adminCtrlX – Simplifying System Administration

Installing & Configuring Solaris 9 (SPARC) on Ubuntu Using QEMU

Introduction:
Before modern cloud-native systems, enterprise infrastructure was powered by UNIX servers running on proprietary RISC hardware. One of the most influential platforms of that era was Sun Microsystems’ SPARC architecture running Solaris.
Solaris 9 (SunOS 5.9) represents a mature generation of classic UNIX — widely deployed in:

Banking systems
Telecom infrastructure
Government data centers
Enterprise application servers
Academic research labs

Today, physical SPARC hardware is rare and expensive. However, with QEMU’s SPARC emulation, we can recreate a fully functional Solaris 9 SPARC server on a modern Ubuntu machine.

This guide walks you through building a complete legacy UNIX lab environment including:

SPARCstation 5 emulation
Proper Sun disk labeling
Solaris Web Start installation
Bridged networking (tap0 → virbr0)
Static IP configuration
SSH remote administration

By the end, you will have a production-style Solaris 9 SPARC server running entirely in software — ideal for learning, testing, and preserving legacy UNIX skills.

1. Prepare Ubuntu Host
Update System

# apt update
# apt list --upgradable
Install Required Packages

# apt install qemu-system-sparc qemu-utils libvirt-daemon-system bridge-utils -y
Verify QEMU:

# qemu-system-sparc --version
Expected:

QEMU emulator version 8.x
Start libvirt (creates virbr0):

# systemctl enable libvirtd
# systemctl start libvirtd
# ip a | grep virbr0

2. Create Solaris Virtual Disk

# qemu-img create -f qcow2 /aix/image/disk-image/sparc.qcow2 20G

3. Create TAP Interface (tap0 → virbr0)

# ip tuntap add dev tap0 mode tap
# ip link set tap0 up
# ip link set tap0 master virbr0
# bridge link
You should see:

tap0 master virbr0

4. Boot Solaris 9 Installer (DVD)

# qemu-system-sparc \
-M SS-5 \
-m 512 \
-cpu "Fujitsu MB86904" \
-drive file=/aix/image/disk-image/sparc.qcow2,format=qcow2,if=scsi \
-drive file=/aix/image/disk-image/SOL_9_SPARC_DVD.iso,media=cdrom,readonly=on \
-netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
-device lance,netdev=net0,mac=52:54:00:11:22:33 \
-boot d \
-nographic

Key Options and Their Roles

qemu-system-sparc ---> Starts QEMU in SPARC architecture mode.

-M SS-5 ---> Emulates a SPARCstation 5 machine (sun4m architecture), required for Solaris compatibility.

-m 512 ---> Allocates 512 MB of RAM for smoother installation and operation.

-cpu "Fujitsu MB86904" ---> Specifies a SuperSPARC-compatible CPU to match Solaris 9 requirements.

Disk Drives:

-drive file=sparc.qcow2,format=qcow2,if=scsi → Virtual SCSI hard disk for Solaris installation.

-drive file=SOL_9_SPARC_DVD.iso,media=cdrom,readonly=on → ISO for installing Solaris 9.

Networking:

-netdev tap,id=net0,ifname=tap0,script=no,downscript=no → Uses TAP device tap0 for bridged network.

-device lance,netdev=net0,mac=52:54:00:11:22:33 → Adds LANCE NIC with fixed MAC address, supported by Solaris 9.

-boot d ---> Boots from CD-ROM (installer). After installation, change to -boot c to boot from the hard disk.

-nographic ---> Runs VM in terminal-only mode (no GUI), useful for servers or SSH setup.

Output:

qemu-system-sparc: type is NULL

Configuration device id QEMU version 1 machine id 32

Probing SBus slot 0 offset 0

Probing SBus slot 1 offset 0

Probing SBus slot 2 offset 0

Probing SBus slot 3 offset 0

Probing SBus slot 4 offset 0

Probing SBus slot 5 offset 0

Invalid FCode start byte

CPUs: 1 x FMI,MB86904

UUID: 00000000-0000-0000-0000-000000000000

Welcome to OpenBIOS v1.1 built on Dec 15 2025 12:33

Type 'help' for detailed information

Trying cdrom:d...

Not a bootable ELF image

Loading a.out image...

Loaded 7680 bytes

entry point is 0x4000

bootpath: /iommu@0,10000000/sbus@0,10001000/espdma@5,8400000/esp@5,8800000/sd@2,0:d

switching to new context:

SunOS Release 5.9 Version Generic 32-bit

Use is subject to license terms.

WARNING: /iommu@0,10000000/sbus@0,10001000/espdma@5,8400000/esp@5,8800000/sd@0,0 (sd0):

Corrupt label; wrong magic number

Configuring /dev and /devices

NOTICE: Couldn't set value (../../sun/io/audio/sada/drv/audiocs/audio_4231.c, Line #1748 0x00 0x88)

audio may not work correctly until it is stopped and restarted

Using RPC Bootparams for network configuration information.

Skipping interface le0

Searching for configuration file(s)...

Search complete.

5. Fix Disk Label:
At Solaris shell:

format
Select disk:

0. c0t0d0 <drive type unknown>
Define geometry:

Cylinders: 27304

Heads: 24

Sectors/track: 64

Heads: 24
Sectors/track: 64
Label disk:

format> label
Verify partitions:

Part 0 root
Part 1 swap
Part 2 backup
Part 6 usr
Exit:

format> quit

6. Install Solaris 9
Start installer if required:

# /sbin/suninstall
During installation choose:

Select a Language

0. English

Select a Locale

0. English (C - 7-bit ASCII)

What type of terminal are you using?

12) X Terminal Emulator (xterms)

This information will be used to configure:

Network

Kerberos Security

Name Service

Date and Time

Root Password

Power Management

Media:

1. CD/DVD

Types of install available:

1. Default Install

2. Custom Install

File System operations:

1. Print the current partition table

2. Modify a disk's partition table

3. Return to beginning

4. Done

The following items will be installed:

Solaris Operating Environment: Solaris 9 Software

Solaris Software Group: Entire Group

64-Bit Selection: No

Root Device: c0t0d0

File Systems:

Installation begins:

Installing Additional Software

|-1%--------------25%-----------------50%-----------------75%--------------100%|

Pausing for 30 seconds at the "Summary" screen. The wizard will continue to

the next step unless you select "Pause". Enter 'p' to pause. Enter 'c' to

continue. [c] c

Pausing for 90 seconds at the "Reboot" screen. The wizard will continue to

the next step unless you select "Pause". Enter 'p' to pause. Enter 'c' to

continue. [c]

syncing file systems... done

rebooting...

7. Boot from Installed Disk
Remove ISO and boot:

# qemu-system-sparc \
-M SS-5 \
-m 512 \
-cpu "Fujitsu MB86904" \
-drive file=/aix/image/disk-image/sparc.qcow2,format=qcow2,if=scsi \
-netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
-device lance,netdev=net0,mac=52:54:00:11:22:33 \
-boot c \
-nographic

8. Configure Static IP in Solaris
Identify interface:

# ifconfig -a
Output:

le0
Remove DHCP:

# rm /etc/dhcp.le0
Assign Static IP:

# ifconfig le0 plumb
# ifconfig le0 192.168.122.50 netmask 255.255.255.0 up
Set Gateway:

echo 192.168.122.1 > /etc/defaultrouter
DNS:

echo "nameserver 192.168.122.100" > /etc/resolv.conf
Reboot and verify.

9. Enable SSH Server
Check SSH packages:

# pkginfo | grep -i ssh

Start SSH:

/etc/init.d/sshd start
Test from Ubuntu:

ssh root@192.168.122.50

10. Boot the SPARC VM from CD-ROM

10.1 Make sure your VM boots from the Solaris 9 ISO:

# qemu-system-sparc \

-M SS-5 \

-m 512 \

-cpu "Fujitsu MB86904" \

-drive file=/aix/image/disk-image/sparc.qcow2,format=qcow2,if=scsi \

-drive file=/aix/image/disk-image/SOL_9_SPARC_DVD.iso,media=cdrom,readonly=on \

-netdev tap,id=net0,ifname=tap0,script=no,downscript=no \

-device lance,netdev=net0,mac=52:54:00:11:22:33 \

-boot d \

-nographic

-boot d ensures the VM boots from CD-ROM (Solaris installer).

-nographic runs the console in text mode.

After the system starts, log in as root (or installer if during installation) and make sure the CD-ROM is mounted.

10.2: Mount the CD-ROM (if not already mounted)

Solaris usually mounts the CD-ROM under /cdrom. Check with:

mount | grep cdrom

If it’s not mounted, manually mount it:

# mkdir -p /cdrom

# mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /cdrom

c0t6d0s0 is the typical Solaris device for the CD-ROM; check with format if it differs.

10.3: Install SSH packages

Install the SSH server packages included with Solaris 9:

# pkgadd -d /cdrom/solaris_9/Product SUNWsshdr

# pkgadd -d /cdrom/solaris_9/Product SUNWsshr

SUNWsshdr → SSH server header files and support files.

SUNWsshr → SSH server daemon.

Follow the prompts and accept defaults for a standard installation.

10.4: Verify SSH installation

Once installed, check the SSH daemon:

# svcs -a | grep ssh

If the service is not running, start it manually:

/etc/init.d/sshd start

Test SSH locally:

# ssh localhost

If it connects, your SSH server is working.

Conclusion:

Using QEMU on Ubuntu, you recreated a complete Solaris 9 SPARC server with authentic disk geometry and production-style networking — all without physical SPARC hardware.
This environment is perfect for UNIX learning, legacy application testing, and enterprise lab simulations.

Unix System Administrator

Welcome to TechSysAdm, your go-to blog for practical insights, troubleshooting tips, and best practices in managing mission-critical enterprise systems. Here, we cover everything from AIX, RHEL, SUSE Linux, Solaris, VMware, and Windows servers to enterprise databases and DevOps environments, helping IT professionals optimize performance, ensure reliability, and solve complex system challenges.

AWS Landing Zone Architecture – A Practical Foundation for Cloud Environments

Introduction:
Modern enterprises running workloads on Amazon Web Services need a strong foundation to ensure security, scalability, and operational control. As organizations grow, managing multiple teams, applications, and environments in a single AWS account becomes complex and risky.

An AWS Landing Zone provides a structured, well-governed cloud environment that enables teams to deploy workloads safely while following proven practices for security, networking, and compliance.

What Is an AWS Landing Zone?
An AWS Landing Zone is a multi-account AWS environment built using a standardized architecture. It defines how accounts are created, how networks are connected, how security is enforced, and how logs are collected across the organization.

The objective is to create a secure baseline that application teams can use without repeatedly solving the same foundational problems.

AWS Landing Zone Architecture Diagram:

Diagram Description:

The diagram represents a multi-account AWS Landing Zone with centralized governance, security, networking, and logging.
Key highlights from the architecture:

Centralized governance using a management account
Dedicated security and logging accounts
Hub-and-spoke networking model
Isolated workload environments
Secure on-premises connectivity

This architecture allows teams to deploy workloads while platform controls remain consistent across the organization.

Core Account Structure Explained:

Management Account:

The management account is responsible for:
Organization-wide governance
Account creation and lifecycle management
Central billing and cost controls
Policy enforcement

Security Account:
The security account centralizes:

Threat detection
Security monitoring
Compliance reporting
Vulnerability management

Security findings from all accounts are aggregated into this account for visibility and response.

Shared Services Account:
This account hosts common services such as:

Monitoring and alerting
Backup and recovery
Patch management
Shared operational tools

Network Account:
The network account acts as the connectivity hub:

Central routing using Transit Gateway
Secure VPC-to-VPC communication
Hybrid connectivity with on-premises data centers
Controlled ingress and egress traffic

Log Archive Account:
The log archive account stores:

Audit and access logs
Network flow logs
Security and compliance logs

Logs are retained in a centralized and tamper-resistant manner.

Workload Accounts:
Workload accounts host application environments such as:

Production
Pre-Production
Development
QA
Sandbox

Each environment is isolated to reduce risk and improve operational control.

Networking Design:
The Landing Zone uses a hub-and-spoke model where all workload VPCs connect to a central network hub. This design simplifies routing, improves security, and enables consistent traffic inspection.

Hybrid connectivity is achieved using dedicated links with secure fallback options.

Security Built into the Foundation:
Security is enforced at every layer:

Least-privilege access
Mandatory logging
Centralized monitoring
Preventive guardrails

This allows teams to innovate while staying within approved boundaries.

Benefits of This Architecture:

Strong isolation between environments
Centralized security and logging
Scalable network design
Faster onboarding of teams
Easier compliance and audits

Conclusion:
An AWS Landing Zone is not just an architecture—it is a cloud operating foundation. By separating responsibilities across dedicated accounts and enforcing centralized controls, organizations gain long-term stability and scalability.

A well-designed Landing Zone ensures that cloud growth remains secure, manageable, and aligned with business goals.

Unix System Administrator

Install QEMU PPC64 on Ubuntu 24.04.4 & Deploy IBM AIX 7.2 TL04 SP02

This document provides a step-by-step guide for installing QEMU (PPC64) on an Ubuntu Server virtual machine and deploying IBM AIX 7.2 TL04 SP02 (7200-04-02) using software-based POWER8 emulation.

Build a functional AIX lab environment on standard x86 hardware
Test AIX installations and configurations safely
Practice system administration tasks
Experiment with OpenSSH, networking, and storage configuration
Perform development and compatibility testing

Since POWER architecture emulation is performed using QEMU’s Tiny Code Generator (TCG), performance will be lower than native IBM Power Systems hardware. However, this setup is ideal for lab, learning, and proof-of-concept environments.

The following sections detail system requirements, virtualization configuration, QEMU installation, AIX deployment, and post-installation considerations.

1. Prerequisites
1.1 Hardware Requirements

CPU with Intel VT-x/EPT or AMD-V/RVI
Minimum 16 GB RAM recommended
At least 60 GB disk space
VMware Workstation Pro or Player

AIX under QEMU uses TCG (software emulation) for POWER architecture.
VT-x/AMD-V is required for the Linux VM performance, not for POWER acceleration.

2. Create Ubuntu Server VM in VMware Workstation
2.1 Create Virtual Machine
Open VMware Workstation
Create New Virtual Machine
Select:
Guest OS: Linux
Version: Ubuntu 64-bit

Load iso Image: ubuntu-24.04.4-live-server-amd64
Assign:
8–16 GB RAM
4+ CPU cores
100 GB disk (recommended)
Network:
Bridged or NAT (Bridged preferred if using TAP networking)
2.2 Enable CPU Virtualization
VM →
VM Settings → Processors → Enable:
Virtualize Intel VT-x/EPT or AMD-V/RVI
Virtualize CPU performance counters (optional)
Also verify BIOS virtualization is enabled on host machine.

3. Install Ubuntu Server
Download Ubuntu Server ISO from: https://ubuntu.com/download/server
ubuntu-24.04.4-live-server-amd64.iso

Install ubuntu-24.04.4 server in VMware Workstation

Power on VM
Try or Install Ubuntu server
Select English --> Ubuntu Server --> Configure Network --> Configure Storage (LVM) ---> Setup User ID & Password --> Install OpenSSH Server --Installation In-Progress...... take sometime to install ubuntu server
After installation complete:
Install normally and update system:
$ sudo apt update
$ sudo apt upgrade -y

4. Install QEMU for POWER (PPC64)
$ sudo apt update

$ sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils dnsmasq-base

$ sudo systemctl enable --now libvirtd

$ sudo virsh net-autostart default
$ sudo apt install qemu-system-ppc -y

Verify installation:
$ qemu-system-ppc64 --version

QEMU emulator version 8.2.2 (Debian 1:8.2.2+ds-0ubuntu1.12)

5. Prepare AIX Installation Media
Required:
IBM AIX 7.2 TL04 SP02 ISO images
Disk 1 ISO
Disk 2 ISO
Example:
aix_7200-04-02-2027_1of2_072020.iso
aix_7200-04-02-2027_2of2_072020.iso
Create directory:

$ sudo mkdir -p /aix/image
Copy:

AIX ISOs
Create qcow2 disk image:

# qemu-img create -f qcow2 /aix/image/aix_7200-04.qcow2 30G

6. Configure TAP Networking
Install bridge utilities:

$ sudo apt install bridge-utils -y
Create TAP interface:

sudo ip tuntap add dev tap1 mode tap
$ sudo ip link set tap1 up
If using bridge:

$ sudo brctl addbr br0
$ sudo brctl addif br0 tap1
$ sudo ip link set br0 up

7. Start AIX Installation via QEMU
Run:

# qemu-system-ppc64 \
-name indaixtst01 \
-cpu POWER8 -smp 4,threads=1 \
-machine pseries,cap-cfpc=broken,cap-ibs=broken,cap-ccf-assist=off \
-m 8G \
-serial stdio \
-display none \
-device spapr-vscsi,id=scsi0 \
-drive file=/aix/image/aix_7200-04.qcow2,if=none,id=drive1,format=qcow2,cache=none \
-device scsi-hd,drive=drive1,bus=scsi0.0,scsi-id=0 \
-drive file=/aix/image/aix_7200-04-02-2027_1of2_072020.iso,if=none,id=cd1,format=raw,media=cdrom \
-device scsi-cd,drive=cd1,bus=scsi0.0,scsi-id=3,bootindex=1 \
-drive file=/aix/image/aix_7200-04-02-2027_2of2_072020.iso,if=none,id=cd2,format=raw,media=cdrom \
-device scsi-cd,drive=cd2,bus=scsi0.0,scsi-id=4 \
-netdev tap,id=net1,ifname=tap1,script=no,downscript=no \
-device spapr-vlan,netdev=net1,mac=52:54:00:11:00:12 \
-prom-env "input-device=vty" \
-prom-env "output-device=vty"

SLOF **********************************************************************

QEMU Starting

Build Date = Dec 15 2025 12:33:49

FW Version = release 20230918

Press "s" to enter Open Firmware.

Populating /vdevice methods

Populating /vdevice/vty@71000000

Populating /vdevice/nvram@71000001

Populating /vdevice/v-scsi@71000002

SCSI: Looking for devices

8000000000000000 DISK : "QEMU QEMU HARDDISK 2.5+"

8300000000000000 CD-ROM : "QEMU QEMU CD-ROM 2.5+"

8400000000000000 CD-ROM : "QEMU QEMU CD-ROM 2.5+"

Populating /vdevice/l-lan@71000003

Populating /pci@800000020000000

00 0000 (D) : 1234 1111 qemu vga

00 0800 (D) : 1033 0194 serial bus [ usb-xhci ]

Installing QEMU fb

Scanning USB

XHCI: Initializing

USB Keyboard

USB mouse

No console specified using screen & keyboard

User selected input-device console: vty

User selected output-device console: vty

Welcome to Open Firmware

This program and the accompanying materials are made available

under the terms of the BSD License available at

http://www.opensource.org/licenses/bsd-license.php

Trying to load: from: /vdevice/v-scsi@71000002/disk@8300000000000000 ... Successfully loaded

get-property for ibm,hypertas-functions on zero phandle

AIX

Star

0539

0c42

******* Please define the System Console. *******

Type a 1 and press Enter to use this terminal as the

system console.

Pour definir ce terminal comme console systeme, appuyez

sur 1 puis sur Entree.

Taste 1 und anschliessend die Eingabetaste druecken, um

diese Datenstation als Systemkonsole zu verwenden.

Premere il tasto 1 ed Invio per usare questo terminal

come console.

Escriba 1 y pulse Intro para utilizar esta terminal como

consola del sistema.

Escriviu 1 1 i premeu Intro per utilitzar aquest

terminal com a consola del sistema.

Digite um 1 e pressione Enter para utilizar este terminal

como console do sistema.

0c31

Type 1

HARDWARE SYSTEM MICROCODE

Licensed Internal Code - Property of IBM

US Government Users Restricted Rights -

Use, duplication or disclosure restricted

by GSA ADP Schedule Contract with IBM Corp.

0c33\

0c44-

0c46-

0c48

>>> 1 Type 1 and press Enter to have English during install.

2 Entreu 2 i premeu Intro per veure la installaci en catal.

3 Entrez 3 pour effectuer l'installation en franais.

4 For Installation in deutscher Sprache 4 eingeben

und die Eingabetaste drcken.

5 Immettere 5 e premere Invio per l'installazione in Italiano.

6 Digite 6 e pressione Enter para usar Portugus na instalao.

7 Escriba 7 y pulse Intro para la instalacin en espaol.

88 Help ?

>>> Choice [1]: 1

Welcome to Base Operating System

Installation and Maintenance

Type the number of your choice and press Enter. Choice is indicated by >>>.

>>> 1 Start Install Now with Default Settings

2 Change/Show Installation Settings and Install

3 Start Maintenance Mode for System Recovery

4 Make Additional Disks Available

5 Select Storage Adapters

88 Help ?

99 Previous Menu

>>> Choice [1]: 2

Installation and Settings

Either type 0 and press Enter to install with current settings, or type the

number of the setting you want to change and press Enter.

1 System Settings:

Method of Installation.............New and Complete Overwrite

Disk Where You Want to Install.....hdisk0

2 Primary Language Environment Settings (AFTER Install):

Cultural Convention................English (United States)

Language ..........................English (United States)

Keyboard ..........................English (United States)

Keyboard Type......................Default

3 Security Model.......................Default

4 More Options (Software install options)

5 Select Edition.......................standard

>>> 0 Install with the current settings listed above.

+-----------------------------------------------------

88 Help ? | WARNING: Base Operating System Installation will

99 Previous Menu | destroy or impair recovery of ALL data on the

| destination disk hdisk0.

>>> Choice [0]: 4

Install Options

1. Graphics Software................................................ Yes

2. System Management Client Software................................ Yes

3. OpenSSH Client Software.......................................... No

4. OpenSSH Server Software.......................................... No

5. Enable System Backups to install any system...................... Yes

(Installs all devices)

>>> 6. Install More Software

0 Install with the current settings listed above.

88 Help ?

99 Previous Menu

>>> Choice [6]: 3

Install Options

1. Graphics Software................................................ Yes

2. System Management Client Software................................ Yes

3. OpenSSH Client Software.......................................... Yes

4. OpenSSH Server Software.......................................... No

5. Enable System Backups to install any system...................... Yes

(Installs all devices)

>>> 6. Install More Software

0 Install with the current settings listed above.

88 Help ?

99 Previous Menu

>>> Choice [6]: 4

Install Options

1. Graphics Software................................................ Yes

2. System Management Client Software................................ Yes

3. OpenSSH Client Software.......................................... Yes

4. OpenSSH Server Software.......................................... Yes

5. Enable System Backups to install any system...................... Yes

(Installs all devices)

>>> 6. Install More Software

0 Install with the current settings listed above.

88 Help ?

99 Previous Menu

>>> Choice [6]: 99

Installation and Settings

Either type 0 and press Enter to install with current settings, or type the

number of the setting you want to change and press Enter.

1 System Settings:

Method of Installation.............New and Complete Overwrite

Disk Where You Want to Install.....hdisk0

2 Primary Language Environment Settings (AFTER Install):

Cultural Convention................English (United States)

Language ..........................English (United States)

Keyboard ..........................English (United States)

Keyboard Type......................Default

3 Security Model.......................Default

4 More Options (Software install options)

5 Select Edition.......................standard

>>> 0 Install with the current settings listed above.

+-----------------------------------------------------

88 Help ? | WARNING: Base Operating System Installation will

99 Previous Menu | destroy or impair recovery of ALL data on the

| destination disk hdisk0.

>>> Choice [0]: 1

Change Disk(s) Where You Want to Install

Type one or more numbers for the disk(s) to be used for installation and press

Enter. To cancel a choice, type the corresponding number and Press Enter.

At least one bootable disk must be selected. The current choice is indicated

by >>>.

Name Location Code Size(MB) VG Status Bootable

>>> 1 hdisk0 none 30720 none Yes No

>>> 0 Continue with choices indicated above

55 More Disk Options

66 Disks not known to Base Operating System Installation

77 Display More Disk Information

88 Help ?

99 Previous Menu

>>> Choice [0]: 0

Installation and Settings

Either type 0 and press Enter to install with current settings, or type the

number of the setting you want to change and press Enter.

1 System Settings:

Method of Installation.............New and Complete Overwrite

Disk Where You Want to Install.....hdisk0

2 Primary Language Environment Settings (AFTER Install):

Cultural Convention................English (United States)

Language ..........................English (United States)

Keyboard ..........................English (United States)

Keyboard Type......................Default

3 Security Model.......................Default

4 More Options (Software install options)

5 Select Edition.......................standard

>>> 0 Install with the current settings listed above.

+-----------------------------------------------------

88 Help ? | WARNING: Base Operating System Installation will

99 Previous Menu | destroy or impair recovery of ALL data on the

| destination disk hdisk0.

>>> Choice [0]: 0

Overwrite Installation Summary

Disks: hdisk0

Cultural Convention: en_US

Language: en_US

Keyboard: en_US

Graphics Software: Yes

System Management Client Software: Yes

OpenSSH Client Software: Yes

OpenSSH Server Software: Yes

Enable System Backups to install any system: Yes

Selected Edition: standard

Optional Software being installed:

>>> 1 Continue with Install

+-----------------------------------------------------

88 Help ? | WARNING: Base Operating System Installation will

99 Previous Menu | destroy or impair recovery of ALL data on the

| destination disk hdisk0.

>>> Choice [1]: 1

Installing Base Operating System

Please wait...

Approximate Elapsed time

% tasks complete (in minutes)

1 0

0c46 3 1 Making logical volumes.

0c54 7 2 Restoring base operating system

0c52 13 3 Over mounting /.

0c46 16 4 Copying Cu* to disk.

18 7 Installing additional software.

Set_Bootlist: Could not set the bootlist to:

hdisk0 .

The boot device must be set in the host KVM.

Press 1 to continue: 1

96 125 Creating boot image.

Installation takes 20–60 minutes depending on CPU performance.

9. First Boot After Installation
After install completes:
Remove ISO from QEMU command

Add additional disk

# qemu-img create -f qcow2 /aix/disk/indaixtst01-hdisk2.qcow2 30G

# qemu-img create -f qcow2 /aix/disk/indaixtst01-hdisk3.qcow2 30G

Generate a Random MAC

$ printf '52:54:00:%02x:%02x:%02x\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))

Put the mac address vm start command

Boot from qcow2 disk only
Modified start command:

# /usr/bin/qemu-system-ppc64 \

-name indaixtst01 \

-cpu POWER8 \

-uuid 550e8400-e29b-41d4-a716-446655440001 \

-machine pseries,cap-cfpc=broken,cap-ibs=broken,cap-ccf-assist=off,cap-sbbc=broken \

-m 4G \

-smp 2,threads=1 \

-serial telnet:127.0.0.1:9001,server,nowait \

-display none \

-device virtio-scsi-pci,id=scsi1 \

-drive file=/aix/disk/indaixtst01-hdisk1.qcow2,if=none,id=drive1,format=qcow2,cache=none,aio=threads \

-drive file=/aix/disk/indaixtst01-hdisk2.qcow2,if=none,id=drive2,format=qcow2,cache=none,aio=threads \

-drive file=/aix/disk/indaixtst01-hdisk3.qcow2,if=none,id=drive3,format=qcow2,cache=none,aio=threads \

-device scsi-hd,drive=drive1,bus=scsi1.0,scsi-id=1,bootindex=0,serial=BOOTDISK1 \

-device scsi-hd,drive=drive2,bus=scsi1.0,scsi-id=2,bootindex=1,serial=BOOTDISK2 \

-device scsi-hd,drive=drive3,bus=scsi1.0,scsi-id=3,serial=DATADISK1 \

-netdev tap,id=net1,ifname=tap1,script=no,downscript=no \

-device spapr-vlan,netdev=net1,mac=51:61:00:11:81:91 \

-prom-env "boot-command=boot disk: -o" \

-prom-env "input-device=vty" \

-prom-env "output-device=vty" \

-prom-env "term-type=vt100" \

-prom-env "use-nvramrc?=true"

Login qemu console:
# telnet 127.0.0.1:9001 or telnet localhost 9001

Set Terminal Type

The terminal is not properly initialized. Please enter a terminal type

and press Enter. Some terminal types are not supported in

non-English languages.

ibm3101 tvi912 vt330 aixterm

ibm3151 tvi920 vt340 dtterm

ibm3161 tvi925 wyse30 xterm

ibm3162 tvi950 wyse50 lft

ibm3163 vs100 wyse60 sun

ibm3164 vt100 wyse100

ibmpc vt320 wyse350

+-----------------------Messages------------------------

| If the next screen is unreadable, press Break (Ctrl-c)

88 Help ? | to return to this screen.

>>> Choice []: vt100
Accept License Agreements

Type or select values in entry fields.

Press Enter AFTER making all desired changes.

[Entry Fields]

ACCEPT Installed License Agreements yes +

Accept Software Maintenance Terms and Conditions

Type or select values in entry fields.

Press Enter AFTER making all desired changes.

[Entry Fields]

ACCEPT Software Maintenance Agreements? yes +

Installation Assistant

Move cursor to desired item and press Enter.

Set Date and Time

Set root Password

Configure Network Communications

Install Software Applications

System Workload Partition Software Maintenance

Using SMIT (information only)

Tasks Completed - Exit to Login

AIX Version 7

Console login: root ----> No Password

*******************************************************************************

* *

* Welcome to AIX Version 7.2! *

* *

* Please see the README file in /usr/lpp/bos for information pertinent to *

* this release of the AIX Operating System. *

* *

*******************************************************************************

# password root ---> Set root password

13. Post-Installation Configuration (IBM AIX 7.2)

After completing the installation of IBM AIX 7.2 TL04 SP02, perform the following configuration steps to enable console login, correct terminal behavior, customize the shell prompt, and configure basic networking.

13.1 Enable Console Login

Enable login on the virtual terminal:

# chdev -l vty0 -a login=enable

13.2 Fix Terminal Settings (QEMU vty Console)

Set default terminal type:

# echo "TERM=vt100" >> /etc/environment

Configure root profile for proper terminal behavior:

# echo "export TERM=vt100" >> /.profile

# echo "stty erase ^H" >> /.profile

# echo "stty erase ^?" >> /.profile

Add a custom shell prompt:

# cat << 'EFO' >> ~/.profile

HOST=$(uname -n)

PS1="[$HOST] \$PWD # "

export PS1

EFO

Apply changes:

. ~/.profile

13.3 Configure Hostname

Set system hostname:

# chdev -l inet0 -a hostname=indaixtst01

Verify:

# hostname

# uname -n

13.4 Configure Network Interface

Configure IP address and bring interface up:

# chdev -l en1 -a netaddr=192.168.122.15 -a netmask=255.255.255.0 -a state=up

Verify interface status:

# ifconfig en1

13.5 Update Hosts File

Add hostname resolution entry:

# echo "192.168.122.15 indaixtst01.ppc.com indaixtst01" >> /etc/hosts

11.AIX 7.2 VM Deployment on QEMU (Auto-Start via systemd)

This document explains how to:

Convert a QCOW2 disk image
Configure an AIX VM using QEMU
Create a systemd service for automatic startup
Access the AIX server via SSH
The VM runs AIX 7.2 TL4 on QEMU using qemu-system-ppc64 with POWER8 emulation.

Convert QCOW2 Disk Image:

If needed, convert or optimize the disk image:

# qemu-img convert -p -f qcow2 -O qcow2 \

/aix/image/aix_7200-04.qcow2 \

/aix/disk/indaixtst01-hdisk1.qcow2

Option Explanation:

Option Description

convert Converts disk image format

-p Shows progress

-f qcow2 Source format

-O qcow2 Output format

/aix/image/... Source image

/aix/disk/... Destination image

Since both formats are qcow2, this rewrites/optimizes the image.

Create systemd Service for Auto Boot

To automatically start the AIX VM when Ubuntu boots, create a systemd service.

Create Service File

# vi /etc/systemd/system/aix1.service

Service Configuration:

[Unit]

Description=AIX VM 01 - indaixtst01

After=network.target

[Service]

Type=simple

User=root

# --- Networking Setup for tap1 ---

ExecStartPre=/usr/bin/bash -c "ip link show virbr0 || (virsh net-start default && sleep 2)"

ExecStartPre=-/usr/sbin/ip link delete tap1

ExecStartPre=/usr/sbin/ip tuntap add mode tap tap1

ExecStartPre=/usr/sbin/ip link set tap1 up

ExecStartPre=/usr/sbin/ip link set tap1 master virbr0

# --- Main QEMU Command ---

ExecStart=/usr/bin/qemu-system-ppc64 \

-name indaixtst01 \

-cpu POWER8 \

-uuid 550e8400-e29b-41d4-a716-446655440001 \

-machine pseries,cap-cfpc=broken,cap-ibs=broken,cap-ccf-assist=off,cap-sbbc=broken \

-m 4G \

-smp 2,threads=1 \

-serial telnet:127.0.0.1:9001,server,nowait \

-display none \

-device virtio-scsi-pci,id=scsi1 \

-drive file=/aix/disk/indaixtst01-hdisk1.qcow2,if=none,id=drive1,format=qcow2,cache=none,aio=threads \

-drive file=/aix/disk/indaixtst01-hdisk2.qcow2,if=none,id=drive2,format=qcow2,cache=none,aio=threads \

-drive file=/aix/disk/indaixtst01-hdisk3.qcow2,if=none,id=drive3,format=qcow2,cache=none,aio=threads \

-device scsi-hd,drive=drive1,bus=scsi1.0,scsi-id=1,bootindex=0,serial=BOOTDISK1 \

-device scsi-hd,drive=drive2,bus=scsi1.0,scsi-id=2,bootindex=1,serial=BOOTDISK2 \

-device scsi-hd,drive=drive3,bus=scsi1.0,scsi-id=3,serial=DATADISK1 \

-netdev tap,id=net1,ifname=tap1,script=no,downscript=no \

-device spapr-vlan,netdev=net1,mac=51:61:00:11:81:91 \

-prom-env "boot-command=boot disk: -o" \

-prom-env "input-device=vty" \

-prom-env "output-device=vty" \

-prom-env "term-type=vt100" \

-prom-env "use-nvramrc?=true"

# --- Post-start Fix for AIX Checksum issues ---

ExecStartPost=/usr/sbin/ethtool -K tap1 tx off

# --- Cleanup and Restart ---

ExecStop=/usr/bin/kill -INT $MAINPID

ExecStopPost=-/usr/sbin/ip link delete tap1

Restart=on-failure

RestartSec=10

[Install]

WantedBy=multi-user.target

Reload and Enable Service

# sudo systemctl daemon-reload

# sudo systemctl enable --now aix1.service

This will:

Enable service at boot
Start the VM immediately
Automatically restart on failure

VM Boot Process

After the Ubuntu server boots:

The aix1.service starts automatically

Network bridge virbr0 is validated

TAP interface tap1 is created

AIX VM starts

TX checksum offloading is disabled (fixes AIX networking issue)

Boot time: ~5 minutes

Access AIX via SSH

Once the VM is fully booted:

# ssh root@192.168.122.15

12. Performance Notes

QEMU PPC64 uses TCG (Tiny Code Generator)
No KVM acceleration for POWER on x86
Expect slower performance vs native POWER hardware
For production-level AIX performance, consider:
IBM Power Systems hardware
PowerVM
IBM PowerVS (cloud)

Unix System Administrator

Fixing RPM Database Error and Configuring Passwordless Sudo on AIX

Part 1: Fixing RPM Database Error While Installing Sudo
The Problem
While installing sudo 1.9.17-3:
# rpm -Uvh sudo-1.9.17-3.aix71.rpm
The following error appeared:
error: db4 error(22) from dbenv->open: A system call received a parameter that is not valid.
error: cannot open Packages index using db4 - A system call received a parameter that is not valid. (22)
error: cannot open Packages database in /opt/freeware/packages
warning: sudo-1.9.17-3.aix71.rpm: Header V4 DSA/SHA1 Signature, key ID 7ee470c4: NOKEY
Root Cause:
The RPM database in /opt/freeware/packages was corrupted or locked.

Resolution Steps
Step 1: Remove Database Lock Files
# rm -f /opt/freeware/packages/__db*
Step 2: Rebuild the RPM Database
# rpm --rebuilddb
Step 3: Reinstall Sudo
# rpm -Uvh sudo-1.9.17-3.aix71.rpm
Successful output:
Preparing... ################################# [100%]
Updating / installing...
1:sudo-1.9.17-3 ################################# [100%]
Verify Installation
# rpm -qa | grep sudo
Output:
sudo-1.9.17-3.ppc
Part 2: Creating a New Admin User on AIX
After successfully installing sudo, the next step is to create a non-root administrative user.
Step 1: Create the User
# mkuser sysadm
Step 2: Set User Password
# passwd sysadm
You will be prompted:
Changing password for "sysadm"
sysadm's New password:
Enter the new password again:

Part 3: Configure Passwordless Sudo Access
Edit the sudoers file safely using:
# visudo
Add the following line:
sysadm ALL=(ALL:ALL) NOPASSWD: ALL
This grants:
Full sudo privileges
No password required for sudo commands
Always use visudo to prevent syntax errors.

Part 4: SSH Login and Password Expiry Handling
First SSH Login
# ssh sysadm@192.168.122.13
On first login, AIX forces password change:
: 3004-610 You are required to change your password.
WARNING: Your password has expired.
You must change your password now and login again!
You must:
Enter old password
Set a new password
Reconnect
Connection will close automatically after password update.
Second SSH Login (Successful)
# ssh sysadm@192.168.122.13
Successful login message:
Last login: Fri Feb 20 08:51:58 CST 2026
Welcome to AIX Version 7.2!

Part 5: Testing Sudo Access
Once logged in as sysadm, test sudo:
$ sudo su -
If configured correctly:
[indaix13] / #
You now have root shell access via sudo.

Unix System Administrator

CIS Benchmark AIX Compliance Check

Ensuring your IBM AIX servers meet CIS (Center for Internet Security) benchmarks can be challenging. There are many settings to verify, including services, file permissions, logging, auditing, and user accounts. Doing this manually takes time and is prone to mistakes.

To simplify this, you can use a Bash script that automates most of the checks while clearly marking items that need manual review. This post explains how the script works, how to run it, and what results to expect.

Why Use a Script for CIS Compliance?
AIX servers have critical security settings that must be checked regularly:

Services that should be disabled
Permissions on important system files
Logging and auditing configurations
User account and home directory verification

Manually checking all of these can take hours. A script can:

Automate routine CIS benchmark checks
Highlight items requiring manual review
Produce a color-coded report showing Pass, Fail, and Manual checks

How the Script Works
The script is organized into seven sections, covering key CIS areas:

Initial Setup – Check OS version and patch level (manual review).
Services – Verify insecure services like Telnet, RSH, FTP are disabled.
Network – Review Bluetooth, wireless interfaces, IPv6, and network parameters.
Host-Based Firewall – Check firewall services and configuration rules.
Access Control – Validate SSH root login, sudo installation, password policies, and empty passwords.
Logging and Auditing – Ensure audit services and system logs are active.
System Maintenance – Verify file permissions, check for world-writable files/directories, and confirm home directories exist.

Each check is reported as:
[PASS] – Compliant with CIS benchmark
[FAIL] – Not compliant
[MANUAL] – Requires human review

How to Use the Script
Save the script as cis_aix_check.sh on your AIX server.

===========================================================================================================

#!/bin/bash

# CIS IBM AIX Compliance Script (Sections 1–7)

# -------------------------------

# Colors

# -------------------------------

RED='\033[0;31m'

GREEN='\033[0;32m'

YELLOW='\033[1;33m'

NC='\033[0m' # No Color

# -------------------------------

# Logging & Counters

# -------------------------------

REPORT="/var/log/cis_aix_report.log"

> $REPORT

PASS=0

FAIL=0

MANUAL=0

log_pass() { echo -e "${GREEN}[PASS]${NC} $1" | tee -a $REPORT; ((PASS++)); }

log_fail() { echo -e "${RED}[FAIL]${NC} $1" | tee -a $REPORT; ((FAIL++)); }

log_manual() { echo -e "${YELLOW}[MANUAL]${NC} $1" | tee -a $REPORT; ((MANUAL++)); }

# -------------------------------

# Helper Functions

# -------------------------------

check_file_perm() {

local file=$1

local perm=$2

if [ ! -e "$file" ]; then

log_fail "$file does not exist"

return

# AIX-compatible permission check

actual_perm=$(ls -l "$file" | awk '{k=0;for(i=1;i<=3;i++)k=k*8+((substr($1,i+1,1)~/[rwx]/)?(2^(3-i)):0);print k}')

[ "$actual_perm" == "$perm" ] && log_pass "$file permissions ($perm) correct" || log_fail "$file permissions ($actual_perm) incorrect, should be $perm"

}

check_service_disabled() {

local svc=$1

if lssrc -s "$svc" 2>/dev/null | grep -q "active"; then

log_fail "$svc is active"

else

log_pass "$svc disabled"

}

check_package_installed() {

local pkg=$1

if lslpp -L 2>/dev/null | grep -q "^$pkg"; then

log_pass "$pkg installed"

else

log_fail "$pkg not installed"

}

# -------------------------------

# SECTION 1 – Initial Setup

# -------------------------------

echo -e "${YELLOW}==== SECTION 1 – Initial Setup ====${NC}" | tee -a $REPORT

log_manual "Check AIX OS level, updates, and security patches (oslevel, instfix)"

# -------------------------------

# SECTION 2 – Services

# -------------------------------

echo -e "${YELLOW}==== SECTION 2 – Services ====${NC}" | tee -a $REPORT

services_to_disable=(autofs sendmail inetd ftp telnet tftp rpc rlogin rsh)

for svc in "${services_to_disable[@]}"; do

check_service_disabled "$svc"

done

# Cron and At services

check_service_disabled "cron"

check_service_disabled "atd"

# -------------------------------

# SECTION 3 – Network

# -------------------------------

echo -e "${YELLOW}==== SECTION 3 – Network ====${NC}" | tee -a $REPORT

check_service_disabled "bluetooth"

log_manual "Verify wireless interfaces manually (if any exist)"

log_manual "Check IPv6 configuration manually (lsattr -El inet0)"

log_manual "Check IP forwarding, packet redirects, ICMP settings in /etc/rc.tcpip and via 'no' command"

# -------------------------------

# SECTION 4 – Host-Based Firewall

# -------------------------------

echo -e "${YELLOW}==== SECTION 4 – Host-Based Firewall ====${NC}" | tee -a $REPORT

check_service_disabled "ipfilter"

check_service_disabled "iptables"

log_manual "Ensure firewall rules configured via ipsec/iptables/ipfilter"

# -------------------------------

# SECTION 5 – Access Control

# -------------------------------

echo -e "${YELLOW}==== SECTION 5 – Access Control ====${NC}" | tee -a $REPORT

ssh_config="/etc/ssh/sshd_config"

if [ -f "$ssh_config" ]; then

grep -q "^PermitRootLogin no" "$ssh_config" && log_pass "SSH root login disabled" || log_fail "SSH root login not disabled"

check_file_perm "$ssh_config" "600"

else

log_fail "$ssh_config does not exist"

check_package_installed "sudo"

log_manual "Check PAM configuration, password policies, and account lockout manually"

# User accounts with empty passwords

if awk -F: '($2=="") {exit 1}' /etc/passwd; then

log_pass "No empty passwords"

else

log_fail "Some accounts have empty passwords"

# -------------------------------

# SECTION 6 – Logging and Auditing

# -------------------------------

echo -e "${YELLOW}==== SECTION 6 – Logging and Auditing ====${NC}" | tee -a $REPORT

check_package_installed "audit"

if lssrc -s auditd 2>/dev/null | grep -q "active"; then

log_pass "auditd enabled"

else

log_fail "auditd disabled"

log_manual "Verify AIDE or Tripwire installation and integrity checks"

if lssrc -s syslogd 2>/dev/null | grep -q "active"; then

log_pass "syslogd enabled"

else

log_fail "syslogd disabled"

# -------------------------------

# SECTION 7 – System Maintenance

# -------------------------------

echo -e "${YELLOW}==== SECTION 7 – System Maintenance ====${NC}" | tee -a $REPORT

declare -A files=(

["/etc/passwd"]="644"

["/etc/passwd.adj"]="644"

["/etc/group"]="644"

["/etc/group.adj"]="644"

["/etc/security/passwd"]="600"

)

for file in "${!files[@]}"; do

check_file_perm "$file" "${files[$file]}"

done

# World-writable files & directories

ww_files=$(find / -type f -perm -2 -exec ls -ld {} \; 2>/dev/null | grep -vE "^/proc|^/dev")

ww_dirs=$(find / -type d -perm -2 -exec ls -ld {} \; 2>/dev/null | grep -vE "^/proc|^/dev")

[ -z "$ww_files" ] && log_pass "No world-writable files" || { echo "$ww_files"; log_fail "World-writable files found"; }

[ -z "$ww_dirs" ] && log_pass "No world-writable directories" || { echo "$ww_dirs"; log_fail "World-writable directories found"; }

log_manual "Review SUID/SGID files: find / -type f \$ -perm -4000 -o -perm -2000 \$ -exec ls -l {} \\;"

# Check home directories exist

awk -F: '($7!="/usr/bin/nologin" && $7!="/usr/sbin/nologin") {print $1":"$6}' /etc/passwd | while IFS=: read user dir; do

[ -d "$dir" ] && log_pass "Home directory exists for $user" || log_fail "Home directory missing for $user"

done

echo -e "${YELLOW}==== CIS IBM AIX Compliance Check Complete ====${NC}" | tee -a $REPORT

echo -e "${GREEN}PASS: $PASS${NC} | ${RED}FAIL: $FAIL${NC} | ${YELLOW}MANUAL: $MANUAL${NC}" | tee -a $REPORT

===========================================================================================================

Make it executable:

$ chmod +x cis_aix_check.sh
Run it as root:

$ sudo ./cis_aix_check.sh
Review the results:
Terminal output: Shows color-coded PASS, FAIL, and MANUAL messages
Log file: /var/log/cis_aix_report.log contains the complete report

Example Output
After running the script, you might see:
[PASS] autofs disabled
[FAIL] telnet is active
[PASS] cron disabled
==== SECTION 5 – Access Control ====
[PASS] SSH root login disabled
[FAIL] Some accounts have empty passwords
[MANUAL] Check PAM configuration and password policies manually
==== CIS IBM AIX Compliance Check Complete ====
PASS: 10 | FAIL: 2 | MANUAL: 5

This gives a clear overview of which areas are compliant and which need attention.

Benefits of This Script

Saves time – Automates many routine CIS checks
Reduces errors – Consistent reporting with clear Pass/Fail results
Easy to understand – Color-coded output and a log file
Focus on critical areas – Highlights items requiring manual review

Final Thoughts
Performing a CIS benchmark compliance check on AIX doesn’t have to be complicated. Using a structured approach with this script allows you to:

Quickly check most CIS benchmarks
Minimize human errors
Focus attention on items that truly need manual review

Regularly running this script helps you maintain secure and compliant AIX servers efficiently.

Unix System Administrator

Pages

Installing & Configuring Solaris 9 (SPARC) on Ubuntu Using QEMU

AWS Landing Zone Architecture – A Practical Foundation for Cloud Environments

Install QEMU PPC64 on Ubuntu 24.04.4 & Deploy IBM AIX 7.2 TL04 SP02

Fixing RPM Database Error and Configuring Passwordless Sudo on AIX

CIS Benchmark AIX Compliance Check