How you go about configuring
your SGI depends on what kind of system it is. All new SGI's come
with IRIX 6.5, and I believe that now all with a graphical display come
with an automated setup program called "OutofBox" which does most of the
configuration. If your SGI is a graphical system, follow the section
below on setting up with OutOfBox. If you're running 6.5 on a graphical
system and don't have OutOfBox, follow IRIX 6.5 Graphical Setup.
Otherwise, you need to follow the complete setup instructions below.
Follow the complete instructions if you've re-installed the OS or are in
doubt about what the OutOfBox setup program has done. When you're
done with whatever path you chose on this page, continue by doing the entire
next page, Mail and X-Windows.
Get this information before starting.
an IP address and hostname from your department's network administrator or computer support person. System Name: This your system's name. It is the first word in the hostname you were given for the computer, e.g. "meatloaf" for "meatloaf.dining.upenn.edu". IP address: a sequence of four numbers separated by periods, e.g 130.91.65.254 Netmask(or perhaps "mask"): needs to be 255.255.252.0 or, 0xfffffc00 in hexadecimal, for the Chemistry subnets. Router(gateway): 130.91.64.1 for non-IAST Chemistry Building, or 130.91.112.1 for IAST. Broadcast: 130.91.67.255 for non-IAST Chemistry Building, or 130.91.115.255 for IAST Nameservers: 128.91.2.13, 128.91.254.1, 128.91.254.4
Configure your SGI:
Setting up with Out of Box
IRIX 6.5 Graphical Setup
Complete setup
This will get the system working minimally. I highly recommend reading through the complete section below. Some of the steps will have already been implemented.
1. From the login window, log in to the root account
by entering root and hitting return.
2. On the desktop, locate "Toolchest" and open the
submenu "System". Select "System Manager" to start the System Manager
tool.
3. Select "Security and Access Control".
4. Select "Improve System Security" to start this
tool. There are a number of security options that you can choose
to implement. Choose the most secure options: lock all password-less
accounts; restrict the root account's access to Java and JavaScript,
the most secure option is explained in most of them. Some of
these options, such as passwords on accounts are required by the University's
policy on use of computer resources.
5. Go back to the main menu in System Manager. Select
"Networking and Connectivity" and then "Set Up and Start Networking".
6. When you're done with this task, select "Modify Network
Settings" on this same menu sheet.
7. These are the basic tasks you'll need to get started.
You can perform many SGI sysadmin tasks from the System Manager.
Wait until you've finished this setup to do more.
8. The System Manager doesn't let you change the TIMEZONE.
EST5EDT
9. Select "System Restart" under the sub-menu "System" in
the Toolchest to restart the system and make sure everything comes up properly.
You'll need to change or create new some text files and execute commands in the UNIX environment, (SGI's use a version of UNIX called IRIX.). You should already be familiar with basic UNIX, e.g. navigating directories, executing commands, editing text files. If you're rusty on this, now is a good time to refresh yoursel. Be sure that you understand how to edit text files and execute basic commands in the UNIX shell environment before proceeding. (SGI's come with C shell as the default root shell. This manual uses C shell for all of its shell commands. Note: some of the network parameters used as examples apply specifically to the Chemistry Complex subnet only. The corresponding IAST information is provided also. Turn the system on now, and wait for the login prompt to appear. Enter root at the login prompt, and you'll be ready to begin.
Put in the System Name. One generally
uses only the first field, but on "a.chem.upenn.edu" two fields were used:
"a.chem"; just "a" would have been sufficient.
For
IRIX 6.5 use the full hostname.
130.91.??.?? a.chem.upenn.edu a.chem a(use the correct IP of course)
Do NOT ever take out the 127 line from /etc/hosts as:
127.0.0.1 localhost(this line may have more aliases, don't change them)
EST5EDT
$ROUTE $QUIET add default 130.91.64.1on an older IRIX system, create /etc/rc2.d/S99routeadd with the following line instead:
/usr/etc/route add default 130.91.64.1 1careful! any extra lines before or after this could prevent networking from starting!
Pre-IRIX 6.5:
broadcast 130.91.67.255
netmask 255.255.252.0
IRIX 6.5:(must be on a single line or networking will not work!)
broadcast 130.91.67.255 netmask 255.255.252.0
For a pre-IRIX 6.2 system, you need to add this also
-trailers
This file does not exist by default. It
is a suggested configuration file here for security reasons, to restrict
portmap services to a subset of the network. This will need modifications
outside the chem.upenn.edu domain. I use the subnet mask of the subnet
followed by the first IP address of the subnet:
-a 255.255.252.0,130.91.64.0
for IAST:
-a 255.255.252.0,130.91.112.0
(Note: older versions of IRIX put resolv.conf
in /usr/etc.)
domain chem.upenn.edu
hostresorder bind local Skip this line in IRIX 6.5.
nameserver 128.91.2.13
nameserver 128.91.254.1
nameserver 128.91.254.4
The 'hostresorder' tag puts 'bind' first,
which consults DNS for hostnames before your /etc/hosts file. Only add
host IP addresses there for machines under
your control.
Now is a good time to do some 'chkconfig' commands
to turn on or off some options with IRIX. Some of these like timed
are 'on' by default, some are off. These files reside in /etc/config and
many have associated options files. The first in the list below is highly
recommended! It causes the system to display more information when the
booting up.
chkconfig verbose on
chkconfig autoconfig_ipaddress off
chkconfig routed off
chkconfig gated off
chkconfig named off
chkconfig timed off
chkconfig timeslave off
chkconfig vswap off
If you want to be sure the clock on the system stays on track, use
timeslave to achieve this. Choose a host with a good clock that will
provide time information and change the file /etc/config/timeslave.options
to have:
-H <hostname of the system with a good clock>
Then,
chkconfig timeslave on
passwd
This will set the root password. Enter
a good password, i.e. one that no one will guess or hacker will be able
to crack. Write it down on paper and seal it in an envelope.
In case you forget it, you'll know whether anyone else has seen it.
Don't give it out to anyone outside those trusted co-workers and backups
who might need it. Root users can make any changes possible on a
system. (More on this in the sections covering security.)
pwconv
This will create a separate file, /etc/shadow,
that contains the encrypted passwords normally found in /etc/passwd.
The /etc/passwd file must be readable by all users, and thus the encrypted
passwords are vulnerable to "crack" programs that attempt to decrypt them.
Note: some software, particularly NMR programs don't work properly with
shadow password files.
Lock out all accounts that have no password. Search for empty password fields--pairs of '::' just after the username. Change them to be ':*:' Make sure ALL lines in /etc/shadow are locked or have an encrypted password hash. Sample names that SGI used to and may still deliver without passwords are:
lp nuucp tutor demos tour guest 4Dgiftsthere may be more, check it out.
Never remove the user 'guest.' Various things like remote network
installs need to run as guest.
rebootor,
/etc/shutdown -y -g0 -i6When it comes back up, log in and try telnetting to another system to ensure the network is working properly.
Optional:
Test out the network by doing 'ping' to some computer outside your
domain. Do a '/usr/etc/netstat -rn' and the 'default' destination should
show it with a UG (G for gateway) Flag. This command also shows the name
of the ethernet interface (eg., ec0) and then you can do a '/usr/etc/ifconfig
ec0' to see that the proper netmask (0xfffffc00 is the same as 255.255.252.0),
broadcast, etc. are set correctly in /etc/config/ifconfig-1.options.