Unix Server Build_Sun Solaris.doc
-
Upload
automationqtp123 -
Category
Documents
-
view
233 -
download
0
Transcript of Unix Server Build_Sun Solaris.doc
-
8/10/2019 Unix Server Build_Sun Solaris.doc
1/25
-
8/10/2019 Unix Server Build_Sun Solaris.doc
2/25
Company-Document Unix Server Build Sun Solaris Ver. 1.1
Contents
A] SYSTEM CONFIG!ATION"""""""""""""""""""""""""""""""""#
$%& Solaris ' ()&$ Installation"""""""""""""""""""""""""""""#
*%& Enablin+ DNS""""""""""""""""""""""""""""""""""""""",
#%& Confi+urin+ t-e Default Gate.ay"""""""""""""""""""""",
/%& A00e0 F1DN to )etc)-osts""""""""""""""""""""""""""""2
,%& Installin+ Sun 3atc-es"""""""""""""""""""""""""""""""2
2%& Installin+ GCC""""""""""""""""""""""""""""""""""""""2
4] SEC!ITY CONFIG!ATIONS""""""""""""""""""""""""""""""(
(%& Installin+ SSH""""""""""""""""""""""""""""""""""""""('%& Disablin+ nnecessary Ser5ices in )etc)inet0%conf""""""$$
6%& E0itin+ Start7u8 Scri8ts"""""""""""""""""""""""""""""$*
$&%& Enablin+ 9arnin+ 4anners for lo+in: Telnet an0 FT3""""$/
$$%& Disablin+ !oot ;o+ins"""""""""""""""""""""""""""""$,
$*%& Im8lementin+ Security 3olicy"""""""""""""""""""""""$,
$#%& Confi+urin+ ;o+in Failure Attem8t"""""""""""""""""""$2
$/%& !emo5in+ or Disablin+ nnecessary Accounts""""""""$2
$,%& !estrictin+ FT3 sa+e"""""""""""""""""""""""""""""$2
$2%& Disablin+ t-e rlo+in Comman0""""""""""""""""""""""$(
$(%& ;oc
-
8/10/2019 Unix Server Build_Sun Solaris.doc
3/25
Company-Document Unix Server Build Sun Solaris Ver. 1.1
A] System Confi+uration
3ur8ose
Th&s document deta&ls the conf&gurat&on harden&ng and (ulnera2&l&t3 assessment of the Solar&soperat&ng s3stem !t can also 2e used as a conf&gurat&on standard pro(&d&ng a 2asel&ne to aud&taga&nst !t &s &mportant to understand the conf&gurat&ons at a granular le(el to trou2leshootoutages
$%& Solaris ' ()&$ Installation
!t &s assumed that after each select&on cho&ce &s made the user 6&ll press the appropr&ate 2utton tocont&nue on through the &nstallat&on program &e press&ng 8nter Cl&ck&ng on Cont&nue or cl&ck&ngon +e-t9
1 8nsure that the correct hard d&sks are &nstalled &n the mach&ne' Turn on ach&ne and 6a&t unt&l &t has 2ooted: !nsert Solar&s ; D&sk 1 of '< 7/01= $ress @Sto8 an0 @Aon the S*+ ke32oard5 At the %> prompt 2oot the CD#% at and 6a&t for mach&ne to re2oot
boot cdrom
? At the Cho&ce of @anguage $rompt select &for 8ngl&sh7 The ne-t opt&on menu Select a @ocaleB; The mach&ne takes a couple of m&nutes to conf&gure &n&t&al sett&ngs You 6&ll then 2e presented
6&th some &nfo screens Clic< on Continueto proceed The Solar&s !nstallat&on $rogram and!dent&f3 Th&s S3stem screens9
SelectYesfor +et6ork Connect&(&t310 The S3stem has a Stat&c !$ Address so Noshould 2e selected for DC$11 8nter the mach&nes host name as per the pro4ect reEu&rement91' 8nter the mach&nes !$ Address1: The S3stem 6&ll 2e part of a su2net so make sure thatYes&s selected for Su2nets1= 8nter the +etmask of *,,%*,,%*/&%&15 Select Nofor !$(?1? Conf&rm the conf&gurat&on cho&ces that ha(e 2een made !f 3ou are happ3 6&th then
Continueon17 Select Nofor the Conf&gure Secur&t3 $ol&c31; Then conf&rm that 23 select&ng Continue1 Select Nonefor +ame Ser(&ce'0 Then conf&rm that 23 select&ng Continue
'1 Select Geo+ra8-ic re+ionfor T&me Fone'' ake sure that the Date and T&me are Set correctl3': Conf&rm those select&ons 6&th Continue'= At the ne-t screen select Initialfor Solar&s !nteract&(e !nstallat&on'5 %n the ne-t screen select Continue'? %n the Select Geograph&c eg&on screen keep the default select&on 23 select&ng
Continue'7 Select the De5elo8er System Su88ortSoft6are group and make sure that the Solaris
2/ 4it Su88ort&s selected &e the 2o- &s 2lack9
Page " of !
-
8/10/2019 Unix Server Build_Sun Solaris.doc
4/25
Company-Document Unix Server Build Sun Solaris Ver. 1.1
'; Select the &rst D&sk eg c0t0d09 and make sure &t &s &n the Selected D&sks 2o- 8nsure2oth d&sks are selected Then Continue
' Select Continueon the $reser(e DataH Screen Ie do not 6&sh to preser(e an3 data onthe d&sk9
:0 Select Manual ;ayouton the Automat&call3 @a3out &le S3stemsH Screen:1 Chose CustomiBeon the &le S3stem and D&sk @a3out screen:' !n the Custom&Je D&sks Screen Cl&ck on the l&ttle 2o- a2o(e the 0 Th&s allo6s us to
ass&gn d&sk space (&a c3l&nders 6h&ch &s a more accurate less 6asteful 6a3 of ass&gn&ngspace9
:: The Custom&Je D&sks 23 C3l&nders screen should appear *se Table $and Table * forthe correct part&t&on la3 out and s&Je
:= Conf&rm the select&ons made %nl3 make entr&es on 3our chosen 2oot D&sk:5 %n the ount emote &le S3stemH Screen select Continue:? The $rof&le Screen &s d&spla3ed sho6&ng the select&ons made pre(&ousl3 Cl&ck on 4e+in
Installation
Slice File System SiBe
0 / ''1?1 Swap 5170' Overlap
: /var 5170= /opt 10;:05? :7 /export/home 1':1Table $% *?#2 Gi+abyte Dis== The ne-t sect&on aga&n takes some t&me to completeK once &t &s &nstalled 3ou 6&ll 2e
sho6n a screen of the Solar&s ; Soft6are ' !nstallat&on Status Cl&ck on Ne?tto proceed=5 !nstallat&on &s no6 complete Cl&ck !eboot No.to re2oot @ea(e Solar&s ; Soft6are ' of
' CD &n the dr&(e as &t &s needed for the ne-t sect&on9=? @og &nto the S3stem as root
Page # of !
-
8/10/2019 Unix Server Build_Sun Solaris.doc
5/25
Company-Document Unix Server Build Sun Solaris Ver. 1.1
=7 Th&s +e-t Sect&on &nstalls $ackages that are needed not &nstalled 6&th the De(eloperS3stem
=; %pt&onal9 To !nstall Solst&ce D&sk Su&te used for &rror&ng9 rom a Console Screen t3pe
# cd /cdrom/cdrom0/Solaris_8/!/products/"isSuite_4$%$ $/installer
= Cl&ck Ne?t50 Cl&ck Ne?t51 ake sure Default Install&s selected then Cl&ck Ne?t5' Cl&ck Install No.5: %nce &t &s &nstalled cl&ck Ne?tthen E?it5= Dont !eboot55 To !nstall the )ash the )ourne aga&n shell that 6&ll 2e used as a preference9 GJ&p and
@ess 3ou need to unJ&p certa&n f&les and add the packages to the s3stem To do so t3pe thefollo6&ng commands
# cd $$/$$/$$/'roduct
# pgadd d $ S()*bash This adds the package onto the system.
5? Ihen asked &f 3ou 6&sh to cont&nue t3pe y
# pgadd d $ S()*g+ip This adds the package onto the system.
57 Ihen asked &f 3ou 6&sh to cont&nue t3pe y
# pgadd d $ S()*less This adds the package onto the system.
5; Ihen asked &f 3ou 6&sh to cont&nue t3pe y5 +e-t 6e need to create an account that 6e can log &nto the s3stem 6&th root log&n has
2een d&sa2led completel39
# admintool , (The easiest way to do this is using admintool).
?0 Select 8d&tAdd To add a ne6 user9?1 Then f&ll &n the *ser +ame L b
-
8/10/2019 Unix Server Build_Sun Solaris.doc
6/25
Company-Document Unix Server Build Sun Solaris Ver. 1.1
#%& Confi+urin+ t-e Default Gate.ay
# vi /etc/defaultrouter&0$$0$%4
/%& A00e0 F1DN to )etc)-osts
# vi /etc/hosts&0$$0$& sunsrv0&$mahindrabt$com sunsrv0& loghost
Added full3 Eual&f&ed doma&n name to /etc/hosts to pre(ent sendma&l errors
,%& Installin+ Sun 3atc-es
1 !nsert Solar&s ; $atches d&sk &nto dr&(e and allo6 Solar&s to mount the CD#%
# cp /cdrom/cdrom0/1 /tmp# cd /tmp
# un+ip 8_1unJ&ps the ;.recommJ&p f&le9# cd 8_2ecommended# $/install_cluster
' Ans6er yto cont&nue 6&th &nstall: Some of the patches 6&ll fa&l 6&th certa&n return codes ' and ; are not a pro2lem 2ut &f an3
fa&l 6&th 5 or '5 then th&s needs to 2e sorted at the end The onl3 patch that ma3 fa&l &s10;;?#1; Th&s &s due to a 2ug &n(ol(&ng space f&les The other J&p f&le on the /tmp d&rector3that 6as cop&ed across 6&ll then need to 2e &nstalled to f&- th&s pro2lem The procedure for
f&-&ng and then re&nstall&ng 10;;?#1; &s sho6n 2elo6 A88en0i? Ce-pla&ns all the e-&t codesmean&ngs that could 2e outputted dur&ng the cluster &nstall
# cd $$# un+ip &&034_&$+ip
# patchadd &&0345&& Th&s f&-Os for a pro2lem 6&th space f&les that can affect otherpatches9
= %nce th&s patch &s &nstalled the fa&led patch needs to 2e re&nstalled
# cd 8_2ecommended# patchadd &088-35&8
5 %nce th&s &s done the s3stem needs to 2e re2ooted aga&n for the patches to take effect
2%& Installin+ GCC
GCC &s the G+* C Comp&ler and &s necessar3 for comp&l&ng programs such as SS 6h&ch areonl3 a(a&la2le &n source form !nstall&ng &t also has the s&de effect of &nstall&ng the G+* C l&2rar&esthat are needed 23 some of the ut&l&t&es 6e 6&ll 2e &nstall&ng later
Page $ of !
-
8/10/2019 Unix Server Build_Sun Solaris.doc
7/25
Company-Document Unix Server Build Sun Solaris Ver. 1.1
Ie are &nstall&ng GCC as a th&rd part3 pre#comp&led package us&ng the Sun $ackage anager
The f&rst step &s to cop3 the f&le onto the s3stem for e-ample us&ng T$ The f&le &s called gcc-3.2.2-sol8-sparc-local.gz ! ha(e assumed that the f&le &s placed &n /tmp for the rest of th&se-ample
The f&rst step &s to unpack the f&le
#gun+ip /tmp/gcc5$%$%5sol85sparc5local$g+
The f&les should ha(e lost &tOs PgJO e-tens&on and 6&ll 2e cons&dera2l3 larger
Ie must 2e root to add packages to the s3stem So no6 su to root
#su 5
+o6 6e must add &t to the s3stem &rst change to the d&rector3 6here the f&le &s
#cd /tmp
+o6 6e can add the package as th&s &s a spooled packaged &e all &n one f&le and not &n ad&rector39 6e om&t the PO after the P#dO
#pgadd d gcc5$%$%5sol85sparc5local
Ans6er 3es 6hen 3ou are asked &f 3ou 6ant to add the GCC package
You ha(e no6 &nstalled the package You can conf&rm th&s us&ng the Ppkg&nfoO command?;'!=>/usr/ccs/bin/usr/local/bin#export '!=>
Create a locked user account for the SS daemon to run as Th&s user should ha(e no homed&rector3 and the account should 2e locked 6e also set the shell to 2e /usr/2&n/false so thate(en &f someone acc&dentall3 unlocks the account &t st&ll 6onOt 2e usa2le
#useradd s /etc/bin/false sshd
#passwd l sshd
Change to the locat&on that 3ou ha(e place the d&str&2ut&on tar2all &n ! ha(e assumed /tmp9?8*!2)*AS?&
oot and user pass6ords are set to e-p&re at the : month mark !f the root pass6ord e-p&res&t must 2e reset from thes3stem console To a(o&d lockout reset the root pass6ords at the ' month mark
DefinitionsA,I88>S # a-&mum t&me per&od that a pass6ord &s (al&d!+I88>S # &n&mum t&me per&od 2efore a pass6ord can 2e changed$ASS@8+GT # &n&mum length of a pass6ord &n charactersIA+I88>S # T&me per&od unt&l 6arn&ng of date of pass6ordUs ensu&ng e-p&rat&on
$*%& Confi+urin+ ;o+in Failure Attem8t
# vi /etc/default/login
# "isconnect users after three login failures2=2HS?
NOTE )3 default Solar&s 6&ll term&nate a connect&on after 5 consecut&(e log&n fa&lures Set retr&esto : Th&s &s an &ndustr3standard eg : str&kes 3ouOre out9
# =he SSFOI_G!HF"_FOIH)S variable is used to determine how man.failed# login attempts will be allowed b. the s.stem before a failed login# message is loggedK using the s.slogBC FOI_)O=H7 facilit.$ GorexampleK# if the variable is set to 0K login will log 5all5 failed loginattempts$#SSFOI_G!HF"_FOIH)S?
$#%& !emo5in+ or Disablin+ nnecessary Accounts
#passwd l adm#passwd l bin#passwd l daemon#passwd l listen#passwd l lp#passwd l nobody
#passwd l noaccess#passwd l nuucp#passwd l sys#passwd l uucp
The no2od3= account &s no longer needed# userdel nobody4
Page 1$ of !
-
8/10/2019 Unix Server Build_Sun Solaris.doc
17/25
Company-Document Unix Server Build Sun Solaris Ver. 1.1
$,%& !estrictin+ FT3 sa+e
8nsured /etc/ftpusers conta&ned the follo6&ng accounts?/usr/sbin/usr/bin(6!SA?0%