歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Unix知識 >> Unix基礎知識

Solaris初步設置

1.配置root用戶SSH登陸

# vi /etc/ssh/sshd_config

ListenAddress 192.168.0.10

PermitRootLogin yes

# > /etc/motd

# vi /etc/default/init

LANG=zh

2.取消幾個影響系統啟動的TIMEOUT

# vi /etc/bootrc

set boot_timeout 0

# vi /boot/solaris/bootenv.rc

setprop auto-boot-timeout 0

setprop boottimeout '0'

# vi /boot/solaris/strap.rc

Options timeout=0

3.取消自動關機

# vi /etc/power.conf

#autoshutdown 30 9:00 9:00 default

4.設置用戶的環境變量

# vi /etc/passwd

root:x:0:1:Super-User:/:/usr/bin/bash

# vi /.bashrc

PS1='[\u@\H \W]\$'

PATH=$PATH:/bin:/sbin:/usr/bin:/usr/ucb:/usr/sbin:/etc:/usr/local/bin:/usr/local/sbin:/usr/ccs/bin:/usr/sfw/bin

MANPATH=$MANPATH:/usr/man:/usr/local/man:/opt/sfw/man

LD_LIBRARY_PATH=/usr/lib:/usr/dt/lib:/usr/openwin/lib:/usr/sfw/lib:

/usr/local/lib:/usr/local/ssl/lib

CC=gcc

export PS1 PATH MANPATH LD_LIBRARY_PATH CC

export EDITOR=vim

umask 022

TMOUT=1800

# vi .bash_profile

if [ -f ~/.bashrc ]; then

. ~/.bashrc

fi

5.安裝常用軟件包

TOP工具:

# gzip -d top-3.5beta12.5-sol9-intel-local.gz

# pkgadd -d top-3.5beta12.5-sol9-intel-local

VIM工具:

# gzip -d ncurses-5.3-sol9-intel-local.gz

# pkgadd -d ncurses-5.3-sol9-intel-local

# gzip -d vim-6.2-sol9-intel-local.gz

# pkgadd -d vim-6.2-sol9-intel-local

# mv /bin/vi /bin/vi.bak

# ln -s /usr/local/bin/vim /bin/vi

# cp /usr/local/share/vim/vim62/vimrc_example.vim /.vimrc

# vi /.vimrc

把其中的:

set backup " keep a backup file

修改為:

set nobackup " keep a backup file

# vi /etc/hosts

加一條記錄:

192.168.0.15 win2k

GCC工具:

# gzip -d libiconv-1.8-sol9-intel-local.gz

# gzip -d gcc-3.3.2-sol9-intel-local.gz

# pkgadd -d libiconv-1.8-sol9-intel-local

# pkgadd -d gcc-3.3.2-sol9-intel-local

MAKE工具:

# gzip -d make-3.80-sol9-intel-local.gz

# gzip -d automake-1.7.2-sol9-intel-local.gz

# pkgadd -d make-3.80-sol9-intel-local

# pkgadd -d automake-1.7.2-sol9-intel-local

MOZILLA:

# pkgrm SUNWnsb SUNWnsm SUNWnspsm SUNWnsxp

# gzip -d mozilla-i386-pc-solaris2.8-1.6.pkg.tar.gz

# tar -vxf mozilla-i386-pc-solaris2.8-1.6.pkg.tar

# cd mozilla-1.6-x86

# pkgadd -d MOZmozilla.pkg

# gzip -d flash_player_6_solaris_intel.tar.gz

# tar vxf flash_player_6_solaris_intel.tar

# cd install_flash_player_6_solaris

# cp * /usr/local/lib/mozilla-1.6/plugins

# cd /usr/local/lib/mozilla-1.6/plugins

# ln –s /usr/j2se/jre/plugin/i386/ns610/libjavaplugin_oji.so

# /usr/local/bin/mozilla

OTHERS:

# pkgadd -d expat-1.95.5-sol9-intel-local

# pkgadd -d gdbm-1.8.3-sol9-intel-local

# pkgadd -d openssl-0.9.7d-sol9-intel-local

# pkgadd -d libgcc-3.3-sol9-intel-local

# pkgadd -d libpcap-0.8.1-sol9-intel-local

# pkgadd -d tcp_wrappers-7.6-sol9-intel-local

# pkgadd -d tcpdump-3.8.1-sol9-intel-local

# pkgadd -d zlib-1.2.1-sol9-intel-local

# pkgadd -d lsof-4.68-sol9-intel-local

6.安裝APACHE-2.0.49

# pkgrm SUNWapchd SUNWapchr SUNWapchu

# gzip -d apache-2.0.49-sol9-intel-local.gz

# pkgadd -d apache-2.0.49-sol9-intel-local

# cp /usr/local/apache2/bin/apachectl /etc/rc3.d/S50apache

# chmod 744 /etc/rc3.d/S50apache

# chown root:sys /etc/rc3.d/S50apache

# 配置/usr/local/apache2/conf/httpd.conf過程略。

# SMCapach2

7.安裝OPENSSH-3.8

# pkgrm SUNWsshcu SUNWsshdr SUNWsshdu SUNWsshr SUNWsshu

# gzip -d openssh-3.8p1-sol9-intel-local.gz

# pkgadd -d openssh-3.8p1-sol9-intel-local

# mkdir /var/empty

# chown root:sys /var/empty

# chmod 755 /var/empty

# groupadd sshd

# useradd -g sshd -c "arthur sshd privsep" -d /var/empty -s /bin/false sshd

# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""

# ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""

# ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

# vi /etc/init.d/sshd

===========================sshd============================

#!/sbin/sh

#

# Copyright (c) 2001 by Sun Microsystems, Inc

# All rights reserved.

#

#ident "@(#)sshd 1.1 01/09/24 SMI"

case "$1" in

start)

/usr/local/sbin/sshd

;;

stop)

pkill sshd

;;

*)

echo "Usage: $0 { start | stop }"

exit 1

;;

esac

exit 0

===========================sshd============================

# chmod 750 /etc/init.d/sshd

# chown root:sys /etc/init.d/sshd

# ln –s /etc/init.d/sshd /etc/rc2.d/S98sshd

# vi /etc/hosts.deny

sshd:ALL

# vi /etc/hosts.allow

sshd:192.168.0.15

# rm /.ssh/*

8.安裝SAMBA-3

# cp /etc/rc3.d/S90samba bak.S90samba

# pkgrm SUNWsmbac SUNWsmbar SUNWsmbau

# gzip -d samba-3.0.2a-sol9-intel-local.gz

# gzip -d popt-1.7-sol9-intel-local.gz

# pkgadd -d popt-1.7-sol9-intel-local

# pkgadd -d samba-3.0.2a-sol9-intel-local

# cd /usr/local/samba/doc/samba/examples/

# cp smb.conf.default /usr/local/samba/lib/smb.conf

# 設置smb.conf文件過程略

# mv /etc/rc3.d/bak.S90samba S90samba

# chown root:sys /etc/rc3.d/S90samba

# vim /etc/rc3.d/S90samba

=======================S90samba========================

#!/sbin/sh

#

# Copyright (c) 2001 by Sun Microsystems, Inc

# All rights reserved.

#

#ident "@(#)samba 1.1 01/09/24 SMI"

case "$1" in

start)

[ -f /usr/local/samba/lib/smb.conf ] || exit 0

/usr/local/samba/sbin/smbd -D

/usr/local/samba/sbin/nmbd -D

;;

stop)

pkill smbd

pkill nmbd

;;

*)

echo "Usage: $0 { start | stop }"

exit 1

;;

esac

exit 0

=======================S90samba========================

9.初步的系統安全設置

為安全起見在/etc/inetd.conf中注釋掉除下列服務的所有服務

ftp

echo

echo

discard

discard

rstatd/2-4

fs

100083/1

在只需要不多圖形操作的服務器或是要保證相當的安全,你也許應該關掉字體服務fs,也可以關掉系統性能監視器rstatd和tooltalk服務器ttdbserverd(100083/1),查找剩下需要關閉的端口的進程用這個命令:

# /usr/local/bin/lsof -i | grep port

為安全起見在防止堆棧溢出

# cp /etc/system /etc/system.BACKUP

# vi /etc/system

在文件的最後,加上以下兩行:

set noexec_user_stack=1

set noexec_user_stack_log=1

禁用自動啟動DESKTOP

# /usr/dt/bin/dtconfig –d

為安全起見停掉幾個系統服務:

卸載SENDMAIL:

# pkgrm SUNWsndmr SUNWsndmu

卸載TELNET:

# pkgrm SUNWtnetc SUNWtnetd SUNWtnetr

# cd /etc/rc2.d

# mv S71ldap.client _S71ldap.client

# mv S72inetsvc _S72inetsvc

# mv S74autofs _S74autofs

# mv S74xntpd _S74xntpd

# mv S80lp _S80lp

# mv S71rpc _S71rpc

# mv S73nfs.client _S73nfs.client

# cd /etc/rc3.d

# mv S34dhcp _S34dhcp

# mv S15nfs.server _S15nfs.server

# mv S76snmpdx _S76snmpdx

卸載PCMCIA支持:

# pkgrm SUNWpcelx SUNWpcmci SUNWpcmcu SUNWpcmem SUNWpcser SUNWpsdpr

安裝PORT掃描工具NMAP

# gzip -d nmap-3.50-sol9-intel-local.gz

# gzip -d pcre-4.5-sol9-intel-local.gz

# pkgadd -d nmap-3.50-sol9-intel-local

# pkgadd -d pcre-4.5-sol9-intel-local

掃描本機端口:

# nmap -P0 -sT localhost

安裝網絡漏洞掃描工具NESSUS:

# gzip -d nessus-2.0.9-sol9-intel-local.gz

# pkgadd -d nessus-2.0.9-sol9-intel-local

建立SSL證書:

# nessus-mkcert

添加NESSUS用戶:

# nessus-adduser

以ROOT啟動NESSUS服務器:

# nessus –D

啟動NESSUS的GUI客戶端:

# nessus

Copyright © Linux教程網 All Rights Reserved