1993.01.21


SUBJECT: SunOS Administering Security,Performance and Accounting




	< PART I - Security >

Part IÀº ´ÙÀ½À» Æ÷ÇÔÇÑ´Ù.

	* "Introduction to Security"
	* "Securing System Access"
	* "Securing Files"
	* "Securing the Network"
	* "Using ASET"

1. Introduction to Security

 1.1 Granting access to a computer system

	- maintaining physical site security
	- login and access control
	- restricting access to data in files
	- maintaining network control
	- monitoring system usage
	- correct path settings
	- setuid programs
	- root login
	- firewall

2. Securing system access

 2.1 About restricting access to your system

	- restricting login access
	
	  »ç¿ëÀÚ°¡ ½Ã½ºÅÛ¿¡ ·Î±× ÀÎÇÒ¶§ ·Î±× ÀÎ ÇÁ·Î±×·¥Àº /etc/nsswitch.conf È­ÀÏÀÇ Á¤º¸¿¡µû¸¥
	  Àû´çÇÑ µ¥ÀÌŸº£À̽º¸¦ Âü°íÇÑ´Ù.

	- the password databases

	  * the NIS password database
	  * the NIS+ password database
	  * the /etc files

	    /etc È­ÀÏÀº /etc/passwd¿Í /etc/shadow¸¦ Æ÷ÇÔÇÑ´Ù.
	    »ç¿ëÀÚÀÇ À̸§°ú ´Ù¸¥ Á¤º¸´Â /etc/passwd¿¡ ÀÖ°í ¾ÏȣȭµÈ password´Â /etc/shadow¿¡ ÀÖ´Ù.

	- password protection using dial-up passwords

	  dial-up password¸¦ ¸¸µé±â À§Çؼ­´Â 2°³ÀÇ È­ÀÏÀÌ °ü°èÇÑ´Ù. : /etc/dialups¿Í /etc/d_passwd
	  /etc/dialups´Â Å͹̳¯ ÀåºñÀÇ ¸ñ·ÏÀÌ´Ù.
	  ¿¹·Î
		/dev/term/a
		/dev/term/b

	  /etc/d_passwd´Â 2°³ÀÇ Çʵ带 °®´Â´Ù.
	  óÀ½Àº Æнº¿öµå¸¦ ¿ä±¸ÇÒ ·Î±× ÀÎ ½©ÀÌ°í µÎ¹ø°´Â ¾ÏȣȭµÈ Æнº¿öµåÀÌ´Ù
	  ¿¹·Î

		/usr/lib/uucp/uucico::
		/usr/bin/csh::
		/usr/bin/sh::
		/usr/bin/ksh::

	   »ç¿ëÀÚ°¡ /etc/dialups¿¡ ÀÖ´Â Æ÷Æ®·Î ·Î±× ÀÎÀ» ÇÒ¶§ ·Î±× ÀÎ ÇÁ·Î±×·¥Àº /etc/passwd¿¡
	   »ç¿ëÀÚÀÇ ·Î±× ÀÎ ¿£Æ®¸®¸¦ ã°í ·Î±× ÀÎ ½© Çʵ带 /etc/d_passwdÀÇ ¿£Æ®¸®¿Í ºñ±³ÇÑ´Ù.
	   ÀÌ ¿£Æ®¸®´Â »ç¿ëÀÚ°¡ dial-up password¸¦ ¿ä±¸µÇ´Â Áö¸¦ °áÁ¤ÇÑ´Ù.

	- restricted shell
	
	  Ç¥ÁØ ½©Àº »ç¿ëÀÚ°¡ È­ÀÏÀ» ¿­°í ¸í·ÉÀ» ¼öÇàÇÏ´Â µîµîÀÇ ÀÏÀ» ÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
	  Á¦ÇÑµÈ ½©(restricted shell)Àº ¸í·ÉÀ» ¼öÇàÇÏ°í µð·ºÅ丮¸¦ ¹Ù²Ù´Â µîÀÇ ÀÏ¿¡ Á¦ÇÑÀ» ÁØ´Ù.
	  Á¦ÇÑµÈ ½©(rsh)Àº /usr/lib¿¡ ÀÖ´Ù.(ÀÌ°ÍÀº remote shell(/usr/sbin/rsh)ÀÌ ¾Æ´Ï´Ù)
	  ÀÌ°ÍÀº Ç¥ÁØ ½©°ú ´ÙÀ½°ú °°Àº ¸é¿¡¼­ ´Ù¸£´Ù.
		
	  * »ç¿ëÀڴ Ȩ µð·ºÅ丮¿¡ Á¦ÇѵȴÙ.(µð·ºÅ丮¸¦ ¹Ù²Ù±â À§ÇØ cd¸¦ »ç¿ëÇÒ ¼ö ¾ø´Ù)
	  * »ç¿ëÀÚ´Â °ü¸®ÀÚ°¡ ÁöÁ¤ÇÑ PATH¿¡ ÀÖ´Â ¸í·É¸¸ ¼öÇàÇÒ ¼ö ÀÖ´Ù.
	  * »ç¿ëÀڴ Ȩ µð·ºÅ丮¿Í ±× ¹ØÀÇ È­Àϵ鸸 Á¢±ÙÇÒ ¼ö ÀÖ´Ù.
	  * »ç¿ëÀÚ´Â >>³ª >·Î redirectÇÒ ¼ö ¾ø´Ù.

	- restricting root access

	  /etc/default/login¿¡ ÀÖ´Â ¿£Æ®¸®¸¸ root access¸¦ ÇÒ ¼ö ÀÖ´Ù.
	  Äֿܼ¡¼­¸¸ root loginÀ» ÇÏ°Ô ÇÏ·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù.

	  CONSOLE=/dev/console

	  ½Ã½ºÅÛÀº su ¸í·ÉÀ» »ç¿ëÇÒ¶§¸¶´Ù ´©°¡,¾ðÁ¦ »ç¿ëÇß´ÂÁö¸¦ /var/adm/sulog¿¡ ±â·ÏÇÑ´Ù.

	- maintaining a log of unsuccessful login attempts

	  ÄÄÇ»ÅÍÀÇ ¼º°øÇÏÁö ¸øÇÑ ½Ãµµ¸¦ ±â·ÏÇÒ ¼ö ÀÖ´Ù.
	  ¾î¶² »ç¶÷ÀÌ 5¹ø ¿¬¼ÓÀ¸·Î ½Ãµµ¸¦ ÇÏ¿© ½ÇÆÐÇϸé /var/adm/loginlog¿¡ ±â·ÏµÈ´Ù.
	  ÀÌ°ÍÀ» Çϱâ À§Çؼ­´Â /var/adm/loginlog È­ÀÏÀ» ¸¸µé¾î¾ß¸¸ ÇÑ´Ù.
	  ¸¸¾à 5¹ø ÀÌÇÏÀÌ¸é ±â·ÏµÇÁö ¾Ê°í /var/adm/loginlog È­ÀÏÀÌ ¾øÀ¸¸é ±â·ÏÇÏÁö ¾Ê´Â´Ù.

	- special logins

	  ÀϹÝÀûÀÎ ·Î±× Àο¡ Æ÷ÇÔÇÏ¿© ¸î°³ÀÇ Æ¯º°ÇÑ ½Ã½ºÅÛ ·Î±× Àο¡ ·çÆ® Æнº¿öµå ¾øÀÌ
	  °ü¸® ¸í·ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
	  ¿©±â¿¡´Â 2°¡Áö ÇüÅÂÀÇ Æ¯º°ÇÑ ·Î±× ÀÎÀÌ ÀÖ´Ù.

	  1) °ü¸® ·Î±× ÀÎ(adminidtrative login) -  »ç¿ëÀÚµéÀÌ »ç¿ëÇϴµ¥ ÇÊ¿äÇÑ ±â´É
	  2) ½Ã½ºÅÛ ·Î±× ÀÎ(system login) - °¢Á¾ ½Ã½ºÅÛ ±â´É

	  * °ü¸® ·Î±× ÀÎ

	    --------------------------------------------------------------
	   	Login		UID			Use
	    --------------------------------------------------------------
		setup		0	ÄÄÇ»Å͸¦ ¼³Á¤ÇÑ´Ù.
		sysadm		0	¾î¶² °ü¸® ±â´ÉÀ» ¼öÇàÇÑ´Ù.
		powerdown	0	ÄÄÇ»Å͸¦ ²ö´Ù.
		checkfsys	0	È­ÀÏ ½Ã½ºÅÛ Ã¼Å©¸¦ ½ÃÀÛÇÑ´Ù.
		makefsys	0	»õ·Î¿î È­ÀÏ ½Ã½ºÅÛÀ» ¸¸µç´Ù.
		mountfsys	0	È­ÀÏ ½Ã½ºÅÛÀ» mountÇÑ´Ù.
		umountfsys	0	È­ÀÏ ½Ã½ºÅÛÀ» umountÇÑ´Ù.
	    --------------------------------------------------------------

	   * ½Ã½ºÅÛ ·Î±× ÀÎ

	    ------------------------------------------------------------------------------
	   	Login		UID			Use
	    ------------------------------------------------------------------------------
		root		0	
		daemon		1	½Ã½ºÅÛ daemon account´Â backgrounding processingÀ»
					Á¦¾îÇÑ´Ù.
		bin		2	bin account´Â ´ëºÎºÐÀÇ ¸í·ÉÀ» Á¦¾îÇÑ´Ù.
		sys		3	sys account´Â ¸¹Àº ½Ã½ºÅÛ È­ÀÏÀ» ¼ÒÀ¯ÇÑ´Ù.
		adm		4	adm account´Â °ü¸® È­ÀϵéÀ» ¼ÒÀ¯ÇÑ´Ù.
		uucp		5	ÀÌ account´Â uucpÀÇ object¿Í ½ºÇ®µÈ µ¥ÀÌŸ È­ÀÏÀ»
					¼ÒÀ¯ÇÑ´Ù.
		lp		8	lp account´Â ÇÁ¸°Å͸¦ À§ÇÑ ½ºÇ®µÈ µ¥ÀÌŸ È­ÀÏÀ»
					¼ÒÀ¯ÇÑ´Ù.
		nuucp		9	nuucp account´Â ½Ã½ºÅÛ¿¡ ·Î±× ÀÎÇÏ´Â remote 
					machine¿¡ ÀÇÇØ »ç¿ëÇÏ°í È­ÀÏ Àü¼ÛÀ» ½ÃÀÛÇÑ´Ù.
		sysadmin	13	ÀÌ account´Â admintool°ú °°Àº °ü¸® ÅøÀ» ¼ÒÀ¯ÇÑ´Ù.
	    ------------------------------------------------------------------------------

 2.2 Instructions for securing and controlling system access

	¿©±â¼­´Â ½Ã½ºÅÛÀÇ accountÀÇ Á¢±ÙÀ» ÃßÀûÇÏ°í Á¦¾îÇϱâ À§ÇÏ¿© passwd¿Í login ¸í·ÉÀ»
	¾î¶»°Ô »ç¿ëÇϴ°¡¿¡ ´ëÇÑ Áö½Ã »çÇ×À» ¼³¸íÇÑ´Ù.

   ¡å How to change,lock,or show status of passwords

	- to change your own password

	  * passwd¸¦ Ä£´Ù.

		example% passwd

	- to change a user's password

	  * ·çÆ®·Î passwd username¸¦ Ä£´Ù.

		# passwd yhkim

	- to lock a user's password

		# passwd -n 10 -x 7 username

		min(-n 10)ÀÌ max(-x 7)º¸´Ù Å©±â ¶§¹®¿¡ Æнº¿öµå´Â lockÀÌ °É¸®°í º¯È­µÉ ¼ö ¾ø´Ù.
		»ç¿ëÀÚ´Â ¾ÆÁ÷ ±× ±â°è¿¡ ·Î±× ÀÎ ÇÒ ¼ö ÀÖÀ¸³ª ´ÜÁö ·çÆ®¸¸ ÀÌ Æнº¿öµå¸¦ ¹Ù²Ü ¼ö
		ÀÖ´Ù.

	- to display information on passwords

		# passwd -s yhkim
		yhkim PS 6/13/92 1 90 7

		À§ÀÇ º¸±â´Â ¸¸¾à password againgÀ» ÇÒ ¼ö ÀÖ´Ù¸é yhkim¿¡ °üÇÑ Á¤¹ö¸¦ º¸¿©ÁØ´Ù.
		¸¸¾à password againgÀ» ÇÏÁö ¾Ê´Â´Ù¸é ´ÜÁö óÀ½ÀÇ 2Çʵ常 ³ªÅ¸³­´Ù.
		6°³ÀÇ Çʵå´Â ´ÙÀ½ÀÇ Á¤º¸¸¦ Æ÷ÇÔÇÏ°í lastchanged´Â Æнº¿öµå°¡ ¹Ù²ï ¸¶Áö¸· ½Ã°£À»
		³ªÅ¸³½´Ù.

		1) ·Î±× ÀÎ ¸í(yhkim)
		2) ´ÙÀ½°ú °°Àº Æнº¿öµåÀÇ »óÅÂ
			
		   NP - ÀÌ ·Î±× Àο¡´Â Æнº¿öµå°¡ ¾ø´Ù.
	 	   LK - ·Î±× ÀÎÀÌ lockÀÌ µÇ¾îÀÖ´Ù.
		   PS - ¾î¶² ´Ù¸¥ °Í

		3) Æнº¿öµå°¡ ¸¶Áö¸·À¸·Î ¹Ù²ï ³¯Â¥.( 6/13/92)
		4) »ç¿ëÀÚ°¡ passwd(1)À» ¹Ù²Ü ¼ö ÀÖ±â Àü,lastchanged ÈÄÀÇ ÃÖ´ë ³¯Â¥.
		5) »ç¿ëÀÚ°¡ °­Á¦·Î passwd(1)À» ¹Ù²Ü ¼ö ÀÖÀ»¶§±îÁö,lastchanged ÈÄÀÇ ÃÖ´ë ³¯Â¥.
		6) Æнº¿öµå°¡ ¹Ù²î¾î¾ß¸¸ Çϱâ Àü±îÁöÀÇ °æ°í ³¯Â¥.

		À§ÀÇ º¸±â´Â yhkimÀ̶ó´Â »ç¿ëÀÚ´Â June 24,1992Àü¿¡ Æнº¿öµå¸¦ ¹Ù²ð ¼ö ¾ø°í
		September 21,1992±îÁö ¹Ù²î¾î¾ß¸¸ ÇÑ´Ù.
		ÀÌ »ç¿ëÀÚ´Â Æнº¿öµå°¡ ¼Ò½ÅµÇ°í ¹Ù²î¾î¾ß ÇÑ´Ù°í °æ°í ¸Þ¼¼Áö¸¦ º¼ °ÍÀÌ´Ù.

		# passwd -s -a

		´ÜÁö Çã¶ôµÈ »ç¿ëÀÚ¸¸ -a¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

    ¡å How to enable and disable password aging

	- to enable password aging:

		# passwd -n min -x max -w warn username

		ÀÌ ¸í·ÉÀº Æнº¿öµå°¡ ¹Ù²î°í(-n min) Æнº¿öµå°¡ À¯¿ëÇÑ ³¯Â¥(-x max),Æнº¿öµå°¡
		¼Ò½ÇµÇ±â Àü¿¡ »ç¿ëÀÚ°¡ °æ°í¸¦ ¹Þ´Â ³¯Â¥µé »çÀÌÀÇ ÃÖ¼Ò ³¯Â¥¸¦ ¼³Á¤ÇÑ´Ù.
		¿¹)
		# passwd -n 1 -x 90 -w 7 yhkim

	- to diable password aging:

		# passwd -x -1 username

    ¡å How to force a user to change his password

		# passwd -f username

    ¡å How to diaplay login information

	- to display login status for a user:

		# logins -x -l username

	   ¿¹)  # logins -x -l yhkim
		yhkim           100     sunse           100     KYH
                        /usr/yhkim
                        /bin/ksh
                        PS 070592 -1 -1 -1

	- to show logins with no passwords:

		# logins -p
		woo             200     sunse           100     CHO JIN-WOO

    ¡å How to enable login logging

	# touch /var/adm/loginlog
	# chmod 600 /var/adm/loginlog
	# chgrp sys /var/adm/loginlog

    ¡å How to set up automatic account expiration

	useradd¿Í usermod´Â ´ÜÁö local machine¿¡¼­ µ¿ÀÛÇÑ´Ù.
	³×Æ®¿öÅ©¿¡ »ç¿ëÀÚ¸¦ ´õÇÏ·Á¸é admintoolÀ» »ç¿ëÇ϶ó.

	- to set up expiration for a new account:

	   # useradd -e mm/dd/yy username

	   ¿¹) ´ÙÀ½Àº July 31,1992¿¡ ¼Ò½ÇµÇ´Â yhkimÀ̶ó´Â »õ·Î¿î ·Î±× ÀÎÀ» ¼³Á¤ÇÑ´Ù.

		# useradd -e 07/31/92 yhkim

	- to extend a login's expiration date:

	  # usermod -e newdate username

	  newdate´Â »õ·Î¿î ¼Ò½ÇµÉ ³¯Â¥ÀÌ´Ù.

	  # usermod -e 09/10/92 yhkim

    ¡å How to disable and re-enable inactive accounts

	- to disable an inactive account:

  	  # usermod -f n username

	  ¿¹) # usermod -f 30 yhkim

	- to re-enable a disabled account:

	  # usermod -f 0 yhkim
	  # usermod -f 30 yhkim

     ¡å How to create a dial-up password

	1) # vi /etc/dialups
	2) # vi /etc/d_passwd
	3) # chown root /etc/dialups
	   # chown root /etc/d_passwd
	4) # chgrp root /etc/dialups
	   # chgrp root /etc/d_passwd
	5) # chmod 600 /etc/dialups
	   # chmod 600 /etc/d_passwd
	6) ¾ÏȣȭµÈ Æнº¿öµå¸¦ ¸¸µç´Ù.

		a. # useradd dummy
		b. # passwd dummy
		c. # grep dummy /etc/shadow > dummy.temp
		d. dummy.temp¸¦ ¼öÁ¤ÇÑ´Ù.
		   dummy.temp¸¦ ¿­°í ¾ÏȣȭµÈ Æнº¿öµå Çʵ带 Á¦¿ÜÇÑ ¸ðµç Çʵ带 Áö¿î´Ù.
		e. # userdel dummy
	7) /etc/d_passwd¸¦ ¼öÁ¤Ç϶ó.
	   /etc/d_passwd¸¦ ¿­°í dummy.temp¿¡¼­ ¾ÏȣȭµÈ Æнº¿öµå Çʵ带 Àд´Ù.

    ¡å How to monitor and control su use

	- to monitor su use:
	 
	  1) # vi /etc/default/su
	  2) CONSOLE=/dev/console¸¦ ÷°¡ÇÑ´Ù.

	- to check the superuser log:

	  # more /var/adm/sulog

4. Securing the network

 4.1 About network security

	- firewall machines
	- packet smashing
	- remote logins
		/etc/hosts.equiv 
		/.rhosts
	- NFS distributed computing file system
	- DES encryption
	- secure NFS
	- secure RPC
	- Kerberos

 4.2 Instructions for administering network security

     ¡å How to search for and remove .rhosts files
     ¡å How to share and mount files with DES authentication

	- to share a file system with DES authentication

	  # share -F nfs -o secure /filesystem

	- to mount a file system with DES authentication

	  # mount -F nfs -o secure server:resource mountpoint

     ¡å How to set up an NIS+ client with secure NFS

	- to create a new key for root on a client:
	  1) /etc/nsswitch.conf¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½À» ÷°¡ÇÑ´Ù.

	   publickey: nisplus

	  2) # nisinit -cH hostname
	  3) cred µ¥ÀÌŸº£À̽º¿¡ Ŭ¶óÀ̾ðÆ®¸¦ ´õÇÑ´Ù.

	   # nissaddcred local
	   # nissaddcred des
	  4) keyloginÀ¸·Î È®ÀÎÇÑ´Ù.

	  ¿¹)
	   # nisinit -cH pluto
	   # nissaddcred local
	   # nissaddcred des
	   # keylogin
	- to set up secure NIS+ for a user:

	   1)cred µ¥ÀÌŸº£À̽º¿¡ »ç¿ëÀÚ¸¦ ´õÇÑ´Ù.

	     	# nissaddcred -p netname -p nis_principalname
	
	   2) keyloginÀ¸·Î È®ÀÎÇÑ´Ù.

	   ¿¹)
	 	# nissaddcred -p unix.1234@North.Abc.com -p george.North.Abs.COM des
		# keylogin

     ¡å How to set up an NIS client for secure NIS

	- to create a new key for root on a client:

	  1) Ŭ¶óÀ̾ðÆ®¿¡ ·çÆ®·Î ·Î±× ÀÎ ÇÑ´Ù.
	  2) # newkey -h earth

	- to create a new key for a user:

	  1) # newkey -u george
	  2) # chkey

     ¡å How to share and mount files with kerberos authentication

	- to share a file system with kerberos authentication:

		# share -F nfs -o kerberos /filesys

	- to mount a file systen with kerberos authentication:

		# share -F nfs -o kerberos server:resource mountpoint

     ¡å How to acquire a kerberos ticket for root on a client

	- to acquire a ticket for a not-yet-mounted file system:

		# kinit root.hostname

		hostnameÀº Ŭ¶óÀ̾ðÆ®ÀÇ À̸§ÀÌ´Ù.

	- to acquire a ticket for a mounted file system:

		# ksrvrtgt root.hostname

    ¡å How to log in to kerberos service

	# kinit -l username

    ¡å How to list kerberos tickets

	# klist

    ¡å How to access a directory with kerberos authentication

	# cd /mountpoint

    ¡å How to destroy a kerberos ticket

	# kdestroy

5. Monitoring and controlling security using ASET

	SunOS 5.0Àº Automated Security Enhancement Tool(ASET)À» Æ÷ÇÔÇÑ´Ù.
	ASETÀº ¼ÕÀ¸·Î ÇؾßÇÒ ÀÏÀ» ÀÚµ¿À¸·Î ÇÔÀ¸·Î ½Ã½ºÅÛ º¸¾ÈÀ» Á¶ÀýÇÏ°í »ìÇÊ ¼ö ÀÖµµ·Ï Çϴµ¥
	µµ¿òÀÌ µÈ´Ù.

 5.1 about ASET

	ASETÀº ½Ã½ºÅÛÀÇ º¸¾ÈÀ» »ìÇÇ°í Á¦¾îÇÒ ¼ö ÀÖ°Ô ÇÏ´Â °ü¸® ÅøÀÌ´Ù.
	»ç¿ëÀÚ´Â ASETÀÌ ¼öÇàÇÒ º¸¾È ¼öÁØ(security level) - low,medium°ú high -À» ÁöÁ¤ÇÑ´Ù.
	°¢ ¼öÁØ¿¡¼­ ASETÀÇ file-control ±â´ÉÀº È­ÀÏÀÇ Á¢±ÙÀ» °¨¼Ò½ÃÅ°±â À§ÇÏ¿© Áõ°¡ÇÏ°í
	½Ã½ºÅÛÀÇ º¸¾ÈÀ» °­È­ÇÑ´Ù.
	ASETÀº ½Ã½ºÅÛ È­ÀϵéÀÇ Æ¯Á¤ÇÑ °Ë»ç¿Í Á¶Á¤À» À§ÇÑ 7°¡ÁöÀÇ ÀÏ(task)·Î ±¸¼ºµÇ¾î ÀÖ´Ù.
	ASETÀº Çã°¡¸¦ °­È­ÇÏ°í º¸¾ÈÀÇ ¾àÁ¡ÀÌ ÀÖ´Â È­ÀÏÀÇ ³»¿ëÀ» °Ë»çÇÏ°í Áß¿äÇÑ Áö¿ªÀ» »ìÇÉ´Ù.
	ASETÀº °ÔÀÌÆ® ¿þÀÌ(gateway)¸¦ firewall machineÀÇ ±âº»ÀûÀÎ ¿ä±¸ »çÇ×À» Àû¿ëÇÔÀ¸·Î
	³×Æ®¿öÅ©ÀÇ Æļö²ÛÀÌ µÇ°Ô ÇÒ ¼ö ÀÖ´Ù.
	ASETÀº configurationÀ» À§ÇÏ¿© master fileµéÀ» »ç¿ëÇÑ´Ù.
	Master files,reports¿Í ´Ù¸¥ ASET È­ÀϵéÀº /usr/aset¿¡ ÀÖ´Ù.
	ÀÌ È­ÀϵéÀº ´ç½Å »çÀÌÆ®ÀÇ ¿ä±¸¿¡ ¸Âµµ·Ï ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù.
	°¢ ÀÏÀº ¹ß°ßÇÑ º¸¾ÈÀÇ ¾àÁ¡°ú ½Ã½ºÅÛ È­ÀÏ¿¡ ¼öÁ¤ÀÌ °¡ÇØÁø ÀÏÀ» º¸°íÇÑ´Ù.
	º¸´Ù ³ôÀº ¼öÁØÀÇ º¸¾ÈÀ» ¼öÇàÇϸé ASETÀº ¸ðµç ½Ã½ºÅÛ º¸¾ÈÀÇ ¾àÁ¡À» ¼öÁ¤ÇÒ °ÍÀÌ´Ù.
	¸¸¾à º¸¾È ¹®Á¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø´Ù¸é ±× ¹®Á¦¸¦ º¸°íÇÑ´Ù.
	´ÙÀ½°ú °°ÀÌ ASET sessionÀ» ½ÃÀåÇÒ ¼ö ÀÖ´Ù.

	# aset

	¶ÇÇÑ crontab¿¡ ³Ö¾î ÁÖ±âÀûÀ¸·Î ¼öÇàÇÒ ¼ö ÀÖ´Ù.
	´ÙÀ½°ú °°Àº °ÍÀ» º¸´Ù ÀÚ¼¼È÷ ¼³¸íÇÒ °ÍÀÌ´Ù.

	* The ASET security level
	* The ASET task
	* The ASET reports
	* The ASET files
	* Configuring ASET
	* Restoring the system
	* Network operation using the NFS system

   1) The ASET security levels

	1. low security
	2. medium security
	3. high security

   2) The ASET tasks

	ASET tasks and Reports generated
	-------------------------------------------+-------------------------
		Task				   |	Report
	-------------------------------------------+-------------------------
	Set system files permissions		   | tune.rpt
	-------------------------------------------+-------------------------
	System files checklist			   | cklist.rpt
	-------------------------------------------+-------------------------
	User/Group checks			   | usrgrp.rpt
	-------------------------------------------+-------------------------
	System configuration files check	   | sysconf.rpt
	-------------------------------------------+-------------------------
	Environment check			   | env.rpt
	-------------------------------------------+-------------------------
	eeprom check				   | eeprom.rpt
	-------------------------------------------+-------------------------
	Firewall				   | firewall.rpt
	-------------------------------------------+-------------------------

    3) The ASET reports

	¸ðµç º¸°í¼­ È­ÀϵéÀº /usr/aset/reports¿¡ ÀÖ´Ù.

	- ASET reports directory structure

	
					/usr/aset
					    |
		---------------------------------------------------------
		|			    |				|
	  masters			reports			      util
					    |
				-------------------------
				|           |		|
			0124_01:00   0123_01:00 <-----latest
					    |
					    |
		        -------------------------------------------------
			|	|	|	|	|	|	|
		firewall.rpt	| sysconf.rpt	| usrgrp.rpt	|   env.rpt
				|		|		|
			  tune.rpt	  eeprom.rpt	   cklist.rpt
		
	  µÎ°³ÀÇ º¸°í¼­ µð·ºÅ丮°¡ À§ÀÇ º¸±â¿¡ ÀÖ´Ù.
	  
	  * 0124_01:00
	  * 0123_01:00

	  ÀÌ°ÍÀº º¸°í¼­°¡ ¸¸µé¾îÁú¶§ÀÇ ½Ã°£°ú ³¯Â¥¸¦ °¡¸£Å²´Ù.
	  °¢ µð·ºÅ丮ÀÇ À̸§Àº ´ÙÀ½ÀÇ ÇüÅÂÀÌ´Ù.

		monthdate_hour:monite

	  °¢ µð·ºÅ丮´Â ASETÀ» ¼öÇàÇÑ º¸°í¼­¸¦ Æ÷ÇÔÇÑ´Ù.
	  latest´Â Ç×»ó °¡Àå ÃÖ±ÙÀÇ º¸°í¼­¸¦ Æ÷ÇÔÇ× µð·ºÅ丮¿¡ symbolic linkµÇ¾î ÀÖ´Ù.

	- The report files format

	   ´ÙÀ½Àº usrgrp.rptÀÇ º¸±âÀÌ´Ù.

	   # more /usr/aser/latest/usrgrp.rpt

	   *** Begin User And Group Checking ***

	   Checking /etc/passwd ...

	   Checking /etc/shadow ...

	   Warning!  Shadow file, line 15, no password:
        	   woo::8202::::::

	   ... end user check.

	   Checking /etc/group ...

	   ... end group check.

	   *** End User And Group Checking ***

	4) The ASET files

	   ASETÀÌ ¼öÇàÇÒ¶§ ÆĶó¸ÞÅ͸¦ ¼³Á¤ÇÏ°í º¸¾È ¼öÁØÀ» Á¤ÀÇÇϴµ¥ »ç¿ëÇÏ´Â È­ÀϵéÀº 
	   master fileµé°ú ȯ°æ È­ÀϵéÀÌ´Ù.

	   * master files

		master fileµéÀº tune files,alias files,checklist filesÀÌ´Ù.
		ÀÌ È­ÀϵéÀº /usr/aset/masters¿¡ ÀÖ´Ù.

	   * tune file

		ASETÀº º¸¾È ¼öÁØÀ» Á¤ÀÇÇϱâ À§ÇÏ¿© 3°³ÀÇ master fileµéÀ» À¯ÁöÇÑ´Ù.
		- tune.low, tune.medium, tune.high
		ÀÌ È­ÀϵéÀº ½Ã½ºÅÛ È­ÀÏÀÇ ¼Ó¼º°ú ºñ±³³ª ÂüÁ¶¸¦ À§ÇØ »ç¿ëÇÑ´Ù.

	   * aliases file

		aliases fileÀº °°Àº ID¸¦ °øÀ¯ÇÏ´Â ¿©·¯°³ÀÇ »ç¿ëÀÚ accountÀÇ ¸ñ·ÏÀ» Æ÷ÇÔÇÑ´Ù.
		»ç¿ëÀÚ´Â aliases file¸¦ ÁöÁ¤Çϱâ À§ÇÏ¿© UID_ALIASES ȯ°æ º¯¼ö¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.
		±âº»Àº /usr/aset/masters/uid_aliases¿¡ ÀÖ´Ù.

	   * checklist files 

		checklist comparison task(System Files Chaecklist)¿¡ ÀÇÇØ »ç¿ëµÇ´Â master fileµéÀº
		óÀ½ ASETÀ» ½ÇÇàÇϰųª º¸¾È ¼öÁØÀ» ¹Ù²Û ÈÄ¿¡ ASETÀ» ¼öÇàÇÒ¶§ ¸¸µé¾îÁø´Ù.
		System Files Chaecklist task´Â ¼±ÅÃµÈ ½Ã½ºÅÛ µð·ºÅ丮µé¾ÈÀÇ È­ÀÏÀÇ ¼Ó¼ºÀ» °Ë»çÇÑ´Ù.
		ÀÌ ÀÏ¿¡ ÀÇÇØ °Ë»çµÇ´Â È­ÀϵéÀº ´ÙÀ½ÀÇ È¯°æ º¯¼ö¿¡ ÀÇÇØ Á¤ÀǵȴÙ.
		- CKLISTPATH_LOW, CKLISTPATH_MED¿Í CKLISTPATH_HIGH

	   * The environment file, asetenv

		ȯ°æ È­ÀÏ , asetenv,´Â ASETÀÇ µ¿ÀÛ¿¡ ¿µÇâÀ» ³¢Ä¡´Â ÆĶó¸ÞÅ͸¦ Á¤ÀÇÇÏ´Â º¯¼öÀÇ
		¸ñ·ÏÀ» Æ÷ÇÔÇÑ´Ù.
		ÀÌ º¯¼öµéÀº ASETÀÇ µ¿ÀÛÀ» ¼öÁ¤Çϱâ À§ÇÏ¿© ¹Ù²Ü ¼ö ÀÖ´Ù.	

	5) Configuring ASET

	   ¿©±â¼­´Â ASET°ú ±×°ÍÀÌ µ¿ÀÛÇϴ ȯ°æÀ» ¾î¶»°Ô configureÇÏ´Â °¡¸¦ ¼³¸íÇÑ´Ù.
	   ASETÀº ±×°ÍÀÇ ÇൿÀ» Á¦¾îÇϱâ À§ÇÏ¿© 4°³ÀÇ configuration È­ÀÏ¿¡ ÀÇÁ¸ÇÑ´Ù.

	   * ȯ°æ È­ÀÏ:
		
		/usr/aset/asetenv

	   * master files:

		/usr/aset/tune.low
		/usr/aset/tune.med
		/usr/aset/tune.high

	  - modifying the environment file, asetenv

	    /usr/aset/asetenv´Â 2°³ÀÇ ÁÖ¿ä ºÎºÐÀ» °®´Â´Ù.
		
	    1. A user-configurable parameter section
	    2. A internal environment variables section

	    ASETÀ» ¼³Á¤Çϱâ À§ÇÏ¿© »ç¿ëÀÚ´Â user-configurable parameter sectionÀ» ¹Ù²Ü ¼ö ÀÖ´Ù.
	    ±×·¯³ª internal environment variables sectionÀÇ ¼³Á¤Àº ´ÜÁö ³»ºÎ¿¡¼­ »ç¿ëÇϱâ À§ÇÑ 
	    °ÍÀÌ°í ¼öÁ¤µÉ ¼ö ¾ø´Ù.
	    »ç¿ëÀÚ´Â ´ÙÀ½ÀÇ ÀÏ·Î user-configurable parameter section ¾ÈÀÇ ¿£Æ®¸®¸¦ ¹Ù²Ü ¼ö ÀÖ´Ù.

	    * ¾î¶² ÀÏÀ» ¼öÇàÇÒ °ÍÀΰ¡¸¦ ¼±ÅÃ.
	    * checklist task¸¦ À§ÇÑ µð·ºÅ丮¸¦ ÁöÁ¤.
	    * ASET ½ÇÇàÀ» ½ºÄÉÁÙÇÑ´Ù.
	    * aliases È­ÀÏÀ» ÁöÁ¤ÇÑ´Ù.
	    * NIS+ Å×À̺íÀ» °Ë»ç.

	   - choose which tasks to run: TASKS

		TASK="firewall env sysconf usrgrp tune cklist eeprom"

	   - specify directories for checklist task: CKLISTPATH

		* CKLISTPATH_LOW
		* CKLISTPATH_MED
		* CKLISTPATH_HIGH

	   - schedule ASET execution: PERIODIC_SCHEDULE
	   - specify an aliases file: UID_ALIASES
	   - extend checks to NIS+ tables: YPCHECK

	   ASETÀº ÀÌ·± ÀÏÀ» ¼öÇàÇϱâ À§ÇÏ¿© 3°³ÀÇ master È­Àϵ鿡 ÀÇÁ¸ÇÑ´Ù.
	   ÀÌ È­ÀϵéÀº tune file,aliases file,checklist fileÀÌ´Ù.
	   À̰͵éÀº /usr/aset/masters¿¡ ÀÖ´Ù.

	   - modifying the tune files

	     3°³ÀÇ master tune È­Àϵé - tune.low, tune.med, tune.high -Àº ÁÖ¿äÇÑ ½Ã½ºÅÛ È­ÀÏ¿¡
	     Á¢±ÙÀ» ½±°Ô(ease)Çϰųª Á¶À̱â(tighten) À§ÇÏ¿© »ç¿ëµÈ´Ù.
	     À̰͵éÀº »ç¿ëÀÚÀÇ È¯°æ¿¡ ¸ÂÃß±â À§ÇÏ¿© ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù.
	     ÀÌ°ÍÀº »ç¿ëÀÚÀÇ ÇÊ¿ä°¡ °¡Àå ¸Â´Â º¸¾ÈÀ» ¼ºÃëÇϱâ À§ÇÏ¿© master tune-file settingÀ»
	     ¹Ù²Ù°Å³ª,Áö¿ì°í,´õÇϹǷΠ¼öÇàµÈ´Ù.

	6) Restoring the system

	   aset.restore´Â /usr/aset¿¡ ÀÖ´Ù.
	   ÀÌ°ÍÀº ASET¿¡ ÀÇÇØ ¿µÇâ ¹ÞÀº ½Ã½ºÅÛ È­ÀϵéÀº ÀüÀÇ ASET(pre-ASET) ³»¿ëÀ¸·Î º¹±¸ÇÑ´Ù.
	   ASETÀÌ Ã³À½ ½ÇÇàµÉ¶§ ÀÌ°ÍÀº ¿ø·¡ÀÇ ½Ã½ºÅÛ È­ÀϵéÀ» ÀúÀåÇÑ´Ù.
	   aset.restore´Â ÀÌ È­ÀϵéÀº ¿ø »óÅ·Π³õ´Â´Ù.

	7) Network operation using the NFS system

	   ÀϹÝÀûÀ¸·Î ASETÀº standalone¿¡¼­ »ç¿ëÇϳª ³×Æ®¿öÅ©ÀÇ ºÎºÐÀÎ ±â°è¿¡¼­µµ »ç¿ëÇÒ ¼ö ÀÖ´Ù.
	   ¶ÇÇÑ NFS distributed environment¿¡¼­µµ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

 5.2 Instruction for using ASET

    ¡å How to run ASET interactively

	- to initiate an ASET session:

		# /usr/aset/aset

	- to set the ASET security level:

		# /usr/aset/aset -l level

	- to name an ASET working directory:

		# /usr/aset/aset -d pathname

	¿¹)
	
		# /usr/aset/aset -l med -d /usr/etc/aset

    ¡å How to use environment variables to set options

	ASETÀ» ´ëÈ­ÀûÀ¸·Î(interactively) ¼öÇàÇÒ¶§ ASET ÀÛ¾÷ µð·ºÅ丮¿Í º¸¾È ¼öÁØÀ» ÁöÁ¤Çϱâ
	À§ÇÏ¿© ASETDIR°ú ASETSECLEVELÀ̶ó´Â ȯ°æ º¯¼ö¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

	- to set variables from a C shell

		# setenv VARIABLE value

	- to set variables from a Bourne shell or a Korn shell

		# VARIABLE=value
		# export VARIABLE

	¿¹)
		# setenv ASETDIR /usr/etc/asetdir
		# setenv ASETSECLEVEL med
		# aset

    ¡å How to set up ASET to run periodically

	ASET ½ºÄÉÁÙÀº crontab¿¡¼­ °áÁ¤ÇÑ´Ù.

	- to start ASET running periodically

		# aset -p

	- to confirm the schedule

		# crontab -l root

	- to remove the crontab entry

		# crontab -e root

	- to change the default setting

		1. /usr/aset/aserenv¸¦ ¿¬´Ù.
		2. PERIOD_SCHEDULE ȯ°æ º¯¼ö¸¦ °®´Â ÁÙ¿¡ »õ·Î¿î ½ºÄÉÁÙÀ» ³Ö´Â´Ù.
		3. # /usr/aset/aset -p
			-p ¿É¼ÇÀº crontab¿¡ ¿£Æ®¸®¸¦ ³Ö´Â´Ù.
		4. # crontab -e root
		5. ¿øÇÏÁö ¾Ê´Â ¿£Æ®¸®¸¦ Áö¿î´Ù.

	  asetenv¾ÈÀÇ ´ÙÀ½ÀÇ ¿£Æ®¸®´Â ¸Å ¿ù,¼ö,Åä¿äÀÏ,¾Æħ 1½Ã¿¡ ¼öÇàµÇµµ·Ï ÇÑ´Ù.

		PERIOD_SCHEDULE=0 1 * * 1,3,5

    ¡å How to manage the ASET reports

	# cd /usr/aset/reports/latest
	# more *.rpt

    ¡å How to collect reports on a server

	1. server¿¡ µð·ºÅ丮¸¦ ¼³Á¤ÇÑ´Ù.

		a. # cd /usr/aset
		b. # mkdir rptdir
		c. # cd rptdir
		d. # mkdir client_rpt

	2. Ŭ¶óÀ̾ðÆ®ÀÇ ¼­ºê µð·ºÅ丮¸¦ exportÇ϶ó.

		a. /etc/dfs/dfstabÀ» ¼öÁ¤Ç϶ó.
	3. # shareall
	4. °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ ´ÙÀ½ÀÇ ¸í·ÉÀ» ¼öÇàÇ϶ó.

		# mount server:/usr/aset/client_rpt /usr/aset/masters/reports


 5.3 Reference material for using ASET

	¿©±â¼­´Â ȯ°æ º¯¼ö¿Í º¸°í¼­ È­ÀÏÀÇ ÇüŸ¦ º¸¿©ÁØ´Ù.

	Environment variables and their meanings
	--------------------------------+--------------------------------------
	Environment variable		| 	specifies
	--------------------------------+--------------------------------------
	ASETDIR(use shell)		| ASET working directory
	--------------------------------+--------------------------------------
	ASETSECLEVEL(use shell)		| security level
	--------------------------------+--------------------------------------
	PERIOD_SCHEDULE			| periodic schedule
	--------------------------------+--------------------------------------
	TASKS				| tasks to run
	--------------------------------+--------------------------------------
	UID_ALIASES			| aliases file
	--------------------------------+--------------------------------------
	YPCHECK				| extends check to NIS and NIS+
	--------------------------------+--------------------------------------
	CKLISTPATH_LOW			| directory lists for low security
	--------------------------------+--------------------------------------

6. Introduction to performance

 6.1 About performance

    6.1.1 Managing system resources

	* CPU
	* I/O devices
	* Memory

	- Managing processes

	  timex ¸í·É

	  # timex sleep 20
	  real 	20.60
	  user 	0.04	
	  sys  	0.37

	  ÀÌ º¸±â¿¡¼­ ¸í·ÉÀ» ¼öÇàÇϴµ¥ 20.60ÀÇ ½Ã°£ÀÌ °É·ÈÀ¸³ª ½ÇÁ¦ CPU ½Ã°£Àº 0.41ÀÌ´Ù
	  - Äڵ带 ½ÇÇàÇϴµ¥ 0.04,O/S¿¡ ÀÇÇØ »ç¿ëµÈ 0.37ÀÌ °É·È´Ù.

	- the at command

	   # at 0330
	   command1
	   command2
	   command3
	   CTRL-D

	   # at -f script
	   # at -l
	   # at -r
	   
    6.1.2 Monitoring tools

	* sar¿Í sadc
	* ps
	* performance meter
	* vmstat & iostat
	* swap
	* netstat & nfsstat

   6.1.3 Kernel parameters

	¸î°³ÀÇ Ä¿³Î ÆĶó¸ÞÅ͵éÀº maxusersÀÇ °ª¿¡µû¶ó ±×µéÀÇ ±âº» °ªÀ» ¼³Á¤ÇÑ´Ù.
	maxusers°¡ ¿µÇâÀ» ³¢Ä¡´Â ÆĶó¸ÞÅÍ´Â ´ÙÀ½°ú °°´Ù.

	----------------------------------------------------------------------
	ncallout	the size of the callout table
	ufs_ninode	the size of the inode table
	ncsize		the size of the directory name lookup cache
	max_procs	the size of the process table
	ndquot		the number of disk quota structures
	maxuprc		the number of user processes
	----------------------------------------------------------------------


	Default setting for kernel parameters
	----------------------------------------------------------------------
	kernel table	variable	default setting
	----------------------------------------------------------------------
	Callout		ncallout	16 + max_nprocs
	Inode		ufs_ninode	max_nprocs + 16 + maxusers + 64
	Name cache	ncsize		max_nprocs + 16 + maxusers + 64
	Process		max_nprocs	10 + 16 * maxusers
	Quota table	ndquot		(maxusers * NMOUNT)/4 + max_nprocs
	User process	maxuprc		max_nprocs - 5
	----------------------------------------------------------------------

7. Managing process

 7.1 About monitoring processes

	ps ¸í·ÉÀº ½Ã½ºÅÛ¿¡¼­ ½ÇÇàµÇ´Â ÇÁ·Î¼¼¼­ÀÇ ½ÇÇà »óŸ¦ »ìÇÊ ¼ö ÀÖ´Ù.
	¿©·¯°¡Áö ¿É¼ÇÀ¸·Î ´ÙÀ½ÀÇ Á¤º¸¸¦ º¼ ¼ö ÀÖ´Ù.

	* ÇÁ·Î¼¼¼­ÀÇ ÇöÀç »óÅÂ
	* ÇÁ·Î¼¼¼­ÀÇ ID
	* ºÎ¸ð(parent) ÇÁ·Î¼¼¼­ÀÇ ID
	* »ç¿ëÀÚ ID
	* scheduling class
	* priority
	* ÇÁ·Î¼¼¼­ÀÇ ÁÖ¼Ò
	* »ç¿ëµÈ ¸Þ¸ð¸®
	* »ç¿ëµÈ CPU ½Ã°£

	´ÙÀ½Àº ps¿¡ ÀÇÇØ º¸°íµÇ´Â °¢ Çʵ带 ¼³¸íÇÑ´Ù.

	-----------------------------------------------------------------------------
	Field			Description
	-----------------------------------------------------------------------------
	F	ÇÁ·Î¼¼¼­ÀÇ ÇöÀç »óŸ¦ °¡¸£Å²´Ù.
		00	ÇÁ·Î¼¼¼­°¡ ³¡¸¶ÃÄÁö°í ÇÁ·Î¼¼¼­ Å×À̺íÀ» ÀÚÀ¯·Ó°Ô ³õ´Â´Ù.
		01	ÇÁ·Î¼¼¼­°¡ ½Ã½ºÅÛ ÇÁ·Î¼¼¼­ÀÌ°í Ç×»ó ¸Þ¸ð¸®¿¡ ÀÖ´Ù.
		02	ÇÁ·Î¼¼¼­°¡ ±×°ÍÀÇ ºÎ¸ð¿¡ ÀÇÇØ ÃßÀû(trace)µÈ´Ù.
		04	ÇÁ·Î¼¼¼­°¡ ±×°ÍÀÇ ºÎ¸ð¿¡ ÀÇÇØ ÃßÀûµÇ°í ¸ØÃçÁø´Ù.
		08	ÇÁ·Î¼¼¼­°¡ ½Ã½º³Î¿¡ ÀÇÇØ ±ú¿öÁöÁö ¾Ê´Â´Ù.
		10	ÇÁ·Î¼¼¼­°¡ ÇöÀç ¸Þ¸ð¸®¿¡ ÀÖ°í event°¡ ³¡³¯¶§±îÁö Àá±Ï´Ù(locked)
		20	ÇÁ·Î¼¼¼­°¡ swapµÇ¾î Áú ¼ö ¾ø´Ù.
	S	´ÙÀ½ ¹®ÀÚÁß Çϳª¸¦ °¡¸£Å°¸ç ÇÁ·Î¼¼¼­ÀÇ ÇöÀç »óÅÂ
		O	ÇÁ·Î¼¼¼­°¡ ÇöÀç ½ÇÇàµÈ´Ù.
		S	ÇÁ·Î¼¼¼­°¡ ÀáÀÜ´Ù;I/O event°¡ ³¡³¯¶§±îÁö ±â´Ù¸°´Ù.
		R	ÇÁ·Î¼¼¼­°¡ ¼öÇàÇÒ Áغñ°¡ µÈ´Ù.
		I	ÇÁ·Î¼¼¼­°¡ idle »óÅ´Ù
		Z	ÀÌ°ÍÀº zombie ÇÁ·Î¼¼¼­ÀÌ´Ù.
		T	ºÎ¸ð°¡ ÀÌ ÇÁ·Î¼¼¼­¸¦ ÃßÀûÇϱ⠶§¹®¿¡ ¸ØÃçÁø´Ù.
		X	ÇÁ·Î¼¼¼­°¡ ´õ ¸¹Àº ¸Þ¸ð¸®¸¦ ¾²±âÀ§ÇØ ±â´Ù¸°´Ù.
	UID	ÇÁ·Î¼¼¼­ ¼ÒÀ¯ÀÚÀÇ »ç¿ëÀÚ ID
	PID	ÇÁ·Î¼¼¼­ÀÇ ±¸º° ¹øÈ£
	PPID	ºÎ¸ð ÇÁ·Î¼¼¼­ÀÇ ±¸º° ¹øÈ£
	C	ÀÌ°ÍÀº ½ºÄÉÁÙ¸µ¿¡ ´ëÇÑ ÇÁ·Î¼¼¼­ÀÇ »ç¿ëÀ» º¸¿©ÁØ´Ù.
	CLS	ÇÁ·Î¼¼¼­°¡ ¼ÓÇØ ÀÖ´Â ½ºÄÉÁÙ¸µ ±Þ¼ö(scheduling class)¸¦ º¸¿©ÁØ´Ù.
	PRI	ÀÌ°ÍÀº ÇÁ·Î¼¼¼­ÀÇ ½ºÄÉÁÙ¸µ ¿ì¼± ¼øÀ§¸¦ º¸¿©ÁØ´Ù.
	NI	ÇÁ·Î¼¼¼­ÀÇ nice ¹øÈ£ÀÌ´Ù.
	ADDR	ÇÁ·Î¼¼¼­ÀÇ ¸Þ¸ð¸® ÁÖ¼Ò
	SZ	ÇÁ·Î¼¼¼­¿¡ ÀÇÇØ ¿ä±¸µÈ °¡»ó ¸Þ¸ð¸®ÀÇ ¾çÀ» º¸¿©ÁØ´Ù.
	WCHAN	ÇÁ·Î¼¼¼­°¡ ÀáÀÚ°í ÀÖÀ»¶§ eventÀÇ ÁÖ¼Ò¸¦ º¸¿©ÁØ´Ù.
	STIME	ÇÁ·Î¼¼¼­ÀÇ ½ÃÀÛ ½Ã°£.
	TTY	ÇÁ·Î¼¼¼­°¡ ½ÃÀÛÇÑ Å͹̳¯.	
	TIME	ÇÁ·Î¼¼¼­°¡ ½ÃÀÛÇÑ ÀÌÈÄ,ÇÁ·Î¼¼¼­¿¡ ÀÇÇØ »ç¿ëµÈ Àüü CPU ½Ã°£.
	COMD	ÇÁ·Î¼¼¼­¸¦ ¸¸µç ¸í·É.
	-----------------------------------------------------------------------------

	- Changing the priority of a timesharing process with nice

		# nice [+|-n] command

 7.2 Instruction for controlling processes

    ¡å How to change the priority of a process

	- to lower the priority of a process

	  * ´ÙÀ½ ¸í·ÉÁß Çϳª¸¦ »ç¿ëÇ϶ó.

	    nice command_name
	    nice +4 command_name
	    /usr/bin/nice command_name
	    /usr/bin/nice -10 command_name

	- to raise the priority of a process

	  nice -10 command_name
	  /usr/bin/nice --10 command_name

    ¡å How to get basic information about process classes

	- to display process class and scheduling parameters

	   # priocntl -l
	   CONFIGURED CLASSES
	   ==================

	   SYS (System Class)

	   TS (Time Sharing)
        	   Configured TS User Priority Range: -20 through 20

	- ti display the global priority of a process

	   # ps -ecl

    ¡å How to designate priority with priocntl

	- to start a process with a designated priority

	  # priocntl -e -c TS -p 20 file -name core -print

	- to change the scheduling parameters of a running timeshare process

	  priocntl -s [-m userlimit] [-p userpriority] -i idtype idlist

	  # priocntl -s -m 20 -i pid 951

    ¡å How to change the class of a process

	priocntl -s -c class -i idtype idlist

	# priocntl -s -c RT -i uid 15249

7. Monitoring performance

 7.1 About monitoring performance

   - The vmstat command

	# vmstat 5
	procs     memory              page               disk       faults     cpu
 	r b w  swap  free  re  mf  pi  po  fr  de sr s3 -- -- --  in  sy  cs us sy id
 	0 0 3 28116   660   0   3   2   1   2   0  1  1  0  0  0  15  52  85  3  3 94
 	1 0 5 24400   260   0   3   4   0   0   0  0  1  0  0  0  11  40  75  3  3 95
 	1 0 5 24400   260   0   0   0   0   0   0  0  0  0  0  0   3  41  75  4  2 94
 	1 0 5 24400   260   0   0   0   0   0   0  0  0  0  0  0   1  60  81  6  3 91

	vmstatÀÇ Çʵå´Â ´ÙÀ½°ú °°Àº Àǹ̸¦ °®´Â´Ù.

	procs´Â ´ÙÀ½ »óÅ °¢°¢¿¡ ´ëÇÑ ÇÁ·Î¼¼¼­ÀÇ ¼ö¸¦ º¸°íÇÑ´Ù.

		* r	in the run queue
		* b 	blocked,ÀÚ¿øÀ» ±â´Ù¸°´Ù.
		* w	swapped,ÀÚ¿øÀÇ ÀÌ¿ëÀÌ ³¡³ª±â¸¦ ±â´Ù¸°´Ù.

	memory´Â ½ÇÁ¦¿Í °¡»ó ¸Þ¸ð¸®ÀÇ »ç¿ëÀ» º¸°íÇÑ´Ù.

		* swap	ÇöÀç ÀÌ¿ëÇÒ ¼ö ÀÖ´Â swapÀÇ °ø°£.
		* free	free listÀÇ Å©±â

	page´Â ÃÊ´ç page fault¿Í paginf activity¸¦ º¸°íÇÑ´Ù.

		* re	pages reclaimed
		* mf	minor faults
		* pi	kilobytes paged in
		* po	kilobytes paged out
		* fr	kilobytes freed
		* de	short-term memory shortfall(anticipated)

	disk´Â ÃÊ´ç µð½ºÅ© µ¿ÀÛÀÇ ¼öÀÌ´Ù.
	faults´Â trap/interruptÀ²À» º¸°íÇÑ´Ù.(ÃÊ´ç)
		
		* in	device interrupts(not from the clock)
		* sy	system faults per second
		* id	idle time

	cpu´Â CPU ½Ã°£ÀÇ »ç¿ëÀ» º¸°íÇÑ´Ù.

		* us	user time
		* sy	system time
		* id	idle time


	# vmstat -s

	swappingÀº vmstat -s¸¦ »ç¿ëÇÑ´Ù.

	# vmstat -c

	cache flushingÀº vmstat -c¸¦ »ç¿ëÇÑ´Ù.

	# vmstat -i

	interrupts´Â vmstat -i¸¦ »ç¿ëÇÑ´Ù.

   - The iostat command

	iostat ¸í·ÉÀº µð½ºÅ©ÀÇ ÀÔ,Ãâ·Â¿¡ °üÇÑ Á¤º¸¸¦ º¸¿©ÁØ´Ù.

	# iostat 5
	      tty          sd3          cpu
 	tin tout bps tps serv  us sy wt id
   	1   19   6   1   52   3  3  1 92
   	0    7  22   2   45  16  9  2 74
   	2   10   0   0    0   8  5  0 86
   	2  311   0   0    0   8  5  0 87

	óÀ½ ÁÙÀº ºÎÆà ÀÌÈÄÀÇ Åë°è¸¦ º¸¿©ÁØ´Ù.
	°¢ µð½ºÅ©¿¡ ´ëÇØ ´ÙÀ½ÀÇ Á¤º¸¸¦ º¸¿©ÁØ´Ù.

		* bps	blocks per second
		* tps	transactions per second
		* mps	milliseconds per seek

	È®ÀåµÈ µð½ºÅ© Åë°è¸¦ °®±â À§Çؼ­´Â iostat -xtc¸¦ »ç¿ëÇÑ´Ù.

	# iostat -xtc
	                                 extended disk statistics       tty         cpu
	disk      r/s  w/s   Kr/s   Kw/s wait actv  svc_t  %w  %b  tin tout us sy wt id
	sd3       0.5  0.2    3.6    2.2  0.0  0.0   51.8   1   2    1   20  3  3  1 92

		* r/s	reads per second
		* w/s	writes per second
		* Kr/s	kilobytes per second
		* wait	number of transactions waiting for service(queue length)
		* actv	average number of transactions avtively services
		* svc_t	average service time,in millisecond
		* %w	percentage of time the queue is not empty
		* %b	percentage of time the disk is busy

	- The df command

		# df -k

	- The profil command
	- The performance meter
	- Automatic collection of system activity data

	  3°³ÀÇ ¸í·É,sadc,sa1¿Í sa2°¡ ÀÖ´Ù.
	  sadc´Â ÁÖ±âÀûÀ¸·Î ½Ã½ºÅÛÀÇ È°µ¿¿¡ ´ëÇÑ µ¥ÀÌŸ¸¦ ¸ð¿ì°í binary formatÀ¸·Î ÀúÀåÇÑ´Ù.
	  - 24½Ã°£ °£°ÝÀ¸·Î ÇϳªÀÇ È­ÀÏ
	  »ç¿ëÀÚ´Â ÁÖ±âÀûÀ¸·Î ½ÇÇàÇϱâ À§ÇÏ¿© sadc¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ°í ½Ã½ºÅÛÀÌ ¸ÖƼ »ç¿ëÀÚ ¸ðµå·Î
	  µé¾î°¥¶§¸¶´Ù ¼öÇàÇÒ ¼ö ÀÖ´Ù.
	  ÀÌ µ¥ÀÌŸ È­ÀÏÀº /usr/adm/sa¿¡ ³õ´Â´Ù.
	  ÀÌ ¸í·ÉÀÇ ÇüÅ´ ´ÙÀ½°ú °°´Ù.

	  /usr/lib/sa/sadc [t n] [ofile]

	  * running sadc when booting up

	    ºÎÆýÿ¡ sadc¸¦ ¼öÇàÇϱâ À§ÇÏ¿© /etc/inet.d/perf È­ÀÏ¿¡ ¸ÅÀÏÀÇ µ¥ÀÌŸ¸¦ ±â·ÏÇÏ´Â 
	    ´ÙÀ½ÀÇ ÁÙÀ» Æ÷ÇÔÇؾ߸¸ ÇÑ´Ù.

		su sys -c "/usr/lib/sa/sadc /usr/adm/sa/sa`date +5d`

	  * running sadc periodically with sa1

	     ÁÖ±âÀûÀ¸·Î ±â·ÏÇϱâ À§ÇÏ¿© ±ÔÄ¢ÀûÀ¸·Î sadc¸¦ ¼öÇàÇÒ ÇÊ¿ä°¡ ¾ø´Ù.
	     ÀÌ°ÍÀ» ÇÏ´Â °¡Àå °£´ÜÇÑ ¹æ¹ýÀº sa1À̶ó´Â shell script¸¦ /var/spool/cron/sys¿¡
	     ³Ö´Â °ÍÀÌ´Ù.
	     ÀÌ ½ºÅ©¸³Æ®´Â sadc¸¦ ºÎ¸£°í ¸ÅÀÏÀÇ µ¥ÀÌŸ¸¦ /var/adm/sa/sa[dd]¿¡ ¾´´Ù.
	     ÀÌ°ÍÀº ´ÙÀ½ÀÇ ÇüŸ¦ °®´Â´Ù.

	     /usr/lib/sa/sa1 [t n]

	  * producing reports with sa2

	     sa2¶ó´Â ¶Ç ´Ù¸¥ shell script´Â binary data fileº¸´Ù´Â º¸°í¼­¸¦ ¸¸µç´Ù.
	     sa2´Â sar ¸í·ÉÀ» ºÎ¸£°í ASCII Ãâ·ÂÀ» º¸°í¼­ È­ÀÏ¿¡ ¾´´Ù.

	- collecting system activity data with sar

	  sar ¸í·ÉÀº ½Ã½ºÅÛ È°µ¿ µ¥ÀÌŸ ±× ÀÚü¸¦ ¸ð¿ì°í sadc¿¡ ÀÇÇØ ¸¸µé¾îÁø ¸ÅÀÏÀÇ È°µ¿ È­ÀÏ¿¡¼­
	  ¸ð¾ÆÁø °ÍÀ» º¸°íÇϴµ¥ »ç¿ëÇÑ´Ù.
	  sar ¸í·ÉÀº ´ÙÀ½ÀÇ ÇüŸ¦ °®´Â´Ù.

	  sar [-abcdgkmpqruvwxyADSC] [-o file] t [n]
	  sar [-abcdgkmpqruvwxyADSC] [-s time] [-e time] [-i sec] [-f file]

	  # sar 10 2

	
	  sarÀÇ ¿É¼Ç°ú ÇൿÀº ´ÙÀ½°ú °°´Ù.

	  ------+------------------------------------------------------------------
	 Optione|	Operation
	  ------+------------------------------------------------------------------
	  -a	| checks file access operations
	  ------+------------------------------------------------------------------
	  -b	| checks buffer activity
	  ------+------------------------------------------------------------------
	  -c	| checks system calls
	  ------+------------------------------------------------------------------
	  -d	| checks disk activity
	  ------+------------------------------------------------------------------
	  -g	| checks page-out and memory freeing
	  ------+------------------------------------------------------------------
	  -k	| checks kernel memory allocation
	  ------+------------------------------------------------------------------
	  -m	| checks interprocess communication
	  ------+------------------------------------------------------------------
	  -p	| checks page-in and fault activity
	  ------+------------------------------------------------------------------
	  -q	| checks queue activity
	  ------+------------------------------------------------------------------
	  -r	| checks unused memory
	  ------+------------------------------------------------------------------
	  -u	| checks CPU utilization
	  ------+------------------------------------------------------------------
	  -v	| checks system table status
	  ------+------------------------------------------------------------------
	  -x	| reports remote file-sharing activity
	  ------+------------------------------------------------------------------
	  -w	| checks swapping and switching volume
	  ------+------------------------------------------------------------------
	  -y	| terminal terminal activity
	  ------+------------------------------------------------------------------
	  -A	| reports overall system performance;same sa entering all options
	  ------+------------------------------------------------------------------
	  -C	| reports RFS buffer-caching overhead
	  ------+------------------------------------------------------------------
	  -D	| reports CPU utilization by RFS and local activity(same as -Du)
	  ------+------------------------------------------------------------------
	  -Db	| reports buffer-cache use for RFS and local activity
	  ------+------------------------------------------------------------------
	  -Dc	| reports system calls separately for RFS and local activity
	  ------+------------------------------------------------------------------
	  -Du	| reports CPU utilization by RFS and local activity
	  ------+------------------------------------------------------------------
	  -S	| reports RFS server and request status
	  ------+------------------------------------------------------------------

	- Checking file access with sar -a
	- Checking buffer activity with sar -b
	- Checking system calls with sar -c
	- Checking disk activity with sar -d
	- Checking page-out and memory with sar -g
	- Checking kernel memory allocation with sar -k
	- Checking interprocess communication with sar -m
	- Checking page-in activity with sar -p
	- Checking queue activity with sar -q
	- Checking unused memory with sar -r
	- Checking CPU utilixation with sar -u
	- Checking system table status with sar -v
	- Checking swapping with with sar -w
	- Checking terminal activity with sar -y
	- Checking overall system performance with sar -A

 7.2 Instruction for minitoring performance

    ¡å How to set up automatic data collection

	1. /etc/init.d/perf È­ÀÏÀ» ¿¬´Ù.
	2. ´ÙÀ½ÁÙÀ» uncommentÇÑ´Ù.

		# su sys -c "/usr/lib/sa/sadc /var/adm/sa/sa`date +%d`"

	3. /var/spool/cron/crontab/sys¸¦ ¿¬´Ù.
	4. ´ÙÀ½ÁÙÀ» uncommentÇÑ´Ù.

		# 0 * * * 0-6 /usr/lib/sa/sa1
		# 20,40 8-17 * * 1-5 /usr/lib/sa/sa1

    ¡å How to display statistics with vmstat

	# vmstat 5
	# vmstat -S
	# vmstat -c

    ¡å How to display I/O statistics with iostat

	# iostat 5

9. A guide to network performance

	- The ping command

		# ping elvis
		# ping -s pluto

	- The spray command

		# spray -c 100 -d 20 0 -l 2048 pluto

	- The snoop command
	- The netstat command

		# netstat -i
		# netstat -s
		# netstat -r

	- The nfsstat command

		# nfsstat -c
		# nfsstat -m 

10. Setting up and maintaining accounting

 10.1 Overview of accounting

	ÀÌ°ÍÀÌ ¼³Á¤µÇ¸é system accountingÀº ´ëºÎºÐ ÀÚü·Î ¼öÇàµÈ´Ù.
	accounting º¸°í¼­¸¦ ¸¸µå´Â ½© ½ºÅ©¸³Æ®´Â /usr/adm/acct¿Í /usr/lib/acct¿¡ ¸¸µç´Ù.
	ÀÚµ¿ÀûÀ¸·Î ¼öÇÚÇÏ´Â °ÍÀº crontab¿¡ ¼³Á¤ÇÑ´Ù.
	´ÙÀ½Àº accountingÀÌ ¾î¶² ÀÏÀ» Çϴ°¡¸¦ ¼³¸íÇÑ´Ù.

	* ½Ã½ºÅÛÀÌ ½ÃÀÛÇÏ°í ³¡³ª´Â »çÀÌ¿¡ ½Ã½ºÅÛ »ç¿ë¿¡ °üÇÑ ¿øÃÊÀû µ¥ÀÌŸ(raw data)°¡
	  accounting È­ÀÏ¿¡ ¸ð¾ÆÁø´Ù.
	* ÁÖ±âÀûÀ¸·Î,º¸Åë ÇÏ·ç¿¡ Çѹø,/usr/lib/acct/runacct´Â °¢Á¾ accounting È­ÀÏ¿¡¼­
	  µ¥ÀÌŸ¸¦ ¸ð¿ì°í prdaily´Â ÀÌ µ¥ÀÌŸ¸¦ ÇÁ¸°Æ®ÇÑ´Ù.
	* monacct´Â ¸Å´ÞÀÇ µ¥ÀÌŸ¸¦ ¸¸µé°í Á¦°øÇÑ´Ù.

   10.1.1 Types of accounting

	1) Connect accounting

	  /var/adm/wtmp¿¡ ÀúÀåÇÑ´Ù.
	  wtmp È­ÀÏÀÇ ¿£Æ®¸®´Â ´ÙÀ½ÀÇ Á¤º¸¸¦ Æ÷ÇÔÇÑ´Ù: »ç¿ëÀÚÀÇ ·Î±× ÀÎ À̸§,µð¹ÙÀ̽º À̸§,
	  ÇÁ·Î¼¼¼­ ID,¿£Æ®¸®ÀÇ ÇüÅÂ(type),¿£Æ®¸®°¡ ¸¸µé¾îÁú¶§ÀÇ time stamp

	2) process accounting

	  ÇÁ·Î¼¼¼­°¡ Á׿ﶧ¸¶´Ù exit ÇÁ·Î±×·¥ÀÌ µ¥ÀÌŸ¸¦ ¸ð¿ì°í ±×°ÍÀ» /var/adm/acct¿¡ ¾´´Ù.
	  acct È­ÀÏÀº ckpacct¿¡ ÀÇÇØ ±âº» 500 blocksÀÇ Å©±â¸¦ °®´Â´Ù.
	  ¸¸¾à ckpacct°¡ /var/adm/acct È­ÀÏÀÌ 500 blocksº¸´Ù Å©´Ù¸é ÀÌ°ÍÀ» /var/adm/pacct[n]À¸·Î
	  ¿Å±ä´Ù.

	3) disk accounting

	  ÀÌ µ¥ÀÌŸ´Â dodisk¶ó´Â ½© ½ºÅ©¸³Æ®¿¡ ÀÇÇØ ¸ð¾ÆÁø´Ù.
	  dodisk´Â ½Ã½ºÅÛ¿¡¼­ °¢ È­ÀÏÀÇ Á¤º¸¸¦ ¸ð¿ì±â À§ÇÏ¿© acctdusg¿Í diskusg¸¦ ºÎ¸¥´Ù.
	  acctdusg´Â ¸ðµç µð½ºÅ© accounting Á¤º¸¸¦ ¸ð¿î´Ù.

	  °æ°í: dodisk¿¡ ÀÇÇØ ÀúÀåµÈ Á¤º¸´Â /var/adm/acct/nite/disktacct¿¡ ÀúÀåµÈ´Ù.
	        ÀÌ Á¤º¸´Â ´ÙÀ½¿¡ dodisk¸¦ ¼öÇàÇÒ¶§ overwriteµÈ´Ù.

	4) fee calculations

	  ¸¸¾à È­ÀϺ¸±¸¿Í remote ÇÁ¸°Æð°Àº Ưº°ÇÑ ¼­ºñ½º¿¡ °¡°ÝÀ» ¸Å±ä´Ù¸é chargefee¸¦ »ç¿ë ÇÒ 
	  ¼ö ÀÖ´Ù.
	  ÀÌ µ¥ÀÌŸ´Â /var/adm/fee¿¡ ±â·ÏÇÑ´Ù.

   10.1.2 accounting program

	/usr/luib/acct¿¡ ÀÖ´Ù.
	acctcomÀº /usr/bin¿¡ ÀÖ´Ù.
	/usr/lib/acct/startupÀº ½Ã½ºÅÛÀÌ multi mode¿¡¼­ accounting ÇÁ·Î¼¼¼­¸¦ ÃʱâÈ­ÇÑ´Ù.
	
 10.2 Setting up accounting

	½Ã½ºÅÛÀÌ multi mode¿¡¼­ accountinÀ» ¼³Á¤Çϱâ À§ÇÏ¿© ´ÙÀ½ÀÇ È­ÀϵéÀ» ¼öÁ¤Çϰųª
	¸¸µé¾î¾ß ÇÑ´Ù.

	* /etc/rc0.d/K22acct(create)
	* /etc/rc2.d/S22acct(create)
	* /var/spool/cron/crontab/adm(modify)
	* /var/spool/cron/crontab/root(modify)

	¸¸¾à shutdownµ¿¾È accountingÀ» ¸¶Ä¡±â¸¦ ¿øÇÑ´Ù¸é /etc/rc0.d/K22acct¸¦ /etc/init.d/acct¿Í
	¸µÅ©Ç϶ó.

	# ln -s /etc/init.d/acct /etc/rc0.d/K22acct

	¸¸¾à multi mode¿¡¼­ accountingÀ» ½ÃÀÛÇÏ·Á¸é /etc/rc2.d/S22acct¿Í /etc/init.d/acct¸¦
	¸µÅ©Ç϶ó.

	# ln -s /etc/init.d/acct /etc/rc2.d/S22acct

	accounting¿¡ ÇÊ¿äÇÑ ´ëºÎºÐÀÇ ¿£Æ®¸®´Â /var/spool/cron/crontabs/adm¿¡ ³Ö´Â´Ù.
	ÀÌ µ¥ÀÌŸº£À̽º¿¡¼­ ÁÖ±âÀûÀ¸·Î ckpacct,¸ÅÀÏ runacct,monacct¸¦ ¼öÇàÇÑ´Ù.

	#ident  "@(#)adm        1.3     89/12/12 SMI"   /* SVr4.0 1.2   */
	#
	# The adm crontab file should contain startup of performance collection if
	# the profiling and performance feature has been installed.
	#
	#
	# more adm
	#ident  "@(#)adm        1.3     89/12/12 SMI"   /* SVr4.0 1.2   */
	#
	# The adm crontab file should contain startup of performance collection if
	# the profiling and performance feature has been installed.
	#-------------------------------------------------------------------------
	0 * * * * /usr/lib/acct/ckpacct
	30 2 * * * /usr/lib/acct/runacct 2> /var/adm/aacct/nite/fd2log
	30 9 * * 5 /usr/lib/acct/monacct

	dodisk´Â root crontabÀÎ /var/spool/cron/crontabs/root¿¡ ÷°¡ÇÑ´Ù.

	#ident  "@(#)root       1.3     89/12/12 SMI"   /* SVr4.0 1.1.3.1       */
	#
	# The root crontab should be used to perform accounting data collection.
	#
	0 2 * * 0,4 /etc/cron.d/logchecker
	5 4 * * 6   /usr/lib/newsyslog
	#------------------------------------
	30 22 * * 4 /usr/lib/acct/dodisk

 10.3 Daily accounting

	¿©±â¿¡´Â SunOS system accounting°¡ ¾î¶»°Ô ÀÛµ¿µÇ´Â °¡¸¦ ÇÑ´Ü°è ÇÑ´Ü°è ¿ä¾àÇß´Ù.

	1) multiuser mode·Î °¥¶§ /usr/lib/acct/startup¸¦ ¼öÇàÇÑ´Ù.
	   startupÀº accountingÀ» Çϱâ À§ÇÏ¿© ¿©·¯°³ÀÇ ´Ù¸¥ ÇÁ·Î±×·¥Àº ¼öÇàÇÑ´Ù.
	2) acctwtmp ÇÁ·Î±×·¥Àº  /var/adm/wtmp¿¡ "boot"¶ó´Â ±â·ÏÀ» ÇÑ´Ù.
	   ´ÙÀ½Àº ¾î¶»°Ô raw accounting data¸¦ ¸ð¿ì°í ¾îµð¿¡ ÀúÀåÇÏ´Â °¡¸¦ º¸¿©ÁØ´Ù.

	   -------------------------------------------------------------------------
	   File(in /var/adm)	Information		Written By	Format
	   -------------------------------------------------------------------------
	   wtmp			connect sessions	login,init	utmp.h
	   			changes			date
				reboots			acctwtmp
				shutdowns		shutacct shell
	   pacctn		processes		kernel(when	acct.h
							process end)

							turnacct switch(create a new
							file when the old one reaches
							500 blocks)
	   fee			special charges		chargefee	acct.h
	   acct/nite/disk	disk space used		dodisk		tacct.h
	   tacct
	   -------------------------------------------------------------------------

	3) on ¿É¼Ç°ú ÇÔ²² turnacct´Â process accountingÀ» ½ÃÀÛÇÑ´Ù.
	    Ưº°È÷ turnacct´Â /var/adm/pacct¸¦ ¾Æ±Ô¸ÕÆ®·Î acctonÀ» ½ÇÇàÇÑ´Ù.
	4) remove ½© ½ºÅ©¸³Æ®´Â ÀúÀåµÈ pacct¿Í runacct¿¡ ÀÇÇØ sum µð·ºÅ丮¿¡ ³²¾ÆÀÖ´Â wtmp
	   È­ÀÏÀ» "clean up"ÇÑ´Ù.
	5) login°ú init´Â /var/adm/wtmp¿¡ connection sessionµéÀ» ±â·ÏÇÑ´Ù.
	   ¾î¶² ³¯Â¥ÀÇ º¯È­´Â  /var/adm/wtmp¿¡ ¾´´Ù.
	   reboot°ú shutdownµµ /var/adm/wtmp¿¡ ±â·ÏµÈ´Ù.
	6) ÇÁ·Î¼¼¼­°¡ ³¡³ª¸é Ä¿³ÎÀº ÇÁ·Î¼¼¼­´ç ÇϳªÀÇ ±â·ÏÀ» /var/adm/pacct¿¡ acct.hÀÇ Çü½ÄÀ¸·Î
	   ±â·ÏÇÑ´Ù.

	µÎ°³ÀÇ ÇÁ·Î±×·¥Àº ·Î±× Àο¡ ÀÇÇØ µð½ºÅ©ÀÇ »ç¿ëÀ» ÃßÀûÇÑ´Ù.: acctdusg¿Í diskusg
	À̰͵éÀº dodisk¶ó´Â ½© ½ºÅ©¸³Æ®¿¡ ÀÇÇØ ºÒ·ÁÁø´Ù.
	¸Å ½Ã°£ cronÀº ckpacct¸¦ ¼öÇàÇÏ¿© /var/adm/pacct°¡ 500 blocksÀ» ÃÊ°úÇÏ´Â °¡¸¦ °Ë»çÇÑ´Ù.
	¸¸¾à ÃÊ°úÇϸé turnacct switch°¡ ¼öÇàµÈ´Ù.(ÀÌ ÇÁ·Î±×·¥Àº pacct¸¦ ¿Å±â°í »õ·Î¿î °ÍÀ»
	¸¸µç´Ù)
	¸¸¾à shutdownÀ» »ç¿ëÇÏ¿© shutdownÀ» Çϸé shutacct°¡ ÀÚµ¿ÀûÀ¸·Î ½ÇÇàµÈ´Ù.
	shutacct´Â process accounting°¡ ³¡³­ ÀÌÀ¯¸¦ /var/adm/wtmp¿¡ ±â·ÏÇÑ´Ù.
	´ÙÀ½¿¡ runacct°¡ ´Ù½Ã ¼öÇàµÇ¸é ÀÌ »õ·Î¿î ±â·ÏÀÌ ÃëÇØÁö°í Àüü accounting ±â·Ï°ú ÇÕÃÄÁø´Ù.
	
	1) runacct´Â cron¿¡ ÀÇÇØ ¸ÅÀÏ ¹ã ½ÇÇàµÈ´Ù.
	   runacct´Â accounting È­ÀÏÀ» ´Ù·é´Ù: /var/adm/pacct[n],/var/adm/wtmp,/var/adm/fee,
	   /var/adm/acct/nite/disktacct
	2) /usr/lib/acct/prdaily´Â runacct¿¡ ÀÇÇØ ¸ð¾ÆÁø ¸ÅÀÏÀÇ accounting Á¤º¸¸¦ 
	   /var/adm/acct/sum/rprt.MMDD¿¡ ¾²±â À§ÇÏ¿© runacct¿¡ ÀÇÇØ ÇÏ·ç ´ÜÀ§·Î ¼öÇàµÈ´Ù.
	3) monacct´Â ÇÑ´Þ ´ÜÀ§·Î ¼öÇàµÈ´Ù.

 10.4 The runacct program

	runacct´Â ÁÖ·Î ÇÑ°¡ÇÑ ½Ã°£¿¡ cron¿¡ ÀÇÇØ ºÒ·ÁÁø´Ù.
	runacct´Â accounting È­ÀÏÀ» ´Ù·ç°í,¿¬°á,µð½ºÅ©,fee¸¦ Ãë±ÞÇÑ´Ù.
	ÀÌ°ÍÀº ¶ÇÇÑ prdaily¿Í monacct¿¡ ÀÇÇØ »ç¿ëµÉ ¸ÅÀÏÀÇ Á¤º¸¿Í ÃàÀûµÈ Á¤º¸¸¦ Á¦°øÇÑ´Ù.
	runacct ½© ½ºÅ©¸³Æ®´Â ¿¡·¯°¡ ¹ß»ýÇϸé È­ÀÏÀÌ ¼Õ»óµÇÁö ¾Êµµ·Ï ÁÖÀÇ ÇÏ¿©¾ß ÇÑ´Ù.
	ÀÏ·ÃÀÇ º¸È£ ÀåÄ¡°¡ ¿¡·¯¸¦ ÀνÄÇϱâ À§ÇÏ¿© »ç¿ëµÇ°í ´Ü½Ã°£¿¡ ´Ù½Ã ½ÃÀÛÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.
	ÀÌ°ÍÀº active¶ó´Â È­ÀÏ¿¡ ¸Þ¼¼Áö¸¦ ¾¸À¸·Î ±×°ÍÀÇ °úÁ¤À» ±â·ÏÇÑ´Ù.(runacct¿¡ ÀÇÇØ »ç¿ëµÇ´Â
	È­ÀϵéÀº ´Þ¸® ÁöÁ¤ÇÏÁö ¾Ê´Â´Ù¸é /var/adm/acct/nite¿¡ ÀÖ´Ù°í °¡Á¤ÇÑ´Ù.)
	runacct°¡ ½ÇÇàÇÏ´Â µ¿¾È ¸ðµç Áø´Ü Ãâ·ÂÀº fd2log¿¡ ¾´´Ù.
	runacct°¡ ºÒ·ÁÁú¶§ ÀÌ°ÍÀº lock°ú lock1À̶ó´Â È­ÀÏÀ» ¸¸µç´Ù.
	ÀÌ È­ÀϵéÀº µ¿½Ã¿¡ runacct¸¦ ¼öÇàÇÏÁö ¾Êµµ·Ï ÇÑ´Ù.
	¸¸¾à ÀÌ È­ÀϵéÀÌ runacct°¡ ºÒ·ÁÁú¶§ ÀÖÀ¸¸é ¿¡·¯ ¸Þ¼¼Áö¸¦ ¹ß»ýÇÑ´Ù.
	lastdate È­ÀÏÀº runacct°¡ ¸¶Áö¸·À¸·Î ºÒ·ÁÁø ´Þ°ú ³¯Â¥¸¦ Æ÷ÇÔÇÏ°í ÇÏ·ç¿¡ Çѹø ÀÌ»ó ¼öÇà ÇÒ
	¼ö ¾øµµ·Ï ÇÑ´Ù.
	¸¸¾à runacct°¡ ¿¡·¯¸¦ ¹ß°ßÇÏ¸é ¸Þ¼¼Áö´Â Äֿܼ¡ ¾²°í root¿Í adm¿¡ ¸ÞÀÏÀ» º¸³»°í lockµéÀ»
	Áö¿ì°í diagonostic È­ÀϵéÀ» ÀúÀåÇÏ°í ½ÇÇàÀ» ³¡³½´Ù.

   10.4.1. Reentrant states of the runacct script

	runacct°¡ ´Ù½Ã ½ÃÀÛÇϱâ À§ÇÏ¿© processingÀº ¿©·¯°³ÀÇ »óÅÂ(state)·Î ³ª´©¾î Áú ¼ö ÀÖ´Ù.
	statefileÀº ³¡¸¶Ä£ ¸¶Áö¸· »óŸ¦ ÃßÀûÇϱâ À§ÇÏ¿© »ç¿ëµÈ´Ù.
	°¢ »óÅ°¡ ³¡³ª¸é statefileÀº ´ÙÀ½ »óŸ¦ ¹Ý¿µÇϱâ À§ÇÏ¿© °»½ÅµÈ´Ù.
	»óÅ¿¡ ´ëÇÑ ÇÁ·Î¼¼½ÌÀÌ ³¡³­ ÈÄ,statefile ÀÐÇôÁö°í ´ÙÀ½ »óÅ°¡ ¼öÇڵȴÙ.
	runacct°¡ CLEANUP »óÅ¿¡ µµ´ÞÇϸé lockµéÀÌ Áö¿öÁö°í ³¡³­´Ù.
	»óÅ´ ´ÙÀ½°ú °°ÀÌ ¼öÇàµÈ´Ù.

	SETUP		ÀÌ ¸í·É,turnacct switch,Àº »õ·Î¿î pacct È­ÀÏÀ» ¸¸µé±â À§ÇÏ¿© ¼öÇàµÈ´Ù.
	WTMPFIX		wtmpfix ÇÁ·Î±×·¥Àº Á¤È®¼ºÀ» À§ÇÏ¿© nite µð·ºÅ丮¿¡ wtmp.MMDD¸¦ °Ë»çÇÑ´Ù.
	CONNECT		acctonÀº cpacct¿¡ connect accounting record¸¦ ±â·ÏÇϱâ À§ÇÏ¿© »ç¿ëÇÑ´Ù.
	PROCESS		acctprc´Â /var/adm/Spacctn.MMDD(process accounting file)¸¦ Àüü accounting
			±â·Ï È­ÀÏÀÎ ptacctn.MMDD·Î º¯È¯Çϴµ¥ »ç¿ëµÈ´Ù.
	MERGE		process accounting ±â·ÏÀ» connect accounting ±â·Ï°ú ÇÕÃÄ dayacct¸¦ ¹Ýµç´Ù.
	FEES		È­ÀÏ,fee,·ÎºÎÅÍ ASCII tacct ±â·ÏÀ» dayacct¿¡ ÇÕÄ£´Ù.
	DISK		¸¸¾à dodisk¸¦ ¼öÇàÇϸé diskacct¸¦ ¸¸µé°í È­ÀÏÀ» dayacct¿¡ ÇÕÄ¡°í diskacct¸¦
			/tmp/disktacct.MMDD·Î ¿Å±ä´Ù.
	MERGETACCT	dayacct¸¦ sum/tacct¿Í ÇÕÄ£´Ù.
	CMS		acctcms´Â ¸î¹ø ½ÇÇàÇÑ´Ù.
			acctcms´Â Spacct[n]À» »ç¿ëÇÏ¿© ¸í·É ¿ä¾àÀ» ¸¸µé±â À§ÇØ Ã³À½ ½ÇÇàµÇ°í ÀÌ°ÍÀ»
			sum/daycms¿¡ ¾´´Ù.
			acctcms´Â sum/daycmsÀ» sum/cms¿¡ ÇÕÄ£´Ù.
			¸¶Áö¸·À¸·Î acctcms´Â sum/daycms¿Í sum/cms·ÎºÎÅÍ °¢°¢ nite/daycms¿Í 
			nite/cms(ASCII command summary file)¸¦ ¸¸µé±â À§ÇÏ¿© ½ÇÇàµÈ´Ù.
			lastloginÀº /var/adm/acct/sum/loginlog¸¦ ¸¸µç´Ù.
	USEREXIT	¾î¶² installation-dependent(local) accounting programÀº ÀÌ ½ÃÁ¡¿¡ Æ÷Ç﵃ ¼ö
			ÀÖ´Ù.
			runacct´Â /usr/lib/acct/runacct.local·Î ºÒ·ÁÁú ¼ö ÀÖ´Ù.
	CLEANUP		Àӽà ȭÀÏÀ» Áö¿ì°í prdaily¸¦ ¼öÇàÇÏ°í Ãâ·ÂÀ» sum/rpt.MMDD¿¡ ÀúÀåÇÏ°í lockÀ»
			Áö¿ì°í ºüÁ®³ª¿Â´Ù.

   10.4.2. Files produced bu runacct

	runacct°¡ ¸¸µç ´ÙÀ½ÀÇ È­ÀÏ( /var/adm/acct¿¡ ÀÖ´Â)µéÀº °ü½ÉÀ» °¡Á®¾ß ÇÑ´Ù.

	nite/lineuse	¶óÀÎÀÇ »ç¿ëÀ» º¸°íÇϱâ À§ÇÏ¿© ÀÌ È­ÀÏÀ» »ç¿ëÇÑ´Ù.
	nite/dayacct	Àüü accounting È­ÀÏ.
	sum/tacct	°¢ ³¯Â¥ÀÇ nite/dayacctÀ» ÇÕÄ£ È­ÀÏ.
	sum/daycms	ÇÑ ³¯¿¡ »ç¿ëµÈ ¸í·ÉÀ» ÀúÀå.
	sum/cms		°¢ ³¯¿¡ »ç¿ëµÈ ¸í·ÉÀ» ÇÕÄ£ È­ÀÏ.
	sum/loginlog	·Î±× ÀÎÀ» ÀúÀå.
	sum/rprt.MMDD	°¢ ³¯ÀÇ º¸°í¼­¸¦ ÀúÀå.

 10.5 Fixing corrupted files

	- Fixing wtmp errors

	  ¡å How to fix wtmp errors

		1) # cd /vat/adm/acct/nite
		2) # fwtmp wtmp.MMDD xwtmp
		    fwtmp´Â ÀÌÁø È­ÀÏÀÎ wtmp.MMDD¸¦ ASCII È­ÀÏÀÎ xwtmp·Î º¯È¯ ½ÃŲ´Ù.
		3) xwtmp¸¦ ¼öÁ¤ÇÑ´Ù.
		   ¸Á°¡Áø È­ÀÏÀ» Áö¿ì°Å³ª ³¯Â¥°¡ ¹Ù²î°í ½ÃÀÛÇÑ ¸ðµç ±â·ÏÀ» Áö¿î´Ù.
		4) # fwtmp -ic xwtmp wtmp.MMDD

	- Fixing tacct errors

	   ¡å How to fix tacct errors

		1) # cd /var/adm/acct/sum
		2) # acctmerge -v tacct.MMDD xtacct
		3) xtacct¸¦ ¼öÁ¤ÇÑ´Ù.
		   À߸øµÈ ±â·ÏÀ» Á¦°ÅÇÏ°í Áߺ¹µÈ ±â·ÏÀ» ´Ù¸¥ È­ÀÏ¿¡ ¾´´Ù.
		4) # acctmerge - xtacct tacct.MMDD
		5) # acctmerge tacctprv tacct.MMDD

 10.5 Restarting runacct

	- to start runacct

		# nohup runacct 2> /var/adm/acct/nite/fd2log

	- to restart runacct

		# nohup runacct 0601 2> /var/adm/acct/nite/fd2log

	- to restart runacct in a specific state

		# nohup runacct 0601 WTMPFIX 2> /var/adm/acct/nite/fd2log

 10.6 Billing users

	chargefee´Â file restore¿Í °°Àº »ç¿ëÀÚ¿¡°Ô ƯÁ¤ÇÑ ¼­ºñ½º¿¡ ¿ä±ÝÀ» ºÎ°úÇϱâ À§ÇØ fee¶ó´Â
	È­ÀÏ¿¡ ÀúÀåÇÑ´Ù.
	ÀÌ È­ÀÏÀº ¸ÅÀÏ runacct¿¡ ÀÇÇØ ¸¸µé¾îÁø´Ù.

	- to register special fees

		# chargefee login_name amount

 10.7 Daily accounting reports

	- daily report

		p168 ~ p169

	- daily usage report

		p169 ~ p170

	- daily command summary

		p171 ~ p173

	- total command summary

		p174 

	- last login report

		p175

 10.8 Looking at the pacct file with acctcom

	acctcom¸¦ »ç¿ëÇÏ¿© /var/adm/pacct[n]ÀÇ ³»¿ëÀ» »ìÆ캼 ¼ö ÀÖ´Ù.

 10.9 Accounting files

	/var/admÀº ½ÇÁ¦ µ¥ÀÌŸ¸¦ ¸ð¿î È­ÀÏÀ» Æ÷ÇÔÇÏ°í adm¿¡ ÀÇÇØ ¼ÒÀ¯µÈ´Ù.

 10.10 Quick reference to accounting

	- to start accounting
		
		# /usr/lib/acct/startup

	- to turn off accounting

		# /usr/lib/acct/shutacct

	- to switch the pacct file to the pacct[n] file

		# /usr/lib/acct/ckpacct

	- to examine the contents of pacct

		# /bin/acctcom

	- to charge a fee

		# /usr/lib/acct/chargefee login_name amount

	- to process accounting files into a daily summary

		# /usr/lib/acct/runacct 2 > /var/adm/acct/nite/fd2log

	- to do disk accounting

		# /usr/lib/acct/dodisk

	- to create a monthly accounting report

		# /usr/lib/acct/monacct fiscal_number

	- to print tacct.h file in ASCII format

		# /usr/lib/acct/prtacct filename


Revision History
Created        on Jan  21 ,1993