Sample Solaris – OS Installation Build Procedures
January 3, 2011Sample Ultra – OS Installation Procedures
The following steps include information about installing and hardening the Operating System.
Power On
– As soon as the Initialize Memory starts press STOP A
– The OK prompt appears
– Insert the Solaris 8 Server Configuration CD ROM
– At the OK prompt type boot cdrom – w
– Wait for install to start
OS Installation
– Select Language, press 0 for English
– Solaris Install Program, press F2 to continue
– Identify this system, press F2 to continue
– Host name, type the machine’s host name, press F2 to continue
– Network Connection, under Networked select Yes, press F2 to continue
– IP Address, type the machine’s IP Address, press F2 to continue
– Confirm Information, press F2 to continue
– Name Service, select none, press F2 to continue
– Confirm Information, press F2 to continue
– Subnets, System Part of a subnet select Yes, press F2 to continue
– Netmask, type 255.255.0.0, press F2 to continue
– Time Zone, regions select United States, press F2 to continue
– Time Zone, select Mountain, press F2 to continue
– Date and Time, accept defaults, press F2 to continue
– Confirm Information, press F2 to continue
– Solaris Interactive Installation, press F4 to Initialize, press F2 to continue
– Allocate Client Services, press F2 to continue
– Select Language, press F2 to continue
– Select 64 Bit, uncheck, press F2 to continue
– Select Software, select Developer Software, press F2 to continue
– Preserve Data, press F2 to continue
– Automatically Layout File System, check /, /var, swap, press F2 to continue
– File System and Disk Layout, press F2 to continue
– Select Disk to Customize, select c0t0d0, press F2 to continue
– Customize Disk c0t0d0, make changes to match settings below
Slice Mount Point Size (MB)
0 / 5643
1 SWAP 1024
2 overlap 8693
3 /var 1024
4
5
6
7
Press F2 to continue
– Select Disk to Customize, select c0t1d0, press F2 to continue (*server may only have one disk drive)
– Customize Disk c0t1d0, make changes to match settings below
Slice Mount Point Size (MB)
0 /var/opt/CPfw1-41/logs 5643
1 &
nbsp; 1024
2 overlap 8693
3 1024
4
5
6
7
Press F2 to continue
– Select Disk to Customize, press F2 to continue
– File Disk Layout, press F2 to continue
– Mount Remote File System, press F2 to continue
– Profile, press F2 to continue
– Warning for change to Boot Device, press F2 to continue
– Reboot after Install, press F2 to continue
– Wait for about 20 minutes for install to complete
Harden OS
– Assign password for root
– Select NO to conserve energy
– Select NO to ask the question again
– Log in as ROOT
Create a directory called /var/fwadmin
– Type cd /var
– Type mkdir fwadmin
– Type cd fwadmin
– Insert floppy labeled harden script
– Type copy /floppy/floppy0/harden
– Type ./harden
Harden Script Runs
– Do you wish to install SAR? Select Y
– Do you want to continue with installation of (SUNMaccr)? Select Y
– Do you want to install these as setuid /setgid file? Select Y
– Do you want to continue with installation? Select Y
Comment out all unneeded services
– Type cd /etc/inet
– Type copy inetd.conf inet.conf.org
– Type vi inetd.conf
– Delete the first 11 lines
– Move cursor below the word Telnet
– Hit Shift:
– Type .,$d (deletes the rest of the lines below Telnet)
– Type :wq!
Remove Comment for Console Line
– Type vi /etc/default/login
– Move cursor to CONSOLE=dev/console
– Insert the # symbol
– Type :wq!
Disable more services
– Type cd 0tclrc2.d
– Type mv S71rpc notused.S71rpc (disables RPC daemons)
– Type mv S99dtlogin notused.S99dtlogin (disables CDE log in)
– Type rm S74owtofs
– Type rm S73nfs.client
– Type rm S92volmgt
– Type vi /etc/services
– Add SSH entry
– Under telnet type ssh hit the tab key type 22/tcp
– Type :wq!
– Type vi /etc/default/ftpd
– Enter BANNER=””
– >Type :wq!
– Type vi /etc/default/telnetd
– Enter BANNER=””
– Type :wq!
– Type crontab –e
– Add 15 * * * * /usr/sbin/ntpdate –s 132.163.135.130 132.163.135.131
– Type eject cdrom
– Type reboot
Log on
– Type mkdir /opt/sw-depot
– Type cd /opt/sw-depot
Open an FTP session to the ftp server that has software Patches and 3rd part apps
– Type bin
– Type hass
– Type mget *
GNUgcc? Press Y
GNUzip? Press Y
titan? Press Y
perl? Press Y
ssh-1.2.30? Press Y
tcp_wrappers? Press Y
wu-ftpd? Press Y
7_recommended? Press Y
.profile? Press Y
.kshrc? Press Y
Quit
– Type vi /etc/passwd
Change line root:x:0:1:Super_User:/:/sbin/sh to root:x:0:1:Super_User:/:/bin/ksh
– Type :wq!
– Type cp /opt/sw-depot/.profile .
– Type cp /opt/sw-depot/.kshrc .
– Type chmod 700 .kshrc
– Type exit
Log on
– Type cd /tmp
– Type cp /opt/sw-depot/7*
– Type which unzip
– Type unzip *.zip
Wait
– Type rm *.zip
– Type cd 7.*
– Type ./install_cluster
– Ready to continue? Select Y
Wait about 30 minutes
– Type cd /tmp
– Type rm –R 7*
– Reboot
Log on
– Type cd /tmp
– Type cp /opt/sw-depot/GNU* .
– Type cp /opt/sw-depot/perl* .
– Type cp /opt/sw-depot/top* .
– Type cp /opt/sw-depot/wu* .
– Type tar –xvf ./GNUzip*
– Type rm GNUzip1.2.*.tar
– Type pkgadd –d .
– Press Enter to select all packages
– After install type Q to quit
– Type rm –R GNUzip
– Type which gunzip
– Type gunzip *.tgz
– Type tar –xvf GNU*.tar
– Type rm GNU*.tar
– Type tar –xvf top*.tar
– Type rm top*.tar
– Type tar –xvf perl*.tar
– Type rm perl*.tar
– Type tar –xvf wu*.tar
– Type rm wu*.tar
– Type pkgadd –d
– Press Enter to select all packages
Wait
– Do you want to install thes as setuid/set
gid? Select Y
– After install type Q to quit
– Type rm –R GNU* perl* top wu*
– Reboot
Log on
– Type cd /tmp
– Type cp /opt/sw-depot/tcp* .
– Type cp /opt/sw-depot/ssh* .
– Type gunzip ssh*.gz
– Type tar –xvf *.tar
– Type rm ssh*.tar
– Type gunzip tcp*.gz
– Type tar –xvf *.tar
– Type rm tcp*.tar
– Type cd /tcp*
– Type vi Makefile
– Search for STYLE=DPROCESS_OPTIONS # Enable Language Options
– Remove # symbol from beginning of line
– Search for SYSV.4 Solaris2xOS Fault
– The next line should be REAL_DAEMON_DIR=/usr/sbin
– Remove # from beginning of line
– Type :wq!
– Type make sunos5
– Type cp tcpd /usr/sbin
– Type cp safe_finger /usr/sbin
– Type cp tcpdchk /usr/sbin
– Type cp tcpdmatch /usr/sbin
– Type cp try-from /usr/sbin
– Type cd ../ssh
– Type . /configure—without-x
– Type make
– Type make install
– Type vi /etc/inetd/inetd.conf
– Add the following entry
– Ssh stream tcp nowaitroot /usr/sbin/tcpd /usr/local/sbin/sshd -I
– Add # symbol in front of ftp and telnet
– Type :wq!
– Type ps –e | grep inetd
– Type kill –1 (process id)
Reboot