Professional Documents
Culture Documents
Randy Marchany VA Tech Computing Center Blacksburg, VA 24060 540-231-9523 email: randy.marchany@vt.edu
va-scan Copyright 1999, Marchany
28. Install tools: portsentry, logcheck, TCPWrappers, tripwire,lsof, CIS Security Benchmark document 29. Check for IP forwarding in the kernel
30. Check X Windows security
va-scan Copyright 1999, Marchany
SysAdmin Tricks/Hints
1. Get a good idea of what is normal activity on your system. Use Unix performance command/scripts to monitor your system. Check user login times to get a feel for what is normal activity for a user. 2. Obtain checklists at irregular intervals. Never do your monitoring at regular intervals. Store the checklists offline. 3. Remember that 1 megabyte doesn't necessarily equal 1 megabyte. gigabyte gigabyte Real math tells us 1Mb = 2**20= 1,048,576 bytes 1Gb = 2**30= 1,073,741,824 bytes BUT to vendors, 1MB = 1,000,000 bytes and 1GB= 1,000,000,000 bytes. So, you may not be missing space. A vendor 1Gb disk gives you only 93.1% of expected capacity. Cute vendor trick!
va-scan
SysAdmin Tricks/Hints
4. Monitor your disk space. Why are we concerned? Because hackers can hide data in hidden dirs and this is one way to see if your usage totals add up. 5. System Things to Remember - keep hard copy logs in a secure place with limited access. Be able to account for their whereabouts EXACTLY. - restrict root access - Do your backups and checklists - log internet activity by using TCP wrappers - Keep accurate physical network/system maps/contact people - Publicize problems AND solutions. Security through ignorance can backfire on you. - Educate your user community. - Install all relevant security patches, OS revision patches asap. - Limit physical access Copyrightmachines if possible. to the 1999, Marchany va-scan
SysAdmin Tricks/Hints
6. Some free third party system management tools to get: perl - language for scanning text files, extracting data from them and formatting reports. Written by Larry Wall. top - provides continuous, customizable display of system process status. Written by Phil LeFebvre. lsof - finds out who has open files on a FS that prevent you from dismounting the FS. nfswatch - dynamically charts NFS traffic on a host. Written by Dave Curry. tcpdump - packet monitoring program for displaying packets to/from a system.
va-scan
SysAdmin Tricks/Hints
More Tools (cont'd) Tripwire - system auditing package that runs a series of checks for basic system security. Written by Dan Farmer. Crack - very powerful password cracking program that works on Unix systems that don't have shadow password files. Written by Alec Muffet. 7. Useful Unix commands In addtion to commands like: find, ls, diff, last, lastcomm, ps, vmstat, iostat, su and the above mentioned tools, the 'strings' command is a useful tool to examine binary files for ascii strings.
va-scan
9. UNIX Software Consortiums - The CC maintains Unix software consortiums (Site Licenses) that provide you with OS and compilers for free to you. Check www.cc.vt.edu for more information. 10. Printer configuration - Best to use HP network printers. Use the JetAdmin utility (provided free by HP) to manage these printers.
11. Third Party Software - install software in common areas. 12. License Software - install FLEXLM clients/server code.
va-scan Copyright 1999, Marchany
va-scan
va-scan
6. SUID/SGID programs
- review all suid/sgid programs owned by root, daemon, bin or the groups bin, kmem, mail. - compare against initial checklist - minimum permission: 511 - maintain updated list of ALL suid/sgid programs
va-scan Copyright 1999, Marchany
va-scan
va-scan
Boot/Shutdown Overview
When to boot
After installing new HW powerfail
Systems
Use init or shutdown to do a clean shutdown
va-scan
Solaris 8 Installation I
Preparing to Install
Determine System Type
OS Server - typically an NIS or NFS server Standalone - has local disks (standard) 32MB RAM, 500MB disk
Determine Required HW
Core - min. software needed to run the OS End User - Core+Openwindows Developer - EndUser+lib, man pages. Entire - the whole thing. Recommended.
Copyright 1999, Marchany
va-scan
3 Types of Installation
Solaris 8 Installation II
default partition sizes are too small. Interactive - You boot and configure the system. GUI menus guide you thru the whole process. Recommended . Custom JumpStart - You boot and identify what type of system you have. The boot server loads a predefined version of the OS. Recommended for lab environments.
You can set up a single system to be a Boot/Install Server. This speeds up installation times (20 minutes). The Boot server must be on the same subnet as the target. The Install Server doesnt have to be. A single system can be a Boot and Install server.
Copyright 1999, Marchany
va-scan
NIS, NIS+, other (DNS) - use DNS to resolve hostname not NIS.
domain name - NIS domain name DNS server IP addr., IP host name Subnet mask, netmask, time zone, Which software group to install? End user, Developer, Entire, entire + OEM support. Recommend last one since you can always remove software later.
Copyright 1999, Marchany
va-scan
Solaris 8 Installation IV
Lay them out manually. Preserve existing data? Recommend initial installation. Backup/restore system specific stuff. Accept the FS layout Mount remote FS? Can do this later. Reboot after installation? Also, pick the root password.
va-scan
Solaris 8 Installation V
system_type, partitioning, cluster and swap FS Create /jumpstart/ee_profile with similar info.
Edit /jumpstart/rules
specify the subnet and rules file that applies to it
va-scan
Solaris 8 Installation VI
va-scan
Sun releases patches regularly You MUST maintain current patch levels. Review Solaris Patch Report available from Sunsolve. Determine Patch Status:
showrev -p shows all applied patches pkgparam pkgid PATCHLIST shows patches applied to the package pkgid
Copyright 1999, Marchany
va-scan
Use the patchadd, patchrm commands to install or remove patches These commands replace installpatch, backoutpatch commands They cannot be used for Solaris 1 systems
va-scan
Patches are available from http://sunsolve.sun.com Hackers read the Patch Reports. You must install the recommended and security patches!
va-scan
Solaris 8 - sys-unconfig
Use when you need to change the host name of the machine. Use when you move a machines from one building to another. It wipes out all of the pertinent host/TCP/IP control files It restore the system to the out-of-box state BUT it does NOT affect any user data files! It only modifies the TCP/IP pertinent files. Run the command, it will shutdown the system when its finished. Youll be asked to re-enter the new TCP/IP info at the next reboot.
va-scan
Installing, removing software from standalone systems, servers Software is delivered in packages.
A collection of files/dirs in a defined format
V Interface Definition
Pkgadd, pkgrm commands add/remove packages Pkginfo commands lists the software installed on the system Admintool is the GUI I/F Adding a Package
Pkgadd uncompresses, copies files from the installation source to a local
Package Naming Convention - Sun products begin with SUNW, 3rd party packages use their own prefix (hpnp) Most Sun software packages tell where they are installed
Example: SUNWvolr is installed in /. The r stands for root.
pkginfo file
Some Sun Packages (compilers) install in /opt Always use pkgrm to remove software Set up a spool directory if you want to install from it.
Pkgadd -d device -s spooldir
pkgid .
va-scan
va-scan
0 - halt state 6 - reboot 3 - all system services w/networking 1 - single user Interactive - you tell it where/which type Reconfiguration - after adding/deleting HW Recovery - hung system
Copyright 1999, Marchany
3 types of boot
va-scan
system console 2 - multiuser - all services except NFS server, syslog 3 - multiuser - normal run state, all services available 4 - alternate multiuser - N/A 5 - power-down state, - like 0 but will power off automatically 6 - reboot - go to level 0 then level 3 or whatever level is the default in /etc/inittab S, s - single-user
Copyright 1999, Marchany
va-scan
Solaris 8 - /etc/inittab
/etc/inittab contains a list of processes to start , monitor or restart whenever the system boots or changes run levels. Format: ID:Run-level:ACTION:PROCESS
ID - unique identifies for the entry RUN-level - run level the system must be to run the process ACTION - keyword defines how the process is to be run Initdefault - first process to run Sysinit - special initializations that must be run before logins Powerfail - run process only during powerfail cycle Wait - wait for process to finish before starting next one Respawn - restart it if its not there. OW, continue PROCESS - the actual command to execute
va-scan
action field. Any initializations that need to be run before users login are run now. Init read /etc/inittab to run any processes that have 3 in the rstate field. Commands that can be run at run level 3
/usr/sbin/shutdown - run only if init has received the powerfail signal /sbin/rc2 - defines the TZ, starts standard system processes, moves to run level 2 /sbin/rc3 - starts NFS resource sharing /usr/lib/saf/sac -t 30 - starts port monitors, UUCP network access /usr/lib/saf/ttymon - starts the ttymon process that monitors the console for login attempts. Restarted if it fails.
Copyright 1999, Marchany
va-scan
Each run level has a set of scripts in /sbin. (rc0, rc1, rc2, rc3, rc5, rc6, rcS. For each /sbin/rcX script, theres an /etc/rcX.d directory that contains the scripts used in that run level. /etc/init.d files are linked to the corresponding /etc/rcX.d dirs. Scripts are run in ascii sort order. Names are of form: KXXname or SXXname where xx is the numeric order the process is run and S denotes a process startup script, K denotes a process kill script. Adding an RC script
Add the script to /etc/init.d cp FN /etc/init.d Create links to appropriate /etc/rcX.d - cd /etc/init.d; ln FN
/etc/rc2.d/SxxFN; ln FN /etc/rcn.d/KxxFN
Removing an RC Script
Cd /etc/rcX.d; mv FN .FN
Copyright 1999, Marchany
va-scan
/sbin/rc0 - /etc/rc0.d
Stops system services, daemons Terminates all running processes Unmounts all filesystems
/sbin/rc1 - /etc/rc1.d
Same as /sbin/rc0 Brings the system up to single-user mode
/sbin/rc2 - /etc/rc2.d
Mounts all local FS Enables disk quotas if 1 FS was mounted w/quota option Saves vi temp files in /usr/preserve Removes any files in /tmp Rebuilds device entries for reconfiguration boot Configures system accounting
Copyright 1999, Marchany
va-scan
/sbin/rc2
Configures the default router Sets NIS domain and ifconfig netmask
/.PREINSTAL or /AUTOINSTALL files exis Starts inetd, rpcbind, named Starts Kerberos client, kerbd Starts either NIS (ypbind) or NIS+(rpc.nisd) Starts keyserv, statd, lockd, xntpd, utmpd Mounts all NFS entries Starts ncsd (name service cache daemon) Starts automount, cron, LP, sendmail, utmpd, vold
Copyright 1999, Marchany
va-scan
/sbin/rc3 - /etc/rc3.d
Clean up sharetab Start nfsd
Start mountd
If the system is a boot server, starts rarpd, rpc, bootparamd, rpld Starts snmpdx
/sbin/rc5 - /etc/rc0.d
Kills the printer and syslog daemons Unmounts local and NFS FS Stops NFS server and client processes Stops NIS, RPC and cron services Kills all active processes and initiates an interactive boot
va-scan
/sbin/rc6 - /etc/rc0.d
Runs the /etc/rc0.d/K* scripts to stop system processes Kills all active processes
Unmounts all FS
Runs the initdefault entries in /etc/inittab
/sbin/rcS - /etc/rcS.d
Set up a minimum network Mount /usr set the system name Mounts /proc and /dev/fd rebuilds the device entries for reconfig boots Mounts FS needed for single user mode
va-scan
Reconfiguration Boot
Adding new devices (tape drives, disk drives, etc.) Su Add the device driver
Load driver CD/tape Pkgadd -d devicename package-name
Touch /reconfigure If you dont do this, use the boot -r console command Shutdown the system Shutdown -i0 -gX -y Determine the SCSI address of connected devices Ok> probe-scsi-all Make sure you have an available SCSI address Install new device with proper SCSI address set
va-scan Copyright 1999, Marchany
Adding a Peripheral Power up all peripherals. Power up the CPU unit last From the OK prompt, enter: probe-scsi-all If ok, enter: boot -r or boot (if you created /reconfigure) Adding a disk drive\
System Disk - contains / and /usr If damaged, two ways to recover Reinstall entire OS from CD Replace system disk and restore from backups
va-scan
banner probe-scsi-all prints all SCSI device #s setenv boot-device disk[n] printenv boot-device to verify the change reset saves the new information
va-scan
Interactive Boot
boot -a
Need to know the kernel FN, kernel dir, kernel config file, root file device name
Copyright 1999, Marchany
va-scan
Recovery Boot
Use when critical file (/etc/passwd) dies Must use Solaris Install CD Mount the CD then:
va-scan
boot cdrom -s mount the problem disk: mount <dev> /a cd /a/<problem dir> Set term type: export TERM=sun Remove the invalid entry cd / ; umount /a; init 6
Copyright 1999, Marchany
Solaris 8 - Shutdown
Shutdown commands
/usr/sbin/shutdown, init (0 1 2 3 6 S s),
reboot, halt
va-scan
Solaris 8 Disks I
format Utility
main tool for maintaining, partitioning disks Searches for all attached disk drives Analyzes, repairs, formats, partitions, labels disks When to use?
Display partition info, partition a disk Adding a drive to the system
prtvtoc command
va-scan
Solaris 8 Disks II
1 filesystem/partition unless you use the DiskSuite
facility. Solaris calls disk partitions: disk slices. Name Format: cXtYd0sZ
Kernel, OS files/dirs Solaris swap space the whole disk, use in non-system used for server systems
Copyright 1999, Marchany
va-scan
Solaris 8 Disks IV
Partition Fields
Number - partition/slice number tag - usually FS name flags - wm - writable & mountable
- wu - writable & umountable (defines swap) - rm - R/O, mountable Cylinders - start/end cylinder # size - partition size in Mb blocks - total # cyls, blocks in slice
va-scan
Solaris 8 Disks V
Administering disks
Identify the disk
- format Format the disk - format/select/format Display partion/slice info format/select/partition/print Label the disk - format/select/type/select/label Repair a disk - format/select/repair
va-scan
Solaris 8 Disks VI
HW so Solaris will recognize it for format. Use format -M for extended, diagnostic messages to label multiple disks with the same geometry (disk towers):
va-scan
(system disk) Partition the disk Create FS Restore FS Install Boot Block (system disk)
va-scan
Solaris 8 Disks IX
(local CDROM boot, single user) boot net -s (network boot, single user)
va-scan
Solaris 8 Disks X
i`/lib/fs/ufs/bootblk /dev/rdsk/cNtNd0s0
Volume Mgt daemon (vold) provides access to CDROM, Floppies under the /vol/dev mount point.
Diskettes: /vol/dev/[r]disketteX CDROM: /vol/dev/[r]dsk/c0t6
va-scan
va-scan
Formatting/Using Floppies
General steps Load unformatted Diskette Format diskette Add a UFS filesystem Eject the diskette
va-scan
a series of dots show formatting progress a series of Vs under the dots show verification.
floppy; volcheck -v
va-scan
Files on diskette
/vol/dev/aliases/floppy0
Raw Data
diskette
Enter: volcheck
/vol/dev/aliases/floppy0
CD Files
CD
/cdrom/cdrom0
va-scan
Steps
Create /etc/inet/ntp.conf server ntp-1.vt.edu version 3
/etc/init.d/xntpd start
You can add additional server lines in ntp.conf. ntp-2.vt.edu is the other master timeserver on campus. NTP is used to time stamp syslogs and any other applications that requires time synchronization
va-scan
DNS
Edit /etc/nsswitch.conf, change the hosts field to dns files Know what your local DNS server address is. See http://rdweb.cns.vt.edu/public/dns Create /etc/resolv.conf
add the following fields domain xxx.vt.edu nameserver 128.173.4.247 nameserver 128.173.4.113 done
va-scan
Solaris 8 ships with Sendmail 8.11.6 Use later versions available via anonymous ftp from ftp.vt.edu:/pub/cc/Solaris/sendmail.tar This kit contains the cf files, sendmail 8.11 binaries and install, backout scripts
va-scan
Solaris 8 Filesystems I
1. A Unix filesystem is a collections of directories and files. 2. Solaris supports 3 filesystem types: Disk-based, Network-based, pseudo. 3. Typical sysadmin filesystem duties include: making local/remote filesystems available to users, connecting/configuring new disks and making them available to the filesystem, designing/implementing a filesystem backup schedule, checking/correcting filesystem damage. 4. Disk-based filesystem types: UFS - Unix File System based on BSD fast file system in BSD 4.3. Default filesystem type used by Solaris 2.3. HSFS - CD-ROM filesystems: High Sierra, ISO9660 (official standard version of High Sierra), ISO9660 with Rock Ridge extensions which allow UFS structures (R/O) on a CD. 3rd party software may be sent in one of these formats so ASK!
va-scan PCFS Copyright access to - PC file system allows R/W1999, MarchanyDOS diskettes.
Solaris 8 - Filesystems II
5. Network based filesystems use NFS (Network File System) protocols. 6. Pseudo Filesystems are virtual/memory based filesystems used by Solaris and not by the sysadmin/users. Example: swap space.
7. TMPFS (TeMPorary File System) uses swap space to store temporary files. This is defined by the /tmp filesystem. Files in here are NOT permanent and are lost when the system is rebooted/shutdown. TRADEOFF: large /tmp takes away from swap space that can be used by programs so you can take a performance hit.
8. Process Filesystem (PROCFS) resides in memory and contains a list of active processes in the /proc directory. Debuggers use this FS to get info on a process. Do NOT delete this FS!
va-scan
Solaris 8- Filesystems - IV
1. To find out FS type: - look in FS Type field of /etc/vfstab - look in /etc/default/fs to see default local FS type - look in /etc/dfs/fstypes to see default remote FS type - look in /etc/mnttab for mounted FS type info - Enter: devnm <mount-point> and use the fstype <raw-devicename> command (must be root to do this) 2. Default Solaris 8 FS( FS types):
- (UFS) the root directory. Critical system files (kernel /kernel/unix), device drivers, boot programs. /etc - (NFS) sysadmin configuration files. FS type is UFS if you select STANDALONE or SERVER during Solaris 8 installation. /usr - (UFS) system files/commands, directories that can be shared with other users. Man pages are stored here. /home - (NFS) user home directories. Can be UFS if you select SERVER or STANDALONE during Solaris 8 installation.
va-scan Copyright 1999, Marchany
Solaris 8- Filesystems V
- Default Solaris 8 Filesystem, FS types (Cont'd) /var /opt - (UFS) contains system logs, accounting logs, vi backup files. - (NFS) default location of compilers, 3rd party software. Can UFS if you select SERVER or STANDALONE but QUICK INSTALL makes it too small so you should select CUSTOM INSTALL to make a bigger one. /tmp -(TMPFS) temporary files that are cleared on reboot. /proc -(PROCFS) list of active processes on the system. /, /usr are needed to run a system. - More on UFS - the default Solaris 8 FS - can be up to 1 Tbyte in size but Solaris 8 does NOT provide 'striping' to allow this. You need DiskSuite package to do this. Individual files can be up to 2GB in size.
va-scan Copyright 1999, Marchany
Solaris 8- Filesystems - VI
- UFS Planning and Strategies
1. Total size: 1 TByte if you use Online:Disksuite, otherwise as big as the slice you allocated for it. 2. Maximum File Size: 2Gbyte 3. Maximum number of files: depends.... # of inodes determines this. Default: 1 node / 2K of data. # of inodes is defined by the -i option of 'mkfs'
Fsck Pass - used by fsck command to determine the order in which to check the FS on boot. A '-' means no check. NOTE: NFS FS should have a "-' in this field. fsck can operate in parallel so there can be multiple FS with the same pass #.
Automount? - automatically mount this FS on boot. NOT the automounter.
va-scan
Solaris 8- Filesystems IX
- CREATING FILESYSTEMS 1. you should create FS after: - adding/replacing disk drives - changing the partition map on a disk, Ex: making a FS larger - Doing a full restore of the filesystems on the disk - Changing other FS parameters (block size) 2. Disk must be formatted and partitioned (see 'format' command). Syntax: newfs /dev/rdsk/device-name
3. To install boot block on a drive or make another drive an alternate boot disk: - select a FS to us as the bootable FS - create it if necessary - enter: installboot /usr/lib/fs/ufs/bootblk /dev/rdsk/device-name
va-scan Copyright 1999, Marchany
Solaris 8- Filesystems X
Determining a FS Type
df -k command
va-scan
Solaris 8- Filesystems XI
Mount/Unmount FS
mount, mountall, umount, umountall
Mounting FS
mount <FS> will use info from /etc/vfstab mount NFSserver:/<FS> <local mnt pt>
Unmounting FS
List & kill processes using the FS
va-scan
4. To create additional swap space w/o reformatting the disk: a. Create the file - use: mkfile -v nnn[k|b|m] file name ex: mkfile -v 1m /swap2
b. Make it available for use: swap -a filename c. Verify it worked: swap -l d. To make it available at boot, put an entry in /etc/vfstab BUT make sure the FS the swap space is on is mounted first. e. To remove swap space: swap -d filename
va-scan Copyright 1999, Marchany
Steps
Create Crash Dump Directory mkdir /var/adm/crash cd /var/adm/crash mkdir SYSTEM-NAME Reserve space for crash dump files Cd /var/adm/crash/SYSTEM-NAME Create a file , minfree, that contains a number spcecifying the min free space that must be available for crash dumps. (in K)
Echo 500 > /var/adm/crash/dock/minfree
Enable /Disable crash dumps Edit /etc/init.d/sysetup, uncomment lines that enable crash dumps, exit. Examine crash dump files usie isadc.sh (from sunsolve.sun.com) or /usr/sbin/crash
va-scan
Solaris 8 - NFS I
- Summary of NFS system management tasks 1. Start/stop NFS operation 2. Create CacheFS to improve NFS server performance 2. Sharing/unsharing (exporting FS) FS as necessary 3. Mounting/unmounting NFS directories as needed 4. Modifying administrative files (/etc/dfs/dfstab, /etc/auto_master) 5. Verifying network status 6. Diagnosing and fixing NFS problems 7. Set up automounter maps - Summary of NFS related commands: nfsstat, ping, netstat, pkginfo, share, shareall
va-scan
Solaris 8 - NFS II
-Setting up NFS Servers and Clients 1. Use 'pkginfo' command to make sure you have installed the following: Remote Procedure Call (RPC) Utilities, Network Support Utilities, TCP/IP Utilities, DFS Administration Utilities.
2. If you don't have them, install them using the 'pkgadd' command.
3. To START NFS server: sh /etc/init.d/nfs.server start client: sh /etc/init.d/nfs_client start
anon=uid - allows you to specify a uid for YOUR system that the CLIENT systems root user (UID=0) will be when it's on your system. This prevents a client root from getting your root access. DEFAULT: client UID=0 -> server UID=60001 (nobody). root=<hosts> - allows root on the listed hosts to BE root on your system. NOT recommended.
va-scan Copyright 1999, Marchany
Solaris 8 - NFS IV
-Setup the Cache FS (Cache Filesystem - general purpose FS to improve NFS server performance. Used for heavy NFS loads, clients with slower links (PPP clients). - the NFS server has the exported FS (Back FS). - As the NFS clients access the Back FS, that piece is placed in the clients Cache FS. Initial request may be slower but later ones will be faster. - Steps
1.
2.
Specify the FS to be mounted in the CacheFS mount -F cachefs -o backfstype=fstype, cachedir=cachedir[,options] <Back FS> <mnt-pt>
Copyright 1999, Marchany
va-scan
Solaris 8 - NFS V
3. 4. Verify the mount worked: cachefsstat <mnt-pt> Put entry in /etc/vfstab - Specify cachefs for FS Type - put options in the MOUNT OPTIONS field
5.
6. 7.
Solaris 8 - NFS VI
- NFS troubleshooting 1. Check to see if mountd daemon is running: ps -ef | grep mountd 2. Check to see if nfsd daemon is running: ps -ef | grep nfsd
5. To see if server nfsd daemon is responding, enter from client: /usr/sbin/rpcinfo -u <server> nfs
6. Check to see if server's mountd daemon is up: /usr/sbin/rpcinfo -u <server> mountd
va-scan
Solaris 8 - Automounter I
1. Accessing NFS dirs via mount uses system resources even if you're not accessing anything in the NFS dirs. Automounter does the mount only when needed and unmounts the NFS dir when they're not being used. Good way to optimize the network resources. 2. Automounter does not use /etc/vfstab. It uses a series of 'maps' (direct or indirect). The local root map is called: /etc/auto_master. If NIS is used, information is in the MASTER map. 3. Three types of automount maps: master, indirect, direct All are located in /etc.
Solaris 8 - Automounter II
- Special cases for the mount point field
/-
means use the mounts point in the map specified in the map field
/home means use /home as the local mount point for the entries in the map called /etc/auto_home. This technique can be used to automount home dirs in a lab situation. /net tells automounter to look in the special map -hosts (NIS) and mount ALL of the FS that are available for export by the machines in the map. Easy but wasteful since it mounts ALL of the dirs and not just the one you need.
- INDIRECT MAPS
-contains the entries that are to be mounted under the mount point. - Special case: /etc/auto_home contains a list of users and where their home dirs are located. When a user logs in on a machine, automounter will mount their home dir. FORMAT:
va-scan
username
host:home-dir/&
Solaris 8 - Automounter IV
- How does Automounter Navigate through the Maps? - Maps are available locally or from NIS+ server. - At Boot - automount reads the master map, /etc/auto_master and compares it with the mount table, /etc/mnttab - NOTE: it checks the servers export list only at mount time. Once the FS are mounted, it doesnt check with the server until the servers FS are mounted/umounted so newly exported FS wont be seen unless the server does a remount.
va-scan Copyright 1999, Marchany
Solaris 8 - Automounter V
The Automount Process
1. ping the servers mount service 2. request the servers export list, sorts them by path name length so the mounting is done in order. 3. mounts the FS at the mount points specified in maps. Other Info 1. Map entry: +mapname reads a map file from NIS 2. Order is determined by /etc/nsswitch.conf automount entry.
va-scan Copyright 1999, Marchany
Solaris 8 - Automounter VI
Automount Map Maintenance - local files: text editor - NIS : make - NIS+ : nistbladm
Edit /etc/system
0=unlimited Strctlsz - max size of the CTL part of a message Strthresh - max size of dynamic memory the STREAMS subsytem can consume in bytes. Sadcnt - # number of sad devices
va-scan
va-scan
Solaris 8 - TCP/IP I
TCP/IP Network Administration 1. Transmission Control Protocol/Internet Protocol (TCP/IP) are the network communication protocols that are responsible for getting a packet of of information from one host to another.
2. Unix Network administration involves setting up the standard network config files. These files give the network daemons the info they need to communicate to other Internet systems.
3. Generic Unix network administration commands: netstat, ping, route, ps, ifconfig, snoop, nfsstat 4. TCP/IP related files: /etc/hostname.leX, /etc/nodename.leX, /etc/defaultdomain, /etc/hosts, /etc/defaultrouter
va-scan Copyright 1999, Marchany
Solaris 8 - TCP/IP II
SETTING UP YOUR HOST ON THE NETWORK 1. Hosts are defined by a hostname (your pick) and an IP address (from CNS). Contact hostmaster@cns.vt.edu for your IP address. You can call it anything you want BUT we STRONGLY suggest the following format:
hostname.dept.vt.edu | | | | | | | mandatory. Signifies an Educational site | | mandatory. Stands for Virginia Tech | Optional but we suggest your dept. name (esm, cc, cs) your machine name
2. CNS will supply you with the address of your router and subnet mask. 3. The init scripts that controls TCP/IP configuration/startup at boot is /etc/rc2.d/S69inet, /etc/rc2.d/S71rpc, /etc/rc2.d/S72inetsvc
va-scan Copyright 1999, Marchany
Solaris 8 - TCP/IP IV
CONFIGURE NETWORK DATABASES 1. /etc/hosts - contains the addres of host on our net. You should be using the VT nameserver to resolve addresses so this file should only have a loopback entry and one for your machine unless 3rd party software requires an entry. 2. /etc/nsswitch.conf - this files determines the search order for network information. For non-NIS systems, change the hosts entry from 'files' to 'dns files'. This tells the system to query the VT nameserver (dns) first and then the local files. 3. /etc/netmasks - contains the list of network and netmasks. The net mask determines which of the 32 bits apply to the network addr and which ones apply to the host address. This number is supplied to you by CNS.
va-scan Copyright 1999, Marchany
Solaris 2. 6 - TCP/IP V
4. /etc/networks - maps network names to network numbers. Usually, no need to modify this file since we use the nameserver. 5. /etc/ethers - maps host names to ethernet addresses. Only needed if you use RARP for diskless machines.
6. /etc/protocols - list of the IP protocols running on the system. Created at installation and not modified by you.
7. /etc/services - lists the TCP and UDP services and their port numbers. Created at installation time and is only modified if you install 3r party client/server software.
va-scan
Solaris 2. 6 - TCP/IP VI
DEBUGGING TCP/IP PROBLEMS 1. Use 'netstat' command to get network information. Most frequently used options are -s, -r, -i netstat -s - displays per-protocol stats for TCP, UDP, ICMP and IP. Check the error stats to see if there are problems. netstat -i - displays I/O stats for each ethernet I/F connected to the system. Excessive I/O errors could be a problem with the I/F. High collision rates may be a CNS problem. Use with 'ping' command to see if packets are leaving your system. - displays the IP routing table. The router directs packets to/from your building's internal network.
netstat -r
2. The 'snoop' command can be used to capture network packets. BE CAREFUL. This is a network 'sniffer' command and has a dark side. Root users can run this but you must control root access.
va-scan Copyright 1999, Marchany
6. Use the 'ifconfig' command to check the ethernet I/F status. ifconfig -a - gives the IIP address, netmask, broadcast, and ethernet address for all of the ethernet I/F connected to your system.
va-scan
/etc/passwd
username - 2-8 chars password - contains an X. UID - user identification number GID - group identification number Comment - Full name of the user Homedir - location of the users home directory shell - default login shell
va-scan
/etc/shadow
username - user name password - encrypted password. LK - locked, NP - no password for the account lastchg - # days between 1/1/70 and the last password change min - min. # days between password changes max - max. # days the password is valid inactive - # days an account can be inactive before its locked. expire - date account expires
va-scan
SHELL Bourne C
Korn
va-scan
PURPOSE Sets env. at login Sets env. for all shells after login Sets env. at login
Customize User Initialization file in /etc/skel Add groups Set User Account Defaults Add the User Account Share the User Home Directory (option) Mount the User Home Directory
va-scan Copyright 1999, Marchany
Modify a group Delete a group Modify a User Account Delete a User Account Disable a User Account Change a User Password Change User Password Aging
va-scan Copyright 1999, Marchany
va-scan
va-scan
None
NIS+ NIS
Copyright 1999, Marchany
None
va-scan
va-scan
va-scan
USE /var/adm/aculog log of outgoing modem calls /var/adm/admin.log Admintool log /var/adm/lastlog history of last logins /var/adm/messages General system log /var/adm/pacct Per Process Accounting log /var/adm/sa/* Sys. Accounting files /var/adm/sulog SU command history /var/log/syslog Mail log, TCP Wrapper log /var/adm/utmp History of user logins /var/adm/wtmp History of system logins va-scan Copyright 1999, Marchany /var/cron/log /usr/sbin/cron logs
va-scan
Found in /etc
/etc/resolv.conf - defines NS locations
for system DB (net or local) /etc/inetd.conf - defines Internet services allowed on the system /etc/syslog.conf - defines where the system logs reside
va-scan Copyright 1999, Marchany
System Accounting
va-scan
Types of Accounting
Process Accounting
va-scan
User UID, GID of those using the process Start/End times of the process CPU time for the process Command name, memory used tty line controlling the process
Copyright 1999, Marchany
Types of Accounting/Reports
Disk Accounting User UID, GID # of disk blocks used by the user
command listed in descending order of memory Last Login - last time each user logged in
va-scan Copyright 1999, Marchany
Setting up Accounting
Install SUNWaccr, SUNWaccu packages Install /etc/init.d/acct as the start script for run level 2
va-scan
Setting up Accounting
add entry for /usr/lib/acct/dodisk to the end of
va-scan
Solaris 8 - Security
security Install TCP Wrappers, CRACK, lsof, Suns patchdiag tool, ssh and any other tools you deem fit for your environment.
va-scan
Solaris 8 Security
Securing Systems
Display users login status: logins -x -l <username> Search for no passwords: logins -p Save failed login attempts: touch /var/adm/loginlog
chmod 600 loginlog chgrp sys loginlog Restrict root login to console: vi /etc/default/login Uncomment CONSOLE line Monitor su log: vi /etc/default/su Uncomment SULOG line Display root console access: vi /etc/default/su Uncomment CONSOLE line
va-scan Copyright 1999, Marchany
Solaris 8 Security
your file access permissions. You can deny write access to one group, allow it to another. 2 commands: getfacl setfacl {-s -m -d] A + in the perm field marks a file with an ACL. Use the getfacl command to look at the ACL
Setting an ACl
Example: set file ch2.doc with the following perms:
740 with group sysadmin having RW , ACL mask:RW setfacl -s u::7,g::4,o:0,g:sysadmin:6,m:6 ch2.doc ch2.doc
Copyright 1999, Marchany
va-scan
Allows sysadmins to detect potential security breaches Look for suspicious patterns This is system admin auditing not audit auditing...:-) Can record events in an audit trail and analyze misuse by examining it. Can eat up LOTS of disk space
va-scan Copyright 1999, Marchany
Solaris Auditing
Audit Record
a single audited event stored in a log
Copyright 1999, Marchany
va-scan
Solaris Auditing
file_read, file_write, file_creation, file_deletion, file_close, process, network (bind, accept, connect), login_logout, application, exec, all
this says audit all login/logout, admin ops and failures of any type are to be recorded.
Copyright 1999, Marchany
va-scan
Solaris Auditing
username:always_audit:never_audit Process Preselection Mask: specifies whether events in each audit event class should generate audit records.
Copyright 1999, Marchany
va-scan
Solaris Auditing
Audit ID: assigned when a use logs in. The sysadmin can always trace back to a user. Audit Session ID: same as above Terminal ID: hostname and IP address followed by a unique # that ids the physical device the user use to login. Console = 0.
Audit Costs
va-scan
Solaris Auditing
Strategies
Random audits of certain % of users
behaviors Combining, compressing and reducing multiple audit logs, offline storage
va-scan
Solaris Auditing
To Configure Auditing
Format/partition disk for audit partitions Create audit_control file entries for the audit
filesystems Define audit classes (audit_class(4)) in /etc/security/audit_class Set up event-to-class mapping(audit_event(4)) in /etc/security/audit_event
va-scan Copyright 1999, Marchany
Solaris Auditing
To Configure Auditing
Determine how much auditing needs to be done
va-scan
Solaris Auditing
Command Reference
allocate, audit, audit_startup, audit_warn,
va-scan
Formerly Yellow Pages, it allows centralized mgt of common system/network DB such as password, host, NFS. Anyone can become a member of an NIS domain allowing access to NIS DB.
NIS+
More secure because you define the client list. You can selectively allow access to specific NIS+ tables. DISADV: Other vendors may not have NIS+ clients implemented yet.
va-scan
NIS/NIS+ uses a set of master map/tables that contain common information for all members of the domain. This common information can be passwords, host table, ethernet address, automounter info, mail aliases, etc. NIS/NIS+ files are stored in the following dirs
NIS+ user commands NIS+ administrator commands NIS+ daemons NIS+ shared libs all NIS+ server data files NIS+ working files Client info
va-scan
NIS/NIS+ Principal are the clients that request NIS+ info. A client can be a machine or a userid. NIS/NIS+ Credentials authenticate the Principal requesting the NIS+ info. USER credentials define a userid access rights. MACHINE credentials define a client machines access rights. DES credentials simply use DES to encrypt the authorization key for a principle. LOCAL credentials are a map between a UID and their PRINCIPAL name. NIS+ uses LOCAL info to get the DES info for that Principal.
va-scan Copyright 1999, Marchany
master/domain in the heirarchy, I slave for each domain, Master disk requirements (15-20MB disk/1000 clients, determine the admin group and members
guessed (NIS) and not related to anything. Initialize the root server (nisserver)
va-scan
Create credentials for the root domain clients, administrator clients (nisgrpadm, nisping).
Enable slave servers ( rpc.nisd) Set up root replicas (rpc.nisd, nisserver) Set up non-root domains (rpc.nisd, nisserver)
Create any subdomains in the NIS/NIS+ namespace
va-scan
a NIS-IPADDR -y NISDOMAIN
va-scan
HOST
va-scan Copyright 1999, Marchany
Solaris NIS/NIS+
Prerequisites
Root host /etc/passwd must contain entries for you and every other
admin, you must have a Root Domain Name, the Root Admin Group Name, the UIDs of all the admins.
Add Root Domain Name, make sure correct /etc/nisswitch.conf is used, clean out leftover NIS+ files or processes
domainname NEWDOMAIN domainname > /etc/defaultdomain more /etc/nsswitch.conf (search order is nisplus, files), if you
make any changes, restart ncsd daemon /etc/init.d/ncsd stop; sh /etc/init.d/ncsd start
va-scan Copyright 1999, Marchany
sh
rm -f /etc/.rootkey;keyserv ls /var/nis; rm -rf /var/nis/*; ps -ef |grep nis_cachemgr; kill -9 PID Do the same for rpc.nisd and rpc.nispasswdd
va-scan
compatability only)
DOMAINNAME.
va-scan
va-scan
marchany.root.domain.
NAME des
Add credentials for the other admins Add yourself and other admins to the root domain admin group
nisgrpadm -a admin.NEWDOMAIN. PRINCIPAL-NAME
va-scan
Prequisites
The Admin must have valid DES creds, modify rights to the NIS+
cred table The client must have an entry in /etc/hosts for the root server, a unique hostname
Login client, assign new domain name, check /etc/nsswitch.conf, restart ncsd if needed, clean out old NIS+ files
Copyright 1999, Marchany
va-scan
Kill and restart the keyserv daemon Enter: keylogin -r Reboot the client
va-scan
Solaris 8 - Backup I
- Filesystem Backup Strategies 1. MOST IMPORTANT: You have a REGULAR backup schedule and you FOLLOW it!!!!!!!!! 2. Preparing to do backups: - decide on frequency. Most common: 1 full backup monthly, weekly incr. - know the name of the backup device (remote or local). - know the type of drive (8mm, 4mm, etc.).
- 8mm or 4mm is more practical since disks have GB capacity. - Forget QIC-150 format.
-know the names of the FS you want to backup. -have a good estimate of the number of tapes you'll need.
va-scan
Solaris 8 - Backup II
DETERMINE THE FILESYSTEM RAW DEVICE NAME 1. To find out FS Raw device name, look in /etc/vfstab under the 'device to fsck' column. Use this name with the 'ufsdump' command. 2. Another way: if the FS is already mounted, enter: devnm <mount-point> then substitute 'rdsk' for the 'dsk' part of the output. DETERMINE THE TAPE DRIVE TYPE
1. Assuming there's a tape drive attached to the system, enter: mt -f /dev/rmt/# status where # is the unit number of the tape drive, typically 0 or 1.
2. To poll a system to locate all the tape drives connected to it, enter: for drive in 0 1 2 3 4 5 6 7; do; mt -f /dev/rmt/$drive status; done; exit
va-scan Copyright 1999, Marchany
The S option returns an estimate of the size in bytes. Divide this number by the tape capacity to get an estimate of the number of tapes.
va-scan
Solaris 8 - Backup IV
1. Backup commands: tar - good for single directory backups, not so good handling tape errors, symlinks. ufsdump - dumps the ENTIRE FS. Takes longer but it gets everything according to the level.
2. ufsdump levels - the level number (0-9) tells the dump program to save everything that was saved by a HIGHER level dump program. Level 0 is a FULL backup. A level 5 dump will save all files saved by Levels 5-9 but NOT levels 0-4. Level 5 is typically used for incremental backups. 3. DOING A FULL BACKUP - shut down to single user: cd /; shutdown; halt then boot -s - load a tape into the drive - Enter: /usr/bin/ufsdump 0ucf /dev/rmt/unit# <FS Name> - replace the tape as needed, label it and save it in a SECURE place. va-scan Copyright 1999, Marchany - reboot the system
Solaris 8 - Backup - V
4. DOING A INCREMENTAL BACKUP - Shut the system down and reboot into single user mode. - load the tape drive - enter: ufsdump [1-9] /dev/rmt/unit# <FS Name> - load tapes as needed 5. DOING A FULL BACKUP TO A REMOTE DEVICE - Shutdown and reboot in single user mode - Make sure the remote machine is up: Enter: rsh <hostname> cat /etc/motd If you get a valid response, your system is in the remote system's /.rhosts file. If not, you need to add your system name to the server's /.rhosts file. NOTE: This is a SECURITY problem if left in all the time. - Generic command format: ufsdump options host:device <FS name>
- You must add system name to server /.rhosts, system IP address to server's /etc/hosts Copyright 1999, Marchany -va-scan at 3rd party network backup software (Legato, Adstar) Look
Solaris 8 - Backup VI
Backup files
ufsdump 0ucf
/dev/rmt/0 /dev/rmt/0
/home
Verify backup
ufsrestore
tf
Incremental Backup
ufsdump 5ucf
/dev/rmt/0 /usr
va-scan
Solaris 8 - Restore I
- COMMANDS: tar xvf tar-file OR ufsrestore <options> <device< <FS-to-restore>
1. If run from root, files are restored with the original owner, last modification, and access permissions. If not, then the restored files belong to the UID that is running the restore !!!! SECURE THE BACKUP TAPES!!!! - FINDING WHICH TAPE TO USE IN THE RESTORE 1. To restore an entire FS: - you need the most recent level 0 backup tape and the most recent incremental tape (for each level). 2. To find an individual file on the set of tapes:
- Find out the approximate date the file was lost. - Work backward through your backup tape schedule from highest to va-scan Copyright 1999, Marchany lowest level and most recent to least recent.
Solaris 8 - Restore II
- get the tape, load it in the drive - enter: ufsrestore ta archive-name filename ufsrestore tf device-name filename RESTORING / or /USR FILE SYSTEMS (for tape Archives) (for single tapes)
1. Shut down system. Replace the bad disk drive. 2. Boot single user from Solaris Installation CD. 3. Partition the disk using the format command 4. Make a new FS (newfs command), verify (fsck command) each partition except swap. 5. Enter: mount /dev/dsk/cNtNdNsN /mnt 6. Enter: cd /mnt 7. Create the tape devices: tapes 8. Write-protect the tapes. 9. Restore the FS using level 0 then level X: ufsrestore rvf /dev/rmt/X 10. Remove the symbol table file: rm restoresymtable 11. Enter: cd / 12. Enter: umount /mnt; fsck /dev/rdsk/<device name>; init 6 va-scan Copyright 1999, 13. Repeat steps 8-12 to restore /usr Marchany
Sun recommends restoring them to /tmp to make sure theyre ok and then move them to the proper place.
1. su, load the proper backup tape on the drive. 2. Enter: cd /var/tmp (or whatever temporary space you want) 3. Enter: ufsrestore if /dev/rmt/<unit#> 4. Create a list of files to be restored by entering the following commands at the 'restore> ' prompt. - ls - cd dir-name - to add/remove a name to the list, enter: add <filename> delete <filename> - to keep original modes on the files, enter: setmodes - When done creating the list, enter: extract - Answer the prompts. - you'll get a 'restore>' prompt when it's done. Enter: quit 5. Verify the files/dirs were restored using the ls command with the proper mode. 6. Use the 'mv' command to move the files to the target. va-scan Copyright 1999, Marchany
Solaris 8 - Restore IV
- RESTORING INDIVIDUAL FILES (another way) 1. su, load the tape. 2. Enter: cd /var/tmp 3. Enter: ufsrestore xf /dev/rmt/<unit#> filename 4. Enter: n for the 'set owner/mode for '.'? [yn] prompt 5.When done, verify everything is ok using the 'ls' command. 6. Use the 'mv' command to move the file to its final resting place.
NOTE:
you cannot use 'ufsrestore' to restore files from a set of tapes created by the Solaris 1.x 'dump' command.
va-scan
1. Available disk space, use the 'df' command 2. Files & directories, use the 'ls', 'du', 'quot', 'find' commands 3. Overloaded FS 4. Quotas 5. Repairing bad disks
SYSTEM LOG FILES - /var/adm, /var/log aculog admin.log lastlog messages pacct sa sulog utmp, wtmp lp/logs /var/log/syslog*
va-scan
- log of outgoing modem calls - log of Admin_Tool utility - history of last logins - the general system log file - per process accounting info (if accounting is enabled) - this directory contains system accounting files - history of su commands - history of user, system logins - LP print service logs - mail logs, TCPwrapper logs
Copyright 1999, Marchany
4. To find out who is using the most disk space quot <FS name>
va-scan
OR
1. edquota, quot, quota, quotaon, quotaoff, quotacheck, repquota commands handle administration.
va-scan Copyright 1999, Marchany
- enter: edquota <username> - Change appropriate limits. Limits are in number of 1K blocks.
5. Once done for one user, you can replicate for others
These measurements should taken over a period of time (1 day) and averaged out to determine an overall SLA.
2. vmstat - reports virtual memory stats, shows CPU load, paging, etc.
Procs - # of procs in run queue (r), blocked (b), waiting for resources, swapped (w), waiting for processing resources to finish. Memory - currently available swap space (swap), free list size (free) Page - Pages reclaimed (re), minor faults (mf), Kbytes paged in (pi), Kbytes pages out (po), Kbytes freed (fr), short term memory va-scan Copyright 1999, Marchany shortfall (de), pages scanned by clock algorithm (sr)
Hints:
Page stats are accrued from last report. It includes page-ins from process starts. If po > 0 for numerous obs, then you may have memory problem. if de > 0 then you have serious memory problem. vmstat -s vmstat -S vmstat -c gives total system values since boot. gives swapping stats in addition to paging stats. gives cache flushing stats since boot.
va-scan
- reads/sec - writes/sec - Kbytes/sec - average queue length - average # of transactions being actively serviced - % time the Q is not empty - % time the disk is busy
Copyright 1999, Marchany
1. edit /etc/init.d/perf
- uncomment line that has 'sadc' in it. 2. edit /var/spool/cron/crontabs/sys - uncomment lines that have 'sa1 in them. COLLECTING SYSTEM ACTIVITY DATA WITH sar COMMAND sar -a sar -b sar -c sar -d sar -g sar -u sar -A
va-scan
- gives file access operations - gives system buffer activity - gives system call activity - gives disk activity stats. - gives page-out and free memory stats - gives cpu utilization - gives overall system performance stats
Copyright 1999, Marchany
VT Scholarpac Support
1. VT is a member of the Sun Scholarpac Consortium. Primary contact is Randy Marchany, 1-9523 (randy.marchany@vt.edu). Secondary contact is Wanda Baber(wbaber@vt.edu). Sun Sales rep is Cole Clark (cole.clark@east.sun.com). See www.cc.vt.edu for info. 2. Scholarpac software is stored on dock.cc.vt.edu. This machine is the Solaris license server, the Answerbook online library, a Solaris Patch Archive as well as IMSL, Mathematica and Matlab server. Solaris Compiler, Sparcworks software is available online from this system. 3. To access the license server: - install the Sun license software on your machine. - Create a local mount point for the license file directory, for example, /sun_license. - NFS mount dock.cc.vt.edu:/scholarpac/license_dir to your local mount point. - set the environment variable LM_LICENSE_FILE to point to the /sun_license/licenses_combined file. Note that /sun_license was used from the previous example. - Test va-scan the connection by using the -xlicinfo option of a compiler command. Copyright 1999, Marchany
make - I
Make utility builds software kits by issuing the commands needed to build the software. It uses dependencies to describe the software components.
C source program - test.c
cc -c test.c -> compile test.c, place object code in test.o Test.o depends on test.c. If test.c changes, so does test.o
Make knows which files have been modified and figures out what files have to be updated. If the components are newer than the whole, then the whole is rebuilt.
va-scan
Make - II
Makefile
Make looks for makefile(Makefile) for instructions Sample line: General format: TARGET: DEPENDS; COMMANDS Test: test.c test1.c <TAB> cc -O -o test test.c test1.c
Means the target, Test, depends on test.c and test1.c. If either of these 2 files is modified then Test is rebuilt.
va-scan
Makefile contains the commands needed to build a program Separate dependency line for each component and target Program: main.o sub1.o sub2.0 cc main.o sub1.o sub2.o -o Program Main.o: main.c ; cc -O -c main.c Sub1.o: sub1.c ; cc -O -c sub1.c Sub2.o: sub2.c ; cc -O -c sub2.c
Copyright 1999, Marchany
Most Freeware (ssh, pgp) use make and configure scripts to build the software General steps:
Setenv LM_LICENSE_FILE license-file
Set path=( $path /usr/ccs/bin /opt/SUNWspro/bin) You may have to put /opt/SUNWspro/bin ahead of /usr/ucb Cc -xlicinfo
Cd src-tree
./Configure Make Make install
va-scan
Make - IV
va-scan
SSH - I
va-scan
SSH - II
va-scan
va-scan
va-scan
va-scan
VT Scholarpac Support
4. dock.cc.vt.edu has online Answerbooks for Solaris 8. Point your browser to dock.cc.vt.edu:8888 to get access. 5. To install Solaris Scholarpac Software, Compilers, Sparcworks: - Option 1: get the CD from the CC by contacting Kathy Williams (kathyw@vt.edu), install from CD and RETURN it. - Option 2: install over the net from dock.cc.vt.edu. - NFS mount dock.cc.vt.edu:/vt/scholarpac - For compilers, cd Compilers and run spro_install or spro_install_tool. - For other packages, cd to the appropriate directory - follow the installation prompts.
va-scan
va-scan
Tools
My Personal Favorites:
COPS, TRIPWIRE SATAN, ISS SWATCH, NFSWATCH TCP Wrappers Sniffers (IPTRACE, TCPDUMP) CRACK PHF_Trace
Copyright 1999, Marchany
va-scan