solaris 如何将某一服务重启和停止

王朝other·作者佚名  2006-11-24
窄屏简体版  字體: |||超大  

1.Disabled Volume Management

# cd /etc/rc2.d

# mv S92volmgt s92volmgt

After this configuration, CD-ROMs will not be automatically mounted. To manually mount a CD-ROM use:

# mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /mnt

2.Disabled Dtlogin

Dtlogin is disabled if the server is not intended to run the Common Desktop Environment (CDE) or GUIs.

# cd /etc/rc2.d

# mv S99dtlogin s99dtlogin

3.Disabled Printing

# /usr/lib/lpshut

# cd /etc/rc2.d

# mv S80lp s80lp

4.Disabled RPC

RPC is disabled if the server is not intended to run CDE. To determine what is using rcp, use “rpcinfo –p”.

# cd /etc/rc2.d

# mv /etc/rc2.d/S71rpc /etc/rc2.d/s71rpc

5.Disabled the NFS Client

# /etc/init.d/nfs.client stop

# cd /etc/rc2.d

# mv S73nfs.client s73nfs.client

6.Disabled the NFS Server

# /etc/init.d/nfs.server stop

# cd /etc/rc3.d

# mv S15nfs.server s15nfs.server

7.Disabled UUCP

# cd /etc/rc2.d

# mv S70uucp s70uucp

8.Disabled the LDAP Client

# cd /etc/rc2.d

# mv S71ldap.client s71ldap.client

9.Disabled the Auto Mounter

# /etc/init.d/autofs stop

# cd /etc/rc2.d

# mv S74autofs s74autofs

10.Disabled the Network Time Daemon

# /etc/init.d/xntpd stop

# cd /etc/rc2.d

# mv S74xntpd s74xntpd

11.Disabled the Logical Link Control Driver

# cd /etc/rc2.d

# ./S40llc2 stop

# mv S40llc2 s40llc2

12.Disabled Auto Install

# cd /etc/rc2.d

# mv S72autoinstall s72autoinstall

13.Disabled Cachefs Daemon

# cd /etc/rc2.d

# mv S73cachefs.daemon s73cachefs.daemon

14.Disabled Asynchronous PPP Daemon

# cd /etc/rc2.d

# mv S47pppd s47pppd

15.Disabled cacheos.finish Script

# cd /etc/rc2.d

# mv S93cacheos.finish s93cacheos.finish

16.Disabled Preservation of Files Killed by Vi

# cd /etc/rc2.d

# mv S80PRESERVE s80PRESERVE

17.Disabled Power Management

# cd /etc/rc2.d

# mv S85power s85power

18.Disabled Flash Prom Update

# cd /etc/rc2.d

# mv S75flashprom s75flashprom

Before attempting to update the eeprom, temporally enable this script.

19.Disabled “Buttons n Dials-Setup”

# cd /etc/rc2.d

# mv S89bdconfig s89bdconfig

20.Disabled Spc

# cd /etc/rc2.d

# mv S80spc s80spc

21.Disabled Sun Management Center

# cd /etc/rc2.d

# mv S90wbem s90wbem

22.Disabled Network Cache and Accelerator

# cd /etc/rc2.d

# mv S94ncalogd s94ncalogd

# mv S95ncad s95ncad

Used to increase web server performance

23.Disabled Mobile IP Agent

# cd /etc/rc3.d

# mv S80mipagent s80mipagent

24.Disabled SNMP

# cd /etc/rc3.d

# /usr/bin/pkill -9 -x -u 0 '(snmpdx|snmpv2d|mibiisa)'

# mv S76snmpdx s76snmpdx

25.Disabled Apache

# cd /etc/rc3.d

# mv S50apache s50apache

26.Disabled DMI

# cd /etc/rc3.d

# /usr/bin/pkill -9 -x -u 0 '(snmpXdmid|dmispd)'

# mv S77dmi s77dmi

27.Disabled the Sendmail Daemon

The system continues to send mail out. It does not receive mail in to the server. This eliminates a significant security

vulnerability.

# /etc/init.d/sendmail stop

Prevented sendmail from starting at boot:

# cd /etc/rc2.d

# mv S88sendmail s88sendmail

Ensured the sendmail queue is cleaned out:

# crontab –e

# The Sendmail daemon is not running - This tells it to send mail out

05,20,35,50 * * * * /usr/lib/sendmail –q

28.Disabled Multicasting

Multicasting is typically used for clustering. Ensure that it is not required by an application.

# vi /etc/init.d/inetsvc

#

# Add a static route for multicast packets out our default interface.

# The default interface is the interface that corresponds to the node name.

#

#mcastif=`/sbin/dhcpinfo Yiaddr`

#

#if [ $? -ne 0 ]; then

# mcastif=`uname -n`

#fi

#

#echo "Setting default interface for multicast: \c"

#/usr/sbin/route add -interface -netmask "240.0.0.0" "224.0.0.0" "$mcastif"

29.Disabled the Serial Port Listeners

This configuration can be accomplished unless there is a modem or console terminal attached to the system.

# vi /etc/inittab

Remove the line with “/usr/lib/saf/sac -t 300”

# chown root:sys /etc/inittab

# chmod 644 /etc/inittab

1.Added Warning Banners

These configurations replace the operating system version with a warning banner displayed during the login process.

Login:

# vi /etc/motd (replaced operating system version with a warning banner)

Property of Company

WARNING: To protect systems from unauthorized use and to ensure that the

system is functioning properly, activities on this system are monitored and

recorded and subject to audit. Use of this system is expressed consent to such

monitoring and recording. Any unauthorized access or use of this system is

prohibited and could be subject to criminal and civil penalties.

# cp /etc/motd /etc/issue

Telnet:

# vi /etc/default/telnetd

UMASK=022

BANNER=""

# chown root:sys /etc/default/telnetd

# chmod 444 /etc/default/telnetd

FTP:

# vi /etc/default/ftpd

UMASK=022

BANNER=`cat /etc/motd`

# chown root:sys /etc/default/ftpd

# chmod 444 /etc/default/ftpd

2.Enabled Logging of the su Command

This configuration logs both success and failure of su command usage.

NOTE: This configuration is required by the root login notification script (below).

# vi /etc/default/su

SULOG=/var/adm/sulog (uncommented)

# cd /var/adm

# touch sulog

# chgrp sys sulog

# chmod 600 sulog

3.Enabled AUTH Logging

The auth facility controls account access with login, su, etc.

# vi /etc/syslog.conf

auth.info /var/log/authlog

auth.notice /var/log/authlog

NOTE: The entries must be separated by tabs.

# /etc/init.d/syslog stop

# /etc/init.d/syslog start

4.Enabled Logging of Unsuccessful Login Attempts

The loginlog file records consecutive failed login attempts.

# cd /var/adm

# touch loginlog

# chgrp sys loginlog

# chmod 600 loginlog

5.Enabled Logging of Successful Logins

# cd /var/log

# touch logins

# chgrp sys logins

# chmod 600 logins

# vi /etc/syslog.conf

# log successful logins

local0.info /var/log/logins

NOTE: The entries must be separated by tabs.

# /etc/init.d/syslog stop

# /etc/init.d/syslog start

Added the following entry to /etc/profile and /etc/.login:

logger -p local0.info "User $LOGNAME has logged in"

6.Enabled Logging of CDE Login Attempts

# vi /etc/pam.conf

Added the word “debug” after the account management entries

#

# Account management

#

login account required /usr/lib/security/$ISA/pam_unix.so.1 debug

dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 debug

# vi /etc/syslog.conf

Added “;auth.debug;user.debug” to the line that logs successful logins

# log successful logins

local0.info;auth.debug;user.debug /var/log/logins

NOTE: The entries must be separated by tabs.

# /etc/init.d/syslog stop

# /etc/init.d/syslog start

7.Enabled Performance Logging

# su – sys

# EDITOR=vi; export EDITOR

# crontab –e

# The sys crontab should be used to do performance collection. See cron

# and performance manual pages for details on startup.

#

0 * * * 0-6 /usr/lib/sa/sa1

20,40 6-22 * * 1-5 /usr/lib/sa/sa1

5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航