Solaris 10

After the Solaris installation finished you got to modifiy these things.

1. Login with ‘root’ user

2.To create group and user account:
#groupadd -g 500 unixmin
#useradd -u 500 -g unixmin -d /export/home/zawhtet -m -s /usr/bin/bash -c “Zaw Htet” zawhtet
#passwd zawhtet

3.Create no login user for Services (Optional)
#groupadd -g 501 squid
#useradd -u 501 -g squid -s /usr/bin/false -c “Squid Admin” squid

4.To change the login name and home directory for – user2 (new) to user1 (old).
#usermod -m -d /export/home/user1 -l user1 user2

For Testing, create user2 first,
#useradd -u 503 -g unixmin -d /export/home/user2 -m -s /usr/bin/bash -c “User 2” user2
Then modify, user2 login name and home directory become user1
#usermod -m -d /export/home/user1 -l user1 user2
Note: Even we modified the user’s home directory and login name, User2 name still remains/ also put the account to random group.
cat /etc/passwd
user1:x:503:500:User 2:/export/home/user1:/usr/bin/bash

5.Deleting User Accounts
#userdel  user1  – to remove the user1 account
#userdel -r user1 – This command also remove the user’s Home Directory

6.Deleting Group
#groupdel
cat /etc/group

7.When we first login to terminal, you will see that you got “/bin/sh”
#echo $SHELL
/bin/sh
#bash
bash-3.00$
Note: When you edit the file even with root account you will get Read-Only message
If you want to save after you open file with Vi editor use ‘:wq!’
bash-3.00# whereis bash
bash: /usr/bin/bash /usr/man/man1/bash.1

8.If you want to set root or your user account, permanently login to bash shell
vi  /etc/passwd
root:x:0:0:Super-User:/:/bin/sh
change to
root:x:0:0:Super-User:/:/bin/bash

9. Create ‘.bash_profile’ file under ‘/’ then copy to /root (#cp   .*   /root)
vi .bash_profile
export PATH=/usr/bin:/usr/sbin:/usr/sfw/bin:/opt/sfw/bin:/usr/dt/bin:/usr/sadm/admin/bin/
export PS1='[\u@\h \W]\$ ‘
export HISTSIZE=5000
alias ls=’ls -l’
alias netstat=’netstat -an |grep LISTEN’
alias h=’history’
alias lsd=’ls -ACF \!* | more’
alias lsl=’ls -alh | less’
alias lst=’ls -alt \!* | more’
alias plm=’ps -elf | more’
alias plg=’ps -elf | grep “\!*” | sort -n +3 -4′
alias psm=’ps -ef | more’
alias psg=’ps -ef | grep “\!*” | sort -n +1 -2′

10.refresh the profile with logout
source ~root/.bash_profile
.  ~root/.bash_profile
#env or  set
#echo $PATH
/usr/sbin:/usr/bin:/usr/sfw/bin/
#export

11.Make root account to login to his home directory
vi  /etc/passwd
root:x:0:0:Super-User:/:/bin/bash
change to
root:x:0:0:Super-User:/root:/bin/bash

12.Make SSH login permission to root user
vi  /etc/ssh/sshd_config
PermitRootLogin  yes

13.Restart SSH service
#svcadm enable ssh
#svcadm refresh ssh
#svcs -a | grep ssh
#netstat -an | grep LISTEN

14.IPFilter for Solaris Firewall
svcadm enable ipfilter
svcs -a|grep pfil
/usr/share/ipfilter/examples. Just copy one of them over /etc/ipf/ipf.conf

#ipf  -Fa  -f  /etc/ipf/ipf.conf
pass in all
pass out all

routeadm -u -e ipv4-forwarding

vi  /etc/ipf/ipf.conf
———————–Firewall—————————————
pass in quick on lo0 all
pass out quick on lo0 all
block in log on e1000g0 all
block out log on e1000g0 all
pass out quick on e1000g0 proto tcp/udp from any to any keep state
pass out quick on e1000g0 proto icmp all keep state
pass in quick on e1000g0 proto icmp all keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state
pass in quick proto udp from any to any port = 67 keep state
———————————————————————–
# Allow all traffic on loopback.
pass in quick on lo0 all
pass out quick on lo0 all
# Public Network.   Block everything not explicity allowed.
block in log on e1000g0 all
block out log on e1000g0 all

# Allow all connection out from this computer
pass out quick on e1000g0 proto tcp/udp from any to any keep state

# Allow pings out.
pass out quick on e1000g0 proto icmp all keep state

# Allow pings in.
pass in quick on e1000g0 proto icmp all keep state

# Allow ssh connection on port 22 to Laptop(192.168.0.1)
pass in quick proto tcp from 192.168.0.1 to 192.168.0.254 port=22 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 10000 keep state
————————————————————————————————
-bash-3.00# cat reloadipf.sh
#!/bin/sh
# Last Modified On: 25-FEB-2006
# Script to reload the IFP
ipf -Fa -f /etc/ipf/ipf.conf
-bash-3.00#
————————————————————————————————
ipf -E  : Enable ipfilter when running for the   first time.(Needed for ipf on Tru64)

ipf -f /etc/ipf/ipf.conf  : Load rules in /etc/ipf/ipf.conf file into the active firewall.

ipf -Fa -f /etc/ipf/ipf.conf : Flush all rules, then load rules in /etc/ipf/ipf.conf   into active firwall.

ipf -Fi  : Flush all input rules.

ipf -I -f /etc/ipf/ipf.conf : Load rules in /etc/ipf/ipf.conf file into inactive firewall.

ipf -V  : Show version info and active list.

ipf -s  : Swap active and inactive firewalls.

ipfstat  : Show summary

ipfstat -i : Show input list

ipfstat -o : Show output list

ipfstat -hio : Show hits against all rules

ipfstat -t -T 5 : Monitor the state table and refresh every 5 seconds.   Output is similiar to ‘top’ monitoring the process table.

ipmon -s S : Watch state table.

ipmon -sn : Write logged entries to syslog, and convert back   to hostnames and servicenames.

ipmon -s [file] : Write logged entries to some file.

ipmon -Ds : Run ipmon as a daemon, and log to default location.  (/var/adm/messages for Solaris) (/var/log/syslog for Tru64)

15.Solaris 10 Static IP Configuration
/etc/nodename
/etc/hosts
/etc/inet/hosts
/etc/hostname.e1000g0
/etc/inet/ipnodes
/etc/inet/netmasks
/etc/defaultdomain
/etc/defaultrouter
/etc/resolv.conf
svcadm  restart network/physical

16. Solaris 10 Dynamic IP Configuration, make sure following files are blank.
/etc/hostname.e1000g0
/etc/dhcp.e1000g0
/etc/defaultrouter
svcadm  restart network/physical

#/usr/sbin/netservices limited

17. Check Port Open  status
#netstat -n -f inet
#netstat –anf  inet -P tcp
#netstat -anf  inet –P udp
#netstat   -nr
lsof  -i   TCP
lsof  -I  TCP  | grep LISTEN

18. Package management
If you want to add more solaris packages from DVD, after you installed the solaris
first insert the DVD and mount the DVD by
Remount volume manager
#/etc/init.d/volmgt stop
#/etc/init.d/volmgt start
check
# ls /cdrom/cdrom0
# cd /cdrom/cdrom0/Solaris_10/Product
or mount manually from
#mount -F  hsfs  /dev/dsk/c0t0d0p0   /mnt

19.mount ISO file
#lofiadm -a /tmp/companion-sparc-sol10.iso /dev/lofi/1
#mount -F hsfs -o ro /dev/lofi/1 /mnt

20. CD Burning
#cdrw -l
Looking for CD devices…
Node            Connected Device            Device type
———————-+——————————–+—————–
/dev/rdsk/c2t0d0s2   | MATSHITA DVD-RAM UJ-845S  D200 | CD Reader/Writer
#cdrw -d c2t0d0s2 -i companion-sparc-sol10.iso

21. Package installation
#ls  /mnt/Solaris_10/Product
Solaris Packages start with ‘SUNW*’
If you want to add one package
#pkgadd  -d  .  SUNWbash
Normally these packages install to ‘/usr/sfw’

Or you want to manually download bz2 package from internet and install like this
bunzip2 firefox-24.0.en-US.solaris-10-fcs-i386-pkg.bz2
pkgadd -d firefox-24.0.en-US.solaris-10-fcs-i386-pkg

Decompress tar.gz file
#gunzip   vmware-solaris-tools.tar.gz   |tar    -xv
#tar  xvf   vmware-solaris-tools.tar.gz

If your package is in .bz2 format then first uncompress it using bunzip2 command:
#bunzip2 Packagname.bz2
Install package:
#pkgadd –d Packagname
Note .bz2 extension will automatically removed by first command.
For example if your package name is SFWqt.bz2
#buzip2 SFWqt.bz2
#pkgadd –d SFWqt

Add Packages from DVD to /var/spool/pkg
#Pkgadd    -d    /cdrom/sol_10_910_x86/Solaris_10/Product/     -s /var/spool/pkg/     SUNWgtar
#pkgadd  SUNWgtar
#pkgadd –d     /path/to/cdrom/Product    SUNWjaf     SUNWjato    SUNWjmail
#pkginfo -l | grep wget
#pkginfo -l SUNWwgetu

#gunzip lsof_1106-4.80-sol10-sparc-local.gz
#pkgadd -d lsof_1106-4.80-sol10-sparc-local or *.pkg
If gunzip cannot run add the variable path to
/usr/local/bin
/usr/local/lib
/usr/local/man

For installing all the packages, create an install administration file such as:
# cat /var/tmp/admin
mail=
conflict=nocheck
setuid=nocheck
action=nocheck
partial=nocheck
instance=overwrite
idepend=nocheck
rdepend=nocheck
space=check
#pkgadd -a /var/tmp/admin -d /cdrom/cdrom/Solaris_Software_Companion/Solaris_i386/

Download zipped ISO from http://www.sun.com/software/solaris/freeware/
# unzip sol-10-u8-companion-ga-iso.zip
# lofiadm -a `pwd`/sol-10-u8-companion-ga.iso
# mount -oro -Fhsfs /dev/lofi/1 /mnt
# /bin/yes | pkgadd -d /mnt/Solaris_Software_Companion/Solaris_sparc/Packages all
# pkgrm SFWvnc
# umount /mnt
# lofiadm -d `pwd`/sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga.iso
# rm sol-10-u8-companion-ga-iso.zip

22.To remove package
#pkgrm

23.System Info Commands
#cat /etc/release
#showrev
#uname -a
#prtconf  | grep -i memory
#psrinfo
#psrinfo -pv
#isainfo -bv
#isalist
#date ‘+DateTime: %m.%d.%y @ %H:%M:%S’
date mmddHHMMccyy
date  091810022013
#ps -ef
#ps -U root
#tty / w
#pgrep sshd
#pgrep -o sshd
#pgrep -o sshd
#pkill (PID) or sshd
#pwdx (PID) – Lists the working directories of process
#prstat
#svcs -o FMRI,DESC

24.KDE Login after intallation from Companion DVD
#/opt/sfw/kde/dtlogin/install-dtlogin

25.To disable the GUI login Solaris
First login with ssh and Kill desktop login
#/usr/dt/bin/dtconfig -kill
#/usr/dt/bin/dtconfig -d
#/usr/dt/bin/dtconfig -e
#/usr/dt/bin/dtconfig -reset
#/usr/dt/bin/dtconfig -inetd

26.Static Routing (-p) option for permanent route
#route -p add -net 192.168.2.0    192.168.1.2   255.255.255.0
Network         Gateway
add net 192.168.2.0: gateway 192.168.1.254
add persistent net 192.168.2.0: gateway 192.168.1.254

The above created route would still appear the same in a listing of the
routing table, however, you may notice that there is a secondary line
of output upon creating the route:

add persistent net 192.168.2.0: gateway 192.168.1.254

This simply means that the ‘route’ command updated config file
/etc/inet/static_routes.  By default, this file will not exist until
a static route is created via ‘route -p …’ or you create it.  Before
getting to contents, the following are the ownership / permissions set
to the file by ‘route’:

#ls -l /etc/inet/static_routes
-rw-r–r–   1 root     root          45 Oct  6 13:35 /etc/inet/static_routes
And now, the contents, which are effectively the arguments to ‘route add’:

#cat /etc/inet/static_routes

# File generated by route(1M) – do not edit.
-net 192.168.2.0 192.168.1.2 255.255.255.0

Yes, I know it says do not edit, though in checking out the source of
‘route’ via opensolaris.org, it doesn’t appear that manual editing
is an issue.  Finally, Solaris has a native, standardized means of
configuring persistent static routes.

Additionally, to remove a static route, delete it from
/etc/inet/static_routes and remove via ‘route’ or simply use the following
‘route’ command:

#route -p delete -net 192.168.2.0 192.168.1.2 255.255.255.0

27.Bind DNS Server Solaris
————————–
pkginfo -x |grep -i bind
SUNWbind                          BIND DNS Name server and tools
SUNWbindr                         BIND Name server Manifest

pkgchk -l SUNWbind (Client & Server Utilities)
pkgchk -l SUNWbindr | grep -i pathname | less

dig linuxcbt.com ns

ls -l /usr/sbin/named

ls -l /usr/sbin/in.named

ls -ltr /var/named

vi /etc/named.conf  <— br=”” by=”” create=”” default=”” etc=”” file=”” have=”” no=”” s=”” there=”” this=”” to=”” within=”” you=””>

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
listen-on port 53 { 127.0.0.1; 192.168.100.103; };
allow-query { localhost; 192.168.100.0/24; };
forwarders { 192.168.100.254; 8.8.8.8; };
recursion yes;
max-cache-size 100m;
cleaning-interval 60;
};

zone “.” {
type hint;
file “named.root”;
};

zone “mmx.com” {
type master;
file “db.mmx.com”;
allow-update { none; };
};

zone “0.0.127.in-addr.arpa” {
type master;
file “db.127.0.0”;
};

zone “100.168.192.in-addr.arpa” {
type master;
file “db.192.168.100″;
allow-update { none; };
};

—————————————————————————
@ is a variable which indicates the name of the zone as configured in /etc/named.conf

############/var/named/db.127.0.0###############################
$TTL 28800
@ IN SOA  ns1.mmx.com.  zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 )  ; Minimum TTL

NS    ns1.
1  IN    PTR   localhost.mmx.com.

——————————————————————
#############/var/named/db.192.168.100############################
$TTL 28800
@ IN SOA  ns1.mmx.com.  zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 )  ; Minimum TTL

NS    ns1.
89  IN    PTR   ns1.
————————————————————-
###############/var/named/db.mmx.com##########################
$TTL 28800
@ IN SOA  ns1.mmx.com.  zawhtet.mmx.com. (
2013100301 ; serial number yyyymmdd01
7200 ; Refresh Interval
3600 ; Retry Interval
86400 ; Expiry
600 )  ; Minimum TTL

NS    ns1.
IN  MX  10 ns1.mmx.com.

ns1 IN  A     192.168.100.89
www    CNAME  ns1.mmx.com.
————————————————————–
svcadm enable / restart dns/server && dig @localhost ns1.mmx.com
svcs -l dns/server
dig @localhost ns1.mmx.com
dig @localhost msn.com
dig @localhost www.mmx.com
named-checkconf -z /etc/named.conf
svcs  -a \*dns\*
————————————————————–
Slave DNS Server
—————-

Copy following files to slave server:

1. /var/named/db.127.0.0 – Houses reverse, loopback zone info
2. /var/named/named.root – root hints
3. /etc/named.conf

cd /var/named

scp db.127.0.0 db.cache /etc/named.conf 192.168.100.2:/root

On SLave DNS Server

cp /root/db.*  /var/named
cp /root/named.conf /etc

vi /etc/named.conf  <— br=”” dns=”” server=”” slave=””>
options {
directory “/var/named”;
allow-query { localhost; 192.168.100.0/24; };
};

zone “.” {
type hint;
file “named.root”;
};

zone “mmx.com” {
type slave;
file “db.mmx.com”;
masters { 192.168.100.89; };
};

zone “0.0.127.in-addr.arpa” {
type master;
file “db.127.0.0”;
};

zone “1.168.192.in-addr.arpa” {
type slave;
file “db.192.168.1″;
masters { 192.168.100.89; };
};

4. After synchronized with Master server

db.mmx.com – will download to /var/named on Slave DNS Server.
—————————————————————————————————-
28. Install and Configure dhcp server from console

#pkginfo | grep DHCP

If it is not installed then install it from solaris CD <– br=”” dhcpconfig=”” java=”” need=”” run=”” to=”” will=”” you=””>
# pkgadd  -d . SUNWdhc*

#which dhcpmgr

no dhcpmgr in /usr/bin /usr/sbin /usr/sfw/bin /opt/sfw/bin /usr/dt/bin

#/usr/sadm/admin/bin/dhcpmgr & (Everyone can configure DHCP Server from GUI)

#dhtadm

If there’s no DHCP manager . let’s configure it

#ifconfig -a <– br=”” check=”” network=”” the=””>
#netstat -rn <– br=”” check=”” gateway=””>
Then create dhcp database

#dhcpconfig  -D -r SUNWfiles -p /var/dhcp/ -a 192.168.1.4;8.8.8.8 -d mmx.com -l 86400

(Note: 192.168.1.4 – DNS Server / mmx.com = domain / Lease time = 86400)

or

#dhcpconfig  -D -r SUNWfiles -p /var/dhcp/

Created DHCP configuration file.
Created dhcptab.
Added “Locale” macro to dhcptab.
Added server macro to dhcptab – solaris-1.
DHCP server started.

#svcs -a | grep dhcp
online         18:57:30 svc:/network/dhcp-server:default

#dhtadm -P <— br=”” check=”” database=””>
Now configure network and IP

#dhcpconfig -N 192.168.1.0 -m 255.255.255.240 -t 192.168.1.1
(Note: 192.168.1.1 = Gateway)

#pntadm -P 192.168.1.0

#dhcpconfig –help

#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.7 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.8 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.9 192.168.1.0
#pntadm -r SUNWfiles -p /var/dhcp/ -A 192.168.1.10 192.168.1.0

Or

#pntadm  -A  192.168.1.7 –f  MANUAL -i 01001BFC92BC10 -m  192.168.1.0 -y  192.168.1.0

#pntadm -P 192.168.1.0

#pntadm -L

#dhtadm -P

#svcadm restart dhcp-server

#svcs -a | grep dhcp

find  /usr/ -name in.dhcp

#/usr/lib/inet/in.dhcpd -i e1000g0 -d -v

#pntadm -P 192.168.1.0

If a DHCP server is already configured, you can unconfigure it by using the
dhcpconfig command with the unconfigure flag. For example:

# dhcpconfig -Ux