使用 Solaris 的初步設定(轉)
使用 Solaris 的初步設定(轉)[@more@]1.配置root使用者SSH登陸
# vi /etc/ssh/sshd_config
ListenAddress 192.168.0.10
PermitRootLogin yes
# > /etc/motd
# vi /etc/default/init
LANG=zh
2.取消幾個影響系統啟動的TIMEOUT
# vi /etc/bootrc
set boot_timeout 0
# vi /boot/solaris/bootenv.rc
setprop auto-boot-timeout 0
setprop boottimeout '0'
# vi /boot/solaris/strap.rc
Options timeout=0
3.取消自動關機
# vi /etc/power.conf
#autoshutdown 30 9:00 9:00 default
4.設定使用者的環境變數
# vi /etc/passwd
root:x:0:1:Super-User:/:/usr/bin/bash
# vi /.bashrc
PS1='[u@H W]$'
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/ucb:/usr/sbin:/etc:/usr/local/bin:/usr/local/sbin:/usr/ccs/bin:/usr/sfw/bin
MANPATH=$MANPATH:/usr/man:/usr/local/man:/opt/sfw/man
LD_LIBRARY_PATH=/usr/lib:/usr/dt/lib:/usr/openwin/lib:/usr/sfw/lib:
/usr/local/lib:/usr/local/ssl/lib
CC=gcc
export PS1 PATH MANPATH LD_LIBRARY_PATH CC
export EDITOR=vim
umask 022
TMOUT=1800
# vi .bash_profile
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
5.安裝常用軟體包
TOP工具:
# gzip -d top-3.5beta12.5-sol9-intel-local.gz
# pkgadd -d top-3.5beta12.5-sol9-intel-local
VIM工具:
# gzip -d ncurses-5.3-sol9-intel-local.gz
# pkgadd -d ncurses-5.3-sol9-intel-local
# gzip -d vim-6.2-sol9-intel-local.gz
# pkgadd -d vim-6.2-sol9-intel-local
# mv /bin/vi /bin/vi.bak
# ln -s /usr/local/bin/vim /bin/vi
# cp /usr/local/share/vim/vim62/vimrc_example.vim /.vimrc
# vi /.vimrc
把其中的:
set backup " keep a backup file
修改為:
set nobackup " keep a backup file
# vi /etc/hosts
加一條記錄:
192.168.0.15 win2k
GCC工具:
# gzip -d libiconv-1.8-sol9-intel-local.gz
# gzip -d gcc-3.3.2-sol9-intel-local.gz
# pkgadd -d libiconv-1.8-sol9-intel-local
# pkgadd -d gcc-3.3.2-sol9-intel-local
MAKE工具:
# gzip -d make-3.80-sol9-intel-local.gz
# gzip -d automake-1.7.2-sol9-intel-local.gz
# pkgadd -d make-3.80-sol9-intel-local
# pkgadd -d automake-1.7.2-sol9-intel-local
MOZILLA:
# pkgrm SUNWnsb SUNWnsm SUNWnspsm SUNWnsxp
# gzip -d mozilla-i386-pc-solaris2.8-1.6.pkg.tar.gz
# tar -vxf mozilla-i386-pc-solaris2.8-1.6.pkg.tar
# cd mozilla-1.6-x86
# pkgadd -d MOZmozilla.pkg
# gzip -d flash_player_6_solaris_intel.tar.gz
# tar vxf flash_player_6_solaris_intel.tar
# cd install_flash_player_6_solaris
# cp * /usr/local/lib/mozilla-1.6/plugins
# cd /usr/local/lib/mozilla-1.6/plugins
# ln -s /usr/j2se/jre/plugin/i386/ns610/libjavaplugin_oji.so
# /usr/local/bin/mozilla
OTHERS:
# pkgadd -d expat-1.95.5-sol9-intel-local
# pkgadd -d gdbm-1.8.3-sol9-intel-local
# pkgadd -d openssl-0.9.7d-sol9-intel-local
# pkgadd -d libgcc-3.3-sol9-intel-local
# pkgadd -d libpcap-0.8.1-sol9-intel-local
# pkgadd -d tcp_wrappers-7.6-sol9-intel-local
# pkgadd -d tcpdump-3.8.1-sol9-intel-local
# pkgadd -d zlib-1.2.1-sol9-intel-local
# pkgadd -d lsof-4.68-sol9-intel-local
6.安裝APACHE-2.0.49
# pkgrm SUNWapchd SUNWapchr SUNWapchu
# gzip -d apache-2.0.49-sol9-intel-local.gz
# pkgadd -d apache-2.0.49-sol9-intel-local
# cp /usr/local/apache2/bin/apachectl /etc/rc3.d/S50apache
# chmod 744 /etc/rc3.d/S50apache
# chown root:sys /etc/rc3.d/S50apache
# 配置/usr/local/apache2/conf/httpd.conf過程略。
# SMCapach2
7.安裝OPENSSH-3.8
# pkgrm SUNWsshcu SUNWsshdr SUNWsshdu SUNWsshr SUNWsshu
# gzip -d openssh-3.8p1-sol9-intel-local.gz
# pkgadd -d openssh-3.8p1-sol9-intel-local
# mkdir /var/empty
# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd -c "arthur sshd privsep" -d /var/empty -s /bin/false sshd
# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""
# vi /etc/init.d/sshd
===========================sshd============================
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident "@(#)sshd 1.1 01/09/24 SMI"
case "$1" in
start)
/usr/local/sbin/sshd
;;
stop)
pkill sshd
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
===========================sshd============================
# chmod 750 /etc/init.d/sshd
# chown root:sys /etc/init.d/sshd
# ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd
# vi /etc/hosts.deny
sshd:ALL
# vi /etc/hosts.allow
sshd:192.168.0.15
# rm /.ssh/*
8.安裝SAMBA-3
# cp /etc/rc3.d/S90samba bak.S90samba
# pkgrm SUNWsmbac SUNWsmbar SUNWsmbau
# gzip -d samba-3.0.2a-sol9-intel-local.gz
# gzip -d popt-1.7-sol9-intel-local.gz
# pkgadd -d popt-1.7-sol9-intel-local
# pkgadd -d samba-3.0.2a-sol9-intel-local
# cd /usr/local/samba/doc/samba/examples/
# cp smb.conf.default /usr/local/samba/lib/smb.conf
# 設定smb.conf檔案過程略
# mv /etc/rc3.d/bak.S90samba S90samba
# chown root:sys /etc/rc3.d/S90samba
# vim /etc/rc3.d/S90samba
=======================S90samba========================
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident "@(#)samba 1.1 01/09/24 SMI"
case "$1" in
start)
[ -f /usr/local/samba/lib/smb.conf ] || exit 0
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
;;
stop)
pkill smbd
pkill nmbd
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
=======================S90samba========================
9.初步的系統安全設定
為安全起見在/etc/inetd.conf中註釋掉除下列服務的所有服務
ftp
echo
echo
discard
discard
rstatd/2-4
fs
100083/1
在只需要不多圖形操作的伺服器或是要保證相當的安全,你也許應該關掉字型服務fs,也可以關掉系統效能監視器rstatd和tooltalk伺服器ttd
bserverd(100083/1),查詢剩下需要關閉的埠的程式用這個命令:
# /usr/local/bin/lsof -i | grep port
為安全起見在防止堆疊溢位
# cp /etc/system /etc/system.BACKUP
# vi /etc/system
在檔案的最後,加上以下兩行:
set noexec_user_stack=1
set noexec_user_stack_log=1
禁用自動啟動DESKTOP
# /usr/dt/bin/dtconfig -d
為安全起見停掉幾個系統服務:
解除安裝SENDMAIL:
# pkgrm SUNWsndmr SUNWsndmu
解除安裝TELNET:
# pkgrm SUNWtnetc SUNWtnetd SUNWtnetr
# cd /etc/rc2.d
# mv S71ldap.client _S71ldap.client
# mv S72inetsvc _S72inetsvc
# mv S74autofs _S74autofs
# mv S74xntpd _S74xntpd
# mv S80lp _S80lp
# mv S71rpc _S71rpc
# mv S73nfs.client _S73nfs.client
# cd /etc/rc3.d
# mv S34dhcp _S34dhcp
# mv S15nfs.server _S15nfs.server
# mv S76snmpdx _S76snmpdx
解除安裝PCMCIA支援:
# pkgrm SUNWpcelx SUNWpcmci SUNWpcmcu SUNWpcmem SUNWpcser SUNWpsdpr
安裝PORT掃描工具NMAP
# gzip -d nmap-3.50-sol9-intel-local.gz
# gzip -d pcre-4.5-sol9-intel-local.gz
# pkgadd -d nmap-3.50-sol9-intel-local
# pkgadd -d pcre-4.5-sol9-intel-local
掃描本機埠:
# nmap -P0 -sT localhost
安裝網路漏洞掃描工具NESSUS:
# gzip -d nessus-2.0.9-sol9-intel-local.gz
# pkgadd -d nessus-2.0.9-sol9-intel-local
建立SSL證照:
# nessus-mkcert
新增NESSUS使用者:
# nessus-adduser
以ROOT啟動NESSUS伺服器:
# nessus -D
啟動NESSUS的GUI客戶端:
# nessus
# vi /etc/ssh/sshd_config
ListenAddress 192.168.0.10
PermitRootLogin yes
# > /etc/motd
# vi /etc/default/init
LANG=zh
2.取消幾個影響系統啟動的TIMEOUT
# vi /etc/bootrc
set boot_timeout 0
# vi /boot/solaris/bootenv.rc
setprop auto-boot-timeout 0
setprop boottimeout '0'
# vi /boot/solaris/strap.rc
Options timeout=0
3.取消自動關機
# vi /etc/power.conf
#autoshutdown 30 9:00 9:00 default
4.設定使用者的環境變數
# vi /etc/passwd
root:x:0:1:Super-User:/:/usr/bin/bash
# vi /.bashrc
PS1='[u@H W]$'
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/ucb:/usr/sbin:/etc:/usr/local/bin:/usr/local/sbin:/usr/ccs/bin:/usr/sfw/bin
MANPATH=$MANPATH:/usr/man:/usr/local/man:/opt/sfw/man
LD_LIBRARY_PATH=/usr/lib:/usr/dt/lib:/usr/openwin/lib:/usr/sfw/lib:
/usr/local/lib:/usr/local/ssl/lib
CC=gcc
export PS1 PATH MANPATH LD_LIBRARY_PATH CC
export EDITOR=vim
umask 022
TMOUT=1800
# vi .bash_profile
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
5.安裝常用軟體包
TOP工具:
# gzip -d top-3.5beta12.5-sol9-intel-local.gz
# pkgadd -d top-3.5beta12.5-sol9-intel-local
VIM工具:
# gzip -d ncurses-5.3-sol9-intel-local.gz
# pkgadd -d ncurses-5.3-sol9-intel-local
# gzip -d vim-6.2-sol9-intel-local.gz
# pkgadd -d vim-6.2-sol9-intel-local
# mv /bin/vi /bin/vi.bak
# ln -s /usr/local/bin/vim /bin/vi
# cp /usr/local/share/vim/vim62/vimrc_example.vim /.vimrc
# vi /.vimrc
把其中的:
set backup " keep a backup file
修改為:
set nobackup " keep a backup file
# vi /etc/hosts
加一條記錄:
192.168.0.15 win2k
GCC工具:
# gzip -d libiconv-1.8-sol9-intel-local.gz
# gzip -d gcc-3.3.2-sol9-intel-local.gz
# pkgadd -d libiconv-1.8-sol9-intel-local
# pkgadd -d gcc-3.3.2-sol9-intel-local
MAKE工具:
# gzip -d make-3.80-sol9-intel-local.gz
# gzip -d automake-1.7.2-sol9-intel-local.gz
# pkgadd -d make-3.80-sol9-intel-local
# pkgadd -d automake-1.7.2-sol9-intel-local
MOZILLA:
# pkgrm SUNWnsb SUNWnsm SUNWnspsm SUNWnsxp
# gzip -d mozilla-i386-pc-solaris2.8-1.6.pkg.tar.gz
# tar -vxf mozilla-i386-pc-solaris2.8-1.6.pkg.tar
# cd mozilla-1.6-x86
# pkgadd -d MOZmozilla.pkg
# gzip -d flash_player_6_solaris_intel.tar.gz
# tar vxf flash_player_6_solaris_intel.tar
# cd install_flash_player_6_solaris
# cp * /usr/local/lib/mozilla-1.6/plugins
# cd /usr/local/lib/mozilla-1.6/plugins
# ln -s /usr/j2se/jre/plugin/i386/ns610/libjavaplugin_oji.so
# /usr/local/bin/mozilla
OTHERS:
# pkgadd -d expat-1.95.5-sol9-intel-local
# pkgadd -d gdbm-1.8.3-sol9-intel-local
# pkgadd -d openssl-0.9.7d-sol9-intel-local
# pkgadd -d libgcc-3.3-sol9-intel-local
# pkgadd -d libpcap-0.8.1-sol9-intel-local
# pkgadd -d tcp_wrappers-7.6-sol9-intel-local
# pkgadd -d tcpdump-3.8.1-sol9-intel-local
# pkgadd -d zlib-1.2.1-sol9-intel-local
# pkgadd -d lsof-4.68-sol9-intel-local
6.安裝APACHE-2.0.49
# pkgrm SUNWapchd SUNWapchr SUNWapchu
# gzip -d apache-2.0.49-sol9-intel-local.gz
# pkgadd -d apache-2.0.49-sol9-intel-local
# cp /usr/local/apache2/bin/apachectl /etc/rc3.d/S50apache
# chmod 744 /etc/rc3.d/S50apache
# chown root:sys /etc/rc3.d/S50apache
# 配置/usr/local/apache2/conf/httpd.conf過程略。
# SMCapach2
7.安裝OPENSSH-3.8
# pkgrm SUNWsshcu SUNWsshdr SUNWsshdu SUNWsshr SUNWsshu
# gzip -d openssh-3.8p1-sol9-intel-local.gz
# pkgadd -d openssh-3.8p1-sol9-intel-local
# mkdir /var/empty
# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd -c "arthur sshd privsep" -d /var/empty -s /bin/false sshd
# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""
# vi /etc/init.d/sshd
===========================sshd============================
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident "@(#)sshd 1.1 01/09/24 SMI"
case "$1" in
start)
/usr/local/sbin/sshd
;;
stop)
pkill sshd
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
===========================sshd============================
# chmod 750 /etc/init.d/sshd
# chown root:sys /etc/init.d/sshd
# ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd
# vi /etc/hosts.deny
sshd:ALL
# vi /etc/hosts.allow
sshd:192.168.0.15
# rm /.ssh/*
8.安裝SAMBA-3
# cp /etc/rc3.d/S90samba bak.S90samba
# pkgrm SUNWsmbac SUNWsmbar SUNWsmbau
# gzip -d samba-3.0.2a-sol9-intel-local.gz
# gzip -d popt-1.7-sol9-intel-local.gz
# pkgadd -d popt-1.7-sol9-intel-local
# pkgadd -d samba-3.0.2a-sol9-intel-local
# cd /usr/local/samba/doc/samba/examples/
# cp smb.conf.default /usr/local/samba/lib/smb.conf
# 設定smb.conf檔案過程略
# mv /etc/rc3.d/bak.S90samba S90samba
# chown root:sys /etc/rc3.d/S90samba
# vim /etc/rc3.d/S90samba
=======================S90samba========================
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident "@(#)samba 1.1 01/09/24 SMI"
case "$1" in
start)
[ -f /usr/local/samba/lib/smb.conf ] || exit 0
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
;;
stop)
pkill smbd
pkill nmbd
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
=======================S90samba========================
9.初步的系統安全設定
為安全起見在/etc/inetd.conf中註釋掉除下列服務的所有服務
ftp
echo
echo
discard
discard
rstatd/2-4
fs
100083/1
在只需要不多圖形操作的伺服器或是要保證相當的安全,你也許應該關掉字型服務fs,也可以關掉系統效能監視器rstatd和tooltalk伺服器ttd
bserverd(100083/1),查詢剩下需要關閉的埠的程式用這個命令:
# /usr/local/bin/lsof -i | grep port
為安全起見在防止堆疊溢位
# cp /etc/system /etc/system.BACKUP
# vi /etc/system
在檔案的最後,加上以下兩行:
set noexec_user_stack=1
set noexec_user_stack_log=1
禁用自動啟動DESKTOP
# /usr/dt/bin/dtconfig -d
為安全起見停掉幾個系統服務:
解除安裝SENDMAIL:
# pkgrm SUNWsndmr SUNWsndmu
解除安裝TELNET:
# pkgrm SUNWtnetc SUNWtnetd SUNWtnetr
# cd /etc/rc2.d
# mv S71ldap.client _S71ldap.client
# mv S72inetsvc _S72inetsvc
# mv S74autofs _S74autofs
# mv S74xntpd _S74xntpd
# mv S80lp _S80lp
# mv S71rpc _S71rpc
# mv S73nfs.client _S73nfs.client
# cd /etc/rc3.d
# mv S34dhcp _S34dhcp
# mv S15nfs.server _S15nfs.server
# mv S76snmpdx _S76snmpdx
解除安裝PCMCIA支援:
# pkgrm SUNWpcelx SUNWpcmci SUNWpcmcu SUNWpcmem SUNWpcser SUNWpsdpr
安裝PORT掃描工具NMAP
# gzip -d nmap-3.50-sol9-intel-local.gz
# gzip -d pcre-4.5-sol9-intel-local.gz
# pkgadd -d nmap-3.50-sol9-intel-local
# pkgadd -d pcre-4.5-sol9-intel-local
掃描本機埠:
# nmap -P0 -sT localhost
安裝網路漏洞掃描工具NESSUS:
# gzip -d nessus-2.0.9-sol9-intel-local.gz
# pkgadd -d nessus-2.0.9-sol9-intel-local
建立SSL證照:
# nessus-mkcert
新增NESSUS使用者:
# nessus-adduser
以ROOT啟動NESSUS伺服器:
# nessus -D
啟動NESSUS的GUI客戶端:
# nessus
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/10617731/viewspace-959075/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Solaris網路管理:DNS客戶端的設定(轉)DNS客戶端
- solaris 網路設定
- solaris中如何設定解析度?在solaris中設定解析度的方法教程
- Solaris下設定Oracle自啟動Oracle
- DirectX 7 程式設計初步 (轉)程式設計
- MOM 2005 安裝設定初步
- [轉載] PyCharm、CLion 的設定和使用PyCharm
- Solaris 預設Shell的修改以及命令列補全的設定命令列
- Solaris 11 設定root使用者允許SSH遠端登入
- JAVA POI的初步使用Java
- 淺談Delpih中的windowsAPI程式設計初步(1)(轉)WindowsAPI程式設計
- FreeBSD設定和使用DHCP(轉)
- Solaris下的常用命令和使用方法(轉)
- Oracle 11g 在solaris 10 上核心引數的設定Oracle
- 以Solaris架設FTP虛擬系統(轉)FTP
- SAP ECC6 IDES系統安裝後的初步設定IDE
- FreeBSD設定和使用ipfw/natd(轉)
- Solaris 程式管理(轉)
- Solaris 下的 oracle 的基本操作(轉)Oracle
- java設定-JDK環境變數的設定(轉)JavaJDK變數
- Linux環境組合語言程式設計初步——使用gdb除錯程式(轉)Linux組合語言程式設計除錯
- 多使用者,多語言設定(轉)
- C#和.Net的初步研究 (轉)C#
- JDBC的初步瞭解及使用JDBC
- 關於 Service 設計初步(MSDN節選翻譯) (轉)
- Solaris 系統命令(轉)
- Solaris 基本命令(轉)
- 【轉】linux定時任務的設定Linux
- Solaris下Domino資料的移植(轉)
- Solaris的硬體相關命令(轉)
- macos 使用前的設定Mac
- Autotrace的設定與使用
- HttpClient初步使用方法HTTPclient
- 恢復IpTables的預設設定(Script)(轉)
- Solaris 軟體包管理(轉)
- 網路安裝solaris(轉)
- 在solaris環境下,根據java程式的不同,設定不同的環境變數Java變數
- NFS Server設定(轉)NFSServer