Upload
ronaldlopes007
View
72
Download
3
Embed Size (px)
Citation preview
SolarisTM AdministrationBest Practices
University System of Georgia32nd Annual Computing Conference
October 23, 2003
W. Todd Watson - [email protected] of Information and Instructional Technology
Board of Regents of the University System of Georgia
SolarisTM AdministrationBest Practices
Best Practices
In the context of System Administration -
“Recognized methods or procedures adopted to pro-mote reliable, secure, and maintainable
systems”
2
SolarisTM AdministrationBest Practices
Goals
● User and Account management● Patches and Bug fixes● Logging● Secure Shell and other services● Disk Mirroring● Disaster recovery● System Backups
3
SolarisTM AdministrationBest Practices
Target Audience
●New administrators●Part-time administrators●New SolarisTM administrators●Department supervisors
4
SolarisTM AdministrationBest Practices
User and account management
● Consistency in account names● Consistent location for home directories● Use of “good” passwords● Password aging● Expiration of unnecessary accounts● Locking of “System” accounts● Appropriate user environments
5
SolarisTM AdministrationBest Practices
User and account management
Consistency in account names
● Firstname-Lastname combination● UID concantenation to FN/LN● Avoid personal identification numbers● Keep GECOS populated with minimalinformation
6
SolarisTM AdministrationBest Practices
User and account management
Consistent location for home directories
● Provide adequate space to users● Create a separate filesystem ● /home is a recommended location
7
SolarisTM AdministrationBest Practices
User and account management
Passwords
● Educate users on password use● If possible, incorporate aging● Include expiration for accounts● Lock “System” accounts, i.e., httpd
8
SolarisTM AdministrationBest Practices
User and account management
User Environments
● Consider standardizing shells● Use common environment variables● Define common paths
9
SolarisTM AdministrationBest Practices
Patches and Bug fixes
Two modes of practice➲ Perform comprehensive patches regularly➲ Only patch when needed
Recommendation:Perform patches regularly!
10
SolarisTM AdministrationBest Practices
Patches and Bug fixes
System PatchesAvailable from Sun at
ftp://sunsolve1.sun.comor
Available from USG via ftp:
ftp://ftp.usg.edu/pub/unix/Solaris2/8_Recommended.zipUpdated daily
11
SolarisTM AdministrationBest Practices
Patches and Bug fixes
Standard bug fixes - monthly update is adequate.Security patches – update networked systems ASAP
Don't forget garbage collection!Delete your patch installation files when done
12
SolarisTM AdministrationBest Practices
Logging
➲ Use syslogd(1m) to manage logging facilities● Sendmail● Sshd● Httpd● ftp➲ Consider a defined directory, e.g. /logs➲ Use a log roller to archive recent logs➲ Determine and implement a retention policy➲ Periodically examine the logs or use parser
13
SolarisTM AdministrationBest Practices
Secure Shell and other security
➲ Consider dropping telnet in favor of SSH● OpenSSH● SSH.com's SSH
➲ Replace ftp with proftp or sftp➲ Consider terminating all unnecessary services➲ Watch patches to maintain status quo
14
SolarisTM AdministrationBest Practices
Disk Mirroring
● Solstice Disksuite ● Provides failover protection in the case of disk failure● Requires two physical disks● Mirror each filesystem● Mirror Swap● Instructions available athttp://www.usg.edu/oiit/support/os
15
SolarisTM AdministrationBest Practices
Disaster recovery
16
SolarisTM AdministrationBest Practices
Disaster recovery
● Know thy system● Organize ahead of time● Keep records updated
17
SolarisTM AdministrationBest Practices
Disaster recovery
● Keep copies of prtconf, hostid,disk partition information (format)● Record processor, memory and disk complement● Record network configuration● Record information from/usr/platform/[arch]/sbin/prtdiag -v● Update as changes occur!
18
SolarisTM AdministrationBest Practices
Disaster recovery
● Consider master record storageoffsite or in another non-adjacentbuilding● Keep records in environmentallystable storage● Create an operator manual foremergency shutdown and startup
19
SolarisTM AdministrationBest Practices
Backups
● Make backups an implementation strategy for every system installed● Create a plan that includes regularfull and incremental backups● Automate the backup process● Keep careful records of all backups● Label your tapes● Store the media properly
20
SolarisTM AdministrationBest Practices
Backups
● Provide a process to assist users withrestores of their files● Test your backup processes thoroughly● Remember to add any new filesystemsto your backup specifications.● Consider offsite storage● Don't forget to archive install media● Test your backup processes thoroughly
21