[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20001116: Solaris x86 pathes applied to weather1

To: address@hidden
Subject: 20001116: Solaris x86 pathes applied to weather1
From: Tom Yoksas <address@hidden>
Date: Thu, 16 Nov 2000 15:09:14 -0700

>From: Unidata User Support <address@hidden>
>Organization: Unidata Program Center
>Keywords: Metro State Solaris x86 patch

Tony,

I tried to call, but you were not in your office when I did.

Mike Schmidt took a look at your machines and told me that you were over
a year behind on OS patches.  He thinks that the problems you are seeing
in logging out and then back into your machines may well be fixed by
upgrading to the current Sun patch levels.  To test this theory, we
installed the Sun recommended patches on weather1.  We did this by:

o creating the directory /usr/local/mcidas/patch on wxbox
o FTPing the current Sun recommended patch set to that directory
o logging in as root on weather1
o installing the patches
o rebooting

While at it, Mike recommended turning off some of the services in
/etc/inet/inetd.conf and installing TCP wrappers on other services.
So, we:

o made modifications to:

  /etc/inet/inetd.conf
  /etc/syslog.conf

o added the files (through FTP from a machine here at Unidata):

  /etc/hosts.allow
  /etc/hosts.deny
  /usr/sbin/tcpd

o and:

  touch /var/adm/tcpd.log

The original version of inetd.conf can be found in /etc/inet/inetd.conf.save.
You should compare this file with /etc/inet/inetd.conf to see what things
were changed.

Our recommendation is to run the weather1 for a few days and see if it
doesn't perform better than it used to.  If it does, the patches need
to be applied to the rest of the lab machines (weather2-4) and, perhaps,
wxbox itself (we didn't look too hard at it).  Also, the changes that
Mike made really tighten up security, so you should strongly consider
adopting them on all of your machines.

I think that we should chat about this a little, so I will try calling you
later today or tomorrow.

Tom
--
+-----------------------------------------------------------------------------+
* Tom Yoksas                                             UCAR Unidata Program *
* (303) 497-8642 (last resort)                                  P.O. Box 3000 *
* address@hidden                                   Boulder, CO 80307 *
* Unidata WWW Service                            http://www.unidata.ucar.edu/ *
+-----------------------------------------------------------------------------+

Prev by Date: 20001116: RedHat Linux used as an X-server (cont.)
Next by Date: 20001117: location of mcidas7.7 tar file
Previous by thread: 20001116: RedHat Linux used as an X-server (cont.)
Next by thread: 20001117: location of mcidas7.7 tar file
Index(es):
- Date
- Thread

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.