Cover V09, I13
Article
Listing 1
Listing 2
Sidebar 1

nov_sup2000.tar

Listing 1: phase1

#!/sbin/sh
#******************************************************************************
#
#    Name:            phase1
#    SCCS Id:        @(#)phase1    1.3    04/17/00
#
#    Description:    This file is a script for system set up, phase 1.  Phase 1
#                    is immediately after Solaris has been installed, but BEFORE
#                    the initial reboot.
#
#
#            Copyright (C) 2000 by Richard Teer.  All rights reserved.
#
#******************************************************************************


OS_REL=`uname -r`
HOSTNAME=`uname -n`
SYSTEM="/a/etc/system"
USE_NTP=false
DEFAULT_DOMAIN="rite-group.com"

echo "Starting system hardening for $HOSTNAME, Phase 1"

umask 022

echo "Enter domain name [$DEFAULT_DOMAIN]: \c"
read LINE
DOMAIN=${LINE:-$DEFAULT_DOMAIN}
echo $DOMAIN > /a/etc/defaultdomain

echo "Setting up /etc/rc?.d/S00umask.sh...  \c"
echo "umask 022" > /a/etc/init.d/umask.sh
for i in /a/etc/rc?.d; do
    ln -s /etc/init.d/umask.sh $i/S00umask.sh
done
echo "Done."

echo "Modifying /etc/system...  \c"
echo "\n" >> $SYSTEM
echo "forceload: misc/obpsym" >> $SYSTEM
echo "set priority_paging = 1" >> $SYSTEM
echo "set noexec_user_stack = 1" >> $SYSTEM
echo "set nfssrv:nfs_portmon = 1" >> $SYSTEM
echo "set noexec_user_stack_log = 1" >> $SYSTEM
if [ "$USE_NTP" = "true" ]; then
    echo "set dosynctodr = 0" >> $SYSTEM
fi
echo "Done."

case "$OS_REL" in
    '5.5' | '5.5.1' | '5.6')
        echo "Enabling savecore...  \c"
ed /a/etc/init.d/sysetup << EOF > /dev/null
$-5,$s/^#//
w
q
EOF
        echo "Done."
        ;;

    *)
        ;;
esac

echo "Building root's new home directory:"
echo "    Making /root"
mkdir -m 0700 /a/root
chown root:root /a/root
FLAG=false
echo "    Copying files: \c"
cat phase1_files/INDEX | while read SRC DEST OWNER GROUP PERMS; do
    if [ $FLAG = "false" ]; then
        echo "$SRC\c"
        FLAG=true
    else
        echo ", $SRC\c"
    fi
    cp phase1_files/$SRC $DEST
    chown $OWNER:$GROUP $DEST
    chmod $PERMS $DEST
done
echo "."
echo "    Updating /etc/passwd"
ed /a/etc/passwd << EOF > /dev/null
1s/\//\/root/
w
q
EOF
echo "Done."

sync

echo "\n"
echo "Phase 1 of the system hardening for $HOSTNAME is complete."
echo ""
echo "Reboot this machine now, install the latest Recommended"
echo "and Security patches from SunSolve, and then proceed"
echo "with Phase 2 of the system hardening."

 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com