LKSF: Audit Annotations

For several major releases Solaris has a really extensive auditing subsystem. I wrote about it many years ago (11 years to be exact) in Less known Solaris features: Auditing. The...

802.1x authentication in Solaris 11.4 beta

In Solaris 11.4 beta there is finally 802.1x authentication for wired network connections. While the man page describes, how you setup 802.1x with EAP-TLS with Solaris 11.4 beta, there is...

Remote security assessments in Solaris 11.4 beta

There is a framework to check your system against security rulesets in Solaris 11 for quite some time now. It’s really useful: You can define your own rulesets, but more...

pam_fm_notify

While many Solaris admins are aware of the Fault Management Architecture inside of Solaris, it’s often not a natural habit to them to look at the output of fmlist just...

RADIUS authentication in Oracle Solaris 11.4 Beta

In the first refresh of the Oracle Solaris 11.4 beta we got support for RADIUS in the PAM framework. So you can now use RADIUS for authentication purposes without the...

Presentation of the Oracle Solaris 11.4 Beta Business Breakfast

A while ago i’ve held a number of presentations about Solaris 11.4 beta. Since that time i’ve got some questions where you can get the slide. They are available for...

How I learned to stop worrying and love being a passenger ...

I will have flown the 500th time soon. I will have half a million kilometers in aircrafts under my belt if you calculate it just with the great circle distance....

Event Announcement: Oracle Business Breakfast about Oracle Solaris 11.4

As the event is in german language, the following announcement is in german language as well. Sorry!. Oracle Solaris 11.4 beta wurde soeben veröffentlicht. Nun möchte ich natürlich auch die...

Conntecting a Technische Alternative UVR1611 to InfluxDB and MQTT

My home has a heating control with an Ethernet port. Or to be exact: It has an heating control with a bus where it’s possible to connect a gateway with...

Dumping kstat into InfluxDB

A while ago I wrote on Facebook that I started InfluxDB and Grafana for analyzing my heating control system. I facepalmed about the point that I didn’t used it before...

LKSF: Getting kernel statistics

Whenever i’m at a customer for a performance analysis gig, the customer ask me when i will start the Dtrace magic that many people expect when you tell them you...

The Z Garbage Collector

Just found an interesting read via the LinkedIn page of Bernard Traversat. He was pointing to a CFV for a new project called ZGC.<blockquote>In accordance with the OpenJDK guidelines [1],...

LKSF: Protecting files from accidental deletion with ZFS

I thought i know a lot about Solaris, however today i found out about a feature that is in Solaris i never heard of. It was on an internal discussion...

Auditing a single SMF service - revisted

A few days ago, i wrote an article about how you can set auditflags for processes by smf services. The scripts were really just proof-of-concept one and using them involved...

Hashed

To set a password directly to an hash i used gsed so far for a long long time. But you never stop to learn. There is a much simpler way....

Auditing a single SMF service

Sometimes there is a need to activate auditing for a single SMF service. The problem: There is no simple setting like “do_audit” or so for a service. But you could...

Empty homes

Recently I had a performance tuning gig at a customer reporting that despite having the same number of vCPUs configured into the Logical Domain, the performance of both systems was...

General thoughts about patching

Patching. I’m not writing a travel report about visiting Patching near Worthing in the United Kingdom It’s the question about the amount of patching and the timing of patching. At...

Multi-CPU bindings

Since Solaris 11.2 there is an interesting new feature in regard of binding processes to CPU resources. Before 11.2 you was limited to bind a process to a single CPU...

CVE data in Solaris 11 packages

A while ago Oracle started to integrate the CVE-ID , that patches are fixing, into the Critical Patch Updates (CPU). With this data it’s easy to give an answer, if...