Skip navigation
All People > Patrick-Dussault > Patrick Dussault's Blog > 2016 > January
2016

If you want to simulate your Policy Server or Web Agent responding slowly on a Linux box, you can do some traffic control on the machine by using the tc command.

 

To set a delay of 100ms on the network interface :

 

# tc qdisc add dev eth0 root netem delay 100ms

 

to verify the configuration :

 

# tc -s qdisc

 

to remove the configuration

 

# tc qdisc del dev eth0 root netem

 

where eth0 is the network device.

Here a sample to compile Apache 2.2 on RedHat for SiteMinder Web Agent.

 

Do the commands as root.

 

# bunzip2 httpd-2.2.24.tar.bz2

# tar -xvf httpd-2.2.24.tar && ls -l

# cd httpd-2.2.24

# export LIBS=-lpthread

# ./configure --prefix=/opt/apache2224 --enable-so --enable-auth-digest --enable-rewrite --enable-setenvif --enable-mime --enable-deflate --with-ssl=/usr --enable-headers --enable-ssl

# make && make install

# /opt/apache2224/bin/apachectl -V

 

Server version: Apache/2.2.24 (Unix)

Server built:   Jan 15 2016 03:54:08

Server's Module Magic Number: 20051115:31

Server loaded:  APR 1.3.9, APR-Util 1.3.9

Compiled using: APR 1.3.9, APR-Util 1.3.9

Architecture:   64-bit

Server MPM:     Prefork

  threaded:     no

    forked:     yes (variable process count)

Server compiled with....

-D APACHE_MPM_DIR="server/mpm/prefork"

-D APR_HAS_SENDFILE

-D APR_HAS_MMAP

-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)

-D APR_USE_SYSVSEM_SERIALIZE

-D APR_USE_PTHREAD_SERIALIZE

-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

-D APR_HAS_OTHER_CHILD

-D AP_HAVE_RELIABLE_PIPED_LOGS

-D DYNAMIC_MODULE_LIMIT=128

-D HTTPD_ROOT="/opt/apache2224"

-D SUEXEC_BIN="/opt/apache2224/bin/suexec"

-D DEFAULT_PIDLOG="logs/httpd.pid"

-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"

-D DEFAULT_LOCKFILE="logs/accept.lock"

-D DEFAULT_ERRORLOG="logs/error_log"

-D AP_TYPES_CONFIG_FILE="conf/mime.types"

-D SERVER_CONFIG_FILE="conf/httpd.conf"

 

# /opt/apache2224/bin/apachectl start

 

Open a browser and access the server on port 80, it should returns :

 

It works !

Here is a sample of a for loop in Windows Dos shell :

 

    for %i IN (BIOS CPU ENVIRONMENT OS QFE) DO wmic %i list full /format:htable > %i.html

 

which means for each value in (), run wmic command with the value in parameter, and redirect the output to a file of the name of the value with extension .html

 

To get more information, run

 

    c:\> for /?

Here is a simple command to run on Linux RedHat to check each second any add or delete of a server or agent command set :

 

watch -n 1 "ldapsearch -h 130.119.151.137 -p 10002 -b "ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,dc=training,dc=com" -x "smCommand4=*" | egrep \"dn: smAgentCommandOID4=14|dn: smServerCommandOID4=13\""

 

Policy Store : 130.119.151.137

Policy Store Port : 10002

 

this is useful to see the Policy Server working for example when Key rollover is applied.

In order to list all files (including hidden ones) on a Linux / Unix System, you can run that command :

 

# ls –Rltrha / > ls.txt

 

That will give you all files with all permissions from root / in the ls.txt. This is useful to review an existing installation permissions and temporary files.

Note also that the /proc repository will give you details about all running processes.

If you need to get the trace of interactions between the

Policy Server process and the OS on AIX or Solaris, the

following command will give you detailed information :

 

# truss –adefl –o output.txt ./bin/smpolicysrv

 

The truss command output will be found in output.txt

If you need to read a certificate that you have produced from the command line, you can use this :

 

# openssl x509 -in cert.crt -text -noout

 

The certificate should have several lines in the data field, each ending with a carriage return char.

Under Linux, you can see the line ending character by :

 

# cat –A myservercert.pem