Installation & Configuration Guide for Solaris 8

Document version 1.1.2, 2003-02-27 CWRU Information Technology Services

If you have any questions or problems using these instructions, simply contact the ITS Help Desk. (368-HELP, help@cwru.edu) These instructions describe a very simple installation of Solaris 8, including all rudimentary functions like networking and printing. These instructions do not address advanced subjects like setting up a mail server or FTP server on the newly installed system. We would be happy to help you set up those things, but the initial setup described here should be done first. NOTE: These instructions assume that you want to install your system from scratch, and that youve already moved any important files to some other location. This installation will destroy any existing data on the system. 1. Preparatory work 1.1. Verify that your system is assigned a static IP address1, and obtain hostname information.2 1.1.1. Visit https://setup.cwru.edu/ipcheck on the web, and verify that the numeric IP address of your system is explicitly listed (e.g. 129.22.x.y), rather than being listed as dynamic. If your system isnt listed on this page, then it isnt registered to you. Contact the Help Desk in that case. If your IP address is listed as dynamic, visit https://cnsdb.cwru.edu/IP-routing/requeststatic.html to obtain a static address. 1.1.2. Write down your systems static IP address from the web page in the Configuration Information box below. 1.1.3. Write down your systems hostname from the web page in the Configuration Information box. The hostname you use when configuring your system must match the hostname shown. If you prefer a different hostname, contact the Help Desk.

ITS generally requires that any computer on CWRUnet that is capable of obtaining its network configuration information dynamically using DHCP be configured to do so. Although it can be done, configuring a Solaris system to use DHCP is problematic. For that reason, we recommend that you do not use DHCP for Solaris 8, but rather obtain a static IP address for your workstation, and configure its network settings manually. That is what these instructions have you do. 2This step can be performed only by the person to whom the system is registered. If the system is not registered, or you dont know whether or to whom it is registered, contact the Help Desk.
1

page 1 of 10

1.2. Gather other relevant network configuration information. 1.2.1. Visit http://cnswww.cwru.edu/net/iprouting/findIPSubnet.htm on the web. 1.2.2. Enter your systems IP address, and click the Find IP Subnet Info button. 1.2.3. Write down the values given for IP Subnet Mask and Subnet Gateway below. Configuration Information IP address hostname subnet mask gateway

2. 3.

Unplug the network cable from the back of the computer. Boot the system from the installation CD. 3.1. 3.2. 3.3. 3.4. Turn on the system if it is not already running. Press STOP-a. The OpenBoot ok prompt appears. Insert the Solaris 8 Installation CD. Tell the machine to boot from the CD-ROM, using the command ok boot cdrom The system boots to the Web Start installer.

4.

Answer the questions the installer asks. Follow this advice: Perform an initial install. Yes, you do want to format /dev/dsk/c0t0d0. Accept the default swap slice size. Yes, the swap slice can start at the beginning of the disk. The installer copies files to the disk; then the machine reboots and the installation wizard is displayed.

5.

Step through the first installation wizard. Do not use DHCP. When asked for the hostname, do not qualify it with any domain information. For example, to set up a computer named mycomputer in the Math department, you would simply enter mycomputer, not mycomputer.math.cwru.edu nor mycomputer.cwru.edu. Do not enable IPv6. Use DNS as the name service.

page 2 of 10

Use cwru.edu (without quotes) as the domain name. Use 129.22.4.3 and 129.22.4.4 as the DNS servers. (Leave the last box blank.) No additional DNS search domains are needed. (Leave all six boxes blank.) Turn power management off. You have a direct connection to the Internet. Dismiss the error message that says Name Server information is incorrect. (Click Accept.) (This message appears because the system cannot contact the name servers on the network.)

The system plays a sound and displays the installation kiosk. 6. The Installation Kiosk Perform a custom installation. Do not choose to install anything from the Solaris 8 Software 2 of 2 CD. Do not choose to scan for additional products. Include 64-bit support. Choose the entire software group. Do not skip the Solaris 8 Software 2 installation, even though this seems to contradict the advice above. When asked to specify the installation media, pick CD and perform the installation. The installation proceeds, and you reboot at the end. 7. Network configuration.
7.1. Create a file, /etc/resolv.conf, with the content shown below. (vi is a good text

editor to use for this.)

domain cwru.edu nameserver 129.22.4.3 nameserver 129.22.4.4

7.2. Set the correct permissions for the file. chmod 644 /etc/resolv.conf chown root:other /etc/resolv.conf 7.3. Create a file, /etc/defaultrouter, containing the IP address of your gateway. (See step 1.2.3.) For example, a machine in Crawford building might use
129.22.114.1 example

7.4. Set the correct permissions for the file. chmod 644 /etc/defaultrouter chown root:other /etc/defaultrouter 8. Plug the network cable into the back of the computer, and immediately complete the next step.

page 3 of 10

9.

Reboot, and immediately complete the next step. init 6

10. Secure the system. Do not omit this step, nor delay in completing it. Your system is especially vulnerable to network attack until this step is complete. 10.1. Download the latest Recommended & Security patch cluster from Sun by FTP. (The steps are abbreviated below.) ftp sunsolve.sun.com (log in as user ftp) ftp> cd /pub/patches ftp> bin ftp> hash ftp> get 8_Recommended.zip ftp> quit 10.2. Extract the zip files contents. unzip 8_Recommended.zip an 8_Recommended directory will be created. 10.3. Install the patches. cd 8_Recommended ./install_cluster 10.4. Delete the installation files if you wish. cd .. rm r 8_Recommended.zip 8_Recommended 10.5. Make a backup copy of /etc/inet/inetd.conf. cp -p /etc/inet/inetd.conf /etc/inet/inetd.conf-orig 10.6. Comment out every line of /etc/inet/inetd.conf that isnt already, except the lines for rstatd, dtspcd and kcms_server. (The file is read-only, but you can still edit it in vi. To override the file permissions, give vi the w! command .) 10.7. Turn off Sendmail by renaming /etc/rc2.d/S88sendmail. mv /etc/rc2.d/S88sendmail /etc/rc2.d/disabledS88sendmail 10.8. Reboot. init 6

page 4 of 10

11. Install SSH. 11.1. Download & install Sun patch #112438. (This is similar to step 10.1.) (This patch creates the /dev/random device used by SSH.) 11.1.1. FTP to sunsolve.sun.com, and change to the /pub/patches directory. 11.1.2. Download 112438-01.zip. (Use the get command.) 11.1.3. Extract the zip files contents. unzip 112438-01.zip a 112438-01 directory will be created. Do not change to this directory. 11.1.4. Install the patch. patchadd d 112438-01 11.1.5. Delete the installation files if you wish. rm r 112438-01.zip 112438-01 11.1.6. Reboot. init 6 11.2. Download & install necessary freeware packages. 11.2.1. FTP to ftp.sunfreeware.com, and change to the pub/freeware/sparc/8 directory. (Again, this is similar to step 10.1.) (If Sunfreeware is too busy, try ftp.ibiblio.org, and change to the pub/packages/solaris/freeware/sparc/8 directory.) 11.2.2. Download the following files. (Use sequential get commands.) gzip-1.3.5-sol8-sparc-local libgcc-3.2.2-sol8-sparc-local.gz tcp_wrappers-7.6-sol8-sparc-local.gz zlib-1.1.4-sol8-sparc-local.gz openssl-0.9.6g-sol8-sparc-local.gz openssh-3.1p1-sol8-sparc-local.gz

11.2.3. Install gzip, the software used to decompress the other files. pkgadd d gzip-1.3.5-sol8-sparc-local 11.2.4. Decompress the other files using gunzip. For example:

page 5 of 10

/usr/local/bin/gunzip libgcc-3.2.2-sol8-sparc-local.gz 11.2.5. In the order given above, install the packages youve just decompressed. For example, the first command will be: pkgadd -d libgcc-3.2.2-sol8-sparc-local 11.2.6. Delete the installation files if you wish. For example: rm gzip-1.3.5-sol8-sparc-local 11.3. Configure SSH. 11.3.1. Set up privilege separation. mkdir /var/empty chown root:sys /var/empty chmod 755 /var/empty groupadd sshd useradd g sshd c "ssh privsep" d /var/empty s /bin/false sshd 11.3.2. Generate the encryption keys for SSH. (There is nothing between the quotes at the end of these commands.) /usr/local/bin/ssh-keygen t rsa1 f /usr/local/etc/ssh_host_key -N "" /usr/local/bin/ssh-keygen t dsa f /usr/local/etc/ssh_host_dsa_key -N "" /usr/local/bin/ssh-keygen t rsa f /usr/local/etc/ssh_host_rsa_key -N ""

page 6 of 10

11.3.3. Create a file, /etc/init.d/sshd, with the content shown below.

#!/sbin/sh pid=`pgrep -f /usr/local/sbin/sshd` case "$1" in start) if [ -x /usr/local/sbin/sshd ]; then echo "Starting sshd.. \c" /usr/local/sbin/sshd echo "Done." fi ;; stop) if [ "$pid" != "" ]; then echo "Stopping sshd.. \c" /usr/bin/kill $pid echo "Done." fi ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0

11.3.4. Set the permissions on the file. chown root:sys /etc/init.d/sshd chmod 744 /etc/init.d/sshd 11.3.5. Create links in the rc directories to the file you just created. ln s ../init.d/sshd /etc/rc2.d/S97sshd ln s ../init.d/sshd /etc/rc1.d/K07sshd ln s ../init.d/sshd /etc/rc0.d/K07sshd ls s ../init.d/sshd /etc/rcS.d/K07sshd 11.4. Start the SSH daemon. /etc/init.d/sshd start 11.5. Test SSH by sshing to another system, and sshing back.

page 7 of 10

12. Configure TCP Wrappers. 12.1. Create an empty file, /etc/hosts.allow. touch /etc/hosts.allow 12.2. Create a file, /etc/hosts.deny, with the content shown below.
ALL: ALL

12.3. Set the correct permissions for these files. chmod 644 /etc/hosts.allow /etc/hosts.deny chown root:other /etc/hosts.allow /etc/hosts.deny 13. Configure Sendmail. 13.1. Modify the /etc/mail/aliases file so that email sent to root will come to you. Right under the initial comments in the file, add a line
root: your_email_address@cwru.edu example

13.2. Update the mail alias database. newaliases 13.3. Edit the /etc/mail/local-host-names file, adding your systems fully-qualified hostname.
mycomputer.math.cwru.edu example

13.4. Enable the new configuration files installed by patch #110615. cp cp cp cp p p p p main.cf main.cf-orig main.cf.new main.cf subsidiary.cf subsidiary.cf-orig subsidiary.cf.new subsidiary.cf

page 8 of 10

14. Configure printing.3 14.1. Run admintool. 14.2. Choose Browse-> Printers 14.3. Choose Edit-> Add-> Access to Printer 14.4. Provide the requested information. The printer name is probably print. The print server is the hostname of your printer. The description is optional. Set this to be the default printer. 14.5. Choose File-> Exit. 14.6. Print a short text file to test the setup. For example: lp /etc/motd 15. Configure the default shell environment. 15.1. Download and install the Bash shell (bash-2.05-sol8-sparc-local.gz) from Sunfreeware. (This is similar to step 11.2.) 15.2. Create a file, /etc/skel/.bashrc, with the content shown below. (The PATH and MANPATH definitions below are too long to fit on one line, and so have been broken onto multiple lines. When completing this step on your computer, dont break the lines.)
PATH=/usr/bin:/usr/ucb:/usr/local/bin:/usr/sbin:/sbin:/usr/dt/bin: /usr/openwin/bin export PATH MANPATH=/usr/share/man:/usr/local/man:/usr/local/ssl/man:/usr/dt/man: /usr/openwin/share/man export MANPATH LD_LIBRARY_PATH=/usr/lib:/usr/local/lib export LD_LIBRARY_PATH

15.3. Create a file, /etc/skel/.bash_profile, with the content shown below.

source ~/.bashrc

15.4. Set the permissions on the files. cd /etc/skel chown root:other .bash_profile .bashrc chmod 644 .bash_profile .bashrc 15.5. Copy the files into roots home directory. cd /etc/skel cp .bash_profile .bashrc /

These instructions assume you are using a network printer such as an HP LaserJet. If not, ask us for help.

page 9 of 10

16. Establish time synchronization. 16.1. Set the EDITOR environment variable so that the next command will use vi. EDITOR=vi export EDITOR 16.2. Using the crontab e command, add the following line to roots crontab file. (This will synchronize your systems clock at 7:30 every morning. Choose a different time if you prefer. Remember, no blank lines are permitted in the crontab file.)
30 7 * * * /usr/sbin/ntpdate -s ntp1.cwru.edu

17. Prepare commonly-used manpages. (Optional) catman -M /usr/local/man catman 1 catman -w 18. Set up reports. (Optional)4 18.1. Using the crontab e command, add the following lines to roots crontab file. (This will email you the system log at 8:00 every morning, and a listing of the last 50 logins at 8:05. Choose different times if you prefer.)
0 8 * * * /usr/bin/mailx s "Report: `uname -n`: messages" root</var/adm/messages 5 8 * * * last n 50 | /usr/bin/mailx s "Report: `uname n`: last 50" root

19. Install other useful programs. (Optional) Many people find the following programs very useful. Choose to install any of them that you wish. Program Enscript Package filename(s) enscript-1.6.1sol8-sparclocal.gz xemacs-21.1.13sol8-sparclocal.gz also requires: xpm, jpeg, libpng, gdbm Download, decompress and install the packages you want just as you did in steps 11.2.1 through 11.2.5. Description Prints text, etc. as PostScript. Supports pretty-printing of source code, multi-column printing, landscape orientation, etc. Very versatile. Graphical version of the Emacs text editor. Much easier to use than vi. Special support for programming & scripting languages, HTML, etc. Can be used as a development environment. Very versatile.

Xemacs

These reports are optional, but they make it easy to monitor your system. You can have the reports sent less frequently if you wish. See the crontab manpage for more information.

page 10 of 10