01. Convert Dos2unix in Place - Perl -I -Pe 'S/ R G' <Fully Qualified Path/Name>

PRAQNIQUES

======

Index for this document.... Search on the sequence number in case there is more full documentation (eg. find 18.)

8E08B46DCB99DA4278C860F37A

Daily use (20120517-1012)

======

01. Convert dos2unix in place - perl -i -pe 's/\r//g' <fully qualified path/name>

Convert with nawk 'sub("$", "\r")' LOGS/20111107_073010_stageing_content.txt > LOGS/20111107_073010_stageing_content.txt3

Convert with sed in perl - system(" sed -e 's/\$/\r/' ${xcontfile} > ${xattachfile} ");

01a. Convert unix2dos - perl -pi -e 's/\n/\r\n/'

Convert unix2dos - sed s/$/$'\r'/ < input.txt > output.txt

02. List dirs indented - ls -R | grep ':$' | sed -e 's/:$//' -e 's/[^-][^\/]*\//|--/g' -e 's/^/ /'

03. List the netgroups on a server - cat /etc/passwd |grep +@ |awk -F: '{print $1}' |awk -F\@ '{print $2}'

Must be on a Solaris box for this command.eg. pcredit01

EXAMPLE:

login as: as EE pwh-sas17lp2

g8udoc@pwh-sas17lp2's password:

% sudo -H -u badftpp sudo-sh; export TMOUT=0; cd /export/appl/badops/tools/dse

g8udoc's Password:

% export TMOUT=0; cd /export/appl/badops/tools/dse

% /export/appl/badops/tools/dse/WRK/getnetg.ksh dcredit-sas03lp2

04. nmon -h (help) -t for total CPU - wait for the screen to refresh as it is many CPUs

05. Display or list only files Type the following command: ls -l | grep -v '^d'

06. EMM reports:

07. Turn off sudo timeout once you are in sudo: export TMOUT=0

08. MUST BE ON SOLARIS psysadm50% ldaplist -l passwd m5prod |grep userPassword userPassword: {crypt}*NOLOGIN*

09. Reboot schedules found at:

and

10. IP address - /usr/sbin/ifconfig -a

11. direct login - m5prod - (must be solaris) dcredit01% ldaplist -l passwd m5prod |grep userPassword (KEY IS ctl-f/ldapdcc)

userPassword: {crypt}*NOLOGIN*

12. LUN/SAN - > lsvg (result rootvg oscopyvg1 DG01_T1 DG01_T0 DG01_T3 DG01_T2 oscopyvg2

, > lsvg DG01_T2 | grep FREE

13. Usage investigation - du -khsa /appl/fa_data_t/cw_0/input/interestRate/2.2.CW/*

14. Usage investigation (AIX) - du -sg /export/appl/lw_data_d/prod/lwprod/lfm/*

15. Numeric userid (solaris only - dcredit01) ldaplist -l passwd m5prod |grep idNumber

gidNumber: 8209

uidNumber: 33639

16. perl create a dir if it does not exist - unless(-d $dir){mkdir $dir or die;}

17. perl code for MD5 perl for files hash

18. Here are the command lines to test SAS - Nishit

19. Evaluate FS sizes with df - Eval this from John on 8/26

20. Creation of a lockdown doc and ticket xxx

21. ASD install issues 4/22/11

22. ps -ef |grep rsync |grep badops - check for hung async (John Simon)

23. date; pwd; ls -laR|grep -v "\-\-\- "|grep -v "total "|grep -v "vbadf" <--- get universal read/execute

24. date; uname -a ; df -gs /export/appl/lw_data_p3 <---AIX df

25. Outlook logon correction faq

26. Link to good advanced vi (Visual editer cmds)

27. Perl output to screen AND logfile - LoadAll.sh 2&1 | tee -a Load.log

28. Delete a file with no name or special char in the name.

First find out file inode number with any one of the following command:

stat file-name OR ls -il file-name If you cannot type the file name, just use * instead of file-name.

Use find command as follows to find and remove the specified file:

find . -inum [inode-number] -exec rm -i {} \;

29. find and list all directorys in the current directory

find . | xargs perl -e '@ARGV = grep( -d $_ , @ARGV); print "@ARGV \n"'

30. Link to Cygwin - \\fanniemae.com\CORP\DC\SHARED\DAC\CYGWIN-15X

31. Change the -mdate (last modified date) - touch -t 200012311800 employees.txt

32. rsync --dry-run -razvv /export/appl/lw_archive_p/* /export/appl/bad_archive1_p (From John Simon)

then if all looks good

nohup rsync -razvv /export/appl/lw_archive_p/* /export/appl/bad_archive1_p &

Note: remove the -z turn of the real-time verify to speed a factor of 2x

Runs ~11GB/hr on same server. Remove z to transfer raw to speed up and use cksum against directories to verify.

======

EXAMPLE WITH OUTOUT NAMED bad_data1_w [and nohup]

rsync --dry-run -ravv /export/appl/lw_data_p2/* /export/appl/bad_data1_w

then if all looks good

nohup rsync -ravv /export/appl/lw_data_p2/* /export/appl/bad_data1_w &

To check the structure of the output:

ls -laR /export/appl/bad_data1_w/* | grep ":" | grep -v "drw" | tail -5

To watch it grow:

cd /export/appl/badops/tools/arc/

WRK/archive/watcher51.bsh bad_data1_w

33. To play with - alias jobs=` ps -e -a -o user,pid,etime,pcpu,args | grep /export/apps/sas | grep -v /utilities/bin | grep -v grep | sort`

From 17lp2 lwprod sudo alias

34. grep examples (LOTS)

35. How to get a server or dns name for and IP address - by Kate Dougherty

% nslookup <IP Address>

example:

35a. $ cp filename{,.bak} --> In this one-liner filename{,.bak} gets copied filename.bak

36. Using cut to Print out unique lines in a file

- Print out unique lines in a file

cat LOGS/CMDSRUN.txt| sort -n | uniq |head

- Print out unique lines in a file for csv selecting 2nd field

cat LOGS/CMDSRUN.txt| cut -d',' -f 2 | sort -nr | uniq |head

cut -d ' ' -f2,3 filename is equivalent to awk -F'[ ]' '{ print $2, $3 }' filename

37, Get "ALL" the ldap information for userid g8udoc - by Kate Dougherty

- % ssh dcredit01 /usr/bin/ldaplist -l passwd g8udoc|grep gid

38. ======

Global find and/or replace

find ./VAL/RTI.d20120913DCCbackup/ -type f -exec grep "obrecht" {} \; -print <--- find in the directory files that contain paul_obrecht and print them

find ./VAL/RTI.d20120913DCCbackup/ | xargs perl -pi -e 's/paul_obrecht/ /g' <--- find in the directory files that contain paul_obrecht and replace them with a blank

39. ======

GET A NAME FROM A USERID ON UNIX

======

Check OS: uname -a

Solaris: ldaplist -l passwd g8udoc|grep cn:

AIX: getable -a passwd g8udoc

Linux: ldapsearch???

Linux:

40. #############################################################################################################

Get a nice clean recursive chmod without going outside the directory (like following links) (John Simon)

======

chmod -R -h 755 /export/appl/ain_archive2_p/LPpop

41. . ======

Quickies:

df -g |grep add ß Check the EPF env is on the server (addprod= prod, addacpt=acpt)

EPF Schuff:

Qtr: (extention [zip or tar] MUST be the same for bert as used in fred&ernie); -t is for trace only for checking – remove for live execution

ssh -o "StrictHostKeyChecking no" g8udoc@astate-db03 ls -ltr /export/appl/addacpt/controlfile|grep G7190 |grep 20122 ß ACPT

Fred: % ./run_epf.pl -a=20122 -g=G7190 -runenv=acpt -runper=QTR -f -ovrfile=/export/appl/rps_data1_p/input/BVDB/AVM-RPS_20122.zip -t

Ernie % ./run_epf.pl -a=20122 -g=G7190 -runenv=acpt -runper=QTR -e -ovrfile=/export/appl/rps_data1_p/input/BVDB/AVM-RPS_20122.zip -t

Bert: % ./run_epf.pl -a=20122 -g=G7190 -runenv=acpt -runper=QTR -b -ovrfile=/export/appl/rps_data1_p/input/BVDB/AVM-RPS_20122.zip -t

Mon: (MON has 6 digit date, below is month 12 || QTR is 5 digits [q-1-4], above is 2nd)

ssh -o "StrictHostKeyChecking no" g8udoc@pstate-db03 ls -ltr /export/appl/addprod/controlfile|grep G7190 |grep 201212 ß PROD

Fred: % ./run_epf.pl -a=201212 -g=G7190 -runenv=prod -runper=MON -f -ovrfile=/export/appl/rps_data1_p/input/BVDB/AVM-RPS_20122.zip -t

Ernie % ./run_epf.pl -a=201212 -g=G7190 -runenv=prod -runper=MON -e -ovrfile=/export/appl/rps_data1_p/input/BVDB/AVM-RPS_20122.zip -t

Bert: % ./run_epf.pl -a=201212 -g=G7190 -runenv=prod -runper=MON -b -ovrfile=/export/appl/rps_data1_p/input/BVDB/AVM-RPS_20122.zip -t

42. ======

TRANSFER A FILE WITH SCP THAT HAS A SAS GDG (INVALID # CHARACTER IN THE FILE NAME)

On the sourceserver:

% ls -il lasdbkp*

% find . -inum 13

% find . -inum 13 -exec echo {} \;

% find . -inum 13 -exec chmod 777 {} \;

% find . -inum 13 -exec scp {} badftpp@dcredit-sas02lp1:/export/appl/a2z_data4_d/lwprod/loan_performance/201210/LASD/ \;

On the target server:

% cd /export/appl/a2z_data4_d/lwprod/loan_performance/201210/LASD/

% find . -inum 77921 -exec mv {} dstrs_clm_draft.sas7bdat

% ls -ltr

% uname -a; pwd;cksum dstrs_clm_draft.sas7bdat

43. How 2 add an acl on a linux box======

1) Sudo to t2runp on plgrid-ugc04 -dcc

2) cd /appl/t2prod -dcc

3) mkdir -p /appl/t2prod/mfcw/stage -dcc

4) setfacl -m u:a0prod:rwx /appl/t2prod/mfcw/stage –dcc

44. ======

Find if a server name is in the name server

sudo-sh[badftpp@pwh-sas17lp2]$ nslookup pwh-sas17lp2

Server: 158.137.218.75

Address: 158.137.218.75#53

Name: pwh-sas17lp2.fanniemae.com

Address: 10.204.64.27

sudo-sh[badftpp@pwh-sas17lp2]$

45. Add one of yours! ======

======

======

======

======

======

======

======

======

BELOW ARE CHRONOLOGICAL REFERENCES - (search in line number (LIKE: 38.) to see if there is more explanation)

======

//////////////////////////////////////////

sudo-sh[lwftpp@pwarehouse-rsas17lp1]$ date; pwd; ls -R | grep ':$' | sed -e 's/:$//' -e 's/[^-][^\/]*\//|--/g' -e 's/^/ /'

Tue Jun 7 13:09:17 EDT 2011

/export/appl/lw_data_d/prod

|--lwprod

|--|--lfm

|--|--|--lfm_201103

|--|--|--|--basedata

|--|--|--|--inputs

|--|--|--|--outdata

|--|--|--lfm_201104

|--|--|--|--basedata

|--|--|--|--inputs

|--|--|--|--logs

|--|--|--|--|--saslog

======

6/24/11 From Karuna Nidhi Chelmella(show dir sizes/usages)

sudo-sh[badftpp@tcredit01]$ pwd

/appl/fa_data_t/cw_0/input/interestRate

sudo-sh[badftpp@tcredit01]$ du -khsa 2.2.CW/*

12G 2.2.CW/grp1

14G 2.2.CW/grp2

9.8G 2.2.CW/grp3

48G 2.2.CW/grp4

76G 2.2.CW/nat

sudo-sh[badftpp@tcredit01]$ du -khsa 2.2.CW/nat/*|grep 201106

3.1G 2.2.CW/nat/201106

0K 2.2.CW/nat/201106IS

0K 2.2.CW/nat/201106IS_binary_suse

0K 2.2.CW/nat/201106IS_binary_unix

sudo-sh[badftpp@tcredit01]$ du -khsa 2.2.CW/nat/*|grep 201105

5.7G 2.2.CW/nat/201105

746M 2.2.CW/nat/201105IS

670M 2.2.CW/nat/201105IS_binary_suse

670M 2.2.CW/nat/201105IS_binary_unix

sudo-sh[badftpp@tcredit01]$ du -khsa /appl/fa_data_t/cw_0/input/interestRate/2.2.CW/*

12G /appl/fa_data_t/cw_0/input/interestRate/2.2.CW/grp1

14G /appl/fa_data_t/cw_0/input/interestRate/2.2.CW/grp2

9.8G /appl/fa_data_t/cw_0/input/interestRate/2.2.CW/grp3

48G /appl/fa_data_t/cw_0/input/interestRate/2.2.CW/grp4

76G /appl/fa_data_t/cw_0/input/interestRate/2.2.CW/nat

sudo-sh[badftpp@tcredit01]$

======

09. 6/10/11 From John Simon...

Clarke, Dale C [5:12 PM]:

John is there a central log for weekend reboots that are public?

Simon, John V [5:13 PM]:

Autosys:

Clarke, Dale C [5:13 PM]:

thx

Simon, John V [5:13 PM]:

VCS:

Clarke, Dale C [5:15 PM]:

======

6/5/11 From John Simon...

How to see if it has direct login - m5prod

psysadm50% ldaplist -l passwd m5prod |grep userPassword

userPassword: {crypt}*NOLOGIN*

//////////

See if a user id has dierect native login.

ldaplist -l passwd <userid> |grep userPassword

For example, if direct login is disabled it will look like this:

psysadm04% ldaplist -l passwd vnothp |grep userPassword

userPassword: {crypt}*NOLOGIN*

If direct login is NOT disabled there will be an encrypted string:

psysadm04% ldaplist -l passwd g2ujas |grep userPassword

userPassword: {crypt}CMvrgwerav49sj

//////////

======

6/5/11 From John Simon...

Quick question... Do u use putty? If so is there a NO TMOUT type command like the sudo

Answer:

sudo -H -u m5prod sudo-sh

export TMOUT=0

command

======

6/3/11 From John Simon...

See if a user id has dierect native login.

ldaplist -l passwd <userid> |grep userPassword

For example, if direct login is disabled it will look like this:

psysadm04% ldaplist -l passwd vnothp |grep userPassword

userPassword: {crypt}*NOLOGIN*

If direct login is NOT disabled there will be an encrypted string:

psysadm04% ldaplist -l passwd g2ujas |grep userPassword

userPassword: {crypt}CMvrgwerav49sj

5/30/11

======

Dale,

These answers are pretty straight forward.

1. Q: What is the AD access that should requested here?

ANSWER: since you have to write to the folder, you will need, Read/Write (-RW, .FC, etc)

2.1. Q: From the listing Karuna sent how would I know the access needed;

ANSWER: Again pretty easy to figure out: The security group aligns EXACTLY up with the AD PATH

- Since the AD PAth is: .... fanniemae.com\corp\DC\Shared\Finance\SFFinanceBAD\HPF

This means the associated security group would be: SG-DC-Shared-Finance-SFFinanceBAD*

NOTE: the SG in front means "Security Group"

While in my prifile I requested to add access to this path and pulled up the following:

- SG-DC-SHARED-FINANCE-SFFINANCEBAD-FC

2.2 Q: i.e. what alias?

ANSWER: The alias that is required is already in the HPFA Phase 2 runbook: > cd SFFINANCEBAD/HPF

This means that you can infer the alias is: SFFINANCEBAD and translates to: \\fanniemae.com\corp\DC\Shared\Finance\SFFinanceBAD

3. Q: Should we all request it?

ANSWER: Yes, at least ALL Engineers

5/24/11

======

From: Simon, John V

Sent: Wednesday, May 18, 2011 11:04 AM

To: Chen, Jennifer; Hadavi, Behrooz; Elsinger, James A; Milner, Christopher (Contractor)

Cc: Mahensaria, Udit (Contractor); Karayi, Sanjith K

Subject: RE: HPFA Production Security with SFTP

Here is an example of how to generate, convert and run this. In this case it was UNIX to UNIX. The only difference for AD would be to take the converted public key and have it added to the user you are logging into on the AD side.:

$ pwd

/tmp/g2ujas

$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/g2ujas/.ssh/id_rsa): /tmp/g2ujas/id_rsa

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /tmp/g2ujas/id_rsa.

Your public key has been saved in /tmp/g2ujas/id_rsa.pub.

The key fingerprint is:

85:ef:52:b1:5e:72:bc:bd:01:93:7f:65:8b:e1:c6:ed g2ujas@pstate-etl04

$ ls -la

total 64

drwxr-xr-x 2 g2ujas admstaff 247 May 18 10:52 .

drwxrwxrwt 7 root sys 1912 May 18 10:51 ..

-rw------1 g2ujas admstaff 1675 May 18 10:52 id_rsa

-rw-r--r-- 1 g2ujas admstaff 401 May 18 10:52 id_rsa.pub

$ ssh-keygen -e -f id_rsa.pub > fsecure.pub

$ cat fsecure.pub

---- BEGIN SSH2 PUBLIC KEY ----

Comment: "2048-bit RSA, converted from OpenSSH by g2ujas@pstate-etl04"

AAAAB3NzaC1yc2EAAAABIwAAAQEA0JntIWU2eC4WhoP6ES/hzpe/Js5lHpilh0JH3EDvt9

YKxP5c3oXalzGZyxgG1o7cQlWfPtKB4hcNOEnwCvrkm0ZuceLbDpvDO2MakCvtVcmIeLa9

xFhZ0A/apTc0wSPiJ5fJUdZj+c6lmI9OQWxcpOUYFDdjtPRXlNnPjt3xVlDyxm0RWz0PQH

bx3ff1hhHXrKMhH+YE2O0OdvTzsMZ0FKpExGubtK0Wx3wAkB/S0Ns4KpVxq3wtUvqpg7U0

1OYuyVN25bzkEgpAyRhFNO1woaLymD7HKfVrhuVx/cwt3PbOsnJsbV8yZSlu2ZiEiDztcX

UoqoWZow1mfmfVNYOZmw==

---- END SSH2 PUBLIC KEY ----

$ cat id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0JntIWU2eC4WhoP6ES/hzpe/Js5lHpilh0JH3EDvt9YKxP5c3oXalzGZyxgG1o7cQlWfPtKB4hcNOEnwCvrkm0ZuceLbDpvDO2MakCvtVcmIeLa9xFhZ0A/apTc0wSPiJ5fJUdZj+c6lmI9OQWxcpOUYFDdjtPRXlNnPjt3xVlDyxm0RWz0PQHbx3ff1hhHXrKMhH+YE2O0OdvTzsMZ0FKpExGubtK0Wx3wAkB/S0Ns4KpVxq3wtUvqpg7U01OYuyVN25bzkEgpAyRhFNO1woaLymD7HKfVrhuVx/cwt3PbOsnJsbV8yZSlu2ZiEiDztcXUoqoWZow1mfmfVNYOZmw== g2ujas@pstate-etl04

$ ls -la

total 96

drwxr-xr-x 2 g2ujas admstaff 449 May 18 10:53 .

drwxrwxrwt 7 root sys 1912 May 18 10:53 ..

-rw-r--r-- 1 g2ujas admstaff 0 May 18 10:52 commercial.pub

-rw-r--r-- 1 g2ujas admstaff 75 May 18 10:56 config

-rw-r--r-- 1 g2ujas admstaff 511 May 18 10:52 fsecure.pub

-rw------1 g2ujas admstaff 1675 May 18 10:52 id_rsa

-rw-r--r-- 1 g2ujas admstaff 401 May 18 10:52 id_rsa.pub

$ cat config

IdentityFile /tmp/g2ujas/id_rsa

UserKnownHostsFile /tmp/g2ujas/known_hosts

$ sftp -F /tmp/g2ujas/config g2ujas@dsysadm15

Connecting to dsysadm15...

Could not create directory '/home/g2ujas/.ssh'.

The authenticity of host 'dsysadm15 (10.210.68.15)' can't be established.

RSA key fingerprint is f2:ec:6d:6b:13:2a:3f:ec:9a:85:54:34:2a:d2:cb:79.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'dsysadm15,10.210.68.15' (RSA) to the list of known hosts.

sftp> ls -la

drwxrwxr-x 23 g2ujas admstaff 2048 Apr 18 16:54 .

dr-xr-xr-x 31 root root 31 May 18 10:55 ..

drwxr-xr-x 3 g2ujas admstaff 96 Jan 14 2008 .NetscapeCalendar

-rw------1 g2ujas admstaff 594 Jun 21 2008 .TTauthority

-rw------1 g2ujas admstaff 55 Aug 4 2010 .Xauthority

-rw-r--r-- 1 g2ujas admstaff 451 Sep 2 2004 .Xdefaults

drwx------2 g2ujas admstaff 96 Oct 25 2004 .acrobat

-rw------1 g2ujas admstaff 237 Oct 25 2004 .acrosrch

drwx------2 g2ujas admstaff 96 Oct 25 2004 .adobe

-rw------1 root other 10479 Apr 7 17:03 .bash_history

-rw-r--r-- 1 g2ujas admstaff 859 Mar 29 2010 .cshrc

-rw-r--r-- 1 g2ujas admstaff 1731 Nov 24 2004 .desksetdefaults

drwxr-xr-x 14 g2ujas admstaff 1024 Jun 25 2008 .dt

5/12/11

======

______

From: Perera, Anthony H

Sent: Thursday, May 12, 2011 4:38 PM

To: Chelmella, Karuna Nidhi; Clarke, Dale C

Cc: Elsinger, James A; BA-D Operations

Subject: How to check diskspace on a server

<k2uahp@pcredit-sas01lp2> 21: lsvg

rootvg

DG01_T1

DG01_T2

DG01_T3

oscopyvg1

oscopyvg2

<k2uahp@pcredit-sas01lp2> 22:

<k2uahp@ccredit-sas01lp2> 25: lsvg DG01_T2| grep FREE

MAX LVs: 4096 FREE PPs: 780 (49920 megabytes)

<k2uahp@ccredit-sas01lp2> 26:

21. ASD install issues 4/22/11

======

From: Beutler, Joshua (Contractor)

Sent: Friday, April 22, 2011 11:20 AM

To: Clarke, Dale C

Subject: ASD install issues

Dale,

If you have any other install issues relating to drive space, try this fix and see if it helps.

Go to Start > Settings > Control Panel > System Management > Advanced Tab.

Increase the size of the temporary program download folder.

If you have any other questions please feel free to contact the 7s.

Thanks!

Josh

CSC

4/21/11 ROM Flash for 8440p?

======

HP Notebook System BIOS Update (ROM Family 68CCU)

From: Teates, Mike B (Contractor)

Sent: Thursday, April 21, 2011 2:16 PM

To: Teates, Mike B (Contractor); Clarke, Dale C

Subject: Conversation with Teates, Mike B (Contractor), Clarke, Dale C

Teates, Mike B (Contractor) [2:09 PM]:

20. 3/16/11 Creation of a lockdown doc and ticketxxx

======

From: Elsinger, James A

Sent: Wednesday, March 16, 2011 2:02 AM

To: Madduri, Anuradha X (Contractor); Jones, Annette X

Cc: Rogensues, Gary (Contractor); Perera, Anthony H; Clarke, Dale C

Subject: Plan for RPS Production environment setup and LOCKDOWN

Importance: High

Anu/Annette,

Can one of you please submit an OPERATIONAL, LOW Risk Change ticket to support a Production Lockdown of the RPS production environment. Please plan the lockdown for 3/17 0800 -7/231700. Attached is the DRAFT version of the full lockdown instructions

The full path of the RPS buildout in is the Draft Runbook. However, below is the full list:

Server: pcredit-sas01lp2

/sastemp_rps1_pSAS Temp*1250rpsprodrpsprod1750

/export/appl/rpsprodCode/Scripts210rpsprodrpsprod755

/export/appl/rpsprod/binCode/Scripts210vbadfprpsprod750

/export/appl/rps_data1_pData Space2500rpsprodrpsprod750

/export/appl/rps_data2_pData Space2250rpsprodrpsprod750

/export/appl/rps_archive1_pArchive Space3500rpsprodrpsprod750

Long window Justification: Additional time is needed to support a pre-production shakeout of this new EUC.

Low Risk Justification: There is currently no executions occurring in this new RPS production area.

The details of the ticket should be the information noted in the DRAFT Production Runbook that related to the EUC setup; mkdirs, transferring ANY staged data, the setting up of Oracle interface as well as review of FS and Directory Ownership and Permissions to align with BADOps standard practices.

Gary,

Please verify the rpsprod SUDO is working properly on the production server.

Elsinger, James A

BA&D Operations Manager

Analytics, Finance & Controls

(202) 520-1889

vvvvvvvv======

Operational Remedy Change Ticket - Detailed Description:

======

Purpose: This Operational Change ticket is to prepare the <EUC> environment for controlled process by managing ownership and permissions. This ticket is also to verify and ensure the input data for <EUC> can be successfully read or transferred from interfaces servers in associated SLA’s and/or the server list as noted below for current month data or setup of historical data.

LONG WINDOW JUSTIFICATION: This lockdown process is scheduled to run into a weekend and could therefore take 5-6 days.

LOW RISK JUSTIFICATION: This change does not require downtime or reboot. No user sessions or applications are impacted.

Hosts affected:

======

pcredit-sas01lp2,

<Additional Servers see Final Draft Runbook>

Please verify you can sudo to both the OPS Transfer ID as well as the EUC Prod Execution ID <

SETUP INSTRUCTIONS

======

- As necessary, make sure the Execution Engineer (EE) is logged into pcredit-sas01lp2 and sudo-ed as necessary to RPS Prod Execution ID: rpsprod

Alternate: sudo-ed to OPS ID <badftpp> to support file transfers…

Verification:

NON PROD: > sftp <EE ID>@dcredit-sas01lp1

PROD: > sftp <EE ID>@ pcredit-sas01lp2

1.) Build structure

Create the following sub-folder in <EUC> AD structure:

Example: \\fanniemae.com\corp\dc\shared\RE07\PROD\GAGOValSingleFam\HPFA\2009Q3_200912\Data

Create the FS and Directory Structure (SEE Runbook line ??

Example:

As necessary, make sure that the Execution Engineer is logged into pwh-sas17lp2 and sudo-ed to

> login /usr/SYSADM/bin/ssh to pwh-sas17lp2<using Execution Engineers own ID>

sudo -H -u badftpp sudo-sh

mkdir /export/appl/<APPLCODE>_data_p/input

mkdir /export/appl/<APPLCODE>_data_p/output

mkdir /export/appl/<APPLCODE>_data_p/input/

mkdir /export/appl/<APPLCODE>_data_p/output/200912

> quit

2.) Transfer all “One Time” Staged data (SEE Runbook line ?? <If Applicable>

3.) Adjust / Configure permissions and ownership for both Data and Code areas to ensure structure and data files are in lockdown.

- Ensure the permissions and ownership are correct as they are noted in the Infrastructure REQUIREMENTS document

LOCKDOWN INSTRUCTIONS

======

Parameter: <APPLCODE> = “rps”

***3a.) CODE

- In General: Code area Settings: ID = vbadfp, Group - <APPLCODE>prod

Instructions

======

Log in to pwh-sas17lp2 using CM ID (vbadfp) and cd /export/appl/<APPLCODE>prod

Ensure CM ID owns all code (vbadfp)

- Code transfers should be completed with CM ID

NOTE: Please change the group ownership of code from faptcm (IF present) to EUC UNIX group to "<APPLCODE>prod" on Production and <APPLCODE>acpt on Acceptance of the code areas to be in line with standard practices. <--CONFIRMED (listing in the Activity tab)

- chgroup as necessary to <APPLCODE>prod permissions - 750 (ID = RW, Group should be Read Only, No universal

- NOTE: If there was any permission or ownership issues, pass to SCM Team to review the deployment script and make these adjustments as well.

Code Area Verification:

- Once complete with vbadfp owner ls -laR /export/appl/<APPLCODE>prod/<code area>

oExample: /export/appl/rpsprod/bin

* The code directory should only be 750 Recursive and NOT contain Universal Read/Write or Execute.

- cd to path /export/appl/<APPLCODE>prod

- all sub directory permissions should be 750 unless otherwise noted.

***3b.) DATA

-In General:

oInput data file Settings: ID = OPS Transfer ID (badftpp), chgroup should be <APPLCODE>prod or <APPLCODE>acpt in acceptance permissions – 640

oOutput and result data file Settings: ID = OPS EUC Execution ID (rpsprod), chgroup should be <APPLCODE>prod or <APPLCODE>acpt in acceptance permissions – 640

Instructions

======

Log in to pwh-sas17lp2 using rpsprod and cd /export/appl/<APPLCODE>_data_p or <APPLCODE>_data_a in acceptance