Enable TCP wrappers in Solaris 10

Enable TCP wrappers in Solaris 10

=========================================
To determine if TCP wrappers are enabled:
=========================================

# svcprop -p defaults inetd

defaults/tcp_wrappers boolean false

==============================================
To enable TCP wrappers for all inetd services:
==============================================

1. set the property
# svccfg -s inetd setprop defaults/tcp_wrappers=true

2. reload inetd:

# svcadm refresh inetd

3. Show that it is now enabled:

# svcprop -p defaults inetd | grep tcp_wrappers

defaults/tcp_wrappers boolean true

==================================================
To disable TCP wrappers for an individual service:
==================================================

# inetadm -m tcp_wrappers=false’,

Solaris 10: enable NFS

The NFS server service is dependent on a slew of other services. Manually enabling all of these services would be tedious. The svcadm command makes this simple with one command:

svcadm -v enable -r network/nfs/server

The -v option makes the command output verbose details about the services enabled. You can use the -t option (..enable -rt network…) to enable these services temporarily (so that they will not be automatically enabled when the system reboots). By default, enabling a service will enable it permanently (persistent across reboots until it is disabled).

Solaris 10 steps to debug NFS client automount

1.
Verify connectivity with the server. Use ping

2.
Attempt to manual mount

3.
Check /etc/vfstab. should be 7 entries seperated by tabs
pluto:/home/raid – /home/raid nfs – yes rw,bg

4.
check to see what is not running
#svcs -xv
#svcs -a|grep nfs
#svcs -a|grep nis
#svcs -a|grep dns

Turn it all on (you/they may not want to do this)
#svcadm -v enable -r network/nfs/server

If cliend is disabled enable with svcadm
If they are using nis this must be enabled
If they are using dns this must be enabled

5.
Check /etc/hosts for the server name

6.
Check nslookup for the server name

7.
Check /etc/nsswitch.conf. the ipnode line should look like this
ipnodes: files
the other stuff like [NOTFOUND=return] is for ipv6

8.
Check /etc/resolve.conf
The nameserver that resolves to the outside (internet) should be the first entry

9.
check /etc/nfs.conf
should be version=2, if talking to anything other than a Solaris 10 server

run web server as non root and still run at port 80

With Solaris 10, Sun introduced role based access control (RBAC) extended with privileges, which can be used to solve this issue in a very simple way.
Here are two links to understand more on RBAC concepts and how to practically use RBAC for day to day tasks.

http://www.softpanorama.org/Solaris/Security/solaris_privilege_sets.shtml#Privileges_and_RBAC
http://www.samag.com/documents/s=7667/sam0213c/0213c.htm

Coming back to the question on how to run a web server at port 80 (or any number less than 1024) as a non root user – on Solaris 10, you need to provide ‘net_privaddr’ privileges to a non root user and start the server as this user.

For e,g, let us say that you would like to start the server as ‘webservd’ (Sun creates this user by default on Solaris 10) ,

# become root
# /usr/sbin/usermod -K defaultpriv=basic,net_privaddr webservd

If in case, you would like to start the server as some other user, then you will need to appropriately change the last parameter in the above command to reflect that user.

Solaris 10 Sites you should know about:

Solaris 10 Sites you should know about:

Download or Order Solaris 10 from Sun.

http://www.sun.com/software/solaris/get.jsp

BeleniX is an OpenSolaris distribution which is currently a LiveCD
(runs directly off the CD). It includes all the features of OpenSolaris
and adds a whole variety of opensource packages. It can be installed
to harddisk as well.BeleniX is free to use modify and distribute.

http://www.genunix.org/distributions/belenix_site/belenix_home.html

Solaris Express, Community Release is Sun’s binary release for developers
(code named Nevada).

http://www.opensolaris.org/os/downloads/sol_ex_dvd/

Here is Sun’s homepage for all things related to supporting sun products ( including Solaris).

http://sunsolve.sun.com

Recently Sun opensourced parts of Solaris. This is the home page for the
community around that project.

http://opensolaris.org/os/

One of the longest running, pure sun/solaris news and information sites around. A great resource.

http://sunhelp.org

While not always about Solaris, Ben’s blog is chock full of good solaris info.

http://cuddletech.com/blog

Here you can find the blogs of the opensolaris developers.

http://www.opensolaris.org/os/blogs/

Sun’s Offical blog site

http://blogs.sun.com/

Sun’s ZFS documentation

http://docs.sun.com/app/docs/doc/819-5461?q=zfs

More ZFS information

http://www.opensolaris.org/os/community/zfs/

A wiki for zfs information
http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide

An article from sun explaining how to use zfs and containers effectivly.

http://www.sun.com/software/solaris/howtoguides/zfshowto.jsp

Explains the magic of ZFS snapshots

http://blogs.sun.com/ahrens/entry/is_it_magic

Sun’s Dtrace User Guide

http://docs.sun.com/app/docs/doc/817-6223?q=dtrace

Dtrace information from the opensolaris community

http://www.opensolaris.org/os/community/dtrace/

A great site with lots of examples and scripts.

http://brendangregg.com/dtrace.htmlDtrace Tools

An article by sun for developers. Goes through the process
of using dtrace for device driver development

http://developers.sun.com/solaris/articles/dtrace_for_dev.html

A good post of how Dtrace can help you track down performance problems.

http://www.lethargy.org/~jesus/archives/74-PostgreSQL-performance-through-the-eyes-of-DTrace.html

A good general overview of zones and containers

http://opensolaris.org/os/community/zones/faq/

The offical admin guide

http://docs.sun.com/app/docs/doc/817-1592?q=zones

An excellent guide to containers and zones. Part of Sun’s blueprint collection

http://www.sun.com/blueprints/1006/820-0001.html

Big Admin’s guide to SMF.

http://www.sun.com/bigadmin/content/selfheal/sdev_intro.html

Sun’s Blueprint Program as a new PDF out on SMF’s. This is a direct link to the pdf.

http://www.sun.com/blueprints/0206/819-5150.pdf

Straight from docs.sun.com

http://docs.sun.com/app/docs/doc/817-1985

An Accelerated Introduction to Solaris 10: Part 1

http://cuddletech.com/blog/pivot/entry.php?id=562

Looking for a package and can’t seem to find it? Blastwave.org just might have it

http://www.blastwave.orgg

Sunfreeware provides pkg’s for well, freeware..

http://sunfreeware.com

How to setup and configure the bundled MySQL with Solaris 10.

http://meljr.com/~meljr/mysql_Sol10.html

How to setup and configure the bundled Postgresql with Solaris 10.

http://www.sun.com/software/solaris/postgresql.jsp

And as always

http://www.dracko.com

Solaris 10 metadevices remain in the state: need maintenance

Solaris 10 metadevices remain in the state: need maintenance

On a machine running Solaris[TM] 10 Operating System (DNS client) and Solaris[TM] Volume Manager (SVM) used to mirror some disks (boot disks), once the machine reboots, metadevices remain in the state "Need maintenance" because resyncing is not called.

Check to see what is NOT running

#svcs -xv

svc:/system/metainit:default (SVM initialization)
State: disabled since Wed Mar 28 22:28:31 2007
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M metainit
Impact: 1 dependent service is not running:
svc:/system/mdmonitor:default

This symptom is also seen when "svc:/system/mdmonitor:default" service is disabled or offline.

# svcs -a | grep mdmonitor
disabled 12:23:30 svc:/system/mdmonitor:default

To enable metasync during boot this service should be enabled. To enable this service run:

# svcadm enable svc:/system/mdmonitor:default

Check if the service is enabled or online now.

# svcs -a | grep mdmonitor
online 12:30:28 svc:/system/mdmonitor:default

The final step is to sync the submirrors and then reboot the system.

# metasync
# reboot

After the system is rebooted, the submirrors should be in "Okay" state.

Disable sendmail on Solaris 10

1. Check/and confirm that sendmail is running:

# ps -ef | grep sendmail
root 1373 1360 0 09:49:45 pts/1 0:00 grep sendmail
root 514 1 0 Jun 03 ? 0:13 /usr/lib/sendmail -bd -q15m
smmsp 513 1 0 Jun 03 ? 0:01 /usr/lib/sendmail -Ac -q15m
#

2. At this point, we disable sendmail and when doing so, it stops
the two sendmail daemons from running as well (part of disable feature):

# svcs -a | grep sendmail
online Jun_03 svc:/network/smtp:sendmail
#
# svcadm disable svc:/network/smtp:sendmail
#
# svcs -a | grep sendmail
disabled 9:51:44 svc:/network/smtp:sendmail
#
# ps -ef | grep sendmail
#

3. Now reboot the S10 system. Upon reboot, we see that the sendmail
daemons are not running….as a result of the sendmail FMRI being
in a "disabled’ state:

# svcs -a | grep sendmail
disabled 9:54:02 svc:/network/smtp:sendmail
#
# ps -ef | grep sendmail
root 524 512 0 09:55:29 pts/1 0:00 grep sendmail
#

Solaris 10 x86 doesn’t find network card

I recently installed Solaris 10 06/06 x86 on my desktop machine, a Compaq Evo with an onboard Intel 10/100 network card.

At first the Solaris installation seemed to hang while trying to find a network configuration from a non-existant RPC boot server. In retrospect, I think the problem was that Solaris didn’t find an appropriate driver for the card but after waiting a long time, the installation continued skipping the network configuration.

Running prtconf -pv shows the pci identification details for the ethernet card:

model: ‘Ethernet controller’
power-consumption: 00000001.00000001
fast-back-to-back:
devsel-speed: 00000001
interrupts: 00000001
max-latency: 00000038
min-grant: 00000008
subsystem-vendor-id: 00000e11
subsystem-id: 00000012
unit-address: ‘8’
class-code: 00020000
revision-id: 00000081
vendor-id: 00008086
device-id: 0000103b
name: ‘pcie11,12’

Looking up the identification information in the PCI ID repository tells me I’m dealing with a 82801DB PRO/100 VM (LOM) Ethernet Controller

Looking at /boot/solaris/devicedb/master, I found the following similar drivers:

bash-3.00# grep 82801DB /boot/solaris/devicedb/master
pci8086,1039 pci8086,1039 net pci iprb.bef "Intel 82801DB Ethernet 82562ET/EZ PHY"
pci8086,103d pci8086,103d net pci iprb.bef "Intel 82801DB PRO/100 VE Ethernet"

Both cards use the iprb driver so I add the identifier for my driver into /etc/driver_aliases:

iprb "pci8086,1038"
iprb "pci8086,1039"
iprb "pci8086,103b"
iprb "pci8086,103d"

Load the driver with the modload command and plumb the interface:

modload /kernel/drv/iprb
ifconfig iprb0 plumb

If that works, create the /etc/hostname.iprb0 file. I wanted to use DHCP so I did the following:

touch /etc/dhcp.iprb0
touch /etc/hostname.iprb0

Then do a reconfigure reboot.