Solaris first boot essential configurations

Everytime one installs Solaris from a DVD/CD user needs to do a lot of initial configurations. The following perl script takes care some of those.

This script is meant to be run on development box in secure environment.This script enables SSHD explicitly so if someone doesnt want to root access for SSHD please disable "PermitRootLogin No" in "/etc/ssh/sshd_config" and restart SSHD daemon by "svcadm restart ssh"

Script configures following stuffs.
\* Creates /root directory for root user updates /etc/passwd with "/root" directory and sets "/usr/bin/bash" as default shell
\* Moves "/.dot-config" files to new /root directory
\* Enables "PermitRootLogin yes" for /etc/ssh/sshd_config to allow root access over sshd and restarts sshd service
\* Create /root/.bashrc and /root/.bash_profile
>updates with PATH and TERM settings
>bash prompt settings
>title bar customizations
>screen customization for telnet
\* Generates formatted files for the reference manual (catman)
\* This script takes a backup of your current configuration files and puts into /backup_conf_date:time.tar so you can revert back to older configuration
\* User can run this script multiple times each time script is executed, it will automatically create backup of older configuration and does the above configurations.

To run the script download the firstconf.pl to /tmp
test1~#cd /tmp
test1~#chmod +x ./firstconf.pl
test1~#./firstconf.pl
Logout and re-login immediately.
Comments:

Using telnet makes me shudder, why encourage it in an age when ssh clients are ubiquitous?

Posted by William Hathaway on August 27, 2006 at 09:43 PM PDT #

William I agree with you. This script is basically for newbie users :)

Posted by pradhap on August 27, 2006 at 11:55 PM PDT #

Why start them off with a bad habit? I'd suggest that the script go through and explicitly disable telnet, disable remote root logins and create a normal unprivledged user. Then take that user and configure some RBAC privledges. The "Secure by Default" stuff that's coming in Update 3 and already in OpenSolaris disables telnet and other things from the get go. The best way to teach new users and administrators is don't let them start with bad habits. :)

Posted by Phillip Wagstrom on August 28, 2006 at 01:02 AM PDT #

Newbies shoudn't be using telnet either. In fact, it could be argued that newbies are the last people that should be running telnet, because they are likely to have less knowledge of the security implications. That said - this is exactly the script I've been looking for! Moving stuff to /root and configuring bash as the root shell are the 2 things I always do first once I've installed Solaris. I also hate the "bash-3.0" prompt but never got round to figuring out how to change it. I suppose that makes be a bit of a UNIX newbie ;-) My only slight niggle is that it is not a shell script, but with perl installed by default that's not really a problem.

Posted by Andrew Pattison on August 28, 2006 at 05:10 AM PDT #

"This script is basically for newbie users :)"
You just made it 10,000 times worse. You teach newbies the correct method the first time. So they don't have to relearn the right way later.
\* Creates /root directory for root user updates /etc/passwd with “/root“ directory and sets “/usr/bin/bash“ as default shell
okay this is reasonable. \* Moves “/.dot-config“ files to new /root directory
reasonable as well
\* Comments “CONSOLE“ in /etc/default/login so that it allows root access through telnet
HELL NO!!!, its an extra level of security, making the user enter 2 passwords to gain root access. And root using telnet is just insane, passwords in plain text, be sure you give out your home and office and cell phones when the users box get hacked and he needs help at 2am to recover, you should be held responsible for such bad advice!
\* Enables “PermitRootLogin yes” for /etc/ssh/sshd_config to allow root access over sshd and restarts sshd service

HELL NO!!! see above.
my freind who saw this post and recomend that I read it, thinks you should be fired for giving such piss poor advice.
James Dickens
uadmin.blogspot.com

Posted by James Dickens on August 28, 2006 at 05:44 AM PDT #

I just looked to see if it was April first again. Its not. You are joking right ? ( seriously ) Dennis

Posted by Dennis Clarke on August 28, 2006 at 05:49 AM PDT #

Writing of starting newbies on bad habits, why are you teaching them to use bash? You should be teaching newbies to use tcsh, and start with `man tcsh` as the first thing, not that horrible buggy bash-Linux stuff. So, `man tcsh` and off you go!

Posted by ux-admin on August 28, 2006 at 06:18 AM PDT #

\* Thanks for comments.. I have done some more changes to script
\* This script is for \*newbie\* and not meant to be run on production environment :)
\* I agree bash has some buggy stuffs but still people prefer it over other shells. I d'nt want to start a shell war here again plzz... If you d'nt like it change it in script
\* removed enabling telnet root access
\*I have still maintained sshd root access. The reason is.. we can have two level security... user logs in and does a su- but when there is NIS or home directory issue its tough to login to a box.
\* I have also mentioned steps to be followed if user wants to disable SSHD root access in blog.

Posted by Pradhap on August 28, 2006 at 05:21 PM PDT #

Pradhap, It's good to have someone around trying to do usefull and constructive things. Specially for newbies to Opensolaris, Hell knows we need more people getting involved in Opensolaris for this project success (and trying to attract them). Unfortunatly, some of us think otherwise or at least don't understand it's "bad for business" to promote a climate of "Be sure I'll bash you on the head if you do something I don't like". I don't think this kind of behavior will "win over" new people to Opensolaris.... My 0.02 cents. Keep up the "good" work ;)

Posted by Philippe Plouffe on August 29, 2006 at 01:41 AM PDT #

Pradhap, The telnet was of-course a bad idea. That apart - the script is just perfect for doing what I do manually after every Solaris installation. Don't let all these "ux-admin"s, "uadmin"s, "fsck-admin"s and other people from the Stone Ages discourage you from doing useful things that you have been posting on your blog. Why don't all you folks commenting out there don't do anything constructive ? We need to get more people making an effort like Pradhap if we need to make OpenSolaris more "approachable". Look at what Belenix has been able to acheive ? All you \*admins don't need to prove that you are all Unix gods by picking up on small nits and blowing them out of propotion. If people like you had scared the shit out of new comers into the Linux community - it would have been populated by a bunch of grumpy sysadmins who are good at passing comments and nothing else.

Posted by Radcliffe on August 29, 2006 at 03:26 AM PDT #

@Radcliffe:

"ux-admins" aren't actually UNIX administrators but senior system engineers who have been working on cutting edge tech, developing new stuff you've obviously never even seen or heard of, AND have had apprentices who have all been very successful in the real world so far.

The "stone age" advice you refer to has a lot to do with senseless flaming and nothing to do with the facts.

Fact is, by learning to use `tcsh` instead of `bash`, you will have had a chance to start off on a right foundation and learn to use UNIX in more efficient ways than you thought possible. It is extremely important that we teach the future generations -- the ones that will replace us -- to truly understand UNIX and not \*think\* they understand it - and then go off and build stuff like Linux.

So what had been written had been written for your own benefit, not mine -- I myself already know why one shouldn't use certain things - because I've already used them so I know what the gotchas are.

So rather than criticizing "fsckin ux-whatever", do yourself a favor, warm up the chair and read the man page on `tcsh`. At least you will have learned something that will come more than handy and useful down the road...

Posted by ux-admin on August 29, 2006 at 06:49 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

pradhap

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today