1.配置root用戶SSH登陸 # vi /etc/ssh/sshd_config ListenAddress 192.168.0.10 PermitRootLogin yes # > /etc/motd # vi /etc/default/init LANG=zh
2.取消幾個影響系統啟動的TIMEOUT # vi /etc/bootrc set boot_timeout 0 # vi /boot/solaris/bootenv.rc setprop auto-boot-timeout 0 setprop boottimeout '0' # vi /boot/solaris/strap.rc Options timeout=0
3.取消自動關機 # vi /etc/power.conf #autoshutdown 30 9:00 9:00 default
4.設置用戶的環境變量 # vi /etc/passwd root:x:0:1:Super-User:/:/usr/bin/bash # vi /.bashrc PS1='[\u@\H \W]\$' PATH=$PATH:/bin:/sbin:/usr/bin:/usr/UCb:/usr/sbin:/etc:/usr/local/bin:/usr/local/sbin:/usr/ccs/bin:/usr/sfw/bin MANPATH=$MANPATH:/usr/man:/usr/local/man:/opt/sfw/man LD_LIBRARY_PATH=/usr/lib:/usr/dt/lib:/usr/openwin/lib:/usr/sfw/lib: /usr/local/lib:/usr/local/ssl/lib CC=gcc eXPort PS1 PATH MANPATH LD_LIBRARY_PATH CC export EDITOR=vim umask 022 TMOUT=1800 # vi .bash_profile if [ -f ~/.bashrc ]; then . ~/.bashrc fi
5.安裝常用軟件包 TOP工具: # gzip -d top-3.5beta12.5-sol9-intel-local.gz # pkgadd -d top-3.5beta12.5-sol9-intel-local VIM工具: # gzip -d ncurses-5.3-sol9-intel-local.gz # pkgadd -d ncurses-5.3-sol9-intel-local # gzip -d vim-6.2-sol9-intel-local.gz # pkgadd -d vim-6.2-sol9-intel-local # mv /bin/vi /bin/vi.bak # ln -s /usr/local/bin/vim /bin/vi # cp /usr/local/share/vim/vim62/vimrc_example.vim /.vimrc # vi /.vimrc 把其中的: set backup " keep a backup file 修改為: set nobackup " keep a backup file # vi /etc/hosts 加一條記錄: 192.168.0.15 win2k GCC工具: # gzip -d libiconv-1.8-sol9-intel-local.gz # gzip -d gcc-3.3.2-sol9-intel-local.gz # pkgadd -d libiconv-1.8-sol9-intel-local # pkgadd -d gcc-3.3.2-sol9-intel-local MAKE工具: # gzip -d make-3.80-sol9-intel-local.gz # gzip -d automake-1.7.2-sol9-intel-local.gz # pkgadd -d make-3.80-sol9-intel-local # pkgadd -d automake-1.7.2-sol9-intel-local MOZILLA: # pkgrm SUNWnsb SUNWnsm SUNWnspsm SUNWnsxp # gzip -d mozilla-i386-pc-solaris2.8-1.6.pkg.tar.gz # tar -vxf mozilla-i386-pc-solaris2.8-1.6.pkg.tar # cd mozilla-1.6-x86 # pkgadd -d MOZmozilla.pkg # gzip -d flash_player_6_solaris_intel.tar.gz # tar vxf flash_player_6_solaris_intel.tar # cd install_flash_player_6_solaris # cp * /usr/local/lib/mozilla-1.6/plugins # cd /usr/local/lib/mozilla-1.6/plugins # ln –s /usr/j2se/jre/plugin/i386/ns610/libJavaplugin_oji.so # /usr/local/bin/mozilla OTHERS: # pkgadd -d expat-1.95.5-sol9-intel-local # pkgadd -d gdbm-1.8.3-sol9-intel-local # pkgadd -d openssl-0.9.7d-sol9-intel-local # pkgadd -d libgcc-3.3-sol9-intel-local # pkgadd -d libpcap-0.8.1-sol9-intel-local # pkgadd -d tcp_wrappers-7.6-sol9-intel-local # pkgadd -d tcpdump-3.8.1-sol9-intel-local # pkgadd -d zlib-1.2.1-sol9-intel-local # pkgadd -d lsof-4.68-sol9-intel-local
6.安裝APACHE-2.0.49 # pkgrm SUNWapchd SUNWapchr SUNWapchu # gzip -d apache-2.0.49-sol9-intel-local.gz # pkgadd -d apache-2.0.49-sol9-intel-local # cp /usr/local/apache2/bin/apachectl /etc/rc3.d/S50apache # chmod 744 /etc/rc3.d/S50apache # chown root:sys /etc/rc3.d/S50apache # 配置/usr/local/apache2/conf/httpd.conf過程略。
# SMCapach2
7.安裝OPENSSH-3.8 # pkgrm SUNWsshcu SUNWsshdr SUNWsshdu SUNWsshr SUNWsshu # gzip -d openssh-3.8p1-sol9-intel-local.gz # pkgadd -d openssh-3.8p1-sol9-intel-local # mkdir /var/empty # chown root:sys /var/empty # chmod 755 /var/empty # groupadd sshd # useradd -g sshd -c "arthur sshd privsep" -d /var/empty -s /bin/false sshd # ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" # ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N "" # ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" # vi /etc/init.d/sshd ===========================sshd============================ #!/sbin/sh # # Copyright (c) 2001 by Sun Microsystems, Inc # All rights reserved. # #ident "@(#)sshd 1.1 01/09/24 SMI" case "$1" in start) /usr/local/sbin/sshd ;; stop) pkill sshd ;; *) echo "Usage: $0 { start stop }" exit 1 ;; esac exit 0 ===========================sshd============================ # chmod 750 /etc/init.d/sshd # chown root:sys /etc/init.d/sshd # ln –s /etc/init.d/sshd /etc/rc2.d/S98sshd # vi /etc/hosts.deny sshd:ALL # vi /etc/hosts.allow sshd:192.168.0.15 # rm /.ssh/* 8.安裝SAMBA-3 # cp /etc/rc3.d/S90samba bak.S90samba # pkgrm SUNWsmbac SUNWsmbar SUNWsmbau # gzip -d samba-3.0.2a-sol9-intel-local.gz # gzip -d popt-1.7-sol9-intel-local.gz # pkgadd -d popt-1.7-sol9-intel-local # pkgadd -d samba-3.0.2a-sol9-intel-local # cd /usr/local/samba/doc/samba/examples/ # cp smb.conf.default /usr/local/samba/lib/smb.conf # 設置smb.conf文件過程略 # mv /etc/rc3.d/bak.S90samba S90samba # chown root:sys /etc/rc3.d/S90samba # vim /etc/rc3.d/S90samba =======================S90samba======================== #!/sbin/sh # # Copyright (c) 2001 by Sun Microsystems, Inc # All rights reserved. # #ident "@(#)samba 1.1 01/09/24 SMI" case "$1" in start) [ -f /usr/local/samba/lib/smb.conf ] exit 0 /usr/local/samba/sbin/smbd -D /usr/local/samba/sbin/nmbd -D ;; stop) pkill smbd pkill nmbd ;; *) echo "Usage: $0 { start stop }" exit 1 ;; esac exit 0 =======================S90samba========================
9.初步的系統安全設置 為安全起見在/etc/inetd.conf中注釋掉除下列服務的所有服務 FTP echo echo discard discard rstatd/2-4 fs 100083/1 在只需要不多圖形操作的服務器或是要保證相當的安全,
你也許應該關掉字體服務fs,也可以關掉系統性能監視器rstatd和tooltalk服務器ttdbserverd(100083/1),查找剩下需要關閉的端口的進程用這個命令: # /usr/local/bin/lsof -i grep port 為安全起見在防止堆棧溢出 # cp /etc/system /etc/system.BACKUP # vi /etc/system 在文件的最後,加上以下兩行: set noexec_user_stack=1 set noexec_user_stack_log=1 禁用自動啟動DESKTOP # /usr/dt/bin/dtconfig –d 為安全起見停掉幾個系統服務: 卸載SENDMAIL: # pkgrm SUNWsndmr SUNWsndmu 卸載TELNET: # pkgrm SUNWtnetc SUNWtnetd SUNWtnetr # cd /etc/rc2.d # mv S71ldap.client _S71ldap.client # mv S72inetsvc _S72inetsvc # mv S74autofs _S74autofs # mv S74xntpd _S74xnt
