After the Solaris installation finished you got to modifiy these things.<\/p>\n
1. Login with ‘root’ user<\/p>\n
2.To create group and user account:
\n#groupadd -g 500 unixmin
\n#useradd -u 500 -g unixmin -d \/export\/home\/zawhtet -m -s \/usr\/bin\/bash -c “Zaw Htet” zawhtet
\n#passwd zawhtet<\/p>\n
3.Create no login user for Services (Optional)
\n#groupadd -g 501 squid
\n#useradd -u 501 -g squid -s \/usr\/bin\/false -c “Squid Admin” squid<\/p>\n
4.To change the login name and home directory for – user2 (new) to user1 (old).
\n#usermod -m -d \/export\/home\/user1 -l user1 user2<\/p>\n
For Testing, create user2 first,
\n#useradd -u 503 -g unixmin -d \/export\/home\/user2 -m -s \/usr\/bin\/bash -c “User 2” user2
\nThen modify, user2 login name and home directory become user1
\n#usermod -m -d \/export\/home\/user1 -l user1 user2
\nNote: Even we modified the user’s home directory and login name, User2 name still remains\/ also put the account to random group.
\ncat \/etc\/passwd
\nuser1:x:503:500:User 2:\/export\/home\/user1:\/usr\/bin\/bash<\/p>\n
5.Deleting User Accounts
\n#userdel\u00a0 user1\u00a0\u00a0– to remove the user1 account
\n#userdel -r user1\u00a0– This command also remove the user’s Home Directory<\/p>\n
6.Deleting Group
\n#groupdel
\ncat \/etc\/group<\/p>\n
7.When we first login to terminal, you will see that you got “\/bin\/sh”
\n#echo $SHELL
\n\/bin\/sh
\n#bash
\nbash-3.00$
\nNote: When you edit the file even with root account you will get Read-Only message
\nIf you want to save after you open file with Vi editor use ‘:wq!’
\nbash-3.00# whereis bash
\nbash: \/usr\/bin\/bash \/usr\/man\/man1\/bash.1<\/p>\n
8.If you want to set root or your user account, permanently login to bash shell
\nvi\u00a0 \/etc\/passwd
\nroot:x:0:0:Super-User:\/:\/bin\/sh
\nchange to
\nroot:x:0:0:Super-User:\/:\/bin\/bash<\/p>\n
9. Create ‘.bash_profile’ file under ‘\/’ then copy to \/root (#cp\u00a0\u00a0 .*\u00a0\u00a0 \/root)
\nvi .bash_profile
\nexport PATH=\/usr\/bin:\/usr\/sbin:\/usr\/sfw\/bin:\/opt\/sfw\/bin:\/usr\/dt\/bin:\/usr\/sadm\/admin\/bin\/
\nexport PS1='[\\u@\\h \\W]\\$ ‘
\nexport HISTSIZE=5000
\nalias ls=’ls -l’
\nalias netstat=’netstat -an |grep LISTEN’
\nalias h=’history’
\nalias lsd=’ls -ACF \\!* | more’
\nalias lsl=’ls -alh | less’
\nalias lst=’ls -alt \\!* | more’
\nalias plm=’ps -elf | more’
\nalias plg=’ps -elf | grep “\\!*” | sort -n +3 -4′
\nalias psm=’ps -ef | more’
\nalias psg=’ps -ef | grep “\\!*” | sort -n +1 -2′<\/p>\n
10.refresh the profile with logout
\nsource ~root\/.bash_profile
\n.\u00a0 ~root\/.bash_profile
\n#env or\u00a0 set
\n#echo $PATH
\n\/usr\/sbin:\/usr\/bin:\/usr\/sfw\/bin\/
\n#export<\/p>\n
11.Make root account to login to his home directory
\nvi\u00a0 \/etc\/passwd
\nroot:x:0:0:Super-User:\/:\/bin\/bash
\nchange to
\nroot:x:0:0:Super-User:\/root:\/bin\/bash<\/p>\n
12.Make SSH login permission to root user
\nvi\u00a0 \/etc\/ssh\/sshd_config
\nPermitRootLogin\u00a0 yes<\/p>\n
13.Restart SSH service
\n#svcadm enable ssh
\n#svcadm refresh ssh
\n#svcs -a | grep ssh
\n#netstat -an | grep LISTEN<\/p>\n
14.IPFilter for Solaris Firewall
\nsvcadm enable ipfilter
\nsvcs -a|grep pfil
\n\/usr\/share\/ipfilter\/examples. Just copy one of them over \/etc\/ipf\/ipf.conf<\/p>\n
#ipf\u00a0 -Fa\u00a0 -f\u00a0 \/etc\/ipf\/ipf.conf
\npass in all
\npass out all<\/p>\n
routeadm -u -e ipv4-forwarding<\/p>\n
vi\u00a0 \/etc\/ipf\/ipf.conf
\n———————–Firewall—————————————
\npass in quick on lo0 all
\npass out quick on lo0 all
\nblock in log on e1000g0 all
\nblock out log on e1000g0 all
\npass out quick on e1000g0 proto tcp\/udp from any to any keep state
\npass out quick on e1000g0 proto icmp all keep state
\npass in quick on e1000g0 proto icmp all keep state
\npass in quick proto tcp from any to any port = 22 keep state
\npass in quick proto tcp from any to any port = 10000 keep state
\npass in quick proto udp from any to any port = 67 keep state
\n———————————————————————–
\n# Allow all traffic on loopback.
\npass in quick on lo0 all
\npass out quick on lo0 all
\n# Public Network.\u00a0\u00a0 Block everything not explicity allowed.
\nblock in log on e1000g0 all
\nblock out log on e1000g0 all<\/p>\n
# Allow all connection out from this computer
\npass out quick on e1000g0 proto tcp\/udp from any to any keep state<\/p>\n
# Allow pings out.
\npass out quick on e1000g0 proto icmp all keep state<\/p>\n
# Allow pings in.
\npass in quick on e1000g0 proto icmp all keep state<\/p>\n
# Allow ssh connection on port 22 to Laptop(192.168.0.1)
\npass in quick proto tcp from 192.168.0.1 to 192.168.0.254 port=22 keep state
\npass in quick proto tcp from any to any port = 22 keep state
\npass in quick proto tcp from any to any port = 10000 keep state
\n————————————————————————————————
\n-bash-3.00# cat reloadipf.sh
\n#!\/bin\/sh
\n# Last Modified On: 25-FEB-2006
\n# Script to reload the IFP
\nipf -Fa -f \/etc\/ipf\/ipf.conf
\n-bash-3.00#
\n————————————————————————————————
\nipf -E\u00a0 : Enable ipfilter when running for the\u00a0\u00a0 first time.(Needed for ipf on Tru64)<\/p>\n
ipf -f \/etc\/ipf\/ipf.conf\u00a0 : Load rules in \/etc\/ipf\/ipf.conf file into the active firewall.<\/p>\n
ipf -Fa -f \/etc\/ipf\/ipf.conf : Flush all rules, then load rules in \/etc\/ipf\/ipf.conf\u00a0\u00a0 into active firwall.<\/p>\n
ipf -Fi\u00a0 : Flush all input rules.<\/p>\n
ipf -I -f \/etc\/ipf\/ipf.conf : Load rules in \/etc\/ipf\/ipf.conf file into inactive firewall.<\/p>\n
ipf -V\u00a0 : Show version info and active list.<\/p>\n
ipf -s\u00a0 : Swap active and inactive firewalls.<\/p>\n
ipfstat\u00a0 : Show summary<\/p>\n
ipfstat -i : Show input list<\/p>\n
ipfstat -o : Show output list<\/p>\n
ipfstat -hio : Show hits against all rules<\/p>\n
ipfstat -t -T 5 : Monitor the state table and refresh every 5 seconds.\u00a0\u00a0 Output is similiar to ‘top’ monitoring the process table.<\/p>\n
ipmon -s S : Watch state table.<\/p>\n
ipmon -sn : Write logged entries to syslog, and convert back\u00a0\u00a0 to hostnames and servicenames.<\/p>\n
ipmon -s [file] : Write logged entries to some file.<\/p>\n
ipmon -Ds : Run ipmon as a daemon, and log to default location.\u00a0 (\/var\/adm\/messages for Solaris) (\/var\/log\/syslog for Tru64)<\/p>\n
15.Solaris 10 Static IP Configuration
\n\/etc\/nodename
\n\/etc\/hosts
\n\/etc\/inet\/hosts
\n\/etc\/hostname.e1000g0
\n\/etc\/inet\/ipnodes
\n\/etc\/inet\/netmasks
\n\/etc\/defaultdomain
\n\/etc\/defaultrouter
\n\/etc\/resolv.conf
\nsvcadm\u00a0 restart network\/physical<\/p>\n
16. Solaris 10 Dynamic IP Configuration, make sure following files are blank.
\n\/etc\/hostname.e1000g0
\n\/etc\/dhcp.e1000g0
\n\/etc\/defaultrouter
\nsvcadm\u00a0 restart network\/physical<\/p>\n
#\/usr\/sbin\/netservices limited<\/p>\n
17. Check Port Open\u00a0 status
\n#netstat -n -f inet
\n#netstat \u2013anf\u00a0 inet -P tcp
\n#netstat -anf\u00a0 inet \u2013P udp
\n#netstat\u00a0\u00a0 -nr
\nlsof\u00a0 -i\u00a0\u00a0 TCP
\nlsof\u00a0 -I\u00a0 TCP\u00a0 | grep LISTEN<\/p>\n
18. Package management
\nIf you want to add more solaris packages from DVD, after you installed the solaris
\nfirst insert the DVD and mount the DVD by
\nRemount volume manager
\n#\/etc\/init.d\/volmgt stop
\n#\/etc\/init.d\/volmgt start
\ncheck
\n# ls \/cdrom\/cdrom0
\n# cd \/cdrom\/cdrom0\/Solaris_10\/Product
\nor mount manually from
\n#mount -F\u00a0 hsfs\u00a0 \/dev\/dsk\/c0t0d0p0\u00a0\u00a0 \/mnt<\/p>\n
19.mount ISO file
\n#lofiadm -a \/tmp\/companion-sparc-sol10.iso \/dev\/lofi\/1
\n#mount -F hsfs -o ro \/dev\/lofi\/1 \/mnt<\/p>\n
20. CD Burning
\n#cdrw -l
\nLooking for CD devices…
\nNode\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Connected Device\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Device type
\n———————-+——————————–+—————–
\n\/dev\/rdsk\/c2t0d0s2\u00a0\u00a0 | MATSHITA DVD-RAM UJ-845S\u00a0 D200 | CD Reader\/Writer
\n#cdrw -d c2t0d0s2 -i companion-sparc-sol10.iso<\/p>\n
21. Package installation
\n#ls\u00a0 \/mnt\/Solaris_10\/Product
\nSolaris Packages start with ‘SUNW*’
\nIf you want to add one package
\n#pkgadd\u00a0 -d\u00a0 .\u00a0 SUNWbash
\nNormally these packages install to ‘\/usr\/sfw’<\/p>\n
Or you want to manually download bz2 package from internet and install like this
\nbunzip2 firefox-24.0.en-US.solaris-10-fcs-i386-pkg.bz2
\npkgadd -d firefox-24.0.en-US.solaris-10-fcs-i386-pkg<\/p>\n
Decompress tar.gz file
\n#gunzip\u00a0\u00a0 vmware-solaris-tools.tar.gz\u00a0\u00a0 |tar\u00a0\u00a0\u00a0 -xv
\n#tar\u00a0 xvf\u00a0\u00a0 vmware-solaris-tools.tar.gz<\/p>\n
If your package is in .bz2 format then first uncompress it using bunzip2 command:
\n#bunzip2 Packagname.bz2
\nInstall package:
\n#pkgadd \u2013d Packagname
\nNote .bz2 extension will automatically removed by first command.
\nFor example if your package name is SFWqt.bz2
\n#buzip2 SFWqt.bz2
\n#pkgadd \u2013d SFWqt<\/p>\n
Add Packages from DVD to \/var\/spool\/pkg
\n#Pkgadd\u00a0\u00a0\u00a0 -d\u00a0\u00a0\u00a0 \/cdrom\/sol_10_910_x86\/Solaris_10\/Product\/\u00a0\u00a0\u00a0\u00a0 -s \/var\/spool\/pkg\/\u00a0\u00a0\u00a0\u00a0 SUNWgtar
\n#pkgadd\u00a0 SUNWgtar
\n#pkgadd \u2013d\u00a0\u00a0\u00a0\u00a0 \/path\/to\/cdrom\/Product\u00a0\u00a0\u00a0 SUNWjaf\u00a0\u00a0\u00a0\u00a0 SUNWjato\u00a0\u00a0\u00a0 SUNWjmail
\n#pkginfo -l | grep wget
\n#pkginfo -l SUNWwgetu<\/p>\n
#gunzip lsof_1106-4.80-sol10-sparc-local.gz
\n#pkgadd -d lsof_1106-4.80-sol10-sparc-local or *.pkg
\nIf gunzip cannot run add the variable path to
\n\/usr\/local\/bin
\n\/usr\/local\/lib
\n\/usr\/local\/man<\/p>\n
For installing all the packages, create an install administration file such as:
\n# cat \/var\/tmp\/admin
\nmail=
\nconflict=nocheck
\nsetuid=nocheck
\naction=nocheck
\npartial=nocheck
\ninstance=overwrite
\nidepend=nocheck
\nrdepend=nocheck
\nspace=check
\n#pkgadd -a \/var\/tmp\/admin -d \/cdrom\/cdrom\/Solaris_Software_Companion\/Solaris_i386\/<\/p>\n