The solaris security toolkit software is distributed in solaris os package format. Login as a root user before using dtconfig command. Oct 07, 2010 whether old dtlogin child processes are still running, but with parent process id 1, indicating that the dtlogin master process has crashed. As i am very familiar with redhat linux, it is simply edit etcinittab and change the inital runlevel to 3 to disable the desktopgui. Below procedure can be used to enable or disable automount debugging. If enhanced support facility comes with sparc enterprise ervers, install it. During a solaris 10 graphical installation the sbd network profile is. For more information, see using your assigned administrative rights in securing users and processes in oracle solaris 11. It is best to kill automount and restart it with the debug flags, so that you can see everything from the start. My problem is i still need to enable sftp for only few user and disable all other user. I assume need to completely disable cde and anything related with xwindows please put the command inline with the finding name common desktop environment dtlogin unspecified remote double free vulnerability cve20040368, bugtraqid9958. If the dtlogin1x program is killed, users will be unable to login on any sun ray devices.
Once youve decided exactly which pieces of the operating system you wish to. It also disables daemon mode, which redirects the information into the bitbucket. Solaris 7 wthout patch 107181 solaris 8 without patch 10892021 solaris 9 without patch 11421008 this issue may occur on systems running dtlogin 1x. Power management and interactive process priority control on solaris sparc. In order to enable your server to accept xdmcp connections you need to modify a few configuration files. This is an optional package not available with solaris 10 installation. Sunwsudou contains sudo binaries and documentation. Xming freeware which is an open source software and a solaris 10 machine.
You are saying this process goes to maintenance mode. Solaris 10 1009 zfs cache improvements larry wake in an interview by chhandomay mandal provides a good overview of the new features of solaris 10 1009 a. As the used machine is limited in resources, i need to disable the gui desktop to free unused resources. Thank you very much for posting this article which will help many systems administrators. Install the latest kernel patch or ensure that 14744004 or later was installed. Standard edition, standard edition one, and enterprise edition. How to disable openssl ciphers in solaris 10 and 11. If you do not have administrative privileges, or want to specify nondefault installation locations, download the generic installer instead, and run the script provided. Security vulnerability involving the common desktop. Bulk data throughput better zerocopy support ftp server faster by 30% sctp. Starting and stopping the aix common desktop environment. If you are using dtlogin other display managers may be affected, vnc viewer users cannot connect when the computer is at the login screen.
Enable disable ip forwarding in solaris 10 without reboot. Solaris 8 without patch 10891921 solaris 9 without patch 11280709 x86 platform. The initial solaris port only supports 64bit x86 systems. Posted by hongpingqiu unix administrator on jan 20 at 7. How to disable openssl ciphers on solaris 10 for security reasons. Jul 26, 20 these commands will work with the services administration in solaris 10 and solaris 11. If no graphical login access is required for local console users, sun ray devices, or remote xdmcp sessions, dtlogin 1x may be disabled completely by running the following command as root. These commands will work with the services administration in solaris 10 and solaris 11. How to enable or disable telnet in solaris 10 the geek diary. How to enabledisable automount debugging in solaris 10 and. This sun alert notification is being provided to you on an as is basis. Solaris starting and stopping dtlogin cde nixcraft.
You may find it more convenient to set up your system to start aix common desktop environment automatically when the system is turned on. Performing the above procedure will disable the following. Not sure about your question but to disable dtlogin run. Im using dtlogin with my sunray 2 and sunray server software 4. To switch to using gdm instead of dtlogin you can do the following. When i do a svcs i can see the cdelogin service, but x11server does not show up as a service, even if i do a svcs a.
Use this procedure to disable services that are not required on this system. Even sunoracle solaris 10 is pretty much relegated to legacy research systems these days. Sunwsudos contains source code of sudo installing sudo packages. On solaris 10, when the dtlogin smf patch is not installed, dtlogin which is turned on looks like this. Login into the system using ssh or rsh and check current telnet service status. Restart dtlogin if dtlogin is not responding then you can restart it using ssh. For most open source software you will ever need this site has. How to enable xdmcp on unix on most unixlinux distributions xdmcp is disabled by default. I have done a new installation of the 10 on a sparc and it went well. According to this blog post solaris 10 password history, solaris 10 implemented a new parameter history in etcdefaultpasswd. Oct 26, 20 automounter also has built in debugging, which can be used to examine exactly what the automounter is doing. How to disable unneeded services oracle solaris 11. Features removed from the solaris 10 operating system.
When the session is terminated, dtlogin resets the x server and optionally. The post below is a short howto on how to disable or enable telnet on solaris 10. For more information on security sun alerts, see sun 1009886. For that we need to use following method to fix it. For a listing of which ports need to be opened, please see what ports need to be opened for xdmcp. If you wish to print under solaris 9 or 10, perform the. Solaris 10 remote x11,xserver or cde login problem aziz. Even though the rexecrsh has been disabled and not running see below, one can still issue rsh command to get to the server. If you dont have a solaris setup to work,just install solaris as guest operating system on vmware workstations and get a hands on experience.
For security purposes, administrators may wish to disable telnet incoming connections on a solaris tm 10 or 11. For security purposes, administrators may wish to disable telnet incoming connections on a solaris 10 system. Apr 03, 2009 mohammed, if your solaris version is solaris 9, then the problem with xmanager closed immediately is a bug in solaris patch 11296062 solaris 9. Note since the usrdt directory structure differs between solaris releases and client workstations sparc directory structure differs for the intel directory structure, the client workstation must mount the appropriate nfs server usrdt image. But if youre still using solaris 9 and below, what century are you in. I have installed solaris 10 on t2000 sunfire server but i was not able to get the solaris 10 desktop using cygwin on windows xp. The dtlogin process contains a vulnerability that can be exploited to execute code with root privileges or create a denial of service dos condition.
Xdmcp general instructions file editing note also that firewall ports must be opened. May 10, 20 solaris 10 interview questions may 10, 20 by lingeswaran r 8 comments here is the basic solaris interview questions which are commonly asked in solaris l1 or l2 level 1 or l2 interviews. Anyone know how to disable the rexecrsh in solaris 10. The following procedure uses sparc platform as an example but the steps remain the same for x86 platform as well. To disable user login on a solaris 10 server oracle. Xsun1 and xprt1 ability to open unix domain sockets and named pipe transports in the protected tmp. Stack overflow for teams is a private, secure spot for you and your coworkers to find and share information. Does login using gnome or openwindows software if applicable work. To determine if dtlogin 1x is running on a system, use the ps command as shown below. Due to that if you try to connect to server over xdmcp using exceed on demand or something you wont get connection. I am trying to shutdown some rpc services on my solaris servers. Sun solaris 10 vulnerable solutions experts exchange. First download the solaris security software, and then install it on the server on which you are using the solaris security toolkit software. The sudo utility is composed of the following three packages.
I already configure vnc that works perfectly using the following procedure. The dtlogin process handles a gui login process to cde the dtlogin process contains a double free vulnerability. With respect to my work in filesystem caching strategies, this new solaris release introduces three excellent new features. Download the latest source package from sourceforge motif2. How to enable xdmcp on unix starnet knowledge database pc. How to enabledisable automount debugging in solaris 10. The ciphers listed by security team to disable are. Most unix operating systems use the common desktop environment cde to manage the window environment.
Keep in mind dtlogin and gdm are providing the same kind of service, and be conflicting on your system if enabled at the same time. Starting the login server solaris common desktop environment. To disable the login server from starting automatically when the system is booted. Automounter also has built in debugging, which can be used to examine exactly what the automounter is doing. Starting dtlogin if your solaris system boot to a shell prompt, you can start x dtlogin with following command. Mohammed, if your solaris version is solaris 9, then the problem with xmanager closed immediately is a bug in solaris patch 11296062 solaris 9. I have a server with unix solaris 10, with multipathing is configured, and i want to test it, however it is in different location, so i want to disable a single network interface, while sniffing the network traffic on the other one tyo make sure of the switch over, can please anyone guide how can i do so. Enabling xdmcp in solaris 10 gopi desaboyina solaris blogs. Security vulnerability in the xsun1 and xprt1 commands.
This sun alert notification may contain information provided by third parties. Solaris 10 enable solaris 10 automount debug output. If you wish to disable dtlogin, use dtconfig command. The best solaris download load on the web is undoubtably. In previous versions of solaris, these protocols can be disabled in the init. First download the solaris security software, and then install it on the server on which you are using the solaris. Permanently disable dtlogin if you wish to disable dtlogin, use dtconfig command. Find answers to disabling x server in solaris 10 from the expert community at experts exchange. Learn more how to stop syslog messages to write console on solaris. Our server is running solaris 10 305 kernel 11883336.
Solaris 10 dt login service not getting started automatically. Here is the basic solaris interview questions which are commonly asked in solaris l1 or l2 level 1 or l2 interviews. Dynamic tracing performance bottleneck buster breakthrough approach for tuning power tool for realtime analysis, diagnosis safe and comprehensive non invasive, little overhead, easy to use one view into both system and application level over 30,000 data monitoring points designed for live use on production systems no need to force failure, then do postmortem debug. How to install and configure sudo in solaris 10 sparc and. Can anybody give me a hint where to find a good manual for dtlogin or which files i.
You can do this through the webbased system manager fast path, wsm system, through the system management interface tool smit, or from a command line. Solaris operating system version 10 1 u11 and later information in this document applies to any platform. Enabling 2 gb large pages on solaris 10 oracle solaris blog. I have a solaris 10 box i recently put the latest recommended patch set on.
All software downloads are free, and most come with a developer license that allows you to use full versions of the products at no charge while developing and prototyping your applications, or for strictly selfeducational purposes. Would like to know the configuration file or command to disable those ciphers from server. Hi guys, first of all i would like to thank you for reading my post. Unless otherwise specified, our technical support organization will not provide technical support, phone support, or updates to you for the. Solaris 10 is secure by default and starts services on localhost instead of system name or all hosts. Sunwsudor contains configuration files, which are installed in etc directory. Using gdm instead of dtlogin on solaris 10 oracle solaris blog. We know dtlogin is the system process by default its automatically run whenever the server is up. December 2009 learn how and when to remove this template message.
This is still the default display manager for solaris 10 even though cde is no longer the default desktop. After installation i am unable to enter in to gui mode. Your article enabling xdmcp on solaris 10 has fixed our issue. The following asian short locale names are no longer listed in the dtlogin language list in the solaris software. How can i disable the nic in solaris 10 solutions experts. How to disable telnet, ftp and rloginrsh in solaris 10. Support for the protocol itself and the sockets api fully deployable ipv6 wanboot. Solaris administrators quick reference cheat sheet. I need to block all the unwanted ports, for this i have edited the etcservices. If your solaris system boot to a shell prompt, you can start xdtlogin with following.
The advantage is the change dynamic and realtime and the change persist across reboot unlike the ndd command. After a rebooted, i dont see any effect, i can see the ports are still listening. You can also go through the below interface questions on specific category. Now i want to customize the look an funcionality of the dtlogin. What i need to do for a scheduled reboot i need the machine to perform autologin with a specific user id to t. Vnc server and vnc viewer are included as separate installable packages. Disabling x server in solaris 10 solutions experts exchange. Oct 16, 20 enable direct root logins for solaris 10 october 16, 20 after fresh install of solaris os, you will not be able to login directly as root with putty as its disabled. How to enable xdmcp on unix starnet knowledge database. Depending on service requirements, disable xdmcp support in dtlogin. Solaris 10 remote x11,xserver or cde login problem azizs blog.
1164 46 542 648 712 686 1447 564 714 165 692 1531 694 879 609 673 1515 895 259 874 1105 1608 1341 643 210 1569 1523 556 903 1355 88 329 196 200 109 1686 1422 777 678 444 1197 254 282 95 626 55