Category Archives: OS

配置有vlan的端口 on Solaris

Create one hostname.cenum file (hostname6.cenum file for IPv6) for each VLAN that will be configured for each adapter on the server.

Use the following naming format that includes both the VID and the physical point of attachment (PPA):

VLAN logical PPA = 1000 * VID + Device PPA ce123000 = 1000*123 + 0

For example: hostname.ce123000

VLAN logical PPA = 1000 * VID + Device PPA ce11000 = 1000*11 + 0

For example: hostname.ce11000

This format limits the maximum number of PPAs (instances) you can configure to 1000 in the /etc/path_to_inst file.

For example, on a server with the Sun Gigabit Ethernet/P 3.0 adapter having an instance of 0, that belongs to two VLANs with VIDs 123 and 224, you would use ce123000 and ce224000, respectively, as the two VLAN PPAs.

refer to: http://docs.sun.com/app/docs/doc/816-4554/bbjfdeij?a=view

Install MySQLdb module of Python on Solaris/Solaris 10上安装Python的MySQLdb模块

Reason: Solaris 10 自带的python是forte c++编译的,所以和gcc编译的软件一起工作会有很多问题。The built-in python of Solaris 10 is compiled by forte c++, normally we want to use gcc as the default compiler. This will cause some errors:

 

root@felix1 [/data1/soft/MySQL-python-1.2.4] # python setup.py build
running build
running build_py
copying MySQLdb/release.py -> build/lib.solaris-2.10-i86pc-2.6/MySQLdb
running build_ext
building ‘_mysql’ extension
creating build/temp.solaris-2.10-i86pc-2.6
/usr/lib/python2.6/pycc -DNDEBUG -KPIC -Dversion_info=(1,2,4,’final’,1) -D__version__=1.2.4 -I/opt/mysql/include -I/usr/include/python2.6 -c _mysql.c -o build/temp.solaris-2.10-i86pc-2.6/_mysql.o -g
gcc: unrecognized option `-KPIC’
In file included from _mysql.c:44

 

为了避免该问题我们可以需要使用全都用gcc编译的软件一起工作。包括python和mysql。To avoid this we need to use a python which compiled by GCC. We need a mysql compiled by GCC as well. Download python from www.sunfreeware.com and download 32bit mysql from mysql.com and install them.

从sourceforge上下载MySQLdb模块源代码,设置环境变量/Download MySQLdb from sf.net and setup the environment:

 

root@felix1 [/data1/soft/MySQL-python-1.2.4] # export LD_LIBRARY_PATH=/usr/local/mysql/lib:/opt/mysql/lib:/lib:/usr/lib:/usr/local/lib:/usr/local/mysql/lib
root@felix1 [/data1/soft/MySQL-python-1.2.4] # PATH=/usr/local/mysql/bin:$PATH
root@felix1 [/data1/soft/MySQL-python-1.2.4] # python setup.py build

running build
running build_py
copying MySQLdb/release.py -> build/lib.solaris-2.10-i86pc-2.6/MySQLdb
running build_ext
building ‘_mysql’ extension
gcc -shared build/temp.solaris-2.10-i86pc-2.6/_mysql.o -L/usr/local/mysql/lib -lmysqlclient_r -lthread -lsocket -lnsl -lm -lrt -o build/lib.solaris-2.10-i86pc-2.6/_mysql.so

root@felix1 [/data1/soft/MySQL-python-1.2.4] # python setup.py install

你就会安装MySQLdb模块到/usr/local下的python了。此时因为_mysql.so已经编译完成,所以就算你切换回系统python,执行python setup.py install,也会得到一个正确的安装的模块。
You’ll install the module to python under /usr/local. Now the _mysql.so is built, so even you switch to the /usr/bin/python, execute ‘python setup.py install’, you’ll get a good module as well

 

Solaris security tips

1           acct (Accounting)

Solaris Accounting can record each command.

  • To turn on (Solairs 10):
ln -s /etc/init.d/acct /etc/rc2.d/S20acct
/etc/rc2.d/S20acct

 

  • Default process accounting file is /var/adm/pacct and /var/adm/acct
  • To use different path, try:

/usr/lib/acct/accton path/file

  • To see the accounting:

lastcomm [username]

I’ll check and update later for details.

See also:

http://space.itpub.net/228190/viewspace-681680 solaris10开启account功能

http://solaris.tophk.net/security/security_start_point.html Solaris日誌介紹

2           Authentication log

Authlog record authentication information

  • To turn on

if [ ! “`grep -v ‘^#’ /etc/syslog.conf | \

grep /var/log/authlog`” ]; then

echo -e “auth.info\t\t\t/var/log/authlog” \

>>/etc/syslog.conf

fi

logadm -w authlog -C 13 -a ‘pkill -HUP syslogd’ \

/var/log/authlog

  • To check

cat /var/log/authlog

3           Prevent directly ssh by remote for some users

Can use DenyUsers and DenyGroups in the /etc/ssh/sshd_config, see ‘man sshd_config’

4           Lock/Prevent user-lock by unsuccessful login attempts

  • Lock account after maximum login attempts
  1. Setup RETRIES in /etc/default/login to 3 (or number you want)
  2. Setup LOCK_AFTER_RETRIES=YES in /etc/security/policy.conf
  • Prevent unnecessary user-lock by unsuccessful login attempts (for example, we setup the user can’t be login directly by ssh in the section 3)

Modify the /etc/user_attr file to add “lock_after_retries=no” property to the account you want to change, just like:

gmb::::type=normal;roles=secadm;lock_after_retries=yes

If there is no the line for your account, create a new line:

gmb::::lock_after_retries=no

See also:

https://blogs.oracle.com/gbrunett/entry/solaris_10_account_lockout_three Solaris 10 Account Lockout (“Three Strikes!”)

Solaris x86的网络安装及相关问题

修改/tftpboot/boot/grub/menu.lst

default=0
timeout=60
title Solaris_10 a
kernel /I86PC.Solaris_10-1/multiboot kernel/unix -B install_media=192.168.22.221:/a,install_boot=#192.168.22.221:/a/boot
module /I86PC.Solaris_10-1/x86.miniroot

install_boot=#192.168.22.221:/a/boot
这里为什么会多一个#呢?导致在boot之后,一直报#192.168.22.221的NFS有问题,查了就是没问题,神经病

使scp和ssh不需要密码

有些时候,我们在复制/移动文件到另一台机器时会用到scp,因为它比较安全。但如果每次
都要输入密码,就比较烦了,尤其是在script里。不过,ssh有另一种用密钥对来验证的方
式。下面写出我生成密匙对的过程,供大家参考。
第一步:生成密匙对,我用的是rsa的密钥。使用命令 “ssh-keygen -t rsa”

[user1@rh user1]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory ‘/home/user1/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
e0:f0:3b:d3:0a:3d:da:42:01:6a:61:2f:6c:a0:c6:e7 user1@rh.test.com
[user1@rh user1]$

生成的过程中提示输入密钥对保存位置,直接回车,接受默认值就行了。接着会提示输入一
个不同于你的password的密码,直接回车,让它空着。当然,也可以输入一个。(我比较懒
,不想每次都要输入密码。) 这样,密钥对就生成完了。
其中公共密钥保存在 ~/.ssh/id_rsa.pub
私有密钥保存在 ~/.ssh/id_rsa
然后改一下 .ssh 目录的权限,使用命令 “chmod 755 ~/.ssh”

[user1@rh user1]$ chmod 755 ~/.ssh
[user1@rh user1]$

之后把这个密钥对中的公共密钥复制到你要访问的机器上去,并保存为
~/.ssh/authorized_keys.

[user1@rh user1]$ scp ~/.ssh/id_rsa.pub rh1:/home/user1/.ssh/authorized_keys
user1@rh1′s password:
id_rsa.pub 100% 228 3.2MB/s 00:00
[user1@rh user1]$

之这样就大功告成了。之后你再用ssh scp sftp 之类的访问那台机器时,就不用输入密码
了,用在script上更是方便。

[root@testdb02 ~]# ssh-keygen -t rsa
[root@testdb02 ~]# chmod 755 ~/.ssh
[root@testdb02 ~]# scp -r ~/.ssh/id_rsa.pub 192.168.65.128:/root/.ssh/authorized_keys

本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/acsheva/archive/2006/10/06/1322855.aspx

Solaris Patch Return Code

Solaris Patch Return Codes – patchadd

When adding patches to a solaris box you sometimes get these error messages esp. 2 and 8 and sometimes 5 and 25. Here’s what they all mean.
Exit code Meaning
0 No error
1 Usage error
2 Attempt to apply a patch that’s already been applied
3 Effective UID is not root
4 Attempt to save original files failed
5 pkgadd failed
6 Patch is obsoleted
7 Invalid package directory
8 Attempting to patch a package that is not installed
9 Cannot access /usr/sbin/pkgadd (client problem)
10 Package validation errors
11 Error adding patch to root template
12 Patch script terminated due to signal
13 Symbolic link included in patch
14 NOT USED
15 The prepatch script had a return code other than 0.
16 The postpatch script had a return code other than 0.
17 Mismatch of the -d option between a previous patch install and the current one.
18 Not enough space in the file systems that are targets of the patch.
19 $SOFTINFO/INST_RELEASE file not found
20 A direct instance patch was required but not found
21 The required patches have not been installed on the manager
22 A progressive instance patch was required but not found
23 A restricted patch is already applied to the package
24 An incompatible patch is applied
25 A required patch is not applied
26 The user specified backout data can’t be found
27 The relative directory supplied can’t be found
28 A pkginfo file is corrupt or missing
29 Bad patch ID format
30 Dryrun failure(s)
31 Path given for -C option is invalid
32 Must be running Solaris 2.6 or greater
33 Bad formatted patch file or patch file not found
34 The appropriate kernel jumbo patch needs to be installed
35 Later revision already installed
36 Cannot create safe temporary directory
37 Illegal backout directory specified
38 A prepatch, prePatch or a postpatch script could not be executed
39 A compressed patch was unable to be decompressed
40 Error downloading a patch
41 Error verifying signed patch
42 Error unable to retrieve patch information from SQL DB
43 Error unable to update the SQL DB
44 Lock file not available
45 Unable to copy patch data to partial spool directory.

Install DBI and DBD::mysql for perl

Solaris 系统自带的/usr/bin/perl是用Forte C++编译的,如果你真得要装到/usr/bin/perl里,你就得先装Forte C++
如果嫌麻烦可以这么做:
1. 到Sunfreeware下载一个perl,安装上
2. 安装完成之后,把/usr/local/bin放在你的PATH里边/usr/bin之前,用perl -V看看perl编译的编译器,一般是gcc 3.4.6
4. 安装和perl使用的相同的编译器,比如perl是gcc3.4.6编译的用3.4.0的gcc就不行,这样可以编译安装DBI
5. 如果你系统装的64位的mysql,你还需要去下载一个32位的mysql,建议下载那种tar.gz,就是解开就用的那种,随便找个地方放下,但是要把这个mysql的路径放在PATH里边的前面,因为装DBD的时候会去找它的mysql_config
6 现状可以开始编译DBD,第一步先用perl Makefile.PL生成Makefile,然后编辑Makefile,删掉这一段 -xO3 -mt -D_FORTEC_ -xarch=v8,因为你下载的专门for solaris的mysql也是用forte c++编译的。。。
7. 然后编译安装应该能顺利完成