You are on page 1of 21

Solaris Administration

TM

Best Practices

University System of Georgia


32nd Annual Computing Conference

October 23, 2003

W. Todd Watson - todd.watson@usg.edu


Office of Information and Instructional Technology
Board of Regents of the University System of Georgia
Solaris Administration
TM

Best Practices

Best Practices

In the context of System Administration -

“Recognized methods or procedures adopted to pro-


mote reliable, secure, and maintainable
systems”

2
Solaris Administration
TM

Best Practices

Goals

● User and Account management


● Patches and Bug fixes

● Logging

● Secure Shell and other services

● Disk Mirroring

● Disaster recovery

● System Backups

3
Solaris Administration
TM

Best Practices

Target Audience

●New administrators
●Part-time administrators

●New SolarisTM administrators

●Department supervisors

4
Solaris Administration
TM

Best Practices

User and account management

● Consistency in account names


● Consistent location for home directories

● Use of “good” passwords

● Password aging

● Expiration of unnecessary accounts

● Locking of “System” accounts

● Appropriate user environments

5
Solaris Administration
TM

Best Practices

User and account management

Consistency in account names

● Firstname-Lastname combination
● UID concantenation to FN/LN

● Avoid personal identification numbers

● Keep GECOS populated with minimal

information

6
Solaris Administration
TM

Best Practices

User and account management

Consistent location for home directories

● Provide adequate space to users


● Create a separate filesystem
● /home is a recommended location

7
Solaris Administration
TM

Best Practices

User and account management

Passwords

● Educate users on password use


● If possible, incorporate aging

● Include expiration for accounts

● Lock “System” accounts, i.e., httpd

8
Solaris Administration
TM

Best Practices

User and account management

User Environments

● Consider standardizing shells


● Use common environment variables

● Define common paths

9
Solaris Administration
TM

Best Practices

Patches and Bug fixes

Two modes of practice


➲ Perform comprehensive patches regularly
➲ Only patch when needed

Recommendation:
Perform patches regularly!

10
Solaris Administration
TM

Best Practices

Patches and Bug fixes

System Patches
Available from Sun at
ftp://sunsolve1.sun.com
or
Available from USG via ftp:

ftp://ftp.usg.edu/pub/unix/Solaris2/8_Recommended.zip
Updated daily

11
Solaris Administration
TM

Best Practices

Patches and Bug fixes

Standard bug fixes - monthly update is adequate.


Security patches – update networked systems ASAP

Don't forget garbage collection!


Delete your patch installation files when done

12
Solaris Administration
TM

Best Practices

Logging
➲ Use syslogd(1m) to manage logging facilities
● Sendmail
● Sshd
● Httpd
● ftp
➲ Consider a defined directory, e.g. /logs
➲ Use a log roller to archive recent logs
➲ Determine and implement a retention policy
➲ Periodically examine the logs or use parser
13
Solaris Administration
TM

Best Practices

Secure Shell and other security

➲ Consider dropping telnet in favor of SSH


● OpenSSH
● SSH.com's SSH
➲ Replace ftp with proftp or sftp
➲ Consider terminating all unnecessary services
➲ Watch patches to maintain status quo

14
Solaris Administration
TM

Best Practices

Disk Mirroring

● Solstice Disksuite
● Provides failover protection in the case

of disk failure
● Requires two physical disks

● Mirror each filesystem

● Mirror Swap

● Instructions available at

http://www.usg.edu/oiit/support/os

15
Solaris Administration
TM

Best Practices

Disaster recovery

16
Solaris Administration
TM

Best Practices

Disaster recovery

● Know thy system


● Organize ahead of time

● Keep records updated

17
Solaris Administration
TM

Best Practices

Disaster recovery

● Keep copies of prtconf, hostid,


disk partition information (format)
● Record processor, memory and

disk complement
● Record network configuration

● Record information from

/usr/platform/[arch]/sbin/prtdiag -v
● Update as changes occur!

18
Solaris Administration
TM

Best Practices

Disaster recovery

● Consider master record storage


offsite or in another non-adjacent
building
● Keep records in environmentally

stable storage
● Create an operator manual for

emergency shutdown and startup

19
Solaris Administration
TM

Best Practices

Backups

● Make backups an implementation


strategy for every system installed
● Create a plan that includes regular

full and incremental backups


● Automate the backup process

● Keep careful records of all backups

● Label your tapes

● Store the media properly

20
Solaris Administration
TM

Best Practices

Backups

● Provide a process to assist users with


restores of their files
● Test your backup processes thoroughly

● Remember to add any new filesystems

to your backup specifications.


● Consider offsite storage

● Don't forget to archive install media

● Test your backup processes thoroughly

21