux policy:

             1. apache(httpd)

             2. dchpd

             3. ntpd

             4. named

             5. syslogd

             6. squid

             7. snmpd

             8. portmap

             9. nscd

            10. winbind

Note: The 'targeted' policy assigns ALL other subjects and objects to the 'unconfined_t' domain

Note: The default SELinux 'targeted' policy, using MACs, binds subject domains: i.e. 'httpd_t' to object types: i.e. 'httpd_config_t'

Note: SELinux MACs compound Linux DACs