httpd.conf 설정에 아래 내용을 원하는 형태로 추가하면 된다.

*아파치 버젼만 표시
ServerTokens Minimal

*아파치만 표시
ServerTokens ProductOnly

*아파치 버젼과 OS 표시
ServerTokens OS

*관련 정보 모두 표시
ServerToekns Full

Posted by 호랭이~
리눅스를 주로 사용해 와서 내용상 리눅스와 비교하는 내용이 많은데,
리눅스에 iptables 가있다면 솔라리스에는 ipfilter 라는것이 있다.

솔라리스 설치후에 포트스캐닝을 했더니 설치옵션을 잘못 주었던 문제인지
telnet 도 열려있는것에 놀라 몇몇 보안상 문제되는 데몬들을 종료후에
ipfilter 에 설정해서 올려놨다.

ex) telnet 데몬 종료
#svcadm disable telnet

IP Filter 설정
##############################################################
/etc/ipf/ipf.conf
##############################################################
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
pass in quick on hme0 proto tcp from any to any port=22 keep state
pass in quick on hme0 proto udp from any to any port=22 keep state
block in quick all
pass out on hme0 proto tcp from any to any keep state
pass out on hme0 proto udp from any to any keep state
pass out on hme0 proto icmp from any to any keep state
##############################################################

*pass in 은 외부에서 내부로 들어오는 패킷에 대한 설정
*pass out 은 내부에서 외부로 나가는 패킷에 대한 설정

위 설정대로면 외부에서 내부로 들어오는 패킷중에 SSH (22번 tcp / udp) 를
제외하곤 모든 패킷에 대해서 접근을 제한시키는 설정이다.
또한 내부에서 외부로 나가는 패킷은 tcp / udp / icmp 모두 통과가 가능하게
해둔 설정이다.
자세하게 들어가면 조금더 옵션이 많이 있지만, 이 포스트에서는 일단 간단하게
특정 포트정도 열고 닫는 정도만 다루도록 하겠다.

설정을 저장하고 나왔으면 이제
#svcadm disable ipfilter
#svcadm enable ipfilter

요렇게 해주면 IP Filter(방화벽) 정책이 적용된다 
Posted by 호랭이~

지난 08년 여름 썬에서 썬스타들과 함께 하계 인턴프로그램에 참여하여 첫 출근했던날
부장님께 한가지 여쭤봤던 질문이 있었다. 지금 생각하면 앞뒤 다 자르고 여쭤봐서 좀 엉뚱했다는 생각이 든다.

"리눅스 쉘이랑 솔라리스 쉘이랑 왜 같은 bash 로 세팅했는데 다르죠?"

사실 리눅스는 99년 국내에 한참 배포판들이 보급될때부터 지금까지 쭉 사용해왔고
솔라리스는 06년도 여름방학때 아르바이트 했던 회사에서 그때 잠깐 사용했던 정도였다.
고로 사용자(혹은 개발자, 엔지니어 등)들이 직접 참여해서 편리함을 우선으로 만들어진 리눅스에
너무나도 익숙한 나머지 전통 환경에서 전혀 적응을 못해서 생긴 에피소드 였다.

갑자기 이번 겨울부터 뭔가 심심한나머지 장난감이 필요했었다.
그러던중 우연히 중고장터에서 저렴하게 구입한 Sun Ultra 10 머신을 구입하게 되었고,
요세들어 연구실에 앉아서 계속 요놈을 주물럭 거리게 되었다.

여튼... -_- 오늘따라 서론이 좀 길었는데...
결론은 지금부터 솔라리스 운영체제를 리눅스처럼? 환경을 개조시켜 볼것이다.
(주로 사용하는 배포판이 Centos 라 Centos 5.2 기준으로 개조시킬것이다.)

1. Solaris 10 다운로드
http://kr.sun.com/software/solaris/ 여기서 다운로드를 누르고 회원가입후 로그인해서 다운가능
현재 버젼은 Solaris 10 10/08 버젼이다.

2. Solaris 10 설치
이건 다른 블로그들 참조... (그렇게 어렵진 않아요...)

3. SSH 설정 - root 접근 허용 설정(개인적으로 root로 작업하는걸 좋아해서..)
#vi /etc/ssh/sshd_config
(132번줄) PermitRootLogin no -> PermitRootLogin yes
#svcadm disable ssh
#svcadm enable ssh

4. root 유저 기본 쉘 설정
#vi /etc/passwd
root:x:0:0:Super-User:/export/home/root:/usr/bin/bash <-각자 환경에 맞게 홈디렉토리나 등등 설정

5. Coreutils / vim 설치
http://www.sunfreeware.com 에서 자신에 CPU 타입에 맞게 린크 접속
coreutils-6.4-sol10-XXXXX-local.gz / vim-7.2-sol10-XXXX-local.gz 다운로드
및 서버에 업로드 (의존성 걸린 프로그램 있으면 전부 다운로드 및 업로드)

#gzip -d coreutils-6.4-sol10-XXXXX-local.gz
#pkgadd -d coreutils-6.4-sol10-XXXXX-local

#gzip -d vim-7.2-sol10-XXXX-local.gz
#pkgadd -d vim-7.2-sol10-XXXX-local


6. bash 관련 설정파일 생성
##################################################################
~/.bashrc
##################################################################
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
##################################################################


##################################################################
~/.bash_profile
##################################################################
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

MAIL=/usr/mail/${LOGNAME:?}
PATH=/usr/local/bin:/usr/ccs/bin:$PATH
export PATH
##################################################################


##################################################################
/etc/bashrc
##################################################################
if [ "$TERM" = "xterm" ]
then
        alias ls='/usr/local/bin/ls --color'
        alias grep='/usr/local/bin/grep --color'
        alias egrep='/usr/local/bin/egrep --color'
        alias vi='vim'
else
        alias ls='/usr/local/bin/ls'
        alias grep='/usr/local/bin/grep'
        alias egrep='/usr/local/bin/egrep'
fi
if [ "$PS1" ]; then
    if [ "x`tput kbs`" != "x" ]; then # We can't do this with "dumb" terminal
        stty erase `tput kbs`
    fi
    case $TERM in
        xterm*)
            PROMPT_COMMAND='echo -ne "\033]0;${USER}
@${HOSTNAME}: ${PWD}\007"'
            ;;
        vt100*)
            PROMPT_COMMAND='echo -ne "\033]0;${USER}
@${HOSTNAME}: ${PWD}\007"'
            ;;
        *)
            ;;
    esac
    PS1="[\u@\h \W]\\$ "

    if [ "x$SHLVL" != "x1" ]; then # We're not a login shell
        for i in /etc/profile.d/*.sh; do
            if [ -x $i ]; then
                . $i
            fi
        done
    fi
fi
##################################################################

7. vim 관련 설정
##################################################################
~/.vimrc 및 /etc/vimrc
##################################################################
if v:lang =~ "utf8$" || v:lang =~ "UTF-8$"
   set fileencodings=utf-8,latin1
endif

set nocompatible        " Use Vim defaults (much better!)
set bs=indent,eol,start         " allow backspacing over everything in insert mode
"set ai                 " always set autoindenting on
"set backup             " keep a backup file
set viminfo='20,\"50    " read/write a .viminfo file, don't store more
                        " than 50 lines of registers
set history=50          " keep 50 lines of command line history
set ruler               " show the cursor position all the time

" Only do this part when compiled with support for autocommands
if has("autocmd")
  " In text files, always limit the width of text to 78 characters
  autocmd BufRead *.txt set tw=78
  " When editing a file, always jump to the last cursor position
  autocmd BufReadPost *
  \ if line("'\"") > 0 && line ("'\"") <= line("$") |
  \   exe "normal! g'\"" |
  \ endif
endif

if has("cscope") && filereadable("/usr/bin/cscope")
   set csprg=/usr/bin/cscope
   set csto=0
   set cst
   set nocsverb
   " add any database in current directory
   if filereadable("cscope.out")
      cs add cscope.out
   " else add database pointed to by environment
   elseif $CSCOPE_DB != ""
      cs add $CSCOPE_DB
   endif
   set csverb
endif

" Switch syntax highlighting on, when the terminal has colors
" Also switch on highlighting the last used search pattern.
if &t_Co > 2 || has("gui_running")
  syntax on
  set hlsearch
endif

if &term=="xterm"
     set t_Co=8
     set t_Sb=^[[4%dm
     set t_Sf=^[[3%dm
endif
##################################################################

8. 설정이 새로운 유저에게도 적용되도록 설정파일 복사
#cp ~/.bashrc /etc/skel/.bashrc
#cp ~/.bash_profile /etc/skel/.bash_profile
#cp ~/.vimrc /etc/skel/.vimrc


위 설정에 <tab> 자동완성 및 vim 을 통하여 컬러설정 ls 시 컬러설정까지 포함되어있다.

사실 솔라리스만 딱 깔고났을때는 너무나 익숙했던 것들이 전부 달라서....
쉘상에서 화살표키를 사용할때나 vi 에서 키이동이나.. 등등... 그게 너무 불편했기에....

이제 새롭게 터미널을 접속해보면... 짜잔~ 거의 흡사하게 리눅스시스템과 비슷하다고
느낄수 있을것이다..^^

p.s. history 체크하면서 올린거라... 혹시 빠진 내용이 있을 수 있으나
중간중간 빠진부분은 체크해서 업데이트 하겠습니다.

Posted by 호랭이~

LINUX
SOLARIS
Root filesystem
/                  {/dev/sda1}
/  {/dev/vx/dsk/rootvol}
Home Directory
 
/export/home
       /dev/vx/dsk/home}
 
 
/tmp 
    /dev/vx/dsk/swapvol}
 
 
/usr 
 
 
/var
Sample configuration files
 
 
LINUX
Solaris
Password files
/etc/passwd
/etc/shadow
/etc/passwd 
/etc/shadow
Groups file
/etc/group
/etc/group
Maximum # of user ID
65535
2147483647
Allow/Deny remote login
/etc/securetty
{ttyp1}
/etc/default/login
{CONSOLE=/dev/console}
User nobody's id #
99
60001 & 65534(nobody4)
Group nobody's id #
99
60002 & 65534(nogroup)
Recover root password
linux S
vi /etc/shadow
boot cdrom -s
mount /dev/c0t0d0s0 /mnt
vi /mnt/etc/shadow
Create new user
useradd
useradd
Delete user
userdel
userdel
List users
 
logins
Modify user account
usermod
usermod
LINUX
Solaris
Unique host ID
hostid
hostid
Administrator
linuxconf
admintool
Performance monitor
top
top
System activity reporter
 
sar
Virtual Memory statistics
vmstat
vmstat
I/O statistics
 
iostat
Error logs
dmesg 
dmesg
Physical RAM
64 GB {>2.3.24}
16TB
Shared Memory
sysctl kernel.shmmax
 
Process Data Space
900 MB 
 
Swap device
/dev/sda2
/dev/vx/dsk/swapvol
Swap file type
partition type 82 
swap
Display swap size
free
swap -l
Activate Swap
swapon -a
swap -a
LINUX
Solaris
Printer Queues
/var/spool/lpd/lp/*
/etc/lp/interfaces/*
Stop LP 
/etc/init.d/lpd stop
/usr/lib/lp/lpshut
Start LP
/etc/init.d/lpd start
/usr/lib/lp/lpsched
Submit print jobs
lpr
lp
lpr
LP statistics
lpq
lpstat
Remove print jobs
lprm
cancel
lprm
Add printer queue
printtool
lpadmin -p pq
Remove Printer queue
 
lpadmin -x pq
Make default printer
 
lpadmin -d pq
LINUX
Solaris
Network IP configuration
/etc/sysconfig/network-scripts/ 
/etc/hostname.*
/etc/inet/*
/etc/defaultrouter
Hosts IP addresses
/etc/hosts
/etc/inet/hosts
Name service switch
/etc/nsswitch.conf
/etc/nsswitch.conf
Network parameters
sysctl -a | grep net
ndd /dev/[tcp|ip] ?
Routing daemon
routed
in.routed
NIC Configurations
ifconfig -a
ifconfig -a
Secondary IP Address
modprobe ip_alias
ifconfig eth0:1 IP
ifconfig hme0:1 IP up
Login prompt
/etc/issue
BANNER @
/etc/default/telnetd
Increase the # of pseudo-terminals
cd /dev
./MAKEDEV -v pty
{/etc/system}
set pt_cnt = #   {SYSV}
set npty = #      {BSD}

{/etc/iu.ap}
ptsl 0 # ldterm ttcompat

halt
boot -r

Maximum # of ptys
256
176                {BSD}
3000              {SYSV}
Remote Shell
rsh
rsh
YP/NIS service binder
/sbin/ypbind
/usr/lib/netsvc/yp/ypbind
LINUX
Solaris
NFS exported
/etc/exports
/etc/dfs/dfstab
/etc/dfs/sharetab
NFS Client mounted directories
/var/lib/nfs/xtab
/etc/rmtab
Max File System
2 TB 
1 TB
Max File Size
2 GB     {512B block size} 
8192 GB  {8KB block size} 
1 TB
Max # File Descriptors
sysctl fs.file-max
64 K
LINUX
SOLARIS
Filesystem table
/etc/fstab
/etc/vfstab
Free disk blocks
df -k
df -k
Device listing
cat /proc/devices
sysdef
Disk information
cat /proc/scsi/scsi0/sda/model
format -d c#t#d#
format>current
format>inquiry
Disk Label
fdisk -l
prtvtoc
LVM Concepts
logical extents
sub disk
 
logical volume
Volume
 
 
Plex
 
volume group
disk group
Journal Filesystem type
ext2
vxfs
Default volume group
 
/dev/vx/dsk/rootdg
Display volume group
vgdisplay -v
vxprint -l -g rootdg
Modify physical volume
pvchange
 
Prepare physical disk
pvcreate
vxdiskadd
List physical volume
pvdisplay
vxprint -dl
Remove disk from volume group
vgreduce
vxdg rmdisk
Move logical volumes to another physical volumes
pvmove
vxassist move
Create volume group
vgcreate
vxdg init
Remove volume group
vgremove
 
Volume group availability
vgchange
 
Restore volume group
vgcfgrestore
 
Exports volume group
vgexport
vxdg deport
Imports volume group
vgimport
vxdg import
Volume group listing
vgscan
 
Change logical volume characteristics 
lvchange 
vxedit set
List logical volume
lvdisplay
vxprint -vl
Make logical volume
lvcreate
vxassist make
Extend logical volume
lvextend
vxassist growto
Reduce logical volume
lvreduce
vxassist shrinkto
Remove logical volume
lvremove
vxedit rm
Prepare boot volumes
lilo
vxbootsetup
Remove boot volumes
 
 
Extend File system
resize2fs
vxva
mkfs -M
Reduce/Split mirrors
lvsplit
 
Merge mirrors
lvmerge
 
Create mirrors
 
vxassist mirror
Add mirrors
 
 
Create striped volumes
lvcreate -i 3 -I 64
vxassist make vol 100mb layout=raid5
System recovery tape
 
 
Backup
tar cvf /dev/rst0 /
ufsdump
Restore
tar xvf /dev/rst0 
ufsrestore
LINUX
SOLARIS
Startup script
/etc/rc.d/rc
/sbin/init.d
Kernel
/boot/vmlinuz
/kernel/genunix
Kernel Parameters
sysctl -a
sysdef- i
Reconfigure the kernel
cd /usr/src/linux 
make mrproper 
make menuconfig 
make dep 
make clean 
make bzimage
make install

make modules
make modules_install
 

vi /etc/system
reboot
List modules
lsmod
modinfo
Load module
insmod
modload
Unload module
rmmod
modunload
Initialize system
netconf
sys-unconfig
Physical RAM
free
prtconf
Kernel Bits
getconf WORD_BIT
isainfo -kv
Crash utility
 
crash
Machine model
uname -m
uname -imp
OS Level
uname -r
uname -r
Run Level
runlevel
who -r
Core dump files
 
/var/crash/`uname -n`
Boot single user
linux S
ok boot -s
Maintenance mode
 
ok boot -as
Interrupt Key
 
Stop-A
Return to console
 
ok go
LINUX
SOLARIS
Install Software
rpm -i package
pkgadd
Uninstall software
rpm -e package
pkgrm
List installed software
rpm -qa
pkginfo
Verify installed software
rpm -V package
pkginfo -i
pkginfo -p
List all files
rpm -ql package
pkgchk -l package
List installed patches
 
patchadd -p
Package owner
rpm -qf file
pkgchk -l -p path
SW Directory
/var/lib/rpm
/var/sadm
LINUX
SOLARIS
Devices
/dev
/devices
Install devices for attached peripherals
/dev/MAKEDEV
drvconfig
devlinks
disks
tapes
ports
Remove device
 
rem_drv
Device drivers
 
prtconf -D
CPU
 
psrinfo -v
List Terminal
 
pmadm -l
Diagnostics
 
/usr/platform/`uname -m`/
sbin/prtdiag
ok test-all
/opt/SUNWvts/bin/sunvts
Whole Disk
/dev/sda
/dev/c#t#d0s2
CDROM
/dev/cdrom
/dev/dsk/c#t6d0s2
CDROM file type
iso9660
hsfs
Rewinding tape drive
/dev/rst0               { c 9 0}
/dev/rmt/0
Non-rewinding tape drive
/dev/nrst0           { c 9 128 }
/dev/rmt/0n
Floppy drive
/dev/fd0
/dev/diskette
LINUX
SOLARIS
FAQ
Online Manual
Technical Support
Phone Number
1-888-REDHAT1
1-800-USA-4SUN
Free Software
Certification

Posted by 호랭이~
TAG Linux, Solaris
TCP     0       Reserved
TCP     1       Port Service Multiplexer
TCP     2       Management Utility
TCP     3       Compression Process
TCP     4       Unassigned
TCP     5       Remote Job Entry
TCP     6       Unassigned
TCP     7       Echo
TCP     8       Unassigned
TCP     9       Discard
TCP     10      Unassigned
TCP     11      Active Users
TCP     12      Unassigned
TCP     13      Daytime (RFC 867)
TCP     14      Unassigned
TCP     15      Unassigned [was netstat]
TCP     16      Unassigned
TCP     17      Quote of the Day
TCP     18      Message Send Protocol
TCP     19      Character Generator
TCP     20      File Transfer [Default Data]
TCP     21      File Transfer [Control]
TCP     22      SSH Remote Login Protocol
TCP     23      Telnet
TCP     24      any private mail system
TCP     25      Simple Mail Transfer
TCP     26      Unassigned
TCP     27      NSW User System FE
TCP     28      Unassigned
TCP     29      MSG ICP
TCP     30      Unassigned
TCP     31      MSG Authentication
TCP     32      Unassigned
TCP     33      Display Support Protocol
TCP     34      Unassigned
TCP     35      any private printer server
TCP     36      Unassigned
TCP     37      Time
TCP     38      Route Access Protocol
TCP     39      Resource Location Protocol
TCP     40      Unassigned
TCP     41      Graphics
TCP     42      Host Name Server
TCP     43      WhoIs
TCP     44      MPM FLAGS Protocol
TCP     45      Message Processing Module [recv]
TCP     46      MPM [default send]
TCP     47      NI FTP
TCP     48      Digital Audit Daemon
TCP     49      Login Host Protocol (TACACS)
TCP     50      Remote Mail Checking Protocol
TCP     51      IMP Logical Address Maintenance
TCP     52      XNS Time Protocol
TCP     53      Domain Name Server
TCP     54      XNS Clearinghouse
TCP     55      ISI Graphics Language
TCP     56      XNS Authentication
TCP     57      any private terminal access
TCP     58      XNS Mail
TCP     59      any private file service
TCP     60      Unassigned
TCP     61      NI MAIL
TCP     62      ACA Services
TCP     63      whois++
TCP     64      Communications Integrator (CI)
TCP     65      TACACS-Database Service
TCP     66      Oracle SQL*NET
TCP     67      Bootstrap Protocol Server
TCP     68      Bootstrap Protocol Client
TCP     69      Trivial File Transfer
TCP     70      Gopher
TCP     71      Remote Job Service
TCP     72      Remote Job Service
TCP     73      Remote Job Service
TCP     74      Remote Job Service
TCP     75      any private dial out service
TCP     76      Distributed External Object Store
TCP     77      any private RJE service
TCP     78      vettcp
TCP     79      Finger
TCP     80      World Wide Web HTTP
TCP     81      HOSTS2 Name Server
TCP     82      XFER Utility
TCP     83      MIT ML Device
TCP     84      Common Trace Facility
TCP     85      MIT ML Device
TCP     86      Micro Focus Cobol
TCP     87      any private terminal link
TCP     88      Kerberos
TCP     89      SU/MIT Telnet Gateway
TCP     90      DNSIX Securit Attribute Token Map
TCP     91      MIT Dover Spooler
TCP     92      Network Printing Protocol
TCP     93      Device Control Protocol
TCP     94      Tivoli Object Dispatcher
TCP     95      SUPDUP
TCP     96      DIXIE Protocol Specification
TCP     97      Swift Remote Virtural File Protocol
TCP     98      TAC News
TCP     99      Metagram Relay
TCP     100     [unauthorized use]

더보기


Posted by 호랭이~