Solaris Profiles

Startup

1. Check ssh settings, if applicable.
2. To do
   If "unsecure" services like rsh, ftp, et al, are to be enabled, use at least tcp_wrappers, in /etc/inetd.conf:

   ftp     stream  tcp6    nowait  root    /opt/bin/tcpd       ftpd -l -u077
   shell   stream  tcp6    nowait  root    /opt/bin/tcpd       rshd
   telnet  stream  tcp6    nowait  root    /opt/bin/tcpd       telnetd -a
   login   stream  tcp6    nowait  root    /opt/bin/tcpd 
   

   where /opt/bin/tcpd is the actual TCP wrapper. In this case, root access from some machines may be allowed via /.rhosts: The general format is

   <machine>.<domain> root
   <machine>          root
   

   This list should be restricted to an absolute minimum, for admin purposes only.

Profiles

• /opt/sfw/etc/.kshrc for ksh customization, example.
• /opt/sfw/bin/.profile contains local machine specific definitions, e.g. PATH, LIBPATH, MANPATH, ENV, which are set for all ksh users at login time.
• /etc/profile will be executed during ksh login and should contain

  if [ -x /opt/sfw/bin/.profile ]
  then
    . /opt/sfw/bin/.profile
  fi
  

  to allow for local definitions at login time.
• Note that all stuff in /opt/bin/ must be world-readable and -executable.
• /etc/skel/local.profile is the default user profile (Solaris 10), adapt if necessary.
• I found it useful to change root's default shell to /bin/ksh/ in /etc/passwd/.