Solaris Bp

21
Solaris TM Administration Best Practices University System of Georgia 32 nd Annual Computing Conference October 23, 2003 W. Todd Watson - [email protected] Office of Information and Instructional Technology Board of Regents of the University System of Georgia

Transcript of Solaris Bp

Page 1: Solaris Bp

SolarisTM AdministrationBest Practices

University System of Georgia32nd Annual Computing Conference

October 23, 2003

W. Todd Watson - [email protected] of Information and Instructional Technology

Board of Regents of the University System of Georgia

Page 2: Solaris Bp

SolarisTM AdministrationBest Practices

Best Practices

In the context of System Administration -

“Recognized methods or procedures adopted to pro-mote reliable, secure, and maintainable

systems”

2

Page 3: Solaris Bp

SolarisTM AdministrationBest Practices

Goals

● User and Account management● Patches and Bug fixes● Logging● Secure Shell and other services● Disk Mirroring● Disaster recovery● System Backups

3

Page 4: Solaris Bp

SolarisTM AdministrationBest Practices

Target Audience

●New administrators●Part-time administrators●New SolarisTM administrators●Department supervisors

4

Page 5: Solaris Bp

SolarisTM AdministrationBest Practices

User and account management

● Consistency in account names● Consistent location for home directories● Use of “good” passwords● Password aging● Expiration of unnecessary accounts● Locking of “System” accounts● Appropriate user environments

5

Page 6: Solaris Bp

SolarisTM AdministrationBest Practices

User and account management

Consistency in account names

● Firstname-Lastname combination● UID concantenation to FN/LN● Avoid personal identification numbers● Keep GECOS populated with minimalinformation

6

Page 7: Solaris Bp

SolarisTM AdministrationBest Practices

User and account management

Consistent location for home directories

● Provide adequate space to users● Create a separate filesystem ● /home is a recommended location

7

Page 8: Solaris Bp

SolarisTM AdministrationBest Practices

User and account management

Passwords

● Educate users on password use● If possible, incorporate aging● Include expiration for accounts● Lock “System” accounts, i.e., httpd

8

Page 9: Solaris Bp

SolarisTM AdministrationBest Practices

User and account management

User Environments

● Consider standardizing shells● Use common environment variables● Define common paths

9

Page 10: Solaris Bp

SolarisTM AdministrationBest Practices

Patches and Bug fixes

Two modes of practice➲ Perform comprehensive patches regularly➲ Only patch when needed

Recommendation:Perform patches regularly!

10

Page 11: Solaris Bp

SolarisTM AdministrationBest Practices

Patches and Bug fixes

System PatchesAvailable from Sun at

ftp://sunsolve1.sun.comor

Available from USG via ftp:

ftp://ftp.usg.edu/pub/unix/Solaris2/8_Recommended.zipUpdated daily

11

Page 12: Solaris Bp

SolarisTM AdministrationBest Practices

Patches and Bug fixes

Standard bug fixes - monthly update is adequate.Security patches – update networked systems ASAP

Don't forget garbage collection!Delete your patch installation files when done

12

Page 13: Solaris Bp

SolarisTM AdministrationBest Practices

Logging

➲ Use syslogd(1m) to manage logging facilities● Sendmail● Sshd● Httpd● ftp➲ Consider a defined directory, e.g. /logs➲ Use a log roller to archive recent logs➲ Determine and implement a retention policy➲ Periodically examine the logs or use parser

13

Page 14: Solaris Bp

SolarisTM AdministrationBest Practices

Secure Shell and other security

➲ Consider dropping telnet in favor of SSH● OpenSSH● SSH.com's SSH

➲ Replace ftp with proftp or sftp➲ Consider terminating all unnecessary services➲ Watch patches to maintain status quo

14

Page 15: Solaris Bp

SolarisTM AdministrationBest Practices

Disk Mirroring

● Solstice Disksuite ● Provides failover protection in the case of disk failure● Requires two physical disks● Mirror each filesystem● Mirror Swap● Instructions available athttp://www.usg.edu/oiit/support/os

15

Page 16: Solaris Bp

SolarisTM AdministrationBest Practices

Disaster recovery

16

Page 17: Solaris Bp

SolarisTM AdministrationBest Practices

Disaster recovery

● Know thy system● Organize ahead of time● Keep records updated

17

Page 18: Solaris Bp

SolarisTM AdministrationBest Practices

Disaster recovery

● Keep copies of prtconf, hostid,disk partition information (format)● Record processor, memory and disk complement● Record network configuration● Record information from/usr/platform/[arch]/sbin/prtdiag -v● Update as changes occur!

18

Page 19: Solaris Bp

SolarisTM AdministrationBest Practices

Disaster recovery

● Consider master record storageoffsite or in another non-adjacentbuilding● Keep records in environmentallystable storage● Create an operator manual foremergency shutdown and startup

19

Page 20: Solaris Bp

SolarisTM AdministrationBest Practices

Backups

● Make backups an implementation strategy for every system installed● Create a plan that includes regularfull and incremental backups● Automate the backup process● Keep careful records of all backups● Label your tapes● Store the media properly

20

Page 21: Solaris Bp

SolarisTM AdministrationBest Practices

Backups

● Provide a process to assist users withrestores of their files● Test your backup processes thoroughly● Remember to add any new filesystemsto your backup specifications.● Consider offsite storage● Don't forget to archive install media● Test your backup processes thoroughly

21