May 14, 2004 No comments

Solaris Security Gotchas

If you enable the TCP Wrappers option in Solaris 9, either using JASS or through manually editing /etc/default/inetd, Solaris will wrap everything in inetd - including NetBackup. This will break your nightly backups unless you add the IPs from your /etc/hosts for the NetBackup servers to /etc/hosts.allow.

May 13, 2004 No comments

Boot Error Messages

Upon bootup, a system with DiskSuite installed may issue the following warnings:

WARNING: forceload of misc/md_trans failed
WARNING: forceload of md_raid failed
WARNING: forceload of md_hotspares failed

These messages are caused by forceload’s that are present in the /etc/system file which attempts to load drivers for metatrans, raid5, or hotspare device(s). The warnings exist if there are no such devices on the system. Thus you can rid the system of the warning:

WARNING: forceload of md_hotspares failed

by creating an empty hotspare pool:

# metainit hsp001

and by commenting out the drivers for raid types that do not exist:

*forceload: misc/md_trans
*forceload: misc/md_raid
forceload: misc/md_hotspares
*forceload: misc/md_sp
forceload: misc/md_stripe
forceload: misc/md_mirror

You will need to uncomment these if you ever create these types of raid devices.

May 10, 2004 No comments

Solaris Syslog Configuration

This is the syslog.conf I have settled on for Solaris 8/9 systems:

*.err;kern.none;daemon.none;mail.none           /var/log/syslog
auth.info                                       /var/log/authlog
mail.warning                                    /var/log/maillog
daemon.info;kern.info;local0.info               /var/adm/messages

It gives good separation between daemon and kernel messages, auth messages, miscellaneous messages, and non-critical messages (e.g. mail). On Solaris 8 this requires the creation of new rotation scripts in /usr/lib and root’s crontab for maillog and authlog, as well as the rotation script for wtmpx. On Solaris 9 the following is a template I am using for /etc/logadm.conf:

/var/log/syslog -C 8 -p 1w -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/log/authlog -C 8 -p 1w -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/log/maillog -C 8 -p 1w -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/adm/messages -C 8 -p 1w -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/adm/lastlog -C 8 -p 24h
/var/adm/wtmpx -C 8 -p 24h
/var/cron/log -p 24h -c -s 10240k -t /var/cron/olog
May 7, 2004 No comments

Kill All Processes for a User

Try the following:

  • su -c “kill -9 -1″ user
  • ps -U user -o pid= | xargs kill -9

May 6, 2004 No comments

Solaris Syslog Configuration

This is a good addition to the syslog.conf man page for understanding how the syslog system in modern Solaris distributions works.

Recent Posts

Blogroll