Solaris – NFS Mounts

Edit /etc/hosts and /etc/vfstab on the machine which needs the filesystem mounted.

Hosts file should have servername and IP of the host server. Your vfstab is for automounting the filesystem.
Edit the /etc/hosts and /etc/dfs/dfstab files on the server which hosts the filesystem.

Hosts file should have the servername and IP of the client system. The dfstab should have the entry for the client.

On the host system, share the filesystem:

shareall

Mount the filesystem on the client:

mount -F nfs server:/filesystem /client/filesystem/name

Solaris – D – Shell snooping

#!/usr/bin/sh
#
# shellsnoop – A program to print read/write details from shells,
# such as keystrokes and command outputs.
# Written using DTrace (Solaris 10 build 69).
#
# 21-Jan-2005, ver 0.80 (check for newer versions)
#
#
# USAGE: shellsnoop [-hqsv] [-p PID] [-u UID]
#
# shellsnoop # default output
#
# -s # include start time, us
# -q # quiet, only print data
# -v # include start time, string
# -p PID # process ID to snoop
# -u UID # user ID to snoop
#
# eg,
# shellsnoop -v # human readable timestamps
# shellsnoop -p 1892 # snoop this PID only
# shellsnoop -qp 1892 # watch this PID data only
#
# FIELDS:
#
# UID User ID
# PID process ID
# PPID parent process ID
# COMM command name
# DIR direction (R read, W write)
# TEXT text contained in the read/write
# TIME timestamp for the command, us
# STRTIME timestamp for the command, string
#
# SEE ALSO: ttywatcher
#
# Standard Disclaimer: This is freeware, use at your own risk.
#
# Author: Brendan Gregg [Sydney, Australia]
#
# 28-Mar-2004 Brendan Gregg Created this.
# 21-Jan-2005 ” ” Wrapped in sh to provide options.
#

##############################
# — Process Arguments —
#
opt_pid=0; opt_uid=0; opt_time=0; opt_timestr=0; opt_quiet=0; opt_debug=0
filter=0; pid=0; uid=0

while getopts dhp:qsu:v name
do
case $name in
d) opt_debug=1 ;;
p) opt_pid=1; pid=$OPTARG ;;
q) opt_quiet=1 ;;
s) opt_time=1 ;;
u) opt_uid=1; uid=$OPTARG ;;
v) opt_timestr=1 ;;
h|?) cat <<-END >&2
USAGE: shellsnoop [-hqsv] [-p PID] [-u UID]
shellsnoop # default output
-q # quiet, only print data
-s # include start time, us
-v # include start time, string
-p PID # process ID to snoop
-u UID # user ID to snoop
END
exit 1
esac
done

if [ $opt_quiet -eq 1 ]; then
opt_time=0; opt_timestr=0
fi
if [ $opt_pid -eq 1 -o $opt_uid -eq 1 ]; then
filter=1
fi

#################################
# — Main Program, DTrace —
#
dtrace -n ‘
/*
** Command line arguments
*/
inline int OPT_debug = ‘$opt_debug’;
inline int OPT_quiet = ‘$opt_quiet’;
inline int OPT_pid = ‘$opt_pid’;
inline int OPT_uid = ‘$opt_uid’;
inline int OPT_time = ‘$opt_time’;
inline int OPT_timestr = ‘$opt_timestr’;
inline int FILTER = ‘$filter’;
inline int PID = ‘$pid’;
inline int UID = ‘$uid’;

#pragma D option quiet

/*
** Print header
*/
dtrace:::BEGIN /OPT_time == 1/ {
printf(“%-14s “,”TIME”);
}
dtrace:::BEGIN /OPT_timestr == 1/ {
printf(“%-20s “,”STRTIME”);
}
dtrace:::BEGIN /OPT_quiet == 0/ {
printf(“%5s %5s %8s %3s %s\n”,”PID”,”PPID”,”CMD”,”DIR”,”TEXT”);
}

/*
** Remember this PID is a shell child
*/
syscall::exec:entry, syscall::exece:entry
/execname == “sh” || execname == “ksh” || execname == “csh” ||
execname == “tcsh” || execname == “zsh” || execname == “bash”/
{
child[pid] = 1;

/* debug */
this->parent = (char *)curthread->t_procp->p_parent->p_user.u_comm;
OPT_debug == 1 ? printf(“PID %d CMD %s started. (%s)\n”,
pid, execname, stringof(this->parent)) : 1;
}
syscall::exec:entry, syscall::exece:entry
/(OPT_pid == 1 && PID != ppid) || (OPT_uid == 1 && UID != uid)/
{
/* forget if filtered */
child[pid] = 0;
}

/*
** Print shell keystrokes
*/
syscall::write:entry, syscall::read:entry
/(execname == “sh” || execname == “ksh” || execname == “csh” ||
execname == “tcsh” || execname == “zsh” || execname == “bash”)
&& (arg0 >= 0 && arg0 <= 2)/ { self->buf = arg1;
self->len = arg2;
}
syscall::write:entry, syscall::read:entry
/(OPT_pid == 1 && PID != pid) || (OPT_uid == 1 && UID != uid)/
{
self->buf = NULL;
self->len = 0;
}
syscall::write:return, syscall::read:return
/self->buf != NULL && child[pid] == 0 && OPT_time == 1/ {
printf(“%-14d “,timestamp/1000);
}
syscall::write:return, syscall::read:return
/self->buf != NULL && child[pid] == 0 && OPT_timestr == 1/ {
printf(“%-20Y “,walltimestamp);
}
syscall::write:return, syscall::read:return
/self->buf != NULL && child[pid] == 0 && OPT_quiet == 0/
{
this->text = (char *)copyin(self->buf, self->len);

printf(“%5d %5d %8s %3s %s\n”, pid, curpsinfo->pr_ppid, execname,
probefunc == “read” ? “R” : “W”, stringof(this->text));
self->buf = NULL;
self->len = 0;
}
syscall::write:return
/self->buf != NULL && child[pid] == 0 && OPT_quiet == 1/
{
this->text = (char *)copyin(self->buf, self->len);
printf(“%s”,stringof(this->text));
self->buf = NULL;
self->len = 0;
}
syscall::read:return
/self->buf != NULL && child[pid] == 0 && OPT_quiet == 1/
{
self->buf = NULL;
self->len = 0;
}

/*
** Print command output
*/
syscall::write:entry, syscall::read:entry
/child[pid] == 1 && (arg0 == 1 || arg0 == 2)/
{
self->buf = arg1;
self->len = arg2;
}
syscall::write:return, syscall::read:return
/self->buf != NULL && OPT_time == 1/ {
printf(“%-14d “,timestamp/1000);
}
syscall::write:return, syscall::read:return
/self->buf != NULL && OPT_timestr == 1/ {
printf(“%-20Y “,walltimestamp);
}
syscall::write:return, syscall::read:return
/self->buf != NULL && OPT_quiet == 0/
{
this->text = (char *)copyin(self->buf, self->len);

printf(“%5d %5d %8s %3s %s”, pid, curpsinfo->pr_ppid, execname,
probefunc == “read” ? “R” : “W”, stringof(this->text));

/* here we check if a newline is needed */
this->length = strlen(this->text);
printf(“%s”, this->text[this->length – 1] == ‘\’\\n\” ? “” : “\n”);
self->buf = NULL;
self->len = 0;
}
syscall::write:return, syscall::read:return
/self->buf != NULL && OPT_quiet == 1/
{
this->text = (char *)copyin(self->buf, self->len);
printf(“%s”,stringof(this->text));
self->buf = NULL;
self->len = 0;
}

/*
** Cleanup
*/
fbt:genunix:exit:entry
{
child[pid] = 0;

/* debug */
this->parent = (char *)curthread->t_procp->p_parent->p_user.u_comm;
OPT_debug == 1 ? printf(“PID %d CMD %s exited. (%s)\n”,
pid,execname, stringof(this->parent)) : 1;
}