468x60 Ads

Showing posts with label Solaris 10. Show all posts
Showing posts with label Solaris 10. Show all posts

Monday, December 19, 2016

To prevent block FTP access by anonymous users Solaris 10

11:09 PM  Unknown  No comments
To prevent access by anonymous users, add the entry
"defaultserver private" to /etc/ftpd/ftpaccess:

Adding guestserver to the ftpaccess file:
# echo "guestserver" >> /etc/ftpd/ftpaccess

# cat /etc/ftpd/ftpaccess
# ident "@(#)ftpaccess  1.2     03/05/14 SMI"
#
# FTP server configuration file, see ftpaccess(4).
#
class   anonusers       anonymous       *
class   guestusers      guest   *
class   realusers       real    *
loginfails      3
passwd-check    trivial         warn
private         no
shutdown        /etc/ftpd/shutdown.msg
# email         user@hostname
# guestuser     username
# rhostlookup   no
#To prevent access by anonymous users#
defaultserver private
.
.
.
.
guestserver
.
.

Next restart the FTP service :


Veryfy the status now -> blocked FTP access for anonymous user :

C:\Users\U Computers>ftp 172.16.0.1
Connected to 172.16.0.1.
220-_________________________________
220-
220-    welcome to SLT HQ server!
220-     Authorised access only!
220-
220-**********************************
220-
220-
220 NTU-HQ-EMS FTP server ready.
User (172.16.0.1:(none)): anonymous
530 Guest login not allowed on this machine.
Connection closed by remote host.

How to ensure that anonymous FTP has been disabled on a Solaris 10 system


Monday, July 4, 2016

Configuring a NTP(Network Time Protocol ) client on Solaris 10

11:28 PM  Unknown  No comments

Configuring a NTP client

 

Create the ntp.conf file

You can use ntp.client file as template and edit ntp.conf
#cd /etc/inet
# cp ntp.client ntp.conf

 Eg :

 #vi /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#
server 192.168.10.6 prefer
server 172.16.0.2
driftfile /var/ntp/ntp.drift
multicastclient 224.0.1.1
#

Save and exit from ntp.conf
 

Check the NTP server reachability and response to NTP client:

 
# ntpdate -d 192.168.10.6
30 Jun 12:51:46 ntpdate[9927]: ntpdate 3-5.93e+sun 03/06/05 23:16:45 (1.4)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
receive(192.168.10.6)
transmit(192.168.10.6)
server 192.168.10.6, port 123
stratum 4, precision -18, leap 00, trust 000
refid [127.127.1.0], delay 0.02591, dispersion 0.00000
transmitted 4, in filter 4
reference time:    db1f46e8.a3e1a000  Thu, Jun 30 2016 12:51:12.640
originate timestamp: db1f470a.efb60000  Thu, Jun 30 2016 12:51:46.936
transmit timestamp:  db1f470a.efa4d000  Thu, Jun 30 2016 12:51:46.936
filter delay:  0.02599  0.02591  0.02591  0.02591
                   0.00000  0.00000  0.00000  0.00000
filter offset: 0.000024 0.000012 0.000012 0.000012

                  0.000000 0.000000 0.000000 0.000000
delay 0.02591, dispersion 0.00000
offset 0.000012
30 Jun 12:51:46 ntpdate[9927]: adjust time server 172.16.0.2 offset 0.000012 sec

 

Start the ntpd daemon

# svcadm enable svc:/network/ntp:default

Check the ntp service status:

#svcs ntp
STATE  STIME   FMRI
online 10:23:44 svc:/network/ntp:default

 
driftfile /var/ntp/ntp.drift à The difference between your clock and the time provided by NTP servers can be examined by viwing the drift file:

Eg:
# cat /var/ntp/ntp.drift
-40.65

Once the service is running you can check which server is sync with the client:

if there is * against 192.168.10.6 means NTP sync is working with particular server.

- outlyer

The peer is discarded by the clustering algorithm as an outlyer.

+ candidat

The peer is a survivor and a candidate for the combining algorithm.

# selected

The peer is a survivor, but not among the first six peers sorted by synchronization distance. If the association is ephemeral, it may be demobilized to conserve resources.

* sys.peer

The peer has been declared the system peer and lends its variables to the system variables.

  

NTP default port :123 UDP

 

Friday, May 30, 2014

Searching for Files that have been modified within a specified time frame (using find command)

12:27 AM  Unknown  No comments

Searching for Files that have been modified within a specified time frame (using find command)

Find command is use for searching files that meet conditions you specify.

For more information about find command:


man page in Solaris 10:

 

find directory options

 

-atimen             True if the file  was  accessed  n  days ago.  The  access time of directories in

                         path is changed by find itself.

 

-ctime n            True if the file's status was changed  n days ago.

-mtime n            True if the file's data was  modified  n days ago.

 

The descriptions of -atime, -ctime, and -mtime use the  ter-minology n ``24-hour periods''. For example, a file accessed at 23:59 is selected by:

 

       example% find . -atime -1 -print

 

     at 00:01 the next day (less than 24 hours  later,  not  more than one day ago). The midnight boundary between days has no effect on the 24-hour calculation.

 

 

Eg:Find files in current directory that have been modified in last 24h time

  #find . -ctime -1 -type f

Wednesday, March 12, 2014

How to add telnet SSH warning/logging banner/message in solaris 10

1:45 AM  Unknown  No comments
We can add our system warning/logging banner/message by editing /etc/motd file. This message will appear once after we are logging in to system using Telnet/SSh/..etc. methord. (displayed after login)


# vi /etc/motd
"/etc/motd" 1 line, 57 characters
#########################################################################
#                   ----Sri Lanka XXXX PVT. LTD.----                 
# This system is for the use of authorized users only.             
# Individuals using this computer system without authority, or                     
# in excess of their authority, are subject to having all of                         
# activities on this system monitored and recorded by system personnel.
#########################################################################

Eg:

login as: dara
Using keyboard-interactive authentication.
Password:
Access denied
Using keyboard-interactive authentication.
Password:
Last login: Wed Mar 12 11:43:09 2014 from 172.16.0.6
#########################################################################
#                   ----Sri Lanka XXXX PVT. LTD.----                 
# This system is for the use of authorized users only.             
# Individuals using this computer system without authority, or                     
# in excess of their authority, are subject to having all of                         
# activities on this system monitored and recorded by system personnel.
#########################################################################
-bash-3.00$


For telnet we can place a banner to display while trying to access server by editing /etc/default/telnetd file.


# vi /etc/default/telnetd
"/etc/default/telnetd" [Read only] 20 lines, 652 characters
#ident  "@(#)telnetd.dfl        1.1     01/11/01 SMI"
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# /etc/default/telnetd
#
# telnetd default settings processed via telnetd(1M).
#
# BANNER defines the connection banner which is displayed before the
# telnet login prompt, see telnetd(1M) for details.  The following
# commented line shows the default value.
#
#BANNER="\\r\\n\\r\\n`uname -s` `uname -r`\\r\\n\\r\\n"
#
#
# Suppress the telnet banner by supplying a null definition.
#
BANNER="**********************Warning************************\\r\\n\\r\\n uthorized uses only.All activity may be monitored and reported\\r\\n\\r\\n"


For SSH:



# vi /etc/ssh/sshd_config
.
.
.
# Banner to be printed before authentication starts.
Banner /etc/issue
.
.

.

Eg:
>telnet 172.16.0.4
**********************Warning************************

 uthorized uses only.All activity may be monitored and reported

login:

Friday, March 7, 2014

See default ports in solaris 10

4:04 AM  Unknown  1 comment
# cat /etc/services
#
# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident  "@(#)services   1.34    08/11/19 SMI"
#
# Network services, Internet style
#
tcpmux          1/tcp
echo            7/tcp
echo            7/udp
discard         9/tcp           sink null
discard         9/udp           sink null
systat          11/tcp          users
daytime         13/tcp
daytime         13/udp
netstat         15/tcp
chargen         19/tcp          ttytst source
chargen         19/udp          ttytst source
ftp-data        20/tcp
ftp             21/tcp
ssh             22/tcp                          # Secure Shell
telnet          23/tcp
smtp            25/tcp          mail
time            37/tcp          timserver
time            37/udp          timserver
name            42/udp          nameserver
whois           43/tcp          nicname         # usually to sri-nic
domain          53/udp
domain          53/tcp
bootps          67/udp                          # BOOTP/DHCP server
bootpc          68/udp                          # BOOTP/DHCP client
kerberos        88/udp          kdc             # Kerberos V5 KDC
kerberos        88/tcp          kdc             # Kerberos V5 KDC
hostnames       101/tcp         hostname        # usually to sri-nic
pop2            109/tcp         pop-2           # Post Office Protocol - V2
pop3            110/tcp                         # Post Office Protocol - Version 3
sunrpc          111/udp         rpcbind
sunrpc          111/tcp         rpcbind
imap            143/tcp         imap2           # Internet Mail Access Protocol v2
ldap            389/tcp                         # Lightweight Directory Access Protocol
ldap            389/udp                         # Lightweight Directory Access Protocol
dhcpv6-client   546/udp         dhcpv6c         # DHCPv6 Client (RFC 3315)
dhcpv6-server   547/udp         dhcpv6s         # DHCPv6 Server (RFC 3315)
submission      587/tcp                         # Mail Message Submission
submission      587/udp                         #    see RFC 2476
ldaps           636/tcp                         # LDAP protocol over TLS/SSL (was sldap)
ldaps           636/udp                         # LDAP protocol over TLS/SSL (was sldap)
#
# Host specific functions
#
tftp            69/udp
rje             77/tcp
finger          79/tcp
link            87/tcp          ttylink
supdup          95/tcp
iso-tsap        102/tcp
x400            103/tcp                         # ISO Mail
x400-snd        104/tcp
csnet-ns        105/tcp
pop-2           109/tcp                         # Post Office
uucp-path       117/tcp
nntp            119/tcp         usenet          # Network News Transfer
ntp             123/tcp                         # Network Time Protocol
ntp             123/udp                         # Network Time Protocol
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp                         # NETBIOS Name Service
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp                         # NETBIOS Datagram Service
netbios-ssn     139/tcp                         # NETBIOS Session Service
netbios-ssn     139/udp                         # NETBIOS Session Service
NeWS            144/tcp         news            # Window System
slp             427/tcp         slp             # Service Location Protocol, V2
slp             427/udp         slp             # Service Location Protocol, V2
mobile-ip       434/udp         mobile-ip       # Mobile-IP
cvc_hostd       442/tcp                         # Network Console
ike             500/udp         ike             # Internet Key Exchange
uuidgen         697/tcp                         # UUID Generator
uuidgen         697/udp                         # UUID Generator
#
# UNIX specific services
#
# these are NOT officially assigned
#
exec            512/tcp
login           513/tcp
shell           514/tcp         cmd             # no passwords used
printer         515/tcp         spooler         # line printer spooler
courier         530/tcp         rpc             # experimental
uucp            540/tcp         uucpd           # uucp daemon
biff            512/udp         comsat
who             513/udp         whod
syslog          514/udp
talk            517/udp
route           520/udp         router routed
ripng           521/udp
klogin          543/tcp                         # Kerberos authenticated rlogin
kshell          544/tcp         cmd             # Kerberos authenticated remote shell
new-rwho        550/udp         new-who         # experimental
rmonitor        560/udp         rmonitord       # experimental
monitor         561/udp                         # experimental
pcserver        600/tcp                         # ECD Integrated PC board srvr
sun-dr          665/tcp                         # Remote Dynamic Reconfiguration
kerberos-adm    749/tcp                         # Kerberos V5 Administration
kerberos-adm    749/udp                         # Kerberos V5 Administration
kerberos-iv     750/udp                         # Kerberos V4 key server
krb5_prop       754/tcp                         # Kerberos V5 KDC propogation
ufsd            1008/tcp        ufsd            # UFS-aware server
ufsd            1008/udp        ufsd
cvc             1495/tcp                        # Network Console
ingreslock      1524/tcp
www-ldap-gw     1760/tcp                        # HTTP to LDAP gateway
www-ldap-gw     1760/udp                        # HTTP to LDAP gateway
listen          2766/tcp                        # System V listener port
nfsd            2049/udp        nfs             # NFS server daemon (clts)
nfsd            2049/tcp        nfs             # NFS server daemon (cots)
eklogin         2105/tcp                        # Kerberos encrypted rlogin
lockd           4045/udp                        # NFS lock daemon/manager
lockd           4045/tcp
ipsec-nat-t     4500/udp                        # IPsec NAT-Traversal
dtspc           6112/tcp                        # CDE subprocess control
fs              7100/tcp                        # Font server
#[swat] The swat service is added by the SUNWsmbar package.
#[swat] Removing the swat service manually while SUNWsmbar
#[swat] package is installed in the system can cause issues
#[swat] with smf(5) stability or with zones(5) installation.
swat            901/tcp                         # Samba Web Adm.Tool
apocd   38900/udp
snmpd           161/udp        snmp             # SMA snmp daemon
servicetag      6481/udp
servicetag      6481/tcp
You can just edit and restart 

Wednesday, August 21, 2013

How to Add Access to CD/DVD Media in a Non-Global Zone in Solaris 10

4:47 AM  Unknown  No comments

How to Add Access to CD/DVD Media in aNon-Global Zone.

Below is the procedure for Add Access to CD/DVD Media to Non-Global zone permanently.

1.     Login to global zone become super user.

2.     Determine whether the Volume Management file system is running in the global zone.

global # svcs volfs
STATE          STIME    FMRI
online         2012     svc:/system/filesystem/volfs:default

3.     (Optional) If the Volume Management file system is not running(offline) in the global zone,enable it.

global# svcadm volfs enable

4.     Insert the media.

5.     Check for media in the drive.

global# volcheck

6.     Test whether the DVD is auto mounted.

global# ls /cdrom

You will see a output similar to the following:

cdrom   cdrom1  

7.     Take backup of existing zone configuration similar to attached file with info command under zonecfg
Eg:

# zonename

global

# zonecfg -z EMS

zonecfg:EMS> info

zonename: EMS

zonepath: /Zones/EMS

brand: native

autoboot: true

bootargs:

pool:

limitpriv:

scheduling-class:

ip-type: shared

hostid:

inherit-pkg-dir:

        dir: /lib

inherit-pkg-dir:

        dir: /platform

inherit-pkg-dir:

        dir: /sbin

inherit-pkg-dir:

        dir: /usr

fs:

        dir: /usr/local

        special: /Zones/storage/local/EMS

        raw not specified

        type: lofs

        options: []

net:

        address: 172.16.0.3

        physical: igb0

        defrouter not specified

zonecfg:EMS>exit

8.     Loopback mount the file system with the options nodevices, ro (no devices, read-only) in the Non-global zone.

global# zonecfg -z EMS
zonecfg:EMS> add fs
zonecfg:EMS> set dir=/cdrom
zonecfg:EMS> set special=/cdrom
zonecfg:EMS> set type=lofs
zonecfg:EMS> add options [ro,nodevices]
zonecfg:EMS> end
zonecfg:EMS> commit
zonecfg:EMS> exit

9.     Reboot the non-global zone.

global# zoneadm -z EMS reboot

EMS—is Name of Non-Global Zone

10.  Use the zoneadm list command with the -v option to verify the status.

global# zoneadm list -v

11.  You will see a display that is similar to the following:

ID  NAME     STATUS       PATH                           BRAND      IP
0  global   running      /                              native     shared
1  EMS      running      /Zones/storage/local/EMS       native     shared

12.  Log in to the non-global zone.

global# zlogin EMS

13.  Verify the DVD-ROM mount.

EMS# ls /cdrom

14.  You will see a display similar to this:

cdrom   cdrom1 

15.  Get the use of DVD/CD in Non-Global zone..:-)

16.  Exit the non-global zone.

EMS# exit

If you want to retain the /cdrom file system in your non-global zone. The mount will always reflect the current contents of the CD-ROM drive, or an empty directory if the drive is empty.

17.   (Optional) If you want to remove the /cdrom file system from the non-global zone, use the following procedure.

global# zonecfg -z EMS
zonecfg:EMS> remove fs dir=/cdrom
zonecfg:EMS> commit
zonecfg:EMS> exit

 

 
Subscribe to: Posts (Atom)