solaris 如何将某一服务重启和停止( 二 )
# vi /etc/inittab
Remove the line with “/usr/lib/saf/sac -t 300”
# chown root:sys /etc/inittab
# chmod 644 /etc/inittab
1.Added Warning Banners
These configurations replace the operating system version with a warning banner displayed during the login process.
Login:
# vi /etc/motd (replaced operating system version with a warning banner)
Property of Company
WARNING: To protect systems from unauthorized use and to ensure that the
system is functioning properly, activities on this system are monitored and
recorded and subject to audit. Use of this system is expressed consent to such
monitoring and recording. Any unauthorized access or use of this system is
prohibited and could be subject to criminal and civil penalties.
# cp /etc/motd /etc/issue
Telnet:
# vi /etc/default/telnetd
UMASK=022
BANNER=""
# chown root:sys /etc/default/telnetd
# chmod 444 /etc/default/telnetd
FTP:
# vi /etc/default/ftpd
UMASK=022
BANNER=`cat /etc/motd`
# chown root:sys /etc/default/ftpd
# chmod 444 /etc/default/ftpd
2.Enabled Logging of the su Command
This configuration logs both success and failure of su command usage.
NOTE: This configuration is required by the root login notification script (below).
# vi /etc/default/su
SULOG=/var/adm/sulog (uncommented)
# cd /var/adm
# touch sulog
# chgrp sys sulog
# chmod 600 sulog
3.Enabled AUTH Logging
The auth facility controls account access with login, su, etc.
# vi /etc/syslog.conf
auth.info /var/log/authlog
auth.notice /var/log/authlog
NOTE: The entries must be separated by tabs.
# /etc/init.d/syslog stop
# /etc/init.d/syslog start
4.Enabled Logging of Unsuccessful Login Attempts
The loginlog file records consecutive failed login attempts.
# cd /var/adm
# touch loginlog
# chgrp sys loginlog
# chmod 600 loginlog
5.Enabled Logging of Successful Logins
# cd /var/log
# touch logins
# chgrp sys logins
# chmod 600 logins
# vi /etc/syslog.conf
# log successful logins
local0.info /var/log/logins
NOTE: The entries must be separated by tabs.
# /etc/init.d/syslog stop
# /etc/init.d/syslog start
Added the following entry to /etc/profile and /etc/.login:
logger -p local0.info "User $LOGNAME has logged in"
6.Enabled Logging of CDE Login Attempts
# vi /etc/pam.conf
Added the Word “debug” after the account management entries
#
# Account management
#
login account required /usr/lib/security/$ISA/pam_Unix.so.1 debug
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 debug
# vi /etc/syslog.conf
Added “;auth.debug;user.debug” to the line that logs successful logins
# log successful logins
local0.info;auth.debug;user.debug /var/log/logins
NOTE: The entries must be separated by tabs.
# /etc/init.d/syslog stop
# /etc/init.d/syslog start
7.Enabled Performance Logging
# su – sys
# EDITOR=vi; export EDITOR
# crontab –e
# The sys crontab should be used to do performance collection. See cron
# and performance manual pages for details on startup.
#
0 * * * 0-6 /usr/lib/sa/sa1
20,40 6-22 * * 1-5 /usr/lib/sa/sa1
5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A
推荐阅读
- 元气骑士如何快速得宝石
- SA118中文翻译 5 Solaris8入门教材
- 简单的绿幕抠像如何操作
- 平均利润是如何形成的
- 魅族PRO7如何装sim卡?魅族PRO7装sim卡注意事项
- solaris系统panics故障实例与解决
- 山药褐斑病如何防治
- 如何把现金存入银行卡
- 第四章:DNS客户端的设置 Solaris网络管理培训
- 1 Solaris的中文命令参考手册