From: Asiye Yiğit (Asiye.Yigit@gantek.com)
Date: Mon Oct 10 2005 - 14:45:31 EDT
H All,
When I start ora-rg resource group on the primary node, the log file
under
/var/opt/SUNWscar/oracle_server gives the following error and
So oracle server could not be started. Could you please help me!
Regards,
root@cluster1 # tail -f message_log.ora-server-res
Oct 07 17:32:34
SC[SUNWscor.oracle_server.stop]:ha-ora-rg:ora-server-res: Server
is not running. Calling shutdown abort to clear shared memory (if any)
SQL*Plus: Release 9.2.0.6.0 - Production on Fri Oct 7 17:32:34 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to an idle instance.
SQL> ORACLE instance shut down.
SQL> Disconnected
Oct 10 17:05:43
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Start
ing Oracle server.
SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:05:43 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to an idle instance.
SQL> ORA-00093: shared_pool_reserved_size must be between 5000 and
159383552
SQL> Disconnected
SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:05:44 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to an idle instance.
SQL> grant select on v_$sysstat to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available
SQL> grant select on v_$archive_dest to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available
SQL> Disconnected
Oct 10 17:05:44
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Could
not start server
Oct 10 17:05:44
SC[SUNWscor.oracle_server.stop]:ha-ora-rg:ora-server-res: Server
is not running. Calling shutdown abort to clear shared memory (if any)
SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:05:44 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to an idle instance.
SQL> ORACLE instance shut down.
SQL> Disconnected
Oct 10 17:06:05
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Start
ing Oracle server.
SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:06:05 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to an idle instance.
SQL> ORA-00093: shared_pool_reserved_size must be between 5000 and
159383552
SQL> Disconnected
SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:06:05 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to an idle instance.
SQL> grant select on v_$sysstat to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available
SQL> grant select on v_$archive_dest to sc_fm
*
ERROR at line 1:
ORA-01034: ORACLE not available
SQL> Disconnected
Oct 10 17:06:05
SC[SUNWscor.oracle_server.start]:ha-ora-rg:ora-server-res: Could
not start server
Oct 10 17:06:06
SC[SUNWscor.oracle_server.stop]:ha-ora-rg:ora-server-res: Server
is not running. Calling shutdown abort to clear shared memory (if any)
SQL*Plus: Release 9.2.0.6.0 - Production on Mon Oct 10 17:06:06 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to an idle instance.
SQL> ORACLE instance shut down.
SQL> Disconnected
-----Original Message-----
From: sunmanagers-bounces@sunmanagers.org
[mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of
sunmanagers-request@sunmanagers.org
Sent: Monday, October 10, 2005 7:12 PM
To: sunmanagers@sunmanagers.org
Subject: sunmanagers Digest, Vol 31, Issue 10
Send sunmanagers mailing list submissions to
sunmanagers@sunmanagers.org
To subscribe or unsubscribe via the World Wide Web, visit
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
or, via email, send a message with subject or body 'help' to
sunmanagers-request@sunmanagers.org
You can reach the person managing the list at
sunmanagers-owner@sunmanagers.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of sunmanagers digest..."
Today's Topics:
1. Upgrading SAMBA on solaris 2.6 (Josh)
2. SUMMARY: Activating HotSpare in A1000 with RaidManager (Tim Evans)
3. Non-interactive sftp (Steve Nelson)
4. SUMMARY: Is Shockwave Plugin available for Solaris???
(Dave Martini 1)
5. SUMMARY: Shockwave Plugin More Info (Dave Martini 1)
6. Re: Is Shockwave Plugin available for Solaris??? (Dave Martini 1)
7. rsync destination size never matches source (Shahul Hameed)
8. Re: Securing Solaris 10 (Pepper Orlando)
----------------------------------------------------------------------
Message: 1
Date: Mon, 10 Oct 2005 15:57:09 +0800
From: Josh <jsoni7@gmail.com>
Subject: Upgrading SAMBA on solaris 2.6
To: sunmanagers@sunmanagers.org
Message-ID:
<da3ba470510100057n36e16832offd3e3cdb6ffe171@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Hello Gurus,
Kindly guide me in upgradation of Samba from current version 2.2.x to
2.2.8a or 3.x. I have browsed thorugh the google and other search items
like sunsolve but was not able to find any help. Best Regards, Josh.
------------------------------
Message: 2
Date: Mon, 10 Oct 2005 10:01:51 -0400 (EDT)
From: Tim Evans <tkevans@tkevans.com>
Subject: SUMMARY: Activating HotSpare in A1000 with RaidManager
To: sunmanagers@sunmanagers.org
Message-ID: <200510101401.j9AE1pGu027302@osprey.tkevans.com>
Content-Type: TEXT/plain; charset=us-ascii
I wrote:
>I have an A1000 under control of RaidManager 6, set up for RAID 5, with
>12 disks on one LUN. Both one of the 11 data disks *and* the hotspare
>have failed.
>I replaced the hotspare with a new disk, thinking it would
>automagically become active and take over for the other failed disk.
>RaidManager showed the LUN being reconstructed after installing the new
>disk, but now shows the hotspare in "standby" status.
>
>LUN is still showing its status as "degraded," with 10 good disks and
>one failed one.
>
>How do I make the current hotspare take over? Just pull the bad one?
Thanks to:
Helmut Kreft <kreft@belwue.de>
JV <jv711@yahoo.com>
mike.salehi@kodak.com
Concensus was that I should have just replaced the failed disk with the
new one,
rather than replacing the (also-failed) hotspare.
I used RaidManager to delete the new hotspare, then moved the new disk
into the
failed data disk slot. The array attempted to rebuild the LUN, but
that, too,
failed. Troubleshooting in RaidManager indicated errors on one or more
other
disk, causing the failure to rebuild.
fscki-ng the filesystem turned up several dozen unreadable blocks, as
did
ufsdump-ing it.
Before I could troubleshoot any further, however, the entire LUN failed.
RM now
shows two failed disks (not counting the previously failed hotspare).
Attempting to fsck the filesystem came back with the superblock,
including
alternative locations, unreadable.
Looks like I'm s-o-l here. The boss is replacing the array with a new
Linux
server with RAID array.
-- Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court tkevans@tkevans.com | Owings Mills, MD 21117 http://www.tkevans.com/ | 443-394-3864 http://www.come-here.com/News/ | ------------------------------ Message: 3 Date: Mon, 10 Oct 2005 15:09:30 +0100 From: Steve Nelson <sanelson@gmail.com> Subject: Non-interactive sftp To: sunmanagers@sunmanagers.org Message-ID: <b6131fdc0510100709h7f360c46ud45085676c10a0d1@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Hello all, I'm trying to allow sftp between two hosts (one Sol 8 the other Sol 9) using key-based authentication so that some critical files can be transferred securely via cron. I don't want to allow the ftp user an interactive shell. I've set up key-based authentication, and verified this works with ssh/scp and an interactive shell. I then then set the ftp user's login shell to /bin/true. /bin/true is in /etc/shells, all directories in the /path/to/ftp/user are chmod'd a+x but when I try to sftp a test file, the client debug output says: couldn't canonicalise - permission denied - after accepting keys and calling the sftp subsystem; I get the same error even if I set a valid interactive shell for the user in question. What have I missed? S. Debug output: On the server: bash-2.03# /usr/local/sbin/sshd -D -d debug1: sshd version OpenSSH_3.7.1p2 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. Then on the client: $ sftp -v -b sftp_batch tester@n1405b.bananna.co. uk.dock:/local/home/ftp/tester/in Connecting to n1405b.bananna.co.uk.dock... OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6m 17 Mar 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: /etc/ssh/ssh_config line 21: Deprecated option "RhostsAuthentication" debug1: Connecting to n1405b.bananna.co.uk.dock [10.192.20.6] port 22. debug1: Connection established. debug1: identity file /local/home/nelsost1/.ssh/identity type -1 debug1: identity file /local/home/nelsost1/.ssh/id_rsa type -1 debug1: identity file /local/home/nelsost1/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'n1405b.bananna.co.uk.dock' is known and matches the RSA host key. debug1: Found key in /local/home/nelsost1/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /local/home/nelsost1/.ssh/identity debug1: Trying private key: /local/home/nelsost1/.ssh/id_rsa debug1: Offering public key: /local/home/nelsost1/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending subsystem: sftp Couldn't canonicalise: Permission denied Need cwd debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 0 The server shows: debug1: Server will not fork when running in debugging mode. Connection from 10.108.24.109 port 35229 debug1: Client protocol version 2.0; client software version OpenSSH_3.7.1p2 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2 debug1: permanently_set_uid: 200/200 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user tester service ssh-connection method none debug1: attempt 0 failures 0 debug1: userauth_banner: sent Failed none for tester from 10.108.24.109 port 35229 ssh2 Failed none for tester from 10.108.24.109 port 35229 ssh2 debug1: userauth-request for user tester service ssh-connection method publickey debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 65539/1 (e=0/1) debug1: trying public key file /local/home/ftp/tester/.ssh/authorized_keys debug1: matching key found: file /local/home/ftp/tester/.ssh/authorized_keys, line 2 Found matching DSA key: 6e:d4:75:d8:b1:94:32:ba:63:ee:52:f0:bc:f7:56:fe debug1: restore_uid: 0/1 Postponed publickey for tester from 10.108.24.109 port 35229 ssh2 debug1: userauth-request for user tester service ssh-connection method publickey debug1: attempt 2 failures 1 debug1: temporarily_use_uid: 65539/1 (e=0/1) debug1: trying public key file /local/home/ftp/tester/.ssh/authorized_keys debug1: matching key found: file /local/home/ftp/tester/.ssh/authorized_keys, line 2 Found matching DSA key: 6e:d4:75:d8:b1:94:32:ba:63:ee:52:f0:bc:f7:56:fe debug1: restore_uid: 0/1 debug1: ssh_dss_verify: signature correct ------------------------------ Message: 4 Date: Mon, 10 Oct 2005 08:49:48 -0700 (PDT) From: Dave Martini 1 <martini@mrpeabody.llnl.gov> Subject: SUMMARY: Is Shockwave Plugin available for Solaris??? To: sunmanagers@sunmanagers.org Message-ID: <200510101549.j9AFnmhB010896@mrpeabody.llnl.gov> Content-Type: TEXT/plain; charset=us-ascii Looks like all I needed to do was restart Mozilla. I was doing a re-load of the page and not exiting out and restarting Mozilla. Also, make sure that the plugin are in the Mozilla plugins directory. Here is my original question: Is shockwave plug-in available for Solaris? I'm using Mozilla 1.7 on my Solaris machines. I was able to download the Macromedia Flash Plugin from Macromedia's site but I don't see a shockwave plugin on their link for Solaris. http://www.macromedia.com/shockwave/download/alternates/ Anyone know where to get this? Is there a better browser for Solaris 8 and 9 that has all the plugins available? Thanks Much! Dave Martini LLNL ------------------------------ Message: 5 Date: Mon, 10 Oct 2005 08:54:59 -0700 (PDT) From: Dave Martini 1 <martini@mrpeabody.llnl.gov> Subject: SUMMARY: Shockwave Plugin More Info To: sunmanagers@sunmanagers.org Message-ID: <200510101555.j9AFsxhB010907@mrpeabody.llnl.gov> Content-Type: TEXT/plain; charset=us-ascii Looks like all I needed to do was restart Mozilla. I was doing a re-load of the page and not exiting out and restarting Mozilla. Also, make sure that the plugin are in the Mozilla plugins directory. Here is my original question: Is shockwave plug-in available for Solaris? I'm using Mozilla 1.7 on my Solaris machines. I was able to download the Macromedia Flash Plugin from Macromedia's site but I don't see a shockwave plugin on their link for Solaris. http://www.macromedia.com/shockwave/download/alternates/ Anyone know where to get this? Is there a better browser for Solaris 8 and 9 that has all the plugins available? Thanks Much! Dave Martini LLNL ------------------------------ Message: 6 Date: Fri, 7 Oct 2005 15:12:00 -0700 (PDT) From: Dave Martini 1 <martini@mrpeabody.llnl.gov> Subject: Re: Is Shockwave Plugin available for Solaris??? To: sunmanagers@sunmanagers.org Message-ID: <200510072212.j97MC0hB005361@mrpeabody.llnl.gov> Content-Type: TEXT/plain; charset=us-ascii Some more info on needing shockwave. When I go to certain websites using Mozilla 1.7 on Solaris 9 I get this error "This Page contains information of a type (application/x-shockwave-flash) that can only be viewed with the appropriate plug-in". After I installed the Flash plugin from Macromedia's website I don't get the above error anymore but I don't see the graphics on the page either which I suspect is due to not having the shockwave plugin? Dave Martini LLNL > X-Original-To: sunmanagers@sunmanagers.org > Delivered-To: sunmanagers@sunmanagers.org > Date: Fri, 7 Oct 2005 15:01:30 -0700 (PDT) > From: Dave Martini 1 <martini@mrpeabody.llnl.gov> > To: sunmanagers@sunmanagers.org > MIME-Version: 1.0 > Content-MD5: ZwgyrqG0kPKdJi+VHbAUrQ== > Subject: Is Shockwave Plugin available for Solaris??? > X-BeenThere: sunmanagers@sunmanagers.org > X-Mailman-Version: 2.1.5 > List-Id: The Sun Managers Mailing List <sunmanagers.sunmanagers.org> > List-Unsubscribe: > <http://www.sunmanagers.org/mailman/listinfo/sunmanagers>, <mailto:sunmanagers-request@sunmanagers.org?subject=unsubscribe> > List-Archive: <http://sunportal.sunmanagers.org/pipermail/sunmanagers> > List-Post: <mailto:sunmanagers@sunmanagers.org> > List-Help: <mailto:sunmanagers-request@sunmanagers.org?subject=help> > List-Subscribe: > <http://www.sunmanagers.org/mailman/listinfo/sunmanagers>, <mailto:sunmanagers-request@sunmanagers.org?subject=subscribe> > X-Scanned-By: MIMEDefang 2.39 > > Is shockwave plug-in available for Solaris? > I'm using Mozilla 1.7 on my Solaris machines. > I was able to download the Macromedia Flash Plugin from Macromedia's > site but I don't see a shockwave plugin on their link for Solaris. > > http://www.macromedia.com/shockwave/download/alternates/ > > Anyone know where to get this? > Is there a better browser for Solaris 8 and 9 that has all the > plugins > available? > > Thanks Much! > Dave Martini > LLNL > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers ------------------------------ Message: 7 Date: Mon, 10 Oct 2005 08:59:33 -0700 (PDT) From: Shahul Hameed <vpshahu@yahoo.com> Subject: rsync destination size never matches source To: sunmanagers@sunmanagers.org Message-ID: <20051010155933.43216.qmail@web31307.mail.mud.yahoo.com> Content-Type: text/plain; charset="us-ascii" Hi, I am using rsync to sync one filesystem between two systems. After sync, the number files are same, but the total size of the file system differes. It's not exactly matching with source file system. The command I am using is, rsync -avz -H --delete -e rsh --rsync-path=/opt/sfw/bin /develop server10:/ It's copying everything, but the total filesystem size never matches, any idea? has anyone faced the same problem? TIA Shahul --------------------------------- Yahoo! Music Unlimited - Access over 1 million songs. Try it free. ------------------------------ Message: 8 Date: Fri, 07 Oct 2005 11:35:32 -0500 From: "Pepper Orlando" <woodenbicycle@hotmail.com> Subject: Re: Securing Solaris 10 To: sunmanagers@sunmanagers.org Cc: sam@unix.ms Message-ID: <BAY108-F21DCAF52B6C69183E8EA1AC840@phx.gbl> Content-Type: text/plain; format=flowed This almost works for me! The script worked fine and then I re-enabled the two entries for GUI. Now dtlogin comes up and I am able to log into JavaDesktop3, but I can no longer log into a CDE session because of a dt message server error. It actually brings me in far enough to SEE the CDE desktop but it gives me an error and once I click OK I am back at dtlogin again. To add to my original question, what do I need to re-enable to allow me to at least log into CDE? Thank you >From: Sam Nelson <sam@unix.ms> >To: Pepper Orlando <woodenbicycle@hotmail.com> >Subject: Re: Securing Solaris 10 >Date: Fri, 07 Oct 2005 16:51:25 +0100 > > >Hi Pepper - I use this; caution! it shuts down everything but SSH. > >cheers > >Sam > >bung this in as /var/svc/profile/upgrade and reboot. > >#!/bin/sh ># Remove / disable all the crap that solaris 10 starts by default. # >This enables the box to reach the CIS Level-1 benchmark. # ># Either run this manually or rename to ># /var/svc/profile/upgrade and reboot the box. ># ># Run with no modifications, this script will leave SSHD running only. ># Any questions see Sam N. ># >set -x ># Item 1.1, enable sshd :) >svcadm enable svc:/network/ssh:default ># Item 1.2, rpcbind >svcadm disable svc:/network/rpc/bind:default ># Item 1.3, secure RPC >svcadm disable svc:/network/rpc/keyserv:default ># Item 1.4, NIS server >svcadm disable svc:/network/nis/server:default >svcadm disable svc:/network/nis/passwd:default >svcadm disable svc:/network/nis/update:default >svcadm disable svc:/network/nis/xfr:default ># Item 1.5, NIS client >svcadm disable svc:/network/nis/client:default ># Item 1.6, NIS+ >svcadm disable svc:/network/rpc/nisplus:default ># Item 1.7, LDAP cache mgr >svcadm disable svc:/network/ldap/client:default ># Item 1.8, Kerberos server >svcadm disable svc:/network/security/kadmin:default >svcadm disable svc:/network/security/krb5kdc:default >svcadm disable svc:/network/security/krb5_prop:default ># Item 1.9, Kerberos client >svcadm disable svc:/network/security/ktkt_warn:default ># Item 1.10, GSS >svcadm disable svc:/network/rpc/gss:default ># Item 1.11, GUI >mv /etc/rc2.d/S99dtlogin /etc/rc2.d/.NOS99dtlogin 2> /dev/null >svcadm disable svc:/network/rpc-100083_1/rpc_tcp:default ># Item 1.12, Solaris Management Console >mv /etc/rc2.d/S90wbem /etc/rc2.d/.NOS90wbem 2> /dev/null >mv /etc/rc2.d/S90webconsole /etc/rc2.d/.NOS90webconsole 2> /dev/null ># Item 1.13, volume manager >svcadm disable svc:/network/rpc/smserver:default >mv /etc/rc3.d/S81volmgt /etc/rc3.d/.NOS81volmgt 2> /dev/null ># Item 1.14, SAMBA >mv /etc/rc3.d/S90samba /etc/rc3.d/.NOS90samba 2> /dev/null ># Item 1.15, NFS server >svcadm disable svc:/network/nfs/server:default >svcadm disable svc:/network/nfs/cbd:default >svcadm disable svc:/network/nfs/mapid:default ># Item 1.16, rquota >svcadm disable svc:/network/nfs/rquota:default ># Item 1.17, NFS client >svcadm disable svc:/network/nfs/client:default ># Both NFS servers and clients need these (see 2.16 and 2.18 above) >svcadm disable svc:/network/nfs/status:default >svcadm disable svc:/network/nfs/nlockmgr:default ># Item 1.18, auto mounter >svcadm disable svc:/system/filesystem/autofs:default ># Item 1.19, telnet server >svcadm disable svc:/network/telnet:default ># Item 1.20, FTP server >svcadm disable svc:/network/ftp:default ># Item 1.21, rlogin/rsh servers >svcadm disable svc:/network/login:rlogin >svcadm disable svc:/network/shell:default ># Item 1.22, boot services >svcadm disable svc:/network/rpc/bootparams:default >svcadm disable svc:/network/rarp:default ># Item 1.23, DHCP server >svcadm disable svc:/network/dhcp-server:default ># Item 1.24, DNS server >svcadm disable svc:/network/dns/server:default ># Set up TFTP server entry if necessary >if [ ! "`inetadm | grep tftp`" ]; then >cd /var/svc/profile >echo 'tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd /tftpboot' > >inetd-tftpd.tmp >inetconv -n -i ./inetd-tftpd.tmp -o /var/svc/profile >sed 's#tftp/udp6#tftp#' tftp-udp6.xml >tftp.xml >svccfg import tftp.xml >rm -f inetd-tftpd.tmp tftp-udp6.xml tftp.xml >fi ># Item 1.25, TFTP server >svcadm disable svc:/network/tftp:default ># Item 1.26, print servers ># Use -s for print/cleanup because it has already been started # before >upgrade script is read svcadm disable -s >svc:/application/print/cleanup:default >svcadm disable svc:/application/print/server:default >svcadm disable svc:/application/print/rfc1179:default ># Item 1.27, Web servers ># Apache 2.x (the first line below) is preferred. If you would # rather >run Apache 1.3.x, then disable the Apache 2.x service and # move the >/etc/rc3.d/S50apache script back into place. # >svcadm disable svc:/network/http:apache2 >mv /etc/rc3.d/S50apache /etc/rc3.d/.NOS50apache 2> /dev/null >mv /etc/rc2.d/S42ncakmod /etc/rc2.d/.NOS42ncakmod 2> /dev/null >mv /etc/rc2.d/S94ncalogd /etc/rc2.d/.NOS94ncalogd 2> /dev/null ># Item 1.28, SNMP server (initsma is net-snmp) >mv /etc/rc3.d/S82initsma /etc/rc3.d/.NOS82initsma 2> /dev/null ># Item 1.29, Solaris Volume Manager (software RAID) services >svcadm disable svc:/system/metainit:default >svcadm disable svc:/platform/sun4u/mpxio-upgrade:default >svcadm disable svc:/system/mdmonitor:default ># Item 1.30, Solaris Volume Manager GUI services >svcadm disable svc:/network/rpc/mdcomm:default >svcadm disable svc:/network/rpc/meta:default >svcadm disable svc:/network/rpc/metamed:default >svcadm disable svc:/network/rpc/metamh:default ># Item 1.31, inetd >if [ "`inetadm | grep '^enable'`" ]; then >svcadm enable svc:/network/inetd:default >else >svcadm disable svc:/network/inetd:default >fi ># Item 1.32, sendmail >svcadm disable svc:/network/smtp:sendmail ># Item 1.33, all the other crap >svcadm disable svc:/network/chargen:dgram >svcadm disable svc:/network/chargen:stream >svcadm disable svc:/network/daytime:dgram >svcadm disable svc:/network/daytime:stream >svcadm disable svc:/network/discard:dgram >svcadm disable svc:/network/discard:stream >svcadm disable svc:/network/echo:dgram >svcadm disable svc:/network/echo:stream >svcadm disable svc:/network/time:dgram >svcadm disable svc:/network/time:stream >svcadm disable svc:/network/rpc/rex:default >svcadm disable svc:/network/rexec:default >svcadm disable svc:/network/uucp:default >svcadm disable svc:/network/comsat:default >svcadm disable svc:/network/rpc/spray:default >svcadm disable svc:/network/rpc/wall:default >svcadm disable svc:/network/tname:default >svcadm disable svc:/network/talk:default >svcadm disable svc:/network/finger:default >svcadm disable svc:/network/rpc/rstat:default >svcadm disable svc:/network/rpc/rusers:default >svcadm disable svc:/network/rpc/ocfserv:default >svcadm disable svc:/network/login:eklogin >svcadm disable svc:/network/login:klogin >svcadm disable svc:/network/shell:kshell ># Use -s for system/power because it has already been started ># before upgrade script is read >svcadm disable -s svc:/system/power:default >svcadm disable svc:/network/slp:default >svcadm disable svc:/application/management/webmin:default >svcadm disable svc:/system/consadm:default >svcadm disable svc:/application/gdm2-login:default >svcadm disable svc:/application/print/ipp-listener:default ># Use -s for system/name-service-cache because it has already ># been started before upgrade script is read >svcadm disable -s svc:/system/name-service-cache:default >svcadm disable svc:/network/apocd/udp:default >svcadm disable svc:/application/x11/xfs:default >svcadm disable svc:/application/font/stfsloader:default >svcadm disable svc:/network/rpc-100068_2-5/rpc_udp:default >svcadm disable svc:/network/rpc-100235_1/rpc_ticotsord:default ># Item 1.33, move the remaining (legacy) rc2.d stuff >mv /etc/rc2.d/S40llc2 /etc/rc2.d/.NOS40llc2 2> /dev/null >mv /etc/rc2.d/S47pppd /etc/rc2.d/.NOS47pppd 2> /dev/null >mv /etc/rc2.d/S70uucp /etc/rc2.d/.NOS70uucp 2> /dev/null >mv /etc/rc2.d/S72autoinstall /etc/rc2.d/.NOS72autoinstall 2> /dev/null >mv /etc/rc2.d/S73cachefs.daemon /etc/rc2.d/.NOS73cachefs.daemon 2> >/dev/null >mv /etc/rc2.d/S89bdconfig /etc/rc2.d/.NOS89bdconfig 2> /dev/null >mv /etc/rc2.d/S89PRESERVE /etc/rc2.d/.NOS89PRESERVE 2> /dev/null >mv /etc/rc3.d/S16boot.server /etc/rc3.d/.NOS16boot.server 2> /dev/null >mv /etc/rc3.d/S52imq /etc/rc3.d/.NOS52imq 2> /dev/null >mv /etc/rc3.d/S84appserv /etc/rc3.d/.NOS84appserv 2> /dev/null >mv /etc/rc3.d/S75seaport /etc/rc3.d/.NOS75seaport 2> /dev/null >mv /etc/rc3.d/S76snmpdx /etc/rc3.d/.NOS76snmpdx 2> /dev/null >mv /etc/rc3.d/S77dmi /etc/rc3.d/.NOS77dmi 2> /dev/null >mv /etc/rc3.d/S80mipagent /etc/rc3.d/.NOS80mipagent 2> /dev/null > > > >Pepper Orlando wrote: >>Is there a good guide for securing a default installation of Solaris >>10? >>Ten minutes of Google did not come up with much. I am familar with >>securing Solaris 9 but 10 is new territory for me. I don't even fully >>understand the new SMF. >> >>A shame FixSolaris hasn't yet been updated for 10! >> >>_________________________________________________________________ >>On the road to retirement? Check out MSN Life Events for advice on how >>to >>get there! http://lifeevents.msn.com/category.aspx?cid=Retirement >>_______________________________________________ >>sunmanagers mailing list >>sunmanagers@sunmanagers.org >>http://www.sunmanagers.org/mailman/listinfo/sunmanagers >> >> > > _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ------------------------------ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers End of sunmanagers Digest, Vol 31, Issue 10 ******************************************* _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:32:37 EDT