Useful Solaris (and Unix) information in the context of Cambridge University
Unix Support are here to help you!
We can be contacted by telephone on (3)34728 or by email on unix-support@ucs.cam.ac.uk. As well as offering advice on specific problems of a Unix nature we also offer a number of other services.
Installation
nfs-uxsup.csx.cam.ac.uk:/sun contains a lot of the Solaris media that the University has access to. In particular there is a subdirectory EduSoft which contains the software distributed under the University's EduSoft license. If there is something that you want that isn't there then there is a good chance that it can be added, just ask! The list of software that can be made available can be found at http://www.sun.com/products-n-solutions/edu/promotions/edusoft/institution/productlist.html
This includes recent versions of Solaris and their compilers as well as a variety of other useful applications.
Networking and NTP
Ask your local Computer Officer for an IP address, or, if you are your local computer officer email ip-register@ucs.cam.ac.uk. They will tell you not only the IP address you need, but also the netmask and DNS configuration. In general you can expect the nameservers in the University to be 131.111.12.20 and 131.111.8.42, although this can vary in some departments.
You should also configure NTP. http://www-uxsup.csx.cam.ac.uk/ntp/stratum3.html gives details on how do do this. There are a number of benefits, in particular your machines will all agree on times, which makes interpreting logs that much easier.
Patching & Security
nfs-uxsup.csx.cam.ac.uk:/public_patches/SUN contains the public patches for Solaris, in particular it includes the recommended patch bundles. If you need non-public patches then you can either contact Unix Support, or you can get them direct from http://sunsolve.sun.co.uk, however you will need a Sun Contract number which you get along with a support contract with Sun. Often the person who handles finance will end up with these.
NOTE - after patching, check what has been started up, or what services have been enabled (in inetd in particular). Some patches (especially before SMF in Solaris 10) had a habit of re-enabling every service in inetd without asking. In general uninstalling any package with a daemon that you don't want to run is the safest option, if it is possible.
Announcements about new patches happens on the security-alert@sun.com mailing list. More details available at http://sunsolve.sun.com/pub-cgi/show.pl?target=security/sec. Also there are local news groups which are worth reading: ucam.comp.security, ucam.comp.sun and ucam.com.unix in particular.
When installing a machine, please disable any unwanted services. In particular ones which are unencrypted (telnet, ftp, rsh, etc). Unfortunately, these days, most attacks now seem to rely on using brute force on 'guessable' username and password pairs.
If your machines are visible on the public network then you probably want to look at the probing suite on http://probing.csx.cam.ac.uk/ this can tell you about 'obvious' problems with your machine. This stops you being embarrassed when we tell you about problems that we spotted through the probing suite.
The title of this document is:
Solaris Admin Course
URL:
http://www-uxsup.csx.cam.ac.uk/courses/SolarisAdminCourse/index.html