===== Customize AIX server =====

  * root's home directory: don't use / as root home directory, if you reach 100% full, then it'll be hard to restart your server. ksh93 (1993) is supported by IBM and more recent than ksh (1988)
    My customization:
<cli prompt='#'>
mklv -t jfs2 -y rootlv rootvg 512M
crfs -v jfs2 -m /root -d rootlv -Ayes
mount /root
chuser home=/root shell=/usr/bin/ksh93 root
chuser fsize=-1 data=-1 root
Then logout an login
</cli>

  * cleanup of / directory:
<cli prompt='#'>
rm -r /.SPOT /.sh_history /.vi_history /smit* 
</cli>

  * Change differents values concerning: max number of groups in a server, max character for login, maximum length of the command line, max processes per user
<cli prompt='#'>
chdev -l sys0 -a ngroups_allowed=2048
chdev -l sys0 -a max_logname=256
chdev -l sys0 -a ncargs=1024
chdev -l sys0 -a maxuproc=16384
</cli>

  * Profile files
<cli prompt='#'>
cat > ~root/.profile_root << EOF
if [ "\$(whoami)" != "root" ]; then
        export PS1="[\$(whoami)@\$(/usr/bin/hostname -s)]\\\$PWD$ "
else
        export PS1="[\$(whoami)@\$(/usr/bin/hostname -s)]\\\$PWD# "
fi
set -o vi

alias lsvscsi='echo "cvai" | kdb | grep vscsi'
alias lsvfcs='echo "vfcs" | kdb | grep fcs'
alias ll='ls -lsa'
[ -x /usr/linux/bin/ls ] && alias lll='/usr/linux/bin/ls -lsa --color' # needs coreutils rpm package
EOF
</cli>

<cli prompt='#'>
cat > ~root/.profile <<EOF
EDITOR=/usr/bin/vi
HOSTNAME=\$(hostname)
set -o vi

. ~root/.profile_root
# If real TTY then allows BACKSPACE
if [ \$(tty | awk '{print \$1}' | egrep -q "Global|pts" ; echo \$?) -eq 0 ]
then
  stty erase ^?
fi
EOF
</cli>

<cli prompt='#'>
cat > ~root/.bashrc << EOF
EDITOR=/usr/bin/vi
HOSTNAME=$(hostname)
PS1="[\$LOGNAME@\$HOSTNAME]\$PWD# "
export EDITOR HOSTNAME PS1

if [ $(tty | awk '{print $1}' | egrep -q "Global|pts" ; echo $?) -eq 0 ]
then
  stty erase ^?
fi

. ~root/.profile_root
echo "BASH"

# Specific (add your custom entries)
EOF
</cli>

<cli prompt='#'>
echo "DTSOURCEPROFILE=true" > ~root/.dtprofile
</cli>

Add the following lines to /etc/profile:
<cli prompt='#'>
# cat /etc/profile
....
HOSTNAME=\$(/usr/bin/hostname -s)
PS1="[\$LOGNAME@\$HOSTNAME]\$PWD# "
export PS1

EDITOR=/usr/bin/vi
export EDITOR

EXTENDED_HISTORY=ON
HISTSIZE=10000
HISTTIMEFORMAT="%F %T "

export EXTENDED_HISTORY HISTSIZE HISTTIMEFORMAT

alias ll='ls -lsa'

export DSM_LOG=/tmp     # centralize all TSM logs dsmj.log

trap 1 2 3
</cli>

<cli prompt='#'>
cat >> /etc/environment << EOF
# VG mirroring parallelism
NUM_PARALLEL_LPS=12
EOF
</cli>

  * Remove all unused entries in the following files: /etc/rc.tcpip /etc/inetd.conf /etc/inittab

  * Update TZ variable into /etc/environment (needs a reboot)
    Ex: TZ=Europe/Luxembourg

  * Add a DNS and domain into /etc/resolv.conf (domain and/or search)
    Ex: 
        server 1.2.3.4
        server 2.5.6.8
        domain gggg.com
        search ggg.com aaa.com bbb.be  

  * Add into /etc/netsvc.conf the name resolution on local, allow IPV4 and IPV6 (needed for sendmail), and IPV4 on DNS
<cli prompt='#'>
echo "hosts=local,bind4" >> /etc/netsvc.conf
</cli>

  * Add after 127.0.0.1 the following line into /etc/hosts:
<cli prompt='#'>
::1 loopback localhost # needed for sendmail (IPV6 local resolution)
</cli>

  * Enable 1 or more time server into /etc/ntp.conf, and comment broadcastclient
<cli prompt='#'>
server 1.2.3.4 prefer
server 3.4.5.6
</cli>

Activate NTP service:
<cli prompt='#'>
chrctcp -S -a xntpd
stopsrc -s xntpd; startsrc -s xntpd
</cli>

  * Syslog config:
You can have more system logs than the errlog (errpt), you can activate syslog daemon. Logs files are text fomat.

Add the following lines in /etc/syslog.conf 
<cli prompt='#'>
[aix-srv@root] /root# cat /etc/syslog.conf
*.emerg /var/log/syslog/emerg.log rotate size 200k files 4 compress
*.alert /var/log/syslog/alert.log rotate size 200k files 4 compress
*.crit /var/log/syslog/crit.log rotate size 200k files 4 compress
*.err /var/log/syslog/error.log rotate size 200k files 4 compress
*.warning /var/log/syslog/warning.log rotate size 500k files 4 compress
*.notice /var/log/syslog/notice.log rotate size 500k files 4 compress
*.info /var/log/syslog/info.log rotate size 500k files 4 compress
*.debug /var/log/syslog/debug.log rotate size 500k files 4 compress
auth,authpriv.debug /var/log/syslog/auth.log rotate size 500k files 4 compress
</cli>

Create empty files for log, they won't be automatically created:
<cli prompt='#'>
[aix-srv@root] /root# mkdir -p /var/log/syslog
[aix-srv@root] /root# for file in $(cat /etc/syslog.conf | grep -v "^#" | awk '{print $2}')
do
touch $file
done
</cli>

Uncomment the entry for syslogd in /etc/rc.tcpip, or use the following command; then restart syslod:
<cli prompt='#'>
[aix-srv@root] /root# chrctcp -S -a syslogd
[aix-srv@root] /root# stopsrc -s syslogd; startsrc -s syslogd
</cli>

  * Backup system
To be able to recover your server, even if it never happens, customize your system image to store the minimum needed
Use the file /etc/exclude.rootvg (take care to syntax)
<cli prompt='#'>
/tmp/
^./mnt/
^./mksysb/
^./var/core/
</cli>

Command to backup:  mksysb -i -e /mksysb_images/node1

  * Dump device  sysdumpdev -K

  * Centralize core files, useful to centralize program cores to one place, best is to create a filesystem (1GB for example)
<cli prompt='#'>
mklv -tjfs2 -y corelv rootvg 1G
crfs -vjfs2 -d corelv -m /var/core -Ayes -a log=INLINE
mount /var/core
chmod 777 /var/core
chcore -c on -p on -l /var/core -n on -d
syscorepath -p /var/core
</cli>

  * add additionnal fileset like: rpm: logrotate, rsync, tar, zip, unzip, bzip2, bash, lsof...
<cli prompt='#'>
# bash
rpm -Uhv bash-4.3-16.aix5.1.ppc.rpm

# lsof
rpm -Uhv lsof-4.88-1.aix7.1.ppc.rpm

# coreutils
rpm -Uhv libgcc-4.8.3-1.aix7.1.ppc.rpm
rpm -Uhv libstdc++-4.8.3-1.aix7.1.ppc.rpm
rpm -Uhv gettext-0.10.40-8.aix5.2.ppc.rpm
rpm -Uhv info-5.1-2.aix5.1.ppc.rpm
rpm -Uhv gmp-6.0.0a-1.aix5.1.ppc.rpm
rpm -Uhv libiconv-1.14-2.aix5.1.ppc.rpm
rpm -Uhv coreutils-8.24-1.aix5.1.ppc.rpm

# logrotate
rpm -Uhv popt-1.16-1.aix5.1.ppc.rpm
rpm -Uhv logrotate-3.8.2-1.aix5.1.ppc.rpm

# rsync
rpm -Uhv rsync-3.1.1-1.aix5.1.ppc.rpm

# tar
rpm -Uhv tar-1.28-1.aix5.1.ppc.rpm 

# zip
rpm -Uhv bzip2-1.0.6-1.aix5.1.ppc.rpm 
rpm -Uhv unzip-6.0-2.aix5.1.ppc.rpm 
rpm -Uhv zip-3.0-1.aix5.1.ppc.rpm

# grep - sed
rpm -Uhv sed-4.2.2-1.aix5.1.ppc.rpm  
rpm -Uhv zlib-1.2.8-1.aix5.1.ppc.rpm
rpm -Uhv readline-6.3-5.aix5.1.ppc.rpm
rpm -Uhv pcre-8.36-1.aix5.1.ppc.rpm
rpm -Uhv grep-2.21-1.aix5.1.ppc.rpm


# vnc server
rpm -Uhv libjpeg-9a-1.aix5.1.ppc.rpm 
rpm -Uhv tightvnc-server-1.3.10-2.aix5.1.ppc.rpm

# tmux / screen (background applications) + UTF8 locales
installp -agXY -d ./  bos.loc.utf.EN_US
rpm -Uhv tmux screen
</cli>

Minimum NO (Network Options) options for gigabit ethernet:
<cli prompt='#'>
no -p -o udp_recvspace="655360"
no -p -o udp_sendspace="65536"
no -p -o tcp_recvspace="262144"
no -p -o tcp_sendspace="262144"
no -p -o udp_pmtu_discover="0"
no -p -o tcp_pmtu_discover="0"
no -p -o rfc1323="1"
# For linux NFS mount
# nfso -p -o portcheck="1"
# nfso -p -o nfs_use_reserved_ports="1"

</cli>
 
**Info:**
<code> to connect to VNC, start a session (vncserver :1) on session 1 for example, 
use a VNC viewer and select <IP_address>:<session_number>, or http://<IP_address>:5800+<session_number>
</code>
  * Resize the filesystems with minimum /var 512M, /tmp 1G, / keep 40%free

  * check paging space 2GB minimum

  * Create an mksysb script, for example **mksysb.sh** and environment file **.env**
<cli>
# cat .env
</cli>
<code>
# global variables for all scripts
export binpath=/root/scripts
export sn=`basename $0 | cut -d. -f1`
export HOSTNAME=`/usr/bin/hostname`
export logpath=/root/scripts/logs
export logname=$logpath/$sn.log
export configfile=$binpath/$sn.cfg
export destination="test@gmail.com"
</code>
<cli>
# cat mksysb.sh
</cli>
<code>
#!/bin/ksh93
#set -x
#############################################
#@(#) create mksysb on NIM server
#############################################
# version 1.0 21-02-2019
# version 1.1 07-2023 Add timeout and check proc
#############################################

dir=`dirname $0`
. $dir/.env

NUM=`date +%y%m%d%H%M`
LOCAL_PATH=/mnt
VERSION_EXIST=1
REMOTE_BACKUP_SERVER=nimprod
REMOTE_PATH=/export/mksysb
UMOUNT=1
HOSTNAME=$(hostname -s | tr 'A-Z' 'a-z')
PID=$$
TIMEOUTPROC=3600

#---------------------
check_running ()
{
echo "########################################"
echo `date`" : Begin of "$SN

echo $PID
if [ $(ps -ef | grep -v grep | grep -v "$PID" | grep -v tail | grep -q mksysb; echo $?) -eq "0" ]
then
  echo "### Process mksysb is still running"
  ps -ef | grep -v grep | grep mksysb
  mailx -s "Mksysb $SN failed to start on AIX $HOSTNAME " $destination < $logname
  exit 1
else
  echo "### Process mksysb is not Running --> OK"
  echo "Starting mksysb"
fi
}


#---------------------
create_mksysb ()
{
echo "########################################"
echo `date`" : Begin of "$SN

if [ "$VERBOSE_LOGGING" = "high" ]
then
    set -x
fi

if [ "$HOSTNAME" == "${REMOTE_BACKUP_SERVER}" ]
then
  MKSYSB_PATH=$REMOTE_PATH
else
  MKSYSB_PATH=$LOCAL_PATH
  mount -o vers=4,soft,intr $REMOTE_BACKUP_SERVER:$REMOTE_PATH $MKSYSB_PATH
  if [ $? -ne 0 ]
  then
    echo "NFS mount failed"
    exit 1
  fi
  UMOUNT=0
fi

# Remove old mksysb
NOB=`ls $MKSYSB_PATH | grep $HOSTNAME  | wc -l | awk '{print $1}'`
while [[ "$NOB" -ge $VERSION_EXIST ]]
do
  FILE=`ls -rt $MKSYSB_PATH | grep "${HOSTNAME}_" | head -1`
  if [ -f $MKSYSB_PATH/$FILE ]
  then
    echo "Removing mksysb $FILE"
    rm -f $MKSYSB_PATH/$FILE
  fi
  let NOB=NOB-1
done

# make new backup
echo "Starting backup of `hostname`"
echo "Backup of / and exclude files from /etc/exclude.rootvg"
/opt/freeware/bin/timeout $TIMEOUTPROC mksysb -e -i -X ${MKSYSB_PATH}/${HOSTNAME}_mksysb
RC=$?
if [ $RC -gt 0 ]
then
  echo $RC
  mailx -s "Mksysb $SN failed on AIX $HOSTNAME " $destination < $logname
fi

echo "Mksysb size in GB"
du -sg ${MKSYSB_PATH}/${HOSTNAME}_mksysb

if [ $UMOUNT -eq 0 ]
then
  umount $MKSYSB_PATH
fi

echo `date`" : End of "$SN
}

######################
main ()
{
echo "########################################"
echo `date`" : Begin of "$SN

check_running
create_mksysb
}

main > $logname 2>&1
</code>

  * Now check also: [[aix:post_upgrade|Pre and Post upgrade or migration actions]]

<code>
*******************************************************************************
*                                                                             *
*  IT IS AN OFFENSE TO CONTINUE WITHOUT PROPER AUTHORIZATION.                 *
*                                                                             *
*  This system is for the use of authorized users only. Individuals using     *
*  this computer system without authority, or in excess of their authority,   *
*  are subject to having all of their activities on this system monitored and *
*  recorded by system personnel. In the course of monitoring individuals      *
*  improperly using this system, or in the course of system maintenance, the  *
*  activities of authorized users may also be monitored. Anyone using this    *
*  system expressly consents to such monitoring and is advised that if such   *
*  monitoring reveals possible evidence of criminal activity, system          *
*  personnel may provide the evidence of such monitoring to law enforcement   *
*  officials.                                                                 *
*                                                                             *
*******************************************************************************
</code>