Ora-rg could not start using scswitch command!

From: Asiye Yiğit (Asiye.Yigit@gantek.com)
Date: Mon Oct 10 2005 - 14:45:31 EDT

• Next message: Dave Martini 1: "SUMMARY: How to set ascii mode in sftp"
• Previous message: Eswar Panchu: "Problem with cdrom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

H All,

When I start ora-rg resource group on the primary node, the log file
under
/var/opt/SUNWscar/oracle_server gives the following error and
So oracle server could not be started. Could you please help me!
Regards,

root@cluster1 # tail -f message_log.ora-server-res
Oct 07 17:32:34
SC[SUNWscor.oracle_server.stop]:ha-ora-rg:ora-server-res: Server
 is not running. Calling shutdown abort to clear shared memory (if any)

SQL*Plus: Release 9.2.0.6.0 - Production on Fri Oct 7 17:32:34 2005

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to an idle instance.

SQL> ORACLE instance shut down.
SQL> Disconnected

Oct 10 17:05:43
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Start
ing Oracle server.

SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:05:43 2005

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to an idle instance.

SQL> ORA-00093: shared_pool_reserved_size must be between 5000 and
159383552
SQL> Disconnected

SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:05:44 2005

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to an idle instance.

SQL> grant select on v_$sysstat to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available

SQL> grant select on v_$archive_dest to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available

SQL> Disconnected
Oct 10 17:05:44
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Could
 not start server
Oct 10 17:05:44
SC[SUNWscor.oracle_server.stop]:ha-ora-rg:ora-server-res: Server
 is not running. Calling shutdown abort to clear shared memory (if any)

SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:05:44 2005

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to an idle instance.

SQL> ORACLE instance shut down.
SQL> Disconnected
Oct 10 17:06:05
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Start
ing Oracle server.

SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:06:05 2005

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to an idle instance.

SQL> ORA-00093: shared_pool_reserved_size must be between 5000 and
159383552
SQL> Disconnected

SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:06:05 2005

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to an idle instance.

SQL> grant select on v_$sysstat to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available

SQL> grant select on v_$archive_dest to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available

SQL> Disconnected
Oct 10 17:06:05
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Could
 not start server
Oct 10 17:06:06
SC[SUNWscor.oracle_server.stop]:ha-ora-rg:ora-server-res: Server
 is not running. Calling shutdown abort to clear shared memory (if any)

SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:06:06 2005

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to an idle instance.

SQL> ORACLE instance shut down.
SQL> Disconnected

-----Original Message-----
From: sunmanagers-bounces@sunmanagers.org
[mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of
sunmanagers-request@sunmanagers.org
Sent: Monday, October 10, 2005 7:12 PM
To: sunmanagers@sunmanagers.org
Subject: sunmanagers Digest, Vol 31, Issue 10

Send sunmanagers mailing list submissions to
        sunmanagers@sunmanagers.org

To subscribe or unsubscribe via the World Wide Web, visit
        http://www.sunmanagers.org/mailman/listinfo/sunmanagers
or, via email, send a message with subject or body 'help' to
        sunmanagers-request@sunmanagers.org

You can reach the person managing the list at
        sunmanagers-owner@sunmanagers.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of sunmanagers digest..."

Today's Topics:

   1. Upgrading SAMBA on solaris 2.6 (Josh)
   2. SUMMARY: Activating HotSpare in A1000 with RaidManager (Tim Evans)
   3. Non-interactive sftp (Steve Nelson)
   4. SUMMARY: Is Shockwave Plugin available for Solaris???
      (Dave Martini 1)
   5. SUMMARY: Shockwave Plugin More Info (Dave Martini 1)
   6. Re: Is Shockwave Plugin available for Solaris??? (Dave Martini 1)
   7. rsync destination size never matches source (Shahul Hameed)
   8. Re: Securing Solaris 10 (Pepper Orlando)

----------------------------------------------------------------------

Message: 1
Date: Mon, 10 Oct 2005 15:57:09 +0800
From: Josh <jsoni7@gmail.com>
Subject: Upgrading SAMBA on solaris 2.6
To: sunmanagers@sunmanagers.org
Message-ID:
        <da3ba470510100057n36e16832offd3e3cdb6ffe171@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"

Hello Gurus,
  Kindly guide me in upgradation of Samba from current version 2.2.x to
2.2.8a or 3.x. I have browsed thorugh the google and other search items
like sunsolve but was not able to find any help. Best Regards, Josh.

------------------------------

Message: 2
Date: Mon, 10 Oct 2005 10:01:51 -0400 (EDT)
From: Tim Evans <tkevans@tkevans.com>
Subject: SUMMARY: Activating HotSpare in A1000 with RaidManager
To: sunmanagers@sunmanagers.org
Message-ID: <200510101401.j9AE1pGu027302@osprey.tkevans.com>
Content-Type: TEXT/plain; charset=us-ascii

I wrote:

>I have an A1000 under control of RaidManager 6, set up for RAID 5, with

>12 disks on one LUN. Both one of the 11 data disks *and* the hotspare
>have failed.

>I replaced the hotspare with a new disk, thinking it would
>automagically become active and take over for the other failed disk.
>RaidManager showed the LUN being reconstructed after installing the new

>disk, but now shows the hotspare in "standby" status.
>
>LUN is still showing its status as "degraded," with 10 good disks and
>one failed one.
>
>How do I make the current hotspare take over? Just pull the bad one?

Thanks to:

Helmut Kreft <kreft@belwue.de>
JV <jv711@yahoo.com>
mike.salehi@kodak.com

Concensus was that I should have just replaced the failed disk with the
new one,
rather than replacing the (also-failed) hotspare.

I used RaidManager to delete the new hotspare, then moved the new disk
into the
failed data disk slot. The array attempted to rebuild the LUN, but
that, too,
failed. Troubleshooting in RaidManager indicated errors on one or more
other
disk, causing the failure to rebuild.

fscki-ng the filesystem turned up several dozen unreadable blocks, as
did
ufsdump-ing it.

Before I could troubleshoot any further, however, the entire LUN failed.
RM now
shows two failed disks (not counting the previously failed hotspare).
Attempting to fsck the filesystem came back with the superblock,
including
alternative locations, unreadable.

Looks like I'm s-o-l here. The boss is replacing the array with a new
Linux
server with RAID array.

--
Tim Evans, TKEvans.com, Inc.	|    5 Chestnut Court
tkevans@tkevans.com		|    Owings Mills, MD 21117
http://www.tkevans.com/		|    443-394-3864
http://www.come-here.com/News/	|    
------------------------------
Message: 3
Date: Mon, 10 Oct 2005 15:09:30 +0100
From: Steve Nelson <sanelson@gmail.com>
Subject: Non-interactive sftp
To: sunmanagers@sunmanagers.org
Message-ID:
	<b6131fdc0510100709h7f360c46ud45085676c10a0d1@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hello all,
I'm trying to allow sftp between two hosts (one Sol 8 the other Sol 9)
using key-based authentication so that some critical files can be
transferred securely via cron.  I don't want to allow the ftp user an
interactive shell.
I've set up key-based authentication, and verified this works with
ssh/scp and an interactive shell.  I then then set the ftp user's login
shell to /bin/true. /bin/true is in /etc/shells, all directories in the
/path/to/ftp/user are chmod'd a+x but when I try to sftp a test file,
the client debug output says: couldn't canonicalise - permission denied
- after accepting keys and calling the sftp subsystem; I get the same
error even if I set a valid interactive shell for the user in question.
What have I missed?
S.
Debug output:
On the server:
bash-2.03# /usr/local/sbin/sshd -D -d
debug1: sshd version OpenSSH_3.7.1p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
Then on the client:
$ sftp -v -b sftp_batch tester@n1405b.bananna.co.
uk.dock:/local/home/ftp/tester/in Connecting to
n1405b.bananna.co.uk.dock... OpenSSH_3.7.1p2, SSH protocols 1.5/2.0,
OpenSSL 0.9.6m 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 21: Deprecated option
"RhostsAuthentication"
debug1: Connecting to n1405b.bananna.co.uk.dock [10.192.20.6] port 22.
debug1: Connection established.
debug1: identity file /local/home/nelsost1/.ssh/identity type -1
debug1: identity file /local/home/nelsost1/.ssh/id_rsa type -1
debug1: identity file /local/home/nelsost1/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'n1405b.bananna.co.uk.dock' is known and matches the RSA
host key.
debug1: Found key in /local/home/nelsost1/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /local/home/nelsost1/.ssh/identity
debug1: Trying private key: /local/home/nelsost1/.ssh/id_rsa
debug1: Offering public key: /local/home/nelsost1/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
Couldn't canonicalise: Permission denied
Need cwd
debug1: client_input_channel_req: channel 0 rtype
 exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
The server shows:
debug1: Server will not fork when running in debugging mode. Connection
from 10.108.24.109 port 35229
debug1: Client protocol version 2.0; client software version
OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2
debug1: permanently_set_uid: 200/200
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user tester service ssh-connection method
none
debug1: attempt 0 failures 0
debug1: userauth_banner: sent
Failed none for tester from 10.108.24.109 port 35229 ssh2 Failed none
for tester from 10.108.24.109 port 35229 ssh2
debug1: userauth-request for user tester service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 65539/1 (e=0/1)
debug1: trying public key file
/local/home/ftp/tester/.ssh/authorized_keys
debug1: matching key found: file
/local/home/ftp/tester/.ssh/authorized_keys, line 2 Found matching DSA
key: 6e:d4:75:d8:b1:94:32:ba:63:ee:52:f0:bc:f7:56:fe
debug1: restore_uid: 0/1
Postponed publickey for tester from 10.108.24.109 port 35229 ssh2
debug1: userauth-request for user tester service ssh-connection method
publickey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 65539/1 (e=0/1)
debug1: trying public key file
/local/home/ftp/tester/.ssh/authorized_keys
debug1: matching key found: file
/local/home/ftp/tester/.ssh/authorized_keys, line 2 Found matching DSA
key: 6e:d4:75:d8:b1:94:32:ba:63:ee:52:f0:bc:f7:56:fe
debug1: restore_uid: 0/1
debug1: ssh_dss_verify: signature correct
------------------------------
Message: 4
Date: Mon, 10 Oct 2005 08:49:48 -0700 (PDT)
From: Dave Martini 1 <martini@mrpeabody.llnl.gov>
Subject: SUMMARY: Is Shockwave Plugin available for Solaris???
To: sunmanagers@sunmanagers.org
Message-ID: <200510101549.j9AFnmhB010896@mrpeabody.llnl.gov>
Content-Type: TEXT/plain; charset=us-ascii
Looks like all I needed to do was restart Mozilla. I was doing a re-load
of the page and not exiting out and restarting Mozilla. 
Also, make sure that the plugin are in the Mozilla  plugins directory.
Here is my original question:
Is shockwave plug-in available for Solaris?
I'm using  Mozilla 1.7 on my Solaris machines.
I was able to download the Macromedia Flash Plugin from Macromedia's
site but I don't see a shockwave plugin on their link for Solaris.
http://www.macromedia.com/shockwave/download/alternates/
Anyone know where to get this?
Is there a better browser for Solaris  8 and 9 that has all the plugins 
available?
Thanks Much!
Dave Martini
LLNL
------------------------------
Message: 5
Date: Mon, 10 Oct 2005 08:54:59 -0700 (PDT)
From: Dave Martini 1 <martini@mrpeabody.llnl.gov>
Subject: SUMMARY: Shockwave Plugin More Info
To: sunmanagers@sunmanagers.org
Message-ID: <200510101555.j9AFsxhB010907@mrpeabody.llnl.gov>
Content-Type: TEXT/plain; charset=us-ascii
Looks like all I needed to do was restart Mozilla. I was doing a re-load
of the page and not exiting out and restarting Mozilla. 
Also, make sure that the plugin are in the Mozilla  plugins directory.
Here is my original question:
Is shockwave plug-in available for Solaris?
I'm using  Mozilla 1.7 on my Solaris machines.
I was able to download the Macromedia Flash Plugin from Macromedia's
site but I don't see a shockwave plugin on their link for Solaris.
http://www.macromedia.com/shockwave/download/alternates/
Anyone know where to get this?
Is there a better browser for Solaris  8 and 9 that has all the plugins 
available?
Thanks Much!
Dave Martini
LLNL
------------------------------
Message: 6
Date: Fri, 7 Oct 2005 15:12:00 -0700 (PDT)
From: Dave Martini 1 <martini@mrpeabody.llnl.gov>
Subject: Re: Is Shockwave Plugin available for Solaris???
To: sunmanagers@sunmanagers.org
Message-ID: <200510072212.j97MC0hB005361@mrpeabody.llnl.gov>
Content-Type: TEXT/plain; charset=us-ascii
Some more info on needing shockwave.
When I go to certain websites using Mozilla 1.7 on Solaris 9 I get this
error
"This Page contains information of a type
(application/x-shockwave-flash) that can only be viewed with the
appropriate plug-in".
After I installed the Flash plugin from Macromedia's website I don't get
the above error anymore but I don't see the graphics on the page either
which I suspect is due to not having the shockwave plugin?
Dave Martini
LLNL
> X-Original-To: sunmanagers@sunmanagers.org
> Delivered-To: sunmanagers@sunmanagers.org
> Date: Fri, 7 Oct 2005 15:01:30 -0700 (PDT)
> From: Dave Martini 1 <martini@mrpeabody.llnl.gov>
> To: sunmanagers@sunmanagers.org
> MIME-Version: 1.0
> Content-MD5: ZwgyrqG0kPKdJi+VHbAUrQ==
> Subject: Is Shockwave Plugin available for Solaris???
> X-BeenThere: sunmanagers@sunmanagers.org
> X-Mailman-Version: 2.1.5
> List-Id: The Sun Managers Mailing List <sunmanagers.sunmanagers.org>
> List-Unsubscribe: 
> <http://www.sunmanagers.org/mailman/listinfo/sunmanagers>,
<mailto:sunmanagers-request@sunmanagers.org?subject=unsubscribe>
> List-Archive: <http://sunportal.sunmanagers.org/pipermail/sunmanagers>
> List-Post: <mailto:sunmanagers@sunmanagers.org>
> List-Help: <mailto:sunmanagers-request@sunmanagers.org?subject=help>
> List-Subscribe: 
> <http://www.sunmanagers.org/mailman/listinfo/sunmanagers>,
<mailto:sunmanagers-request@sunmanagers.org?subject=subscribe>
> X-Scanned-By: MIMEDefang 2.39
> 
> Is shockwave plug-in available for Solaris?
> I'm using  Mozilla 1.7 on my Solaris machines.
> I was able to download the Macromedia Flash Plugin from Macromedia's 
> site but I don't see a shockwave plugin on their link for Solaris.
> 
> http://www.macromedia.com/shockwave/download/alternates/
> 
> Anyone know where to get this?
> Is there a better browser for Solaris  8 and 9 that has all the 
> plugins
> available?
> 
> Thanks Much!
> Dave Martini
> LLNL
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org 
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
------------------------------
Message: 7
Date: Mon, 10 Oct 2005 08:59:33 -0700 (PDT)
From: Shahul Hameed <vpshahu@yahoo.com>
Subject: rsync destination size never matches source
To: sunmanagers@sunmanagers.org
Message-ID: <20051010155933.43216.qmail@web31307.mail.mud.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
Hi,
 
I am using rsync to sync one filesystem between two systems. After sync,
the number files are same, but the total size of the file system
differes. It's not exactly matching with source file system. The command
I am using is,
 
rsync -avz -H --delete -e rsh --rsync-path=/opt/sfw/bin /develop
server10:/
 
It's copying everything, but the total filesystem size never matches,
any idea? has anyone faced the same problem?
 
TIA
Shahul
		
---------------------------------
 Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
------------------------------
Message: 8
Date: Fri, 07 Oct 2005 11:35:32 -0500
From: "Pepper Orlando" <woodenbicycle@hotmail.com>
Subject: Re: Securing Solaris 10
To: sunmanagers@sunmanagers.org
Cc: sam@unix.ms
Message-ID: <BAY108-F21DCAF52B6C69183E8EA1AC840@phx.gbl>
Content-Type: text/plain; format=flowed
This almost works for me! The script worked fine and then I re-enabled
the 
two entries for GUI. Now dtlogin comes up and I am able to log into 
JavaDesktop3, but I can no longer log into a CDE session because of a dt
message server error. It actually brings me in far enough to SEE the CDE
desktop but it gives me an error and once I click OK I am back at
dtlogin 
again.
To add to my original question, what do I need to re-enable to allow me
to 
at least log into CDE?
Thank you
>From: Sam Nelson <sam@unix.ms>
>To: Pepper Orlando <woodenbicycle@hotmail.com>
>Subject: Re: Securing Solaris 10
>Date: Fri, 07 Oct 2005 16:51:25 +0100
>
>
>Hi Pepper - I use this; caution! it shuts down everything but SSH.
>
>cheers
>
>Sam
>
>bung this in as /var/svc/profile/upgrade and reboot.
>
>#!/bin/sh
># Remove / disable all the crap that solaris 10 starts by default. # 
>This enables the box to reach the CIS Level-1 benchmark. #
># Either run this manually or rename to
># /var/svc/profile/upgrade and reboot the box.
>#
># Run with no modifications, this script will leave SSHD running only.
># Any questions see Sam N.
>#
>set -x
># Item 1.1, enable sshd :)
>svcadm enable svc:/network/ssh:default
># Item 1.2, rpcbind
>svcadm disable svc:/network/rpc/bind:default
># Item 1.3, secure RPC
>svcadm disable svc:/network/rpc/keyserv:default
># Item 1.4, NIS server
>svcadm disable svc:/network/nis/server:default
>svcadm disable svc:/network/nis/passwd:default
>svcadm disable svc:/network/nis/update:default
>svcadm disable svc:/network/nis/xfr:default
># Item 1.5, NIS client
>svcadm disable svc:/network/nis/client:default
># Item 1.6, NIS+
>svcadm disable svc:/network/rpc/nisplus:default
># Item 1.7, LDAP cache mgr
>svcadm disable svc:/network/ldap/client:default
># Item 1.8, Kerberos server
>svcadm disable svc:/network/security/kadmin:default
>svcadm disable svc:/network/security/krb5kdc:default
>svcadm disable svc:/network/security/krb5_prop:default
># Item 1.9, Kerberos client
>svcadm disable svc:/network/security/ktkt_warn:default
># Item 1.10, GSS
>svcadm disable svc:/network/rpc/gss:default
># Item 1.11, GUI
>mv /etc/rc2.d/S99dtlogin /etc/rc2.d/.NOS99dtlogin 2> /dev/null
>svcadm disable svc:/network/rpc-100083_1/rpc_tcp:default
># Item 1.12, Solaris Management Console
>mv /etc/rc2.d/S90wbem /etc/rc2.d/.NOS90wbem 2> /dev/null
>mv /etc/rc2.d/S90webconsole /etc/rc2.d/.NOS90webconsole 2> /dev/null
># Item 1.13, volume manager
>svcadm disable svc:/network/rpc/smserver:default
>mv /etc/rc3.d/S81volmgt /etc/rc3.d/.NOS81volmgt 2> /dev/null
># Item 1.14, SAMBA
>mv /etc/rc3.d/S90samba /etc/rc3.d/.NOS90samba 2> /dev/null
># Item 1.15, NFS server
>svcadm disable svc:/network/nfs/server:default
>svcadm disable svc:/network/nfs/cbd:default
>svcadm disable svc:/network/nfs/mapid:default
># Item 1.16, rquota
>svcadm disable svc:/network/nfs/rquota:default
># Item 1.17, NFS client
>svcadm disable svc:/network/nfs/client:default
># Both NFS servers and clients need these (see 2.16 and 2.18 above)
>svcadm disable svc:/network/nfs/status:default
>svcadm disable svc:/network/nfs/nlockmgr:default
># Item 1.18, auto mounter
>svcadm disable svc:/system/filesystem/autofs:default
># Item 1.19, telnet server
>svcadm disable svc:/network/telnet:default
># Item 1.20, FTP server
>svcadm disable svc:/network/ftp:default
># Item 1.21, rlogin/rsh servers
>svcadm disable svc:/network/login:rlogin
>svcadm disable svc:/network/shell:default
># Item 1.22, boot services
>svcadm disable svc:/network/rpc/bootparams:default
>svcadm disable svc:/network/rarp:default
># Item 1.23, DHCP server
>svcadm disable svc:/network/dhcp-server:default
># Item 1.24, DNS server
>svcadm disable svc:/network/dns/server:default
># Set up TFTP server entry if necessary
>if [ ! "`inetadm | grep tftp`" ]; then
>cd /var/svc/profile
>echo 'tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd /tftpboot' 
> >inetd-tftpd.tmp
>inetconv -n -i ./inetd-tftpd.tmp -o /var/svc/profile
>sed 's#tftp/udp6#tftp#' tftp-udp6.xml >tftp.xml
>svccfg import tftp.xml
>rm -f inetd-tftpd.tmp tftp-udp6.xml tftp.xml
>fi
># Item 1.25, TFTP server
>svcadm disable svc:/network/tftp:default
># Item 1.26, print servers
># Use -s for print/cleanup because it has already been started # before
>upgrade script is read svcadm disable -s 
>svc:/application/print/cleanup:default
>svcadm disable svc:/application/print/server:default
>svcadm disable svc:/application/print/rfc1179:default
># Item 1.27, Web servers
># Apache 2.x (the first line below) is preferred. If you would # rather
>run Apache 1.3.x, then disable the Apache 2.x service and # move the 
>/etc/rc3.d/S50apache script back into place. #
>svcadm disable svc:/network/http:apache2
>mv /etc/rc3.d/S50apache /etc/rc3.d/.NOS50apache 2> /dev/null
>mv /etc/rc2.d/S42ncakmod /etc/rc2.d/.NOS42ncakmod 2> /dev/null
>mv /etc/rc2.d/S94ncalogd /etc/rc2.d/.NOS94ncalogd 2> /dev/null
># Item 1.28, SNMP server (initsma is net-snmp)
>mv /etc/rc3.d/S82initsma /etc/rc3.d/.NOS82initsma 2> /dev/null
># Item 1.29, Solaris Volume Manager (software RAID) services
>svcadm disable svc:/system/metainit:default
>svcadm disable svc:/platform/sun4u/mpxio-upgrade:default
>svcadm disable svc:/system/mdmonitor:default
># Item 1.30, Solaris Volume Manager GUI services
>svcadm disable svc:/network/rpc/mdcomm:default
>svcadm disable svc:/network/rpc/meta:default
>svcadm disable svc:/network/rpc/metamed:default
>svcadm disable svc:/network/rpc/metamh:default
># Item 1.31, inetd
>if [ "`inetadm | grep '^enable'`" ]; then
>svcadm enable svc:/network/inetd:default
>else
>svcadm disable svc:/network/inetd:default
>fi
># Item 1.32, sendmail
>svcadm disable svc:/network/smtp:sendmail
># Item 1.33, all the other crap
>svcadm disable svc:/network/chargen:dgram
>svcadm disable svc:/network/chargen:stream
>svcadm disable svc:/network/daytime:dgram
>svcadm disable svc:/network/daytime:stream
>svcadm disable svc:/network/discard:dgram
>svcadm disable svc:/network/discard:stream
>svcadm disable svc:/network/echo:dgram
>svcadm disable svc:/network/echo:stream
>svcadm disable svc:/network/time:dgram
>svcadm disable svc:/network/time:stream
>svcadm disable svc:/network/rpc/rex:default
>svcadm disable svc:/network/rexec:default
>svcadm disable svc:/network/uucp:default
>svcadm disable svc:/network/comsat:default
>svcadm disable svc:/network/rpc/spray:default
>svcadm disable svc:/network/rpc/wall:default
>svcadm disable svc:/network/tname:default
>svcadm disable svc:/network/talk:default
>svcadm disable svc:/network/finger:default
>svcadm disable svc:/network/rpc/rstat:default
>svcadm disable svc:/network/rpc/rusers:default
>svcadm disable svc:/network/rpc/ocfserv:default
>svcadm disable svc:/network/login:eklogin
>svcadm disable svc:/network/login:klogin
>svcadm disable svc:/network/shell:kshell
># Use -s for system/power because it has already been started
># before upgrade script is read
>svcadm disable -s svc:/system/power:default
>svcadm disable svc:/network/slp:default
>svcadm disable svc:/application/management/webmin:default
>svcadm disable svc:/system/consadm:default
>svcadm disable svc:/application/gdm2-login:default
>svcadm disable svc:/application/print/ipp-listener:default
># Use -s for system/name-service-cache because it has already
># been started before upgrade script is read
>svcadm disable -s svc:/system/name-service-cache:default
>svcadm disable svc:/network/apocd/udp:default
>svcadm disable svc:/application/x11/xfs:default
>svcadm disable svc:/application/font/stfsloader:default
>svcadm disable svc:/network/rpc-100068_2-5/rpc_udp:default
>svcadm disable svc:/network/rpc-100235_1/rpc_ticotsord:default
># Item 1.33, move the remaining (legacy) rc2.d stuff
>mv /etc/rc2.d/S40llc2 /etc/rc2.d/.NOS40llc2 2> /dev/null
>mv /etc/rc2.d/S47pppd /etc/rc2.d/.NOS47pppd 2> /dev/null
>mv /etc/rc2.d/S70uucp /etc/rc2.d/.NOS70uucp 2> /dev/null
>mv /etc/rc2.d/S72autoinstall /etc/rc2.d/.NOS72autoinstall 2> /dev/null
>mv /etc/rc2.d/S73cachefs.daemon /etc/rc2.d/.NOS73cachefs.daemon 2> 
>/dev/null
>mv /etc/rc2.d/S89bdconfig /etc/rc2.d/.NOS89bdconfig 2> /dev/null
>mv /etc/rc2.d/S89PRESERVE /etc/rc2.d/.NOS89PRESERVE 2> /dev/null
>mv /etc/rc3.d/S16boot.server /etc/rc3.d/.NOS16boot.server 2> /dev/null
>mv /etc/rc3.d/S52imq /etc/rc3.d/.NOS52imq 2> /dev/null
>mv /etc/rc3.d/S84appserv /etc/rc3.d/.NOS84appserv 2> /dev/null
>mv /etc/rc3.d/S75seaport /etc/rc3.d/.NOS75seaport 2> /dev/null
>mv /etc/rc3.d/S76snmpdx /etc/rc3.d/.NOS76snmpdx 2> /dev/null
>mv /etc/rc3.d/S77dmi /etc/rc3.d/.NOS77dmi 2> /dev/null
>mv /etc/rc3.d/S80mipagent /etc/rc3.d/.NOS80mipagent 2> /dev/null
>
>
>
>Pepper Orlando wrote:
>>Is there a good guide for securing a default installation of Solaris 
>>10?
>>Ten minutes of Google did not come up with much. I am familar with 
>>securing Solaris 9 but 10 is new territory for me. I don't even fully 
>>understand the new SMF.
>>
>>A shame FixSolaris hasn't yet been updated for 10!
>>
>>_________________________________________________________________
>>On the road to retirement? Check out MSN Life Events for advice on how
>>to
>>get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>>_______________________________________________
>>sunmanagers mailing list
>>sunmanagers@sunmanagers.org
>>http://www.sunmanagers.org/mailman/listinfo/sunmanagers
>>
>>
>
>
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee. 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
------------------------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
End of sunmanagers Digest, Vol 31, Issue 10
*******************************************
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Dave Martini 1: "SUMMARY: How to set ascii mode in sftp"
• Previous message: Eswar Panchu: "Problem with cdrom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:32:37 EDT