Information and Communication Technologies | ||||||
help | registration | services | resources | about ict | people | ||||||
|
||||||
Setting up Digital Unix Securely
For Superusers of Compaq Systems ~ OSF, Digital Unix, Tru64 UNIX 1.Latest System Release 2. Latest Patches Source of Patches http://ftp1.service.digital.com/public/Digital_UNIX/ anonymous @ ftp.europe.digital.com ~ cd /public/unix download latest .tar patch files - see README files Installing Patches untar patch file ~ tar xf filename.tar Single patches have installation instructions in a README file - usually for copying the new files into the correct directory after saving copies of the old versions. Patch Kits are files containing a number of patches, not all security related, which supersedes the previous patch kit for that level of the operating system. They include a tailored patch installation utility call dupatch. When the tar download is extracted a sub-directory is created called patch_kit - within that is the dupatch utility along with a README and installation guides. The utility can be run with the command ./dupatch after moving to the patch_kit directory. Note that dupatch will only install patches in single-user-mode. Once you are sure that the patch kit has been extracted from the tar file successfully, shutdown the machine to the boot prompt, ">>". Then boot to single-user-mode with the command boot -fl s. When the single-user prompt appears, "#", enter the following commands .... mount -a to mount file systems swapon -a to open swap .... then cd to the path_kit directory and enter the command .... ./dupatch to start the utility The dupatch utility is menu driven and fairly straightforward. Installing a patch kit can be very slow on older systems and can take over an hour. Installing includes an option for reversing the patch installation at a later date. While this is advisable it does use space on the /var file system. The patch kits, and most other patches, need to have the kernel rebuilt after installation. Re-Building Kernel Execute the command doconfig. This will ask for confirmation of .... Kernel configuration file name - usually hostname Possibly ask if OK to overwrite existing configuration file - usually OK Kernel options to use - if in doubt reply with the ALL option If kernel configuration file needs to be edited - nearly always NO The system will build the new kernel - this can take several minutes - and finally give the name of the new-kernel-file before exiting. Save the current kernel file with the command cp /vmunix /vmunix.old and replace with mv new-kernel-file /vmunix Then reboot the machine with either reboot or shutdown -r now Reinstalling the Operating System from CD-ROM Note that re-installing will reformat any disk partitions used and all data on these partitions will be lost. From the boot prompt, ">>", enter show devices to list the devices attached to the machine. Find the cd-rom device in the list and note it's device name - usually beginning with "dk". Insert the operating system cd into the cd-rom and boot from it with the command boot device_name. Eventually the installing window will be displayed for setting the installation options. Hard copies of the current /etc/fstab and the Installation Manual for the operating system would be very useful here. When the installation is complete the system will need to be configured to restore local settings. This will be easier if certain documents and hard copies of certain files are to hand. Here is a general list. Licence documentation for the system Installation manuals and licence documentation for any applications Hard copies of the following files : /etc/passwd
~ if using a local password base automounter
service is running and any local files in the /var/yp/src directory if a NIS server Also keep a hard copies of the output from the following commands : /usr/sbin/setld -i ~ lists installed subsets & patches df ~ lists active disk partitions etc /sbin/disklabel rz?? ~ partition table for each disk Now complete the post-installation checks: follow this link
|
||||||
© 2002 Imperial College of Science, Technology and Medicine. |