Sunday, December 25, 2011

Solaris 10 Account Lockout ("Three Strikes!")



The next item of my list of lesser known and/or publicized security enhancements to the Solaris 10 OS is account lockout. Account lockout is the ability of a system or service to administratively lock an account after that account has suffered "n" consecutive failed authentication attempts. Very often "n" is three hence the "three strikes" reference.


Account lockout can be enabled in one of two ways. The first way will enable account lockout globally for all users. The second method will all more granular control of which users will or will not be subject to account lockout policy.Note that the account lockout capability will only apply to accounts local to the system. We will look at both in a little more detail below.

Before we look at how to enable or disable the account lockout policy, let's first take a look at how you configure the number of consecutive, failed authentication attempts that will serve as your line in the sand. Any number of consecutive, failed attempts beyond the number selected will result in the account being locked. This number is based on the RETRIES parameter in the /etc/default/login file. By default, this parameter is set to 5. You can certainly customize this parameter based on your local needs and policy. By default, the Solaris Security Toolkit will set theRETRIES parameter to 3.

Now that we know how to define how many consecutive, unsuccessful authentication attempts we will allow, let's take a look at how you can enable the account lockout policy globally. This policy can be altered using theLOCK_AFTER_RETRIES variable in the /etc/security/policy.conf file. Just as it sounds, if you set this parameter toYES, then the account lockout policy is enabled for all users on the system (unless there is a user override which we will talk about in a minute). By default, this parameter is set to NO which means that account lockout is not enabled.
Read more »
Posted by at 10:04 AM 0 comments

Saturday, December 24, 2011

Solaris Network configuration



Setting up Solaris networking often becomes challenging for the new sysadmins and new owners of Sun systems . This document details the steps involved in setting up of Solaris networking and can be used as a check list if you are already familiar with Solaris network configuration .
Table of contents :
1. Enable the network card
2. Configuring ipaddress and netmask and making the interface status as up .
3. Configuring Virtual interface :
4. Ip-forwarding
5. Router Configuration
6. Network Terms
7. Next Steps
Ifconfig command is used in Solaris to configure the network interfaces . The following lines describes the activities needed to configure a freshly installed network card from the root prompt .
1. Enable the network card 
#ifconfig hme0 plumb
ifconfig -a command should show following type of output which means device is enabled and is ready to configure ip address and netmask :
hme0: flags=842 mtu 1500
inet 0.0.0.0 netmask 0
ether 3:22:11:6d:2e:1f
2. Configuring ipaddress and netmask and making the interface status as up .
#ifconfig hme0 192.9.2.106 netmask 255.255.255.0 up
#ifconfig -a will now show the ip address , netmask and up status as follows :
hme0: flags=843 mtu 1500
inet 192.9.2.106 netmask ffffff00 broadcast 192.9.2.255
ether 3:22:11:6d:2e:1f
The file /etc/netmasks is used to define netmasks for ip addresses .
127.0.0.1, is the standard loop back route and 127.0.0.0 is the default loopback ipaddress used by the kernel when no interface is configured this will be the only entry displayed by the system on invoking ifconfig -a command..
3. Configuring Virtual interface
Virtual interface can be configured to enable hme0 reply to more then one ip addresses. This is possible by using hme0 alias which can be configured by ifconfig command only . The new alias device name now becomes hme0:1 hme:2 etc.
#ifconfig hme0:1 172.40.30.4 netmask 255.255.0.0 up
ifconfig -a will show the original hme0 and alias interface :
hme0: flags=843 mtu 1500
inet 192.9.2.106 netmask ffffff00 broadcast 192.9.2.255
ether 3:22:11:6d:2e:1f
hme0:1: flags=842 mtu 1500
inet 172.40.30.4 netmask ffff0000 broadcast 172.40.255.255
Read more »
Posted by at 11:27 AM 0 comments

Friday, October 21, 2011

Solaris: How to Share Folder ?



Servers: Indapp001 and Usaapp002
To do: To mount “/export/home” of Indapp001 on Usaapp002.
Issue the following commands on Indapp001:
1. Share the required file system “/export/home” of Indapp001.
Start the nfs server on Indapp001.
# svcadm enable network/nfs/server
2. Share the “/export/home” of Indapp001 for everyone on the network.
#share -F nfs -o rw -d “home dirs” /export/home
Issue the following commands on Usaapp002:
3. From Usaapp002 check which files are shared on Indapp001 for NFS mount.
# showmount -e Indapp001
export list for Indapp001:
/export/home (everyone)
4. Create mount point on Usaapp002 “t2”
#mkdir /t2
5. Mount file system of Indapp001 “/export/home” on Usaapp002
# mount Indapp001:/export/home /t2
6. Checked the mounted file system by issuing the “df -h” command:
# df -h /t2
Filesystem size used avail capacity Mounted on
Indapp001:/export/home
29G 3.1G 25G 11% /t2
#



Regards.
Posted by at 4:02 AM 0 comments

Saturday, October 15, 2011

What is Sun Ray ?




This Video Will do it all !!!


In contrast to a thick client, the Sun Ray is a networked display device, with applications running on a server elsewhere, and the state of the user's session being independent of the display. This enables another notable feature of the Sun Ray, portable sessions: a user can go from one Sun Ray to another and continue their work without closing any programs. With a smartcard, all the user has to do is slip in the card, enter their password when prompted, and they will be presented with their session. Without the smartcard, the procedure is almost identical, except the user must specify their username as well as password to get their session. In either case, if a session does not yet exist, a new one will be created the first time they connect.
Sun Ray clients are connected via an Ethernet network to the Sun Ray Server. Sun Ray Server Software (SRSS) is available for the Solaris Operating System and Linux. Sun developed a separate network display protocol, Appliance Link Protocol (ALP), for the Sun Ray system.


Best Regards.
Posted by at 11:41 AM 0 comments

Saturday, September 24, 2011

Oracle Cloud Computing (part1)

Cloud computing is a significant advancement in the delivery of information technology and services.

By providing on demand access to a shared pool of computing resources in a self-service, dynamically

scaled and metered manner, cloud computing offers compelling advantages in speed, agility and

efficiency. Today, cloud computing is 

Read more »
Posted by at 8:28 PM 0 comments

Wednesday, December 29, 2010

Installing and Configuring Oracle Database 10g on the Solaris Platform


Introduction
This paper will walk you through the steps of installing Oracle Database 10g release 1 (Oracle version 10.1.0) in a Sun Solaris SPARC environment. About 90% of the material presented here applies to other platforms as well. Everything you read in this paper is hands on, roll-up-your-sleeves-and-get-busy material for Oracle users who want to get an Oracle database up and running quickly without reading hundreds of pages of documentation and “readme” files.

These steps are meant to get you up and running as fast as possible, while leveraging best practices in order to set up a scalable, robust database environment that offers high performance. In order to keep the steps reasonably simple this paper does not cover Real Application Clusters (RAC), nor does it cover Oracle Internet Directory (OID), Automatic Storage Management (ASM), or Grid Control.

In this paper we will install the 10.1.0.4 release of Oracle Database 10g. This is the base distribution of Oracle Database 10g release 1 (10.1.0.2) with the 10.1.0.4 patch set applied on top. For this paper we ran our Oracle installations on Sun servers with SPARC processors running Solaris 8.

There are four phases to getting Oracle up and running on your server:

Prepare the server
Install the Oracle software and latest patch set
Create a database
Complete the server configuration
We will walk through these phases one at a time, detailing all the steps involved. The end result will be a very usable database that can be scaled up quite large, and an Oracle installation that follows industry-recognized best practices. Of course, every implementation is unique, and you will need to evaluate each step carefully against your particular requirements. However, this paper will get you off to a very solid start.
Prepare the Server

These steps configure your database server so that it will be ready to accept the Oracle software and database. In this section, we will make sure your server meets Oracle’s minimum requirements, create a Unix user and group to “own” the software, and create some directories that will be used by the Oracle software and database. All of the steps in this section are run as the root user.

Make sure that your operating system platform is certified by Oracle Corporation for use with Oracle Database 10g. The 64 bit versions of Solaris 8, 9, and 10 for SPARC are certified for use with Oracle Database 10g, while the 32 bit versions are not. Some special steps and an extra Oracle patch are required to run Oracle Database 10g release 1 with Solaris 10. (These are detailed in

Metalink bulletin 169706.1 and will be listed in the next step.) Solaris x86 is a different platform and is not covered in this paper.

Read more »
Posted by at 12:48 PM 0 comments

How to Use the Unix Top Command


How to Use the Unix Top Command
Top is a small, but powerful program available on both UNIX and Linux systems whose purpose is to allow you to monitor processes on your system.

Read more »
Posted by at 9:24 AM 0 comments
Subscribe to: Posts (Atom)