| /dev/fd0 |
Address floppy disk drive |
| /etc/bashrc |
The system default $PS1 is defined here. It is a good idea to change "\W" to "\w" here to always see the full path while logged on the Service Console. |
| /etc/ |
Scheduled Tasks are stored in this file more |
| /etc/exports |
Lists the directories that the server can export.
The /etc/exports file contains an entry for each directory that can be exported to NFS clients. This file is read automatically by the exportfs command. If you change this file, you must run the exportfs command before the changes can affect the way the daemon operates.
Examples
- To export to netgroup clients, enter:
/usr -access=clients
- To export to the world, enter:
/usr/local
- To export to only these systems, enter:
/usr2 -access=hermes:zip:tutorial
- To give root access only to these systems, enter:
/usr/tps -root=hermes:zip
- To convert client root users to guest UID=100, enter:
/usr/new -anon=100
- To export read-only to everyone, enter:
/usr/bin -ro
- To allow several options on one line, enter:
/usr/stuff -access=zip,anon=-3,ro
|
| /etc/fstab |
This file defines the local and remote filesystems which are mounted at ESX Server boot.
Example:
1. Add entry to local hosts (/etc/hosts) for MS host
2. Create directory where you wish the mount point with mkdir
3. Run smbclient ?I <ipaddress> -U user ?L NetBIOSComputername to check you can see the shares see here
4. Add an entry to /etc/fstab
//server/share /mountdir smbfs username=user,password=pass 0 0
5. Mount the remote file system with mount /mountdir
6. Change directory into mount point and the directory will no longer be empty but will appear just like a mapped drive.
To avoid cleartext passwords in this file you can place this informatin in a secured hidden file.
echo username=user > .smbcreds echo password=pass >> .smbcreds chmod 600 .smbcreds
The entry in fstab:
//server/share /mountdir smbfs ip=ipaddress,credentials=/root/.smbcreds,noauto 0 0
|
| /etc/ftpusers |
lists all users not allowed to connect with FTP |
| /etc/group |
List of security groups
Example:
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon |
| /etc/hosts |
As your machine gets started, it will need to know the mapping of some hostnames to IP addresses before DNS can be referenced. This mapping is kept in the /etc/hosts file. In the absence of a name server, any network program on your system consults this file to determine the IP address that corresponds to a host name.
The leftmost column is the IP address to be resolved. The next column is that host's name. Any subsequent columns are alias for that host.
Example:
127.0.0.1 localhost.localdomain localhost
10.30.10.52 esx002 |
| /etc/init.d/ |
This directory contains the actual start-up scripts. |
| /etc/inittab |
Here you can change the amount of virtual terminals available on the Service Console. Default is 6, but you can go up to 9.
This file is read by the init process and specifies the run level to be used by the service console. The line that states the run level will look something like this.
id:3:initdefault:
The default runlevel for ESX is 3
The init process then works through the start up scripts in the appropriate diectory. For run level 3, this directory would be
/etc/rc.d/rc3.d
The file also starts up the virtual terminals on the ESX server mingetty tty2 through mingetty tty5. The mingetty process is minimum getty. |
| /etc/issue |
File which shows ESX and vmnix version
Example:
VMware ESX Server 2.5.1
Kernel 2.4.9-vmnix2 on an i686
|
| /etc/lilo.conf |
Lilo.conf is the text file to describe the OS to boot. This text file is compiled into a binary file that is actually used by LILO. |
| /etc/logrotate.conf |
This is the main configuration file for log file rotation program. It defines the defaults for log file rotation, log file compression, and time to keep the old log files. Processing the contents of /etc/logrotate.d/ directory is also defined here. |
| /etc/logrotate.d/ |
This directory contains instructions service by service for log file rotation, log file compression, and time to keep the old log files. For the three vmk* files, raise "250k" to "4096k", and enable compression. |
| /etc/modules.conf |
This file contains a list of devices in the system available to the Service Console. Usually the devices allocated solely to VMs, but physically existing on the system are also shown here in the commented-out ("#") lines. This is an important file for root and administrators. This text file describes the devices that are assigned to the service console by vmkpcidivy.
Identifies interface eth0 and aliases
alias eth0 e1000
alias eth1 e1000
options e1000 Speed=100 |
| /etc/ntp.conf |
This file configures the NTP daemon. Usable public NTP servers in Finland are fi.pool.ntp.org, elsewhere in Europe europe.pool.ntp.org. You should always place two to four NTP servers to ntp.conf file. Due to the nature of *.pool.ntp.org, you should just have the same line four times in the configuration file. Check www.pool.ntp.org for a public NTP server close to you. Remember to change the service to autostart at runlevel 3. |
| /etc/passwd |
List of security users. When we add a user with either the MUI or a command line tool such as useradd, we are adding to this text file.
Example:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin |
| /etc/profile.d/colorls.sh |
Command "ls" is aliased to "ls --colortty" here. You can comment-out ("#") this line. |
| /etc/rc2.d/ |
This directory contains the K(ill) and S(tart) scripts for the default runlevel 2. |
| /etc/rc3.d/ |
This directory contains the K(ill) and S(tart) scripts for the default runlevel 3. The services starting with "S" are started on this runlevel, and the services Starting with "K" are killed, i.e. not started..
The number after the K or S determines the order in which the scripts will run.
S scripts will run in ascending order
K scripts will run in descending order |
| /etc/rc.d/rc.local |
This file is for server local customizations required at the server bootup. Potential additions to this file are public/shared vmfs mounts. |
| /etc/resolv.conf |
The DNS name server settings, This file does not need to be present if you are not using DNS.
Example:
nameserver 10.20.10.21
nameserver 10.20.10.22
|
| /etc/shadow |
Password file |
| /etc/skel |
Skeleton directory ? new home directories take copies of the files stored here. |
/etc/ssh/
/etc/ssh/sshd_config |
This directory contains all the SSH daemon configuration files, public and public keys. The defaults are both secure and flexible and rarely need any changing. The only exception is a change to /etc/ssh/sshd_config file if you want to restrict logins for root user.
Quick way to restart the ssh daemon. Use full path to do this.
/etc/init.d/sshd restart
/etc/ssh/ssh_config
Text file with the configuration of SSH client.
/etc/ssh/sshd_config
Text file with the configuration file for SSH daemon. An important setting in this file is PermitRootLogin=Yes/No. You can quickly check this with a grep on the file.
grep permit /etc/ssh/sshd_config
~/.ssh/known_hosts
Allow or deny SSH for specified users:
add the following lines to the sshd_config file
AllowUsers user1 user2 user3 ....
Deny Users user1 user2 user3 ....
A text file that stores the RSA keys for known hosts. If we rebuild a host and then reconnect to it over SSH we may be prevented if the known_hosts file has cached the old key. I think SCP (secure copy) uses RSA keys as well as SSH sessions. Note this file is maintained on a per-user basis. |
| /etc/sysconfig/network |
Text file containing hostname and default gateway.
Example:
NETWORKING=yes
HOSTNAME=esx002
GATEWAY=10.20.0.1 |
| /etc/sysconfig/network-scripts/ifcfg-eth0 |
IP, mask and device name. The text file contains IP configuration for interface eth0, which is reserved for the service console.
Change the console IP Address here
Example:
DEVICE=eth0
BOOTPROTO=static
IPADDR=10.20.10.52
NETMASK=255.255.0.0
ONBOOT=yes |
| /etc/syslog.conf |
This file configures what things are logged and where. Some examples are given below:
*.crit /dev/tty12
This example logs all log items at level "crit" (critical) or higher to the virtual terminal at tty12. You can see this log by pressing [Alt]-[F12] on the console.
*.=err /dev/tty11
This example logs all log items at exactly level "err" (error) to the virtual terminal at tty11. You can see this log by pressing [Alt]-[F11] on the console.
*.=warning /dev/tty10
This example logs all log items at exactly level "warning" to the virtual terminal at tty10. You can see this log by pressing [Alt]-[F10] on the console.
*.* 10.30.10.52
This example forwards everything (all syslog entries) un-encrypted to another (central) syslog server. Pay attention to that server's security. |
| /etc/vmware/ |
This directory contains the most important vmkernel configuration files. |
| /etc/vmware/devnames.conf |
This text file maps device names (example above) to modules and their PCI addresses. Note that the devnames.conf file contains SCSI devices and NIC devices.
002:14.0 megaraid vmhba0
005:04.1 nic vmnic0
011:07.0 nic vmnic1
012:08.0 nic vmnic2 |
| /etc/vmware/hwconfig |
grep ?i vmnic /etc/vmware/hwconfig Finding which nic is which team |
| /etc/vmware/netmap.conf |
Maps ESX virtual switch names to device names.
network0.name = "VM2Gigabit"
network0.device = "vmnic2"
network1.name = "VirtualSwitch1"
network1.device = "vmnet_1"
network2.name = "InternetSwitch"
network2.device = "vmnic1" |
| /etc/vmware/vm-list |
A file containing a list of registered VMs on this ESX Server. |
| /etc/vmware/vmware-devices.map |
Like hardware compatibility list. The file contains a list of ESX supported devices. Modify the vmware-devices.map.local file to select different devicedrivers (the file is not modified on upgrades). The vmware-devices.map.local file supercedes the vmware-devices.map file. |
| /etc/vmware/vmkconfig |
This is a text file which stores vmkernel configuration, like an INI file or registry key. The important fact to note is that this file does not exist until you make an edit away from the default setting. |
| /etc/xinetd.conf |
This is the main and defaults setting configuration file for xinet daemon. Processing the contents of /etc/xinetd.d/ directory is also defined here. The daemon itself is stored in /usr/sbin/xinetd |
| /etc/xinetd.d/ |
This directory contains instructions service by service for if and how to start the service. Of the services here, vmware-authd, wu-ftpd, and telnet are most interesting to us. Two of the most interesting parameter lines are "bind =" and "only_from =", which allows limiting service usage. |
| /proc/net/NICfamily/eth0.info |
A text file that can be checked to see what the service console NIC is doing. The speed of the console NIC specified in the file modules.conf can be confirmed by this file. |
| /proc/swaps |
A text file that can be checked to see what swap the service console is using. The output contains a priority which shows which swap device will be used first before the other(s). Useful to determine if swap space is getting used and if there is more than 1 swap. Remember this is vmnix (service console) swap, not VMkernel. The VMkernel swap is in one or more files on a VMFS volume (hence the strong recommendation that even when using a SAN, a vmfs volume is created on direct attached storage to allow local swap). |
| /proc/vmware |
|
| /proc/vmware/pci |
Text file with discovered PCI devices |
| /var/log/ |
This directory contains all the log files. VMware's log files start with letters "vm". The general main log file is "messages". |
