1.配置root用户SSH登陆
# vi /etc/ssh/sshd_config ListenAddress 192.168.0.10 PermitRootLogin yes # > /etc/motd # vi /etc/default/init LANG=zh 2.取消几个影响系统启动的TIMEOUT # vi /etc/bootrc set boot_timeout 0 # vi /boot/solaris/bootenv.rc setprop auto-boot-timeout 0 setprop boottimeout '0' # vi /boot/solaris/strap.rc Options timeout=0 3.取消自动关机 # vi /etc/power.conf #autoshutdown 30 9:00 9:00 default 4.设置用户的环境变量 # vi /etc/passwd root:x:0:1:Super-User:/:/usr/bin/bash # vi /.bashrc PS1='[\u@\H \W]\$' PATH=$PATH:/bin:/sbin:/usr/bin:/usr/ucb:/usr/sbin:/etc:/usr/local/bin:/usr/local/sbin:/usr/ccs/bin:/usr/sfw/bin MANPATH=$MANPATH:/usr/man:/usr/local/man:/opt/sfw/man LD_LIBRARY_PATH=/usr/lib:/usr/dt/lib:/usr/openwin/lib:/usr/sfw/lib: /usr/local/lib:/usr/local/ssl/lib CC=gcc export PS1 PATH MANPATH LD_LIBRARY_PATH CC export EDITOR=vim umask 022 TMOUT=1800 # vi .bash_profile if [ -f ~/.bashrc ]; then . ~/.bashrc fi 5.安装常用软件包 TOP工具: # gzip -d top-3.5beta12.5-sol9-intel-local.gz # pkgadd -d top-3.5beta12.5-sol9-intel-local VIM工具: # gzip -d ncurses-5.3-sol9-intel-local.gz # pkgadd -d ncurses-5.3-sol9-intel-local # gzip -d vim-6.2-sol9-intel-local.gz # pkgadd -d vim-6.2-sol9-intel-local # mv /bin/vi /bin/vi.bak # ln -s /usr/local/bin/vim /bin/vi # cp /usr/local/share/vim/vim62/vimrc_example.vim /.vimrc # vi /.vimrc 把其中的: set backup " keep a backup file 修改为: set nobackup " keep a backup file # vi /etc/hosts 加一条记录: 192.168.0.15 win2k GCC工具: # gzip -d libiconv-1.8-sol9-intel-local.gz # gzip -d gcc-3.3.2-sol9-intel-local.gz # pkgadd -d libiconv-1.8-sol9-intel-local # pkgadd -d gcc-3.3.2-sol9-intel-local MAKE工具: # gzip -d make-3.80-sol9-intel-local.gz # gzip -d automake-1.7.2-sol9-intel-local.gz # pkgadd -d make-3.80-sol9-intel-local # pkgadd -d automake-1.7.2-sol9-intel-local MOZILLA: # pkgrm SUNWnsb SUNWnsm SUNWnspsm SUNWnsxp # gzip -d mozilla-i386-pc-solaris2.8-1.6.pkg.tar.gz # tar -vxf mozilla-i386-pc-solaris2.8-1.6.pkg.tar # cd mozilla-1.6-x86 # pkgadd -d MOZmozilla.pkg # gzip -d flash_player_6_solaris_intel.tar.gz # tar vxf flash_player_6_solaris_intel.tar # cd install_flash_player_6_solaris # cp * /usr/local/lib/mozilla-1.6/plugins # cd /usr/local/lib/mozilla-1.6/plugins # ln -s /usr/j2se/jre/plugin/i386/ns610/libjavaplugin_oji.so # /usr/local/bin/mozilla OTHERS: # pkgadd -d expat-1.95.5-sol9-intel-local # pkgadd -d gdbm-1.8.3-sol9-intel-local # pkgadd -d openssl-0.9.7d-sol9-intel-local # pkgadd -d libgcc-3.3-sol9-intel-local # pkgadd -d libpcap-0.8.1-sol9-intel-local # pkgadd -d tcp_wrappers-7.6-sol9-intel-local # pkgadd -d tcpdump-3.8.1-sol9-intel-local # pkgadd -d zlib-1.2.1-sol9-intel-local # pkgadd -d lsof-4.68-sol9-intel-local 6.安装APACHE-2.0.49 # pkgrm SUNWapchd SUNWapchr SUNWapchu # gzip -d apache-2.0.49-sol9-intel-local.gz # pkgadd -d apache-2.0.49-sol9-intel-local # cp /usr/local/apache2/bin/apachectl /etc/rc3.d/S50apache # chmod 744 /etc/rc3.d/S50apache # chown root:sys /etc/rc3.d/S50apache # 配置/usr/local/apache2/conf/httpd.conf过程略。 # SMCapach2 7.安装OPENSSH-3.8 # pkgrm SUNWsshcu SUNWsshdr SUNWsshdu SUNWsshr SUNWsshu # gzip -d openssh-3.8p1-sol9-intel-local.gz # pkgadd -d openssh-3.8p1-sol9-intel-local # mkdir /var/empty # chown root:sys /var/empty # chmod 755 /var/empty # groupadd sshd # useradd -g sshd -c "arthur sshd privsep" -d /var/empty -s /bin/false sshd # ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" # ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N "" # ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" # vi /etc/init.d/sshd ===========================sshd============================ #!/sbin/sh # # Copyright (c) 2001 by Sun Microsystems, Inc # All rights reserved. # #ident "@(#)sshd 1.1 01/09/24 SMI" case "$1" in start) /usr/local/sbin/sshd ;; stop) pkill sshd ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 ===========================sshd============================ # chmod 750 /etc/init.d/sshd # chown root:sys /etc/init.d/sshd # ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd # vi /etc/hosts.deny sshd:ALL # vi /etc/hosts.allow sshd:192.168.0.15 # rm /.ssh/* 8.安装SAMBA-3 # cp /etc/rc3.d/S90samba bak.S90samba # pkgrm SUNWsmbac SUNWsmbar SUNWsmbau # gzip -d samba-3.0.2a-sol9-intel-local.gz # gzip -d popt-1.7-sol9-intel-local.gz # pkgadd -d popt-1.7-sol9-intel-local # pkgadd -d samba-3.0.2a-sol9-intel-local # cd /usr/local/samba/doc/samba/examples/ # cp smb.conf.default /usr/local/samba/lib/smb.conf # 设置smb.conf文件过程略 # mv /etc/rc3.d/bak.S90samba S90samba # chown root:sys /etc/rc3.d/S90samba # vim /etc/rc3.d/S90samba =======================S90samba======================== #!/sbin/sh # # Copyright (c) 2001 by Sun Microsystems, Inc # All rights reserved. # #ident "@(#)samba 1.1 01/09/24 SMI" case "$1" in start) [ -f /usr/local/samba/lib/smb.conf ] || exit 0 /usr/local/samba/sbin/smbd -D /usr/local/samba/sbin/nmbd -D ;; stop) pkill smbd pkill nmbd ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 =======================S90samba======================== 9.初步的系统安全设置 为安全起见在/etc/inetd.conf中注释掉除下列服务的所有服务 ftp echo echo discard discard rstatd/2-4 fs 100083/1 在只需要不多图形操作的服务器或是要保证相当的安全,你也许应该关掉字体服务fs,也可以关掉系统性能监视器rstatd和tooltalk服务器ttd bserverd(100083/1),查找剩下需要关闭的端口的进程用这个命令: # /usr/local/bin/lsof -i | grep port 为安全起见在防止堆栈溢出 # cp /etc/system /etc/system.BACKUP # vi /etc/system 在文件的最后,加上以下两行: set noexec_user_stack=1 set noexec_user_stack_log=1 禁用自动启动DESKTOP # /usr/dt/bin/dtconfig -d 为安全起见停掉几个系统服务: 卸载SENDMAIL: # pkgrm SUNWsndmr SUNWsndmu 卸载TELNET: # pkgrm SUNWtnetc SUNWtnetd SUNWtnetr # cd /etc/rc2.d # mv S71ldap.client _S71ldap.client # mv S72inetsvc _S72inetsvc # mv S74autofs _S74autofs # mv S74xntpd _S74xntpd # mv S80lp _S80lp # mv S71rpc _S71rpc # mv S73nfs.client _S73nfs.client # cd /etc/rc3.d # mv S34dhcp _S34dhcp # mv S15nfs.server _S15nfs.server # mv S76snmpdx _S76snmpdx 卸载PCMCIA支持: # pkgrm SUNWpcelx SUNWpcmci SUNWpcmcu SUNWpcmem SUNWpcser SUNWpsdpr 安装PORT扫描工具NMAP # gzip -d nmap-3.50-sol9-intel-local.gz # gzip -d pcre-4.5-sol9-intel-local.gz # pkgadd -d nmap-3.50-sol9-intel-local # pkgadd -d pcre-4.5-sol9-intel-local 扫描本机端口: # nmap -P0 -sT localhost 安装网络漏洞扫描工具NESSUS: # gzip -d nessus-2.0.9-sol9-intel-local.gz # pkgadd -d nessus-2.0.9-sol9-intel-local 建立SSL证书: # nessus-mkcert 添加NESSUS用户: # nessus-adduser 以ROOT启动NESSUS服务器: # nessus -D 启动NESSUS的GUI客户端: # nessus |