WWW.NOGNOG.COM

Last modified: Sat, 26 Jul 2008 00:43:32 +0900

Home　　うにっくすさんの覚え書き　　プリングルズ　　 MIDI　　ユーザー車検　　「小沢昭一の小沢昭一的こころ」のススメ　　 Blog　　

Solaris 9 - インストール直後の私的設定手順

Solaris 9 のインストール直後に、まず実施する初期設定の作業手順をまとめました。

PatchPro インストール

SunのWebサイトから PatchPro 2.2をダウンロードしてインストールする。

パッチ適用

tcsh環境設定

set path = (/usr/local/bin /usr/local/sbin /usr/sfw/bin /usr/sfw/sbin /opt/sfw/bin /opt/sfw/sbin /usr/xpg6/bin /usr/xpg4/bin /usr/ccs/bin /usr/bin /usr/sbin /usr/sadm/admin/bin /usr/sadm/bin /bin /sbin /usr/openwin/bin /usr/dt/bin /usr/ucb)
set prompt="[%W/%D %P `whoami`@%m]# "
setenv LANG C
setenv TERM xterm
setenv EDITOR vi
setenv MANPATH /usr/local/man:/usr/local/share/man:/usr/sfw/man:/opt/sfw/man:/usr/share/man:/usr/openwin/man:/usr/dt/man
setenv PKG_CONFIG_PATH /usr/local/lib/pkgconfig:/usr/sfw/lib/pkgconfig:/usr/lib/pkgconfig
setenv GZIP "-9"
alias ls "/usr/bin/ls -F"
alias la "ls -al"
alias h "history 100"
alias ping6 ping -A inet6
unset autologout

bash環境設定

. /.bashrc

export PS1="[`date '+%m/%d %H:%M:%S'` \u@`hostname`]# "
export PATH=/usr/local/bin:/usr/local/sbin:/usr/sfw/bin:/usr/sfw/sbin:/opt/sfw/bin:/opt/sfw/sbin:/usr/xpg6/bin:/usr/xpg4/bin:/usr/ccs/bin:/usr/bin:/usr/sbin:/usr/sadm/admin/bin:/usr/sadm/bin:/bin:/sbin:/usr/openwin/bin:/usr/dt/bin:/usr/ucb
export LANG=C
export TERM=xterm
export EDITOR=vi
export MANPATH=/usr/local/man:/usr/local/share/man:/usr/sfw/man:/opt/sfw/man:/usr/share/man:/usr/openwin/man:/usr/dt/man
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/sfw/lib/pkgconfig:/usr/lib/pkgconfig
export GZIP="-9"
alias ls="ls -F"
alias la="ls -al"
alias h="history 100"
alias ping6="ping -A inet6"
unset autologout

login構成ファイル編集

--- /etc/default/login.orig     2005-08-15 21:12:55.086096000 +0900
+++ /etc/default/login  2006-11-26 11:25:32.683194000 +0900
@@ -27,11 +27,11 @@
 
 # PATH sets the initial shell PATH variable
 #
-#PATH=/usr/bin:
+PATH=/usr/local/bin:/usr/local/sbin:/usr/sfw/bin:/usr/sfw/sbin:/opt/sfw/bin:/opt/sfw/sbin:/usr/xgp6/bin:/usr/xpg4/bin:/usr/ccs/bin:/usr/sadm/bin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/openwin/bin:/usr/dt/bin:/usr/ucb
 
 # SUPATH sets the initial shell PATH variable for root
 #
-#SUPATH=/usr/sbin:/usr/bin
+SUPATH=/usr/local/bin:/usr/local/sbin:/usr/sfw/bin:/usr/sfw/sbin:/opt/sfw/bin:/opt/sfw/sbin:/usr/xgp6/bin:/usr/xpg4/bin:/usr/ccs/bin:/usr/sadm/bin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/openwin/bin:/usr/dt/bin:/usr/ucb
 
 # TIMEOUT sets the number of seconds (between 0 and 900) to wait before
 # abandoning a login session.
@@ -53,7 +53,7 @@
 # bad password is provided.  The range is limited from
 # 0 to 5 seconds.
 #
-#SLEEPTIME=4
+SLEEPTIME=0
 
 # DISABLETIME  If present, and greater than zero, the number of seconds
 # login will wait after RETRIES failed attempts or the PAM framework returns 
@@ -71,4 +71,4 @@
 # message is logged, using the syslog(3) LOG_NOTICE facility.  For example,
 # if the variable is set to 0, login will log -all- failed login attempts.
 #
-#SYSLOG_FAILED_LOGINS=5
+SYSLOG_FAILED_LOGINS=0

suパラメータ編集

--- /etc/default/su.orig        2005-08-15 21:13:01.796004000 +0900
+++ /etc/default/su     2006-11-26 11:25:40.855667000 +0900
@@ -7,15 +7,15 @@
 # CONSOLE determines whether attempts to su to root should be logged
 # to the named device
 #
-#CONSOLE=/dev/console
+CONSOLE=/dev/console
 
 # PATH sets the initial shell PATH variable
 #
-#PATH=/usr/bin:
+PATH=/usr/local/bin:/usr/local/sbin:/usr/sfw/bin:/usr/sfw/sbin:/opt/sfw/bin:/opt/sfw/sbin:/usr/xgp6/bin:/usr/xpg4/bin:/usr/ccs/bin:/usr/sadm/bin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/openwin/bin:/usr/dt/bin:/usr/ucb
 
 # SUPATH sets the initial shell PATH variable for root
 #
-#SUPATH=/usr/sbin:/usr/bin
+SUPATH=/usr/local/bin:/usr/local/sbin:/usr/sfw/bin:/usr/sfw/sbin:/opt/sfw/bin:/opt/sfw/sbin:/usr/xgp6/bin:/usr/xpg4/bin:/usr/ccs/bin:/usr/sadm/bin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/openwin/bin:/usr/dt/bin:/usr/ucb
 
 # SYSLOG determines whether the syslog(3) LOG_AUTH facility should be used
 # to log all su attempts.  LOG_NOTICE messages are generated for su's to

passwd構成ファイル編集

--- /etc/default/passwd.orig    2005-08-14 19:28:33.660632000 +0900
+++ /etc/default/passwd 2006-12-15 22:46:11.745845000 +0900
@@ -1,4 +1,4 @@
 #ident "@(#)passwd.dfl 1.3     92/07/14 SMI"
 MAXWEEKS=
 MINWEEKS=
-PASSLENGTH=6
+PASSLENGTH=8

ライブラリ検索パス設定

coreダンプ設定

システム動作の監視 (sar)

--- /var/spool/cron/crontabs/sys.orig   2007-06-11 18:18:44.324510000 +0900
+++ /var/spool/cron/crontabs/sys        2007-06-11 18:18:54.264413000 +0900
@@ -3,6 +3,6 @@
 # The sys crontab should be used to do performance collection. See cron
 # and performance manual pages for details on startup.
 #
-# 0 * * * 0-6 /usr/lib/sa/sa1
-# 20,40 8-17 * * 1-5 /usr/lib/sa/sa1
-# 5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A
+0 * * * 0-6 /usr/lib/sa/sa1
+20,40 8-17 * * 1-5 /usr/lib/sa/sa1
+5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A

--- /etc/init.d/perf.orig       2002-04-07 08:04:04.000000000 +0900
+++ /etc/init.d/perf    2007-06-11 18:16:59.165388000 +0900
@@ -17,16 +17,16 @@
 # /var/spool/cron/crontabs/sys.  Refer to the sar(1) and sadc(1m) man pages
 # for more information.

-# if [ -z "$_INIT_RUN_LEVEL" ]; then
-#      set -- `/usr/bin/who -r`
-#      _INIT_RUN_LEVEL="$7"
-#      _INIT_RUN_NPREV="$8"
-#      _INIT_PREV_LEVEL="$9"
-# fi
-#
-# if [ $_INIT_RUN_LEVEL -ge 2 -a $_INIT_RUN_LEVEL -le 4 -a \
-#     $_INIT_RUN_NPREV -eq 0 -a \( $_INIT_PREV_LEVEL = 1 -o \
-#     $_INIT_PREV_LEVEL = S \) ]; then
-#
-#      /usr/bin/su sys -c "/usr/lib/sa/sadc /var/adm/sa/sa`date +%d`"
-# fi
+if [ -z "$_INIT_RUN_LEVEL" ]; then
+       set -- `/usr/bin/who -r`
+       _INIT_RUN_LEVEL="$7"
+       _INIT_RUN_NPREV="$8"
+       _INIT_PREV_LEVEL="$9"
+fi
+
+if [ $_INIT_RUN_LEVEL -ge 2 -a $_INIT_RUN_LEVEL -le 4 -a \
+    $_INIT_RUN_NPREV -eq 0 -a \( $_INIT_PREV_LEVEL = 1 -o \
+    $_INIT_PREV_LEVEL = S \) ]; then
+
+       /usr/bin/su sys -c "/usr/lib/sa/sadc /var/adm/sa/sa`date +%d`"
+fi

キーボード制御

--- kbd.orig    2003-11-23 22:46:18.024174000 +0900
+++ kbd 2003-11-23 22:45:47.559910500 +0900
@@ -21,7 +21,7 @@
 #
 # Uncomment the following line to disable keyboard or serial device
 # abort sequences:
-#KEYBOARD_ABORT=disable
+KEYBOARD_ABORT=disable
 
 # Uncomment the following line to enable a non-BREAK alternate
 # serial input device abort sequence:

シングルユーザモード設定（シングルユーザモード時にパスワード入力を求めなくする）

SunFreeWareパッケージ追加

sunsiteからgcc, libiconvパッケージをダウンロードして適用

コンパイル環境修正

--- /usr/sfw/lib/tclConfig.sh.orig      2006-01-04 22:11:30.052166000 +0900
+++ /usr/sfw/lib/tclConfig.sh   2006-01-04 22:12:08.630658000 +0900
@@ -18,7 +18,7 @@
 TCL_PATCH_LEVEL='.3'
 
 # C compiler to use for compilation.
-TCL_CC='/opt/SUNWspro/bin/cc'
+TCL_CC='/usr/local/bin/gcc'
 
 # -D flags for use with the C compiler.

--- /usr/openwin/lib/config/site.def.orig       Sun Sep 21 21:38:15 2003
+++ /usr/openwin/lib/config/site.def    Sun Sep 21 21:40:11 2003
@@ -33,17 +33,13 @@
 
 #ifdef BeforeVendorCF
 
-/*
 #ifndef HasGcc2
 #define HasGcc2 YES
 #endif
-*/
 
-/*
 #ifndef HasCplusplus
 #define HasCplusplus YES
 #endif 
-*/
  
 #endif /* BeforeVendorCF */

--- /usr/openwin/lib/config/sun.cf.orig Sun Sep 21 21:44:17 2003
+++ /usr/openwin/lib/config/sun.cf      Sun Sep 21 21:44:43 2003
@@ -197,7 +197,7 @@
  * if the compiler in use doesn't use standard SVR4 flags
  */
 #if HasSunC || HasCenterLineC
-#define PositionIndependentCFlags -Kpic
+#define PositionIndependentCFlags -fPIC
 #endif
 #if HasSunCplusplus || HasCenterLineCplusplus
 #define PositionIndependentCplusplusFlags -pic

NTP設定

--- /etc/inet/ntp.server        Sun Apr  7 08:15:27 2002
+++ /etc/inet/ntp.conf  Mon Aug 15 21:05:40 2005
@@ -47,12 +47,13 @@
 
 # Either a peer or server.  Replace "XType" with a value from the
 # table above.
-server 127.127.XType.0 prefer
-fudge 127.127.XType.0 stratum 0
+#server 127.127.XType.0 prefer
+#fudge 127.127.XType.0 stratum 0
+server 130.69.251.23
 
-broadcast 224.0.1.1 ttl 4
+#broadcast 224.0.1.1 ttl 4
 
-enable auth monitor
+#enable auth monitor
 driftfile /var/ntp/ntp.drift
 statsdir /var/ntp/ntpstats/
 filegen peerstats file peerstats type day enable
@@ -59,7 +60,7 @@
 filegen loopstats file loopstats type day enable
 filegen clockstats file clockstats type day enable
 
-keys /etc/inet/ntp.keys
-trustedkey 0
-requestkey 0
-controlkey 0
+#keys /etc/inet/ntp.keys
+#trustedkey 0
+#requestkey 0
+#controlkey 0

SSH設定

--- /etc/ssh/sshd_config.orig   Mon Aug 15 21:07:59 2005
+++ /etc/ssh/sshd_config        Mon Aug 15 21:09:32 2005
@@ -20,10 +20,10 @@
 # Uncomment ONLY ONE of the following Protocol statements.
 
 # Only v2 (recommended)
-Protocol 2
+#Protocol 2
 
 # Both v1 and v2 (not recommended)
-#Protocol 2,1
+Protocol 2,1
 
 # Only v1 (not recommended)
 #Protocol 1
@@ -41,15 +41,15 @@
 ListenAddress ::
 
 # Port forwarding
-AllowTcpForwarding no
+AllowTcpForwarding yes
 
 # If port forwarding is enabled, specify if the server can bind to INADDR_ANY. 
 # This allows the local port forwarding to work when connections are received
 # from any remote host.
-GatewayPorts no
+GatewayPorts yes
 
 # X11 tunneling options
-X11Forwarding no
+X11Forwarding yes
 X11DisplayOffset 10
 
 # The maximum number of concurrent unauthenticated connections to sshd.
@@ -80,6 +80,7 @@
 
 # Host private key files
 # Must be on a local disk and readable only by the root user (root:sys 600).
+HostKey /etc/ssh/ssh_host_key
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key

--- sshd.orig   2003-11-23 22:25:06.931322500 +0900
+++ sshd        2003-11-23 22:24:57.951676500 +0900
@@ -16,6 +16,10 @@
 
 case $1 in 
 'start')
+       if [ ! -f "$KEYDIR/ssh_host_key" ]; then
+               echo "Creating new RSA1 public/private host key pair"
+               $KEYGEN -f $KEYDIR/ssh_host_key -t rsa1 -N ''
+       fi
        if [ -x /usr/bin/ssh-keygen ]; then
                if [ ! -f "$KEYDIR/ssh_host_rsa_key" ]; then
                        echo "Creating new RSA public/private host key pair"

不正ログイン記録設定（telnetやftpでログインに失敗すると記録）

FTP,TELNETバナー表示隠匿設定

ブロードキャストレスポンス、ソースルーティングの無効化、ほか

最下部に追加

/usr/sbin/ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
/usr/sbin/ndd -set /dev/ip ip6_respond_to_echo_multicast 0
/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0
/usr/sbin/ndd -set /dev/ip ip6_forward_src_routed 0
/usr/sbin/ndd -set /dev/tcp tcp_rev_src_routes 0
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 1000
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 10000
/usr/sbin/ndd -set /dev/tcp tcp_strong_iss 2

実行可能スタックの無効化、ファイルディスクリプタの増加 (SPARC/64bitモードのみ)

set noexec_user_stack=1
set noexec_user_stack_log=1
set rlim_fd_max=65536
set rlim_fd_cur=65536

アカウンティング有効化（lastcomm）

sendmailパッケージの削除（ソースからインストールするため）

各種アプリケーションインストール

make
m4
gawk
perl
autoconf
automake
flex
sed
Diffutils
rcs
bison
gdbm
readline
gettext
OpenSSL
wget（OSバンドルの/usr/sfw/bin/wgetが、httpsをサポートしていないため）
libtool
Coreutils
Zip（OSバンドルの/usr/bin/zipが、encrypt(パスワード付き圧縮)をサポートしていないため）
UnZip（OSバンドルの/usr/bin/unzipが、encrypt(パスワード付き圧縮)をサポートしていないため）

うにっくすさんの覚え書きについて

Home >> うにっくすさんの覚え書き >> Solaris 9 - インストール直後の私的設定手順

Total Access:264217 Today:158 Yesterday:209