1.配置root用户SSH登陆
#vi/etc/ssh/sshd_config
ListenAddress192.168.0.10
PermitRootLoginyes
#>/etc/motd
#vi/etc/default/init
LANG=zh
2.取消几个影响系统启动的TIMEOUT
#vi/etc/bootrc
setboot_timeout0
#vi/boot/solaris/bootenv.rc
setpropauto-boot-timeout0
setpropboottimeout'0'
#vi/boot/solaris/strap.rc
Optionstimeout=0
3.取消自动关机
#vi/etc/power.conf
#autoshutdown309:009:00default
4.设置用户的环境变量
#vi/etc/passwd
root:x:0:1:Super-User:/:/usr/bin/bash
#vi/.bashrc
PS1='[\u@\H\W]\$'
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/ucb:/usr/sbin:/
etc:/usr/local/bin:/usr/local/sbin:/usr/ccs/bin:/usr/sfw/bin
MANPATH=$MANPATH:/usr/man:/usr/local/man:/opt/sfw/man
LD_LIBRARY_PATH=/usr/lib:/usr/dt/lib:/usr/openwin/lib:/usr/sfw/lib:
/usr/local/lib:/usr/local/ssl/lib
CC=gcc
exportPS1PATHMANPATHLD_LIBRARY_PATHCC
exportEDITOR=vim
umask022
TMOUT=1800
#vi.bash_profile
if[-f~/.bashrc];then
.~/.bashrc
fi
5.安装常用软件包
TOP工具:
#gzip-dtop-3.5beta12.5-sol9-intel-local.gz
#pkgadd-dtop-3.5beta12.5-sol9-intel-local
VIM工具:
#gzip-dncurses-5.3-sol9-intel-local.gz
#pkgadd-dncurses-5.3-sol9-intel-local
#gzip-dvim-6.2-sol9-intel-local.gz
#pkgadd-dvim-6.2-sol9-intel-local
#mv/bin/vi/bin/vi.bak
#ln-s/usr/local/bin/vim/bin/vi
#cp/usr/local/share/vim/vim62/vimrc_example.vim/.vimrc
#vi/.vimrc
把其中的:
setbackup "keepabackupfile
修改为:
setnobackup "keepabackupfile
#vi/etc/hosts
加一条记录:
192.168.0.15win2k
GCC工具:
#gzip-dlibiconv-1.8-sol9-intel-local.gz
#gzip-dgcc-3.3.2-sol9-intel-local.gz
#pkgadd-dlibiconv-1.8-sol9-intel-local
#pkgadd-dgcc-3.3.2-sol9-intel-local
MAKE工具:
#gzip-dmake-3.80-sol9-intel-local.gz
#gzip-dautomake-1.7.2-sol9-intel-local.gz
#pkgadd-dmake-3.80-sol9-intel-local
#pkgadd-dautomake-1.7.2-sol9-intel-local
MOZILLA:
#pkgrmSUNWnsbSUNWnsmSUNWnspsmSUNWnsxp
#gzip-dmozilla-i386-pc-solaris2.8-1.6.pkg.tar.gz
#tar-vxfmozilla-i386-pc-solaris2.8-1.6.pkg.tar
#cdmozilla-1.6-x86
#pkgadd-dMOZmozilla.pkg
#gzip-dflash_player_6_solaris_intel.tar.gz
#tarvxfflash_player_6_solaris_intel.tar
#cdinstall_flash_player_6_solaris
#cp*/usr/local/lib/mozilla-1.6/plugins
#cd/usr/local/lib/mozilla-1.6/plugins
#ln?s/usr/j2se/jre/plugin/i386/ns610/libjavaplugin_oji.so
#/usr/local/bin/mozilla
OTHERS:
#pkgadd-dexpat-1.95.5-sol9-intel-local
#pkgadd-dgdbm-1.8.3-sol9-intel-local
#pkgadd-dopenssl-0.9.7d-sol9-intel-local
#pkgadd-dlibgcc-3.3-sol9-intel-local
#pkgadd-dlibpcap-0.8.1-sol9-intel-local
#pkgadd-dtcp_wrappers-7.6-sol9-intel-local
#pkgadd-dtcpdump-3.8.1-sol9-intel-local
#pkgadd-dzlib-1.2.1-sol9-intel-local
#pkgadd-dlsof-4.68-sol9-intel-local
6.安装APACHE-2.0.49
#pkgrmSUNWapchdSUNWapchrSUNWapchu
#gzip-dapache-2.0.49-sol9-intel-local.gz
#pkgadd-dapache-2.0.49-sol9-intel-local
#cp/usr/local/apache2/bin/apachectl/etc/rc3.d/S50apache
#chmod744/etc/rc3.d/S50apache
#chownroot:sys/etc/rc3.d/S50apache
#配置/usr/local/apache2/conf/httpd.conf过程略。
#SMCapach2
7.安装OPENSSH-3.8
#pkgrmSUNWsshcuSUNWsshdrSUNWsshduSUNWsshrSUNWsshu
#gzip-dopenssh-3.8p1-sol9-intel-local.gz
#pkgadd-dopenssh-3.8p1-sol9-intel-local
#mkdir/var/empty
#chownroot:sys/var/empty
#chmod755/var/empty
#groupaddsshd
#useradd-gsshd-c"arthursshdprivsep"-d/var/empty-s/bin/falsesshd
#ssh-keygen-trsa1-f/usr/local/etc/ssh_host_key-N""
#ssh-keygen-tdsa-f/usr/local/etc/ssh_host_dsa_key-N""
#ssh-keygen-trsa-f/usr/local/etc/ssh_host_rsa_key-N""
#vi/etc/init.d/sshd
===========================sshd
#!/sbin/sh
#
#Copyright(c)2004byllzqq
#Allrightsreserved.
#mail:llzqq@126.com
#ident"@(#)sshd1.101/09/24SMI"
case"$1"in
start)
/usr/local/sbin/sshd
;;
stop)
pkillsshd
;;
*)
echo"Usage:$0{start|stop}"
exit1
;;
esac
exit0
===========================sshd
#chmod750/etc/init.d/sshd
#chownroot:sys/etc/init.d/sshd
#ln?s/etc/init.d/sshd/etc/rc2.d/S98sshd
#vi/etc/hosts.deny
sshd:ALL
#vi/etc/hosts.allow
sshd:192.168.0.15
#rm/.ssh/*
8.安装SAMBA-3
#cp/etc/rc3.d/S90sambabak.S90samba
#pkgrmSUNWsmbacSUNWsmbarSUNWsmbau
#gzip-dsamba-3.0.2a-sol9-intel-local.gz
#gzip-dpopt-1.7-sol9-intel-local.gz
#pkgadd-dpopt-1.7-sol9-intel-local
#pkgadd-dsamba-3.0.2a-sol9-intel-local
#cd/usr/local/samba/doc/samba/examples/
#cpsmb.conf.default/usr/local/samba/lib/smb.conf
#设置smb.conf文件过程略
#mv/etc/rc3.d/bak.S90sambaS90samba
#chownroot:sys/etc/rc3.d/S90samba
#vim/etc/rc3.d/S90samba
=======================S90samba
#!/sbin/sh
#
#Copyright(c)2004byllzqq
#Allrightsreserved.
#mail:llzqq@126.com
#ident"@(#)samba1.101/09/24SMI"
case"$1"in
start)
[-f/usr/local/samba/lib/smb.conf]||exit0
/usr/local/samba/sbin/smbd-D
/usr/local/samba/sbin/nmbd-D
;;
stop)
pkillsmbd
pkillnmbd
;;
*)
echo"Usage:$0{start|stop}"
exit1
;;
esac
exit0
=======================S90samba
9.初步的系统安全设置
为安全起见在/etc/inetd.conf中注释掉除下列服务的所有服务
ftp
echo
echo
discard
discard
rstatd/2-4
fs
100083/1
在只需要不多图形操作的服务器或是要保证相当的安全,你也
许应该关掉字体服务fs,也可以关掉系统性能监视器rstatd和tooltal
k服务器ttdbserverd(100083/1),查找剩下需要关闭的端口的进程用这个命令:
#/usr/local/bin/lsof-i|grepport
为安全起见在防止堆栈溢出
#cp/etc/system/etc/system.BACKUP
#vi/etc/system
在文件的最后,加上以下两行:
setnoexec_user_stack=1
setnoexec_user_stack_log=1
禁用自动启动DESKTOP
#/usr/dt/bin/dtconfig?d
为安全起见停掉几个系统服务:
卸载SENDMAIL:
#pkgrmSUNWsndmrSUNWsndmu
卸载TELNET:
#pkgrmSUNWtnetcSUNWtnetdSUNWtnetr
#cd/etc/rc2.d
#mvS71ldap.client_S71ldap.client
#mvS72inetsvc_S72inetsvc
#mvS74autofs_S74autofs
#mvS74xntpd_S74xntpd
#mvS80lp_S80lp
#mvS71rpc_S71rpc
#mvS73nfs.client_S73nfs.client
#cd/etc/rc3.d
#mvS34dhcp_S34dhcp
#mvS15nfs.server_S15nfs.server
#mvS76snmpdx_S76snmpdx
卸载PCMCIA支持:
#pkgrmSUNWpcelxSUNWpcmciSUNWpcmcuSUNWpc
memSUNWpcserSUNWpsdpr
安装PORT扫描工具NMAP
#gzip-dnmap-3.50-sol9-intel-local.gz
#gzip-dpcre-4.5-sol9-intel-local.gz
#pkgadd-dnmap-3.50-sol9-intel-local
#pkgadd-dpcre-4.5-sol9-intel-local
扫描本机端口:
#nmap-P0-sTlocalhost
安装网络漏洞扫描工具NESSUS:
#gzip-dnessus-2.0.9-sol9-intel-local.gz
#pkgadd-dnessus-2.0.9-sol9-intel-local
建立SSL证书:
#nessus-mkcert
添加NESSUS用户:
#nessus-adduser
以ROOT启动NESSUS服务器:
#nessus?D
启动NESSUS的GUI客户端:
#nessus
