HPE Community
Operating System - HP-UX
1819803 Members
3035 Online
109607 Solutions
New Discussion юеВ

nettune automation

 
Andrew Kaplan
Super Advisor

тАО03-04-2002 06:22 AM

тАО03-04-2002 06:22 AM

nettune automation

Hi there,

I want to automate the following,

nettune -s tcp_random_seq 1

What is the best way to do this? Thanks.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
6 REPLIES 6
A. Clay Stephenson
Acclaimed Contributor

тАО03-04-2002 06:29 AM

тАО03-04-2002 06:29 AM

Re: nettune automation

Hi:

The standard method for doing this sort of thing is to set up an /sbin/init.d script.
Copy the template to a name like nettune and make your changes. You then symbolically link the script. e.g. /sbin/init.t/nettune to /sbin/rc2.d/SNNNnettune. Make sure that your SNNN value comes lexically after any other scripts which must be run first (e.g. net).

If it ain't broke, I can fix that.
0 Kudos
Reply
Andrew Kaplan
Super Advisor

тАО03-04-2002 07:33 AM

тАО03-04-2002 07:33 AM

Re: nettune automation

Thanks for the reply. Could you be more specific on the template?
A Journey In The Quest Of Knowledge
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО03-04-2002 07:51 AM

тАО03-04-2002 07:51 AM

Re: nettune automation

Sure, cd to /sbin/init.d. There is literally a file there called 'template'. Use vi to study any of the scripts in this directory. You will find that each of them have a 1) start_msg section - to issue a message to the console on startup; 2) a stop_msg section - to issue a message to the console on shutdown; 3) a start section - to execute the commands on startup; and 4) a stop section to execute any commands on shutdown. In youre case, you will literally copy the file template to a new file (e.g. nettune). You then modify each section, in your case, you will modify the start_msg section to something like 'echo "Calling nettune"' and the start section to include your nettune command. You probably don't need a stop_msg and stop section so just do something like "'echo'; rval=2; set_return in these sections.

Make your script executable and owned by root.
You can then test your script by
'/sbin/init.d/nettune start'. To make it execute automatically, you need an entry in the sbin/rcN.d directory, probabably the /sbin/rc2.d directory so that it will start at run-level 2. You need to decide after what critical processes have already run that you need to do your nettune. Just as a possible value, you might decide on S599nettune since that would follow the other network related stuff. In that case, do this:
ln -s /sbin/init.d/nettune /sbin/rc2.d/S599nettune.The 'S' scripts do the start_msg and start stuff. The 'K' scripts do the stop_msg and stop stuff. If you start in run-level 2 then you need to 'stop' in run level 1. The convention is that the 'S' number + the 'K' number add to 1000. That tends to correctly order the start/stop sequences. You would symbolocally link you 'K' script like this:
ln -s /sbin/init.d/nettune /sbin/rc1.d/K401nettune.

This should get you started, Clay

If it ain't broke, I can fix that.
0 Kudos
Reply
Andrew Kaplan
Super Advisor

тАО03-04-2002 08:29 AM

тАО03-04-2002 08:29 AM

Re: nettune automation

Hi Clay,

I went ahead and made the configurations you suggested. I figured it would be a good idea to get the script critiqued. If you don't mind I've enclosed the script for your perusal. Thanks.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
Thomas Schler_1
Trusted Contributor

тАО03-04-2002 09:22 AM

тАО03-04-2002 09:22 AM

Re: nettune automation

Andrew:

Do the following:

1) Append following lines to /etc/rc.config.d/netconf:

# Tune network configuration to use more sophisticated randomized ISN in TCP
# connections. See nettune(1), and CERT Advisory CA-2001-09. 4.5.1/ts
#
# NETTUNE: Set to 1 to do network tuning
# NETTUNE_BIN: nettune binary
# NETTUNE_OBJ: nettune object
# NETTUNE_VAL: nettune value
# NETTUNE_ARGS: nettune arguments
#
# If NETTUNE_OBJ is set to tcp_random_seq you can choose the method for
# calculating ISN:
#
# tcp_random_seq=0 : that's the default; ISN are increasing in sequence;
# it isn't recommended to use this value
# tcp_random_seq=1 : ISN are randomized, but easy to predict after having
# performed statistical analysis
# tcp_random_seq=2 : ISN are randomized and more difficult to predict;
# it is recommended to use this value
#
NETTUNE=1
NETTUNE_BIN=/usr/contrib/bin/nettune
NETTUNE_OBJ=tcp_random_seq
NETTUNE_VAL=2
NETTUNE_ARGS="-s -w $NETTUNE_OBJ $NETTUNE_VAL"


2) Copy the script I attached to this respond to /sbin/init.d/nettu.

3) Create one symbolic link:
ln -s /sbin/init.d/nettu /sbin/rc2.d/S350nettu

4) Reboot your system.

A new line "Tune the network" should now appear in the list of started daemons just after rebooting. That's how it works on my system.
no users -- no problems
0 Kudos
Reply
Andrew Kaplan
Super Advisor

тАО03-04-2002 11:24 AM

тАО03-04-2002 11:24 AM

Re: nettune automation

Thomas,

I've implemented your suggestions and have arranged to have the system rebooted first thing tomorrow morning. I'll let you know what the results are. Thanks for the help.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.