模板
教程
环境
性能
功能
管理
solaris 如何将某一服务重启 停止
发表于:2007-06-09来源:作者:点击数:
标签:
比如cvs,ftp,telnet等等~! lwsin 回复于:2003-01-16 16:38:47 停rlogin vi/etc/inetd.conf reboot alejin 回复于:2003-01-16 16:43:06 vi/etc/inetd.conf then #telnetstreamtcpnowaitroot..... pkill-HUPinetd walt 回复于:2003-01-16 16:43:16 只有
比如cvs,ftp,telnet 等等~!
| lwsin 回复于:2003-01-16 16:38:47 |
| 停rlogin
vi /etc/inetd.conf reboot |
| alejin 回复于:2003-01-16 16:43:06 |
| vi /etc/inetd.conf
then #telnet stream tcp nowait root ..... pkill -HUP inetd |
| walt 回复于:2003-01-16 16:43:16 |
| 只有重启吗?
ps -ef | grep inetd kill -HUP ip 这样为什么没效果? |
| alejin 回复于:2003-01-16 16:47:57 |
| 应该用pkill |
| 大漠孤烟 回复于:2003-01-16 16:48:34 |
| 1.Disabled Volume Management
# cd /etc/rc2.d # mv S92volmgt s92volmgt After this configuration, CD-ROMs will not be automatically mounted. To manually mount a CD-ROM use: # mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /mnt 2.Disabled Dtlogin Dtlogin is disabled if the server is not intended to run the Common Desktop Environment (CDE) or GUIs. # cd /etc/rc2.d # mv S99dtlogin s99dtlogin 3.Disabled Printing # /usr/lib/lpshut # cd /etc/rc2.d # mv S80lp s80lp 4.Disabled RPC RPC is disabled if the server is not intended to run CDE. To determine what is using rcp, use “rpcinfo –p”. # cd /etc/rc2.d # mv /etc/rc2.d/S71rpc /etc/rc2.d/s71rpc 5.Disabled the NFS Client # /etc/init.d/nfs.client stop # cd /etc/rc2.d # mv S73nfs.client s73nfs.client 6.Disabled the NFS Server # /etc/init.d/nfs.server stop # cd /etc/rc3.d # mv S15nfs.server s15nfs.server 7.Disabled UUCP # cd /etc/rc2.d # mv S70uucp s70uucp 8.Disabled the LDAP Client # cd /etc/rc2.d # mv S71ldap.client s71ldap.client 9.Disabled the Auto Mounter # /etc/init.d/autofs stop # cd /etc/rc2.d # mv S74autofs s74autofs 10.Disabled the Network Time Daemon # /etc/init.d/xntpd stop # cd /etc/rc2.d # mv S74xntpd s74xntpd 11.Disabled the Logical Link Control Driver # cd /etc/rc2.d # ./S40llc2 stop # mv S40llc2 s40llc2 12.Disabled Auto Install # cd /etc/rc2.d # mv S72autoinstall s72autoinstall 13.Disabled Cachefs Daemon # cd /etc/rc2.d # mv S73cachefs.daemon s73cachefs.daemon 14.Disabled Asynchronous PPP Daemon # cd /etc/rc2.d # mv S47pppd s47pppd 15.Disabled cacheos.finish Script # cd /etc/rc2.d # mv S93cacheos.finish s93cacheos.finish 16.Disabled Preservation of Files Killed by Vi # cd /etc/rc2.d # mv S80PRESERVE s80PRESERVE 17.Disabled Power Management # cd /etc/rc2.d # mv S85power s85power 18.Disabled Flash Prom Update # cd /etc/rc2.d # mv S75flashprom s75flashprom Before attempting to update the eeprom, temporally enable this script. 19.Disabled “Buttons n Dials-Setup” # cd /etc/rc2.d # mv S89bdconfig s89bdconfig 20.Disabled Spc # cd /etc/rc2.d # mv S80spc s80spc 21.Disabled Sun Management Center # cd /etc/rc2.d # mv S90wbem s90wbem 22.Disabled Network Cache and Aclearcase/" target="_blank" >ccelerator # cd /etc/rc2.d # mv S94ncalogd s94ncalogd # mv S95ncad s95ncad Used to increase web server performance 23.Disabled Mobile IP Agent # cd /etc/rc3.d # mv S80mipagent s80mipagent 24.Disabled SNMP # cd /etc/rc3.d # /usr/bin/pkill -9 -x -u 0 '(snmpdx|snmpv2d|mibiisa)' # mv S76snmpdx s76snmpdx 25.Disabled Apache # cd /etc/rc3.d # mv S50apache s50apache 26.Disabled DMI # cd /etc/rc3.d # /usr/bin/pkill -9 -x -u 0 '(snmpXdmid|dmispd)' # mv S77dmi s77dmi 27.Disabled the Sendmail Daemon The system continues to send mail out. It does not receive mail in to the server. This eliminates a significant security vulnerability. # /etc/init.d/sendmail stop Prevented sendmail from starting at boot: # cd /etc/rc2.d # mv S88sendmail s88sendmail Ensured the sendmail queue is cleaned out: # crontab –e # The Sendmail daemon is not running - This tells it to send mail out 05,20,35,50 * * * * /usr/lib/sendmail –q 28.Disabled Multicasting Multicasting is typically used for clustering. Ensure that it is not required by an application. # vi /etc/init.d/inetsvc # # Add a static route for multicast packets out our default interface. # The default interface is the interface that corresponds to the node name. # #mcastif=`/sbin/dhcpinfo Yiaddr` # #if [ $? -ne 0 ]; then # mcastif=`uname -n` #fi # #echo "Setting default interface for multicast: \c" #/usr/sbin/route add -interface -netmask "240.0.0.0" "224.0.0.0" "$mcastif" 29.Disabled the Serial Port Listeners This configuration can be accomplished unless there is a modem or console terminal attached to the system. # vi /etc/inittab Remove the line with “/usr/lib/saf/sac -t 300” # chown root:sys /etc/inittab # chmod 644 /etc/inittab |
| 大漠孤烟 回复于:2003-01-16 17:07:19 |
| 1.Added Warning Banners
These configurations replace the operating system version with a warning banner displayed during the login process. Login: # vi /etc/motd (replaced operating system version with a warning banner) Property of Company WARNING: To protect systems from unauthorized use and to ensure that the system is functioning properly, activities on this system are monitored and recorded and subject to audit. Use of this system is expressed consent to such monitoring and recording. Any unauthorized access or use of this system is prohibited and could be subject to criminal and civil penalties. # cp /etc/motd /etc/issue Telnet: # vi /etc/default/telnetd UMASK=022 BANNER="" # chown root:sys /etc/default/telnetd # chmod 444 /etc/default/telnetd FTP: # vi /etc/default/ftpd UMASK=022 BANNER=`cat /etc/motd` # chown root:sys /etc/default/ftpd # chmod 444 /etc/default/ftpd 2.Enabled Logging of the su Command This configuration logs both success and failure of su command usage. NOTE: This configuration is required by the root login notification script (below). # vi /etc/default/su SULOG=/var/adm/sulog (uncommented) # cd /var/adm # touch sulog # chgrp sys sulog # chmod 600 sulog 3.Enabled AUTH Logging The auth facility controls account access with login, su, etc. # vi /etc/syslog.conf auth.info /var/log/authlog auth.notice /var/log/authlog NOTE: The entries must be separated by tabs. # /etc/init.d/syslog stop # /etc/init.d/syslog start 4.Enabled Logging of Unsuccessful Login Attempts The loginlog file records consecutive failed login attempts. # cd /var/adm # touch loginlog # chgrp sys loginlog # chmod 600 loginlog 5.Enabled Logging of Successful Logins # cd /var/log # touch logins # chgrp sys logins # chmod 600 logins # vi /etc/syslog.conf # log successful logins local0.info /var/log/logins NOTE: The entries must be separated by tabs. # /etc/init.d/syslog stop # /etc/init.d/syslog start Added the following entry to /etc/profile and /etc/.login: logger -p local0.info "User $LOGNAME has logged in" 6.Enabled Logging of CDE Login Attempts # vi /etc/pam.conf Added the word “debug” after the account management entries # # Account management # login account required /usr/lib/security/$ISA/pam_unix.so.1 debug dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 debug # vi /etc/syslog.conf Added “;auth.debug;user.debug” to the line that logs successful logins # log successful logins local0.info;auth.debug;user.debug /var/log/logins NOTE: The entries must be separated by tabs. # /etc/init.d/syslog stop # /etc/init.d/syslog start 7.Enabled Performance Logging # su – sys # EDITOR=vi; export EDITOR # crontab –e # The sys crontab should be used to do performance collection. See cron # and performance manual pages for details on startup. # 0 * * * 0-6 /usr/lib/sa/sa1 20,40 6-22 * * 1-5 /usr/lib/sa/sa1 5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A |
| Ice 回复于:2003-01-16 17:13:21 |
| 谢谢!呵呵,估计老大 大漠孤烟 整理了很久了,收下了:)
建议老大加入精华区!!!!!!!!!!!!!!!!!!! |
| asi 回复于:2003-01-16 17:16:30 |
| 好DD THANKS |
| walt 回复于:2003-01-16 17:19:26 |
| 好东东 收咯 ~~! |
| 大漠孤烟 回复于:2003-01-16 17:21:27 |
| 大家互相学习嘛:) |
| johnyou 回复于:2003-01-16 17:32:57 |
| kill -HUP pid -- restart the process with pid
kill -9 pid -- kill the process with pid or pkill -HUP process name pkill -9 process name example: pkill -HUP intetd |
| walt 回复于:2003-01-16 17:38:43 |
| 不过 我遇到的难题是cvs ,一个solaris内置的服务 ,我只知道
要将他们放在/etc/services 下,确不知如何启动 ,停止, 各位有办法吗? |
| zlgod 回复于:2003-01-16 20:10:14 |
| 共同努力,共同探讨,共同进步 |
| 大漠孤烟 回复于:2003-01-17 09:57:29 |
| 我找了一个《VersionManagement with CVS for 1.11.2》,就是cvs的handbook,不过是全英文的,慢慢看吧,我给你发到你的Email了:),还有谁要的留下Email ~~ |
| 大漠孤烟 回复于:2003-01-17 10:04:10 |
| cvs的配置和使用
cvs是一种版本控制系统,它不同于一般的版本控制系统,它可以实现版本的并发管理,即可已有多个用 户同时改动同一个文件而不会互相影响,然后不同的用户将它们各自修改的文件提交到cvs服务器上,有 cvs来进行文件之间的比较,进而把这些不同的部分按照某种算法进行合并形成一个新的版本。 cvs服务器一般架设在unix系统上,虽然也有可以在Windows上运行的服务器版本,但是其性能表现远不如 在unix上面表现的好, 但是cvs的客户端在Windows下却可以工作的很好。我在这里讲简单地介绍一下在 Linux下配制cvs服务,以及在Windows下客户端的设置情况。 首先我们先说一下如何在Linux上设置cvs服务,绝大多数的Linux发行拌种都包含了cvs,如果你的发行版 本中没有或者你向是用最新的cvs版本,你可以到http://www.cvshome.org去取得最新的服务器版本,这 里讲述的是以1.10版为基础的, 它应该适合更新的版本. 如果你是从http://www.cvshome.org上的到的.tar.gz形式的源代码版本,参照源代码中的相关的说明文 件,安装指导来编译程序,然后进行安装,如果你是用Linux发行版中的cvs包进行安装,执行相应的包管 理工具。比如在Redhat中你可以是用下面的命令来安装cvs. rpm -ivh cvs-1.10.8-3.i386.rpm 在安装完成后,我们就可以进行相应的配置。一般cvs是用pserver的认证方式作为一种服务在Linux上运 行,先要确定系统里/etc/services文件有cvs服务的入口,一般得有以下两行: cvspserver 2401/tcp # cvs client/server operations cvspserver 2401/udp # cvs client/server operations cvs服务是通过inetd或者是xinetd来启动的。对于inetd,修改/etc/inetd.conf,添加以下的句子: cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/cvsroot pserver 由于在较新的Linux发行版(如:RedHat7.x)中都是用新xinetd代替了inetd,要用xinetd来启动cvs服务 你需要进入到/etc/xinetd.d/目录,然后编辑一个文本文件(名字随意),这里是用cvspserver作为文件 名,这个文件的内容如下所示: service cvspserver { socket_type = stream wait = no user = root env = HOME= server = /usr/bin/cvs server_args = --allow-root=/cvsroot pserver } 注意上面的service后面的名称一定要和你在/etc/service文件中的cvs服务名称一样,在server_args行 我们指定了cvs使用pserver认证方式,可能容易产生误解的是env = HOME=这一行,添加这一行的目的就 是为了解决在执行一些cvs操作时产生的读取/root/.cvsignore文件的错误,上面env那行的意思就是在 运行cvs服务的时候将环境变量HOME置空,这样虽然执行cvs的用户是root,但是由于没有了HOME这个环境 变量,所以cvs就不会在去读取/root/.cvsignore文件了。 到这里我们就配置完了cvs的启动所需要的文件,但是要使cvs正常运行还需要对需要使用cvs的用户进行 设置,下面是我在配置cvs是使用的方法。首先建立一个用户组cvs,可以使用groupadd或者addgroup命名 ,也可以直接编辑/etc/group文件添加这个组,然后添加一个用户cvsroot, 然后修改/etc/passwd文件 使cvsroot用户的缺省组是cvs组,而不是cvsroot组。建立/cvsroot目录,然后修改/cvsroot的属主及属 性: #chown cvsroot.cvs /cvsroot #chmod 755 /cvsroot (原文这里是771,但是我们要配置cvsweb.cgi,下面再谈)。 对cvs进行初始化:cvs -d /cvsroot init 这样cvs服务器就可以使用了,用cvs -d :pserver:cvsroot@host:/cvsroot login登陆,输入cvsroot用 户在服务器上的口令,没有出现错误提示就表示成功了。 下面讲述Windows下客户端的配置,我只会用wincvs,觉得很不错,不用记那些繁琐对命令:)可以从 http://www.cvshome.org找到相应的下载地址,在linuxforum也有下载,3M多一点。启动wincvs在Admin 菜单中选择preferences然后在global页中设置CVSROOT,就是:pserver:cvsroot@host:/cvsroot。在认 证方式中选择passwd file on the cvs server, 在下面的版本号中选择合适的版本,执行Admin菜单中 的login,在提示框输入口令,如果Output窗口出现以下提示: *****CVS exited normally with code 0***** 就表示我们现在可以在Windows下使用cvs服务了。我开始不知道成功了,还满大街的问wincvs怎么了:( 英文好就看wincvs自带的帮助文挡,我也推荐两个文档:) wincvs.pdf winhtml.zip 特别是这个pdf文档确实不错,还是中文的:) 如果你想在网页里给大家显示你的项目,那么cvsweb是一个不错的选择。这是一个perl程序,可以到以下 地址找到最新版: http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi 现在的版本是1.93,记得要用新版,1.8以下有一个小小的漏洞,可以到绿盟查一查。 由于是cgi程序,是以nobody用户执行的,所以/cvsroot的属性要设成775。开始我按章照搬,把属性改成 771,结果项目的目录就是不出来,埋葬了半天的青春:(还有记得把/cvsroot/CVSROOT/history的属性 改成666。cvsweb.conf里%CVSROOT数组的Configuration设成/cvsroot,就是cvs仓库的路径不要那个长长 CVSROOT变量。这些其实在它的说明文档和程序注释里都讲到了,只是这个世界是懒人的世界:) 一切都阳春白雪,可以埋头写程序了?只是cvs还有一个小小的DoS漏洞要跟大家说一下:( 每个cvs的操作过程会以操作用户的身份在/tmp下临时建一个锁定了的目录cvs_servPID,这时如果有人建 了大量的同类文件就会使cvs的操作出错,会提示: cannot change permissions on temporary directory Operation not permitted 下面是测试的perl程序: #!/usr/bin/perl #$min和$max的值根据实际情况修改 $min=400; $max=4000; for ($x=$min;$x<=$max;$x++) { open CVSTMP, ">>/tmp/cvs-serv$x" or die "/tmp/cvs-serv$x: $!"; chmod 0600, "/tmp/cvs-serv$x"; close CVSTMP; } 解决方法: 使用server.c中的mktemp(3)函数或者其它任何可以产生唯一文件名的方法。在/tmp/目录所在的分区使 用空间配额也能解决部分问题。 主要还是扎紧篱笆,莫让别人闯进来,这毕竟是一个local的问题。 还可以去http://www.cvshome.org/docs/manual/cvs.html看看 |
| wdongtao 回复于:2003-01-17 13:05:46 |
| [quote:b668cac7eb="大漠孤烟"]我找了一个《VersionManagement with CVS for 1.11.2》,就是cvs的handbook,不过是全英文的,慢慢看吧,我给你发到你的Email了:),还有谁要的留下Email ~~[/quote:b668cac7eb]
能给我一份吗?谢谢你了! wdongtao@163.net |
| 深圳菜鸟 回复于:2003-01-17 13:11:29 |
| 在/etc/init.d 里把服务restart 就可以了 |
| littletiger 回复于:2003-01-17 13:51:41 |
| xhz@cuug.com 谢谢 |
| sunnychxx 回复于:2003-01-17 14:10:03 |
| sunny@chinamail.com.cn
谢谢 |
| 蓝冰 回复于:2003-01-17 14:25:37 |
| 收藏! |
| figure 回复于:2003-01-17 14:54:16 |
| 我也要:zilai21@163.com
谢谢先!! |
| 大漠孤烟 回复于:2003-01-17 15:53:16 |
| [quote:3370375ded="figure"]我也要:zilai21@163.com
谢谢先!![/quote:3370375ded] 你的mail好象有问题,老师发送失败~~~ |
| alejin 回复于:2003-01-17 16:09:23 |
| [quote:18824666df="大漠孤烟"]我找了一个《VersionManagement with CVS for 1.11.2》,就是cvs的handbook,不过是全英文的,慢慢看吧,我给你发到你的Email了:),还有谁要的留下Email ~~[/quote:18824666df]
俺也要laowu99@sina.com |
| U-571风暴 回复于:2003-01-17 16:14:04 |
| 我也要penghua3745363@163.com |
| 大漠孤烟 回复于:2003-01-18 11:21:58 |
| [quote:ac92ac69d5="alejin"]
俺也要laowu99@sina.com[/quote:ac92ac69d5] 你的邮箱有问题,邮件被返回了,要的话在给我个mail~ |
| twinkleolive 回复于:2003-03-15 10:01:33 |
| 不过上面的东西刚好是一本书里面的内容,大概叫**documents about solaris,根本就不用整理,不过感谢x楼的朋友贴出来了! |
| yjmyb 回复于:2003-03-15 11:11:27 |
| 偶也要!谢谢老大!
cyber_yb@yahoo.com.cn |
| hrcxf 回复于:2003-03-15 14:25:59 |
| 我想要一份
xufengcao@jutone.com |
| Philmoon 回复于:2003-03-15 17:59:56 |
| [quote:dd59ac8878="walt"]不过 我遇到的难题是cvs ,一个solaris内置的服务 ,我只知道
要将他们放在/etc/services 下,确不知如何启动 ,停止, 各位有办法吗?[/quote:dd59ac8878] service和inetd.conf中都要有的。 |
| cuiy 回复于:2003-03-19 19:56:59 |
| 不知道我来晚了吗?
cuiy@vip.sina.com 谢谢 |
| havelq 回复于:2003-03-19 20:03:17 |
| 给我一份吧
ceba2000@163.net |
| feng4321 回复于:2003-03-24 09:15:49 |
| 谢谢了 |
| westering 回复于:2003-04-01 14:53:51 |
| 我要westering@sina.com |
| eCos 回复于:2003-04-15 17:37:45 |
| savi@netease.com
多谢! |
| machine 回复于:2004-09-27 15:59:26 |
| 我还是没看明白能讲的再详细点吗 |
| dhbill 回复于:2004-10-16 19:30:46 |
| pkill -HUP inetd就可以重启了 |
| Benajmin 回复于:2004-10-17 01:52:41 |
| Hi, Expert,
Can you send me《VersionManagement with CVS for 1.11.2》too? My email: benlu369@yahoo.com. Thanks. |
