1. Login to control Domain,
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Sun Jun 25 08:36:43 2017
Oracle Corporation SunOS 5.10 Generic Patch January 2005
# bash
bash-3.2# df -h
Filesystem size used avail capacity Mounted on
rpool/ROOT/s10x_u11wos_24a 12G 4.4G 5.3G 46% /
bash-3.2# echo | format
Searching for disks...
Inquiry failed for this logical diskdone
AVAILABLE DISK SELECTIONS:
0. c0d0 <▒x▒▒▒▒▒▒▒▒▒@▒▒▒ cyl 1565 alt 2 hd 255 sec 63>
/pci@0,0/pci-ide@7,1/ide@0/cmdk@0,0
Specify disk (enter its number): Specify disk (enter its number):
bash-3.2# zpool list
NAME SIZE ALLOC FREE CAP HEALTH ALTROOT
rpool 11.9G 6.39G 5.55G 53% ONLINE -
bash-3.2# zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 6.45G 5.30G 42.5K /rpool
rpool/ROOT 4.39G 5.30G 31K legacy
rpool/ROOT/s10x_u11wos_24a 4.39G 5.30G 4.39G /
rpool/dump 1.00G 5.30G 1.00G -
rpool/export 76K 5.30G 32K /export
rpool/export/home 44K 5.30G 44K /export/home
rpool/swap 1.06G 5.36G 1.00G -
bash-3.2# ping 192.168.10.135
192.168.10.135 is alive
bash-3.2# ssh 192.168.10.135
^C
bash-3.2# pwd
/
bash-3.2# mkdir /export/home/bishal-zone
bash-3.2# zonecfg -z bishal
bishal: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:bishal> create
zonecfg:bishal> set zonepath=/export/home/bishal-zone
zonecfg:bishal> set autoboot=true
zonecfg:bishal> add net
zonecfg:bishal:net> set physical=e1000g0
zonecfg:bishal:net> set address=192.168.10.221
zonecfg:bishal:net> end
zonecfg:bishal> add attr
zonecfg:bishal:attr> set name=comment
zonecfg:bishal:attr> set type=string
zonecfg:bishal:attr> set value="Bishals zone"
zonecfg:bishal:attr> end
zonecfg:bishal> verify
zonecfg:bishal> commit
zonecfg:bishal> info
zonename: bishal
zonepath: /export/home/bishal-zone
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.10.221
physical: e1000g0
defrouter not specified
attr:
name: comment
type: string
value: "Bishals zone"
zonecfg:bishal> exit
bash-3.2# zonecfg -z bishal export | more
create -b
set zonepath=/export/home/bishal-zone
set autoboot=true
set ip-type=shared
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add net
set address=192.168.10.221
set physical=e1000g0
end
add attr
set name=comment
set type=string
set value="Bishals zone"
end
bash-3.2# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- bishal configured /export/home/bishal-zone native shared
bash-3.2# zoneadm -z bishal install
/export/home/bishal-zone must not be group readable.
/export/home/bishal-zone must not be group executable.
/export/home/bishal-zone must not be world readable.
/export/home/bishal-zone must not be world executable.
could not verify zonepath /export/home/bishal-zone because of the above errors.
zoneadm: zone bishal failed to verify
bash-3.2# ls -ld /export/home/bishal-zone
drwxr-xr-x 2 root root 2 Jun 25 11:56 /export/home/bishal-zone
bash-3.2# chmod 700 /export/home/bishal-zone
bash-3.2# zoneadm -z bishal install
A ZFS file system has been created for this zone.
Preparing to install zone <bishal>.
Creating list of files to copy from the global zone.
Copying <2711> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1244> packages on the zone.
Initialized <1244> packages on zone.
Zone <bishal> is initialized.
The file </export/home/bishal-zone/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
bash-3.2# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- bishal installed /export/home/bishal-zone native shared
bash-3.2# cd /export/home/bishal-zone/
bash-3.2# ls
root
bash-3.2# cd root
bash-3.2# ls
bin etc home lib opt proc system usr
dev export kernel mnt platform sbin tmp var
bash-3.2# df -h .
Filesystem size used avail capacity Mounted on
rpool/export/home/bishal-zone
12G 76M 5.2G 2% /export/home/bishal-zone
bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
inet 192.168.10.20 netmask ffffff00 broadcast 192.168.10.255
ether 0:c:29:e:4a:65
bash-3.2# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- bishal installed /export/home/bishal-zone native shared
bash-3.2# zoneadm -z bishal boot
zoneadm: zone 'bishal': WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.10.221; using default of 255.255.255.0.
bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone bishal
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
inet 192.168.10.20 netmask ffffff00 broadcast 192.168.10.255
ether 0:c:29:e:4a:65
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone bishal
inet 192.168.10.221 netmask ffffff00 broadcast 192.168.10.255
bash-3.2# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 bishal running /export/home/bishal-zone native shared
bash-3.2# zoneadm -z bishal reboot
zoneadm: zone 'bishal': WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.10.221; using default of 255.255.255.0.
bash-3.2# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 bishal running /export/home/bishal-zone native shared
bash-3.2# zlogin -C bishal
[Connected to zone 'bishal' console]
Select a Language
0. English
1. es
2. fr
Please make a choice (0 - 2), or press h or ? for help: 0
Select a Locale
0. English (C - 7-bit ASCII)
1. Canada (English) (UTF-8)
2. Canada-English (ISO8859-1)
3. U.S.A. (UTF-8)
4. U.S.A. (en_US.ISO8859-1)
5. U.S.A. (en_US.ISO8859-15)
6. Go Back to Previous Screen
Please make a choice (0 - 6), or press h or ? for help: 0
What type of terminal are you using?
1) ANSI Standard CRT
2) DEC VT52
3) DEC VT100
4) Heathkit 19
5) Lear Siegler ADM31
6) PC Console
7) Sun Command Tool
8) Sun Workstation
9) Televideo 910
10) Televideo 925
11) Wyse Model 50
12) X Terminal Emulator (xterms)
13) CDE Terminal Emulator (dtterm)
14) Other
Type the number of your choice and press Return: 12
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: e1000g0.
q Host Name for e1000g0:1 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Enter the host name which identifies this system on the network. The name
must be unique within your domain; creating a duplicate host name will cause
problems on the network after you install Solaris.
A host name must have at least one character; it can contain letters,
digits, and minus signs (-).
Host name for e1000g0:1 bishal
bishal
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
q Confirm Information for e1000g0:1 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Host name: bishal
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Just a moment... F4_Change F6_Help
q Configure Security Policy: qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Specify Yes if the system will use the Kerberos security mechanism.
Specify No if this system will use standard UNIX security.
Configure Kerberos Security
qqqqqqqqqqqqqqqqqqqqqqqqqqq
[ ] Yes
[X] No
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
q Confirm Information qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Configure Kerberos Security: No
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Please wait... F4_Change F6_Help
q Name Service qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
On this screen you must provide name service information. Select the name
service that will be used by this system, or None if your system will either
not use a name service at all, or if it will use a name service not listed
here.
> To make a selection, use the arrow keys to highlight the option
and press Return to mark it [X].
Name service
qqqqqqqqqqqq
[X] NIS+
[ ] NIS
[ ] DNS
[ ] LDAP
[ ] None
]
X]
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
q Confirm Information qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Name service: None
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Just a moment... F4_Change F6_Help
q NFSv4 Domain Name qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
NFS version 4 uses a domain name that is automatically derived from the
system's naming services. The derived domain name is sufficient for most
configurations. In a few cases, mounts that cross domain boundaries might
cause files to appear to be owned by "nobody" due to the lack of a common
domain name.
The current NFSv4 default domain is: ""
NFSv4 Domain Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
[X] Use the NFSv4 domain derived by the system
[ ] Specify a different NFSv4 domain
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
q Confirm Information for NFSv4 Domain qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
NFSv4 Domain Name: << Value to be derived dynamically >>
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F4_Change F6_Help
q Time Zone qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
On this screen you must specify your default time zone. You can specify a
time zone in three ways: select one of the continents or oceans from the
list, select other - offset from GMT, or other - specify time zone file.
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Continents and Oceans
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
- [ ] Africa
x [ ] Americas
x [ ] Antarctica
x [X] Arctic Ocean
x [ ] Asia
x [ ] Atlantic Ocean
x [ ] Australia
x [ ] Europe
v [ ] Indian Ocean
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
q Country or Region qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Countries and Regions
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
- [ ] United States
x [ ] Anguilla
x [X] Antigua & Barbuda
x [ ] Argentina
x [ ] Aruba
x [ ] Bahamas
x [ ] Barbados
x [ ] Belize
x [ ] Bolivia
x [ ] Bonaire Sint Eustatius & Saba
x [ ] Brazil
x [ ] Canada
v [ ] Cayman Islands
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
q Time Zone qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Time zones
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
- [ ] Eastern Time
x [ ] Eastern Time - Michigan - most locations
x [X] Eastern Time - Kentucky - Louisville area
x [ ] Eastern Time - Kentucky - Wayne County
x [ ] Eastern Time - Indiana - most locations
x [ ] Eastern Time - Indiana - Daviess, Dubois, Knox & Martin Counties
x [ ] Eastern Time - Indiana - Pulaski County
x [ ] Eastern Time - Indiana - Crawford County
x [ ] Eastern Time - Indiana - Pike County
x [ ] Eastern Time - Indiana - Switzerland County
x [ ] Central Time
x [ ] Central Time - Indiana - Perry County
v [ ] Central Time - Indiana - Starke County
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
q Confirm Information qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Time zone: Eastern Time
(US/Eastern)
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Please wait... F4_Change F6_Help
q Root Password qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Please enter the root password for this system.
The root password may contain alphanumeric and special characters. For
security, the password will not be displayed on the screen as you type it.
> If you do not want a root password, leave both entries blank.
Root password:
Root password: ********
********
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
F2_Continue F6_Help
rebooting system due to change(s) in /etc/default/init
[NOTICE: Zone rebooting]
SunOS Release 5.10 Version Generic_147148-26 64-bit
Copyright (c) 1983, 2013, Oracle and/or its affiliates. All rights reserved.
Hostname: bishal
bishal console login: Jun 25 12:15:37 bishal sendmail[7176]: My unqualified host name (bishal) unknown; sleeping for retry
Jun 25 12:15:37 bishal sendmail[7182]: My unqualified host name (bishal) unknown; sleeping for retry
root
Password:
Jun 25 12:15:55 bishal login: ROOT LOGIN /dev/console
Oracle Corporation SunOS 5.10 Generic Patch January 2005
# bash
bash-3.2# useradd -d /export/home/bishal -m -c "Bishal" -s /bin/bash bishal
UX: useradd: ERROR: Unable to create the home directory: No such file or directory.
bash-3.2# ls -ld /export/hom
bash-3.2# mkdir Jun 25 12:16:37 bishal sendmail[7176]: unable to qualify my own domain name (bishal) -- using short name
Jun 25 12:16:37 bishal sendmail[7176]: [ID 702911 mail.alert] unable to qualify my own domain name (bishal) -- using short name
Jun 25 12:16:37 bishal sendmail[7182]: unable to qualify my own domain name (bishal) -- using short name
Jun 25 12:16:37 bishal sendmail[7182]: [ID 702911 mail.alert] unable to qualify my own domain name (bishal) -- using short name
/export/home
bash-3.2# useradd -d /export/home/bishal -m -c "Bishal" -s /bin/bash bishal
bash-3.2# passwd bishal
New Password:
passwd: The password must contain at least 1 numeric or special character(s).
Please try again
New Password:
bash-3.2# grep root /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
bash-3.2# grep root /etc/shadow
root:l5u2cH9PhmZI6:6445::::::
bash-3.2# vi /etc/ssh/sshd_config
"/etc/ssh/sshd_config" 155 lines, 4997 characters
#
# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
#
# ident "@(#)sshd_config 1.10 10/10/19 SMI"
#
# Configuration file for sshd(1m)
# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
# 1 and 2. It is recommended due to security weaknesses in the v1 protocol
# that sites run only v2 if possible. Support for v1 is provided to help sites
# with existing ssh v1 clients/servers to transition.
# Support for v1 may not be available in a future release of Solaris.
#
# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
# do not already exist, RSA1 keys for protocol v1 are not automatically created.
# Uncomment ONLY ONE of the following Protocol statements.
# Only v2 (recommended)
/PermitR
# Depending on the setup of pam.conf(4) this may allow tunneled clear text
# passwords even when PasswordAuthentication is set to no. This is dependent
# on what the individual modules request and is out of the control of sshd
# or the protocol.
PAMAuthenticationViaKBDInt yes
# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
#PermitRootLogin no
PermitRootLogin yes
# sftp subsystem
Subsystem sftp internal-sftp
# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# some form of backwards compatibility with the very weak security
"/etc/ssh/sshd_config" 156 lines, 5018 characters nd the functionality
bash-3.2# svcs -a | grep ssh
online 12:15:37 svc:/network/ssh:default
bash-3.2# svcadm restart ssh
bash-3.2# Jun 25 12:18:59 bishal su: 'su root' succeeded for bishal on /dev/pts/8
bash-3.2#
bash-3.2# hostname
bishal
bash-3.2# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.10.221 netmask ffffff00 broadcast 192.168.10.255
bash-3.2# exit
# ^D
bishal console login: Jun 25 12:30:17 bishal su: 'su root' succeeded for bishal on /dev/pts/9
No comments:
Post a Comment