Common sysadmin tasks across multi-OS environments.
This article provides a simple overview in system configuration, management and security differences between some of the most common versions of UNIX (Solaris, HP-UX, AIX and Red Hat Linux).
Software Installation
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
Install | pkgadd -d pkgfile | installp -a FileSet | swinstall -s depot software | rpm -i file |
Update | pkgadd -d pkgfile | installp -a FileSet | swinstall -s depot software | rpm -U file |
List | pkginfo | lslpp-L all | swlist -l product | rpm -q |
Remove | pkgrm package | installp -u FileSet | swremove software | rpm -epackage |
Patch Management
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
Add | patchadd | installp | swinstall | rpm -u |
List Patches | showrev -p | lslpp -L all | swlist -l product | rpm -q -a |
Patch Check | patchdiag PatchPro |
compare_report | security_patch_check | up2date yum |
Services
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
Init default | 3 | 2 | 3 or 4 | 3 or 5 |
Startup file | /etc/inittab | |||
Startup scripts | /etc/rc#.d | /etc/rc.d/rc#.d /etc/rc.* |
/sbin/rc#.d | /etc/rc.d/rc#.d [/init.d] |
inetd | inetd | xinetd |
System Logging
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
Default syslog output | /var/adm/messages /var/log/syslog |
/tmp or none! | /var/adm/syslog/mail.log /var/adm/syslog.log |
/var/log/messages /var/log/secure /var/log/boot.log |
System Accounting (login & process) | /var/adm/utmpx /var/adm/wtmpx /var/adm/pacct |
/etc/utmp /var/adm/wtmp /var/adm/pacct |
/var/adm/utmp /var/adm/utmp /var/adm/pacct |
/var/run/utmp /var/log/wtmpx /var/account/pacct |
Login errors | /var/adm/loginlog /var/adm/sulog |
/etc/security/failedlogin /var/adm/sulog |
/var/adm/lastb /var/adm/sulog |
/var/log/btmp /var/log/messages |
Login Access Control
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
Management App | SMC admintool |
SMITG WebSM |
SAM SCM |
UserManager Nautilus |
Shadow | /etc/shadow | /etc/security/passwd | /tcb/files/auth/* | /etc/shadow |
PAM | /etc/pam.conf | /etc/pam.conf (add-on) /etc/security/user (LDAP) |
/etc/pam.conf | /etc/pam.d/syste-auth |
TCB | - | yes | yes | - |
Admin Roles | SMC | yes | SCM | selinux |
System Configuration & Storage
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
Mount table | /etc/vfstab | /etc/filesystems | /etc/fstab | /etc/fstab |
OS Apps | /usr /opt |
/usr /usr/lpp |
/usr /opt |
/usr /opt |
Vendor Apps | /opt | /opt | /opt | /opt /usr/local /opt |
Kernel config | /etc/system | SMIT lsattr vmtune chdev |
SAM /usr/conf/master.d/* |
/etc/sysctl.conf |
Filesystems | ufs zfs |
jfs jfs2 |
hfs vxfs jfs |
ext2 ext3 reiserfs xfs |
LVM | DiskSuite SMC |
SMIT mklv/crfs |
SAM lvm/vg commands |
LVM commands |
Auto mount | automount vold |
automount | automount | automount |
Backup & Restore
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
Backup | ufsdump | backup | dump vxdump fbackup |
dump |
Restore | ufsrestore | restore | restore vxrestore frecover |
restore |
Other | Live upgrade | mksysb mkcd |
ignite-ux | - |
File Security
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
ACL | yes | yes | yes (HFS only) | yes |
ACL commands | getfacl/setfacl | aclget/aclput | lsacl/chacl getaccess chmod |
getfacl/setfacl |
ACL syscalls | acl/facl aclcheck/aclsort |
[f]chacl/[f]statacl acl_[f]put acl_[f]get acl_[f]set acl_[f]chg |
[f]getaclentry [f]setaclentry [f]cpacl chownacl |
- |
System Auditing
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
System Calls | yes | yes | yes | yes |
Events | yes | yes | yes | yes |
Users | yes | yes | yes | yes |
System & Network Security
Solaris | AIX | HP-UX | RH-Linux | |
---|---|---|---|---|
at/cron.allow | yes | yes | yes | yes |
Sendmail | 8.11.6 8.12.2 |
8.11.0 | 8.9.3 8.11.0 |
8.11.6 |
TCP wrappers | yes | yes | yes | yes |
SSH | OpenSSH | OpenSSH | Secure Shell | OpenSSH |
IPsec | IPsec | IPsec | IPsec | FreeS/WAN |
Firewall | SunScreen ipfilter |
ipfilter iptables |
IPFilter AAA/RADIUS |
iptables GNOME_Lokkit |
IDS | snort | snort | snort IDS9000 |
snort |
OS Hardening | Titan JASS |
- | Bastille | Titan Bastille |