This document details the configuration, hardening, monitoring and vulnerability assessment of the Solaris OE. It can also be used as a configuration standard, providing a baseline to audit against.
Solaris Hardening Document
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
This is a great starting place for new sys admins. Not just for us Solaris guys, but also for Linux. Yeah, some of the files and commands are different, but the over all idea is the same. This is very much needed as Linux becomes more popular. New sys admins should run to the amazon.com site and search for Linux security. Check out all of the recommendations from other Linux and Unix users. Just a thought.
How do you change the hostname of a (sparc) Solaris host?
This was/is a question that this dude who gives the the Solaris Cluster course, always asks. And apparently, there is nobody that ever gave a complete answer.
This is a rather offtopic post, but what the heck, there’s something in having some fun, not just being on topic.
Well the easy way is to run sys-unconfig. This will remove the system name and network config, but nothing else so your data is safe. Then reboot. The hard way is to edit the /etc/hosts, /etc/nodename, /etc/hostname.network_inface_name (ex:/etc/hostname.hme0), /etc/net/ticlts/hosts, /etc/net/ticots/hosts, and /etc/net/ticotsord/hosts files, then reboot. Hope this helps. Oh by the way, comment out all nfs mounts before rebooting if the mounts have changed or moved. You don’t want the system looking for mounts that are no longer there. If the mounts are still good, then it is no big deal.
it was just for fun. But you did an excellent job, you even mentioned the /etc/tic* stuff! If you don’t have Veritas Volume manager, you’d be OK. Otherwise, you should take care of the VXVM diskgroup ID, which contains the hostname, too. Use vxdctl for ths operation
vxdctl hostid new-host-name
Note that the system will work even if you don’t do this, but Veritas will report the old hostname all the time if you don’t.
‘duh!
I seem to recall that iPlanet/Netscape directory server would also need some special care after a hostname change.
Others?
This is not a Solaris problem. And the same goes for Veritas VM, it uses the same or at least very similar diskgroup ID system on all supported platforms.