Baldwin Sung

Jumpstart Server:

lofiadm -a /root/solaris.iso
mount -F hsfs -o ro /dev/lofi/1 /mnt
cd /mnt/Solaris_10/Tools
./setup_install_server /opt/jumpstart/
cd  /opt/jumpstart/Solaris_10/Tools
./add_install_client -i 10.0.0.10 -e xx:xx:xx:xx:xx:xx hostname arch

Jumpstart Client:

ok boot net - install

Sudoscript is a pair of Perl scripts (sudoscriptd/sudoshell) that provide an audited shell using sudo. SudoScript by Howard Owen can be found at http://www.egbok.com/sudoscript . Here are my notes to configure SudoScript for Solaris 10. 1 - Update the setlogsock from "unix" to "stream" in sudoscriptd

#setlogsock 'unix';
setlogsock 'stream';

2 - /etc/shells does not exist on Solaris 10, create a /etc/shells file with the appropriate shells defined

/bin/sh
/bin/csh
/bin/ksh
/bin/bash

3 - Define the location of your sudo binary in Sudoscript.pm

#$self->{SUDO}="sudo";
$self->{SUDO}="/opt/sfw/bin/sudo";

Use db2ldif to backup LDAP configuration and user data.

cd /var/ds5/slapd-global
./db2ldif -n "NetscapeRoot" -a /var/tmp/prod_backup_NetscapeRoot.ldif

cd /var/ds5/slapd-global
./db2ldif -n "userRoot" -a /var/tmp/prod_backup_userRoot.ldif

To allow VPN PPTP traffic through your Cisco ASA, use inspect pptp.

asa# conf t
asa(config)# policy-map global_policy
asa(config-pmap)#  class inspection_default
asa(config-pmap-c)# inspect pptp 
asa(config-pmap-c)# exit
asa(config-pmap)# exit
asa(config)# exit

For all the iPhone owners out there, I highly recommend you pick up the Zagg InvisibleSHIELD. With the InvisibleSHIELD, my iPhone is completely protected from scratching while maintaining the original iPhone look and feel. Prior to using the InvisibleSHIELD, I was using a hard shell case from Griffin which made the iPhone slightly more bulky and less attractive. Take a look at the demo video from Zagg to see how the iPhone looks with the InvisibleSHIELD applied - http://www.zagg.com/support/demovideo.php Zagg also provides a video on how to install the InvisibleSHIELD - http://www.zagg.com/support/installvideo.php

Here are some examples on how to use the Net::LDAP filter. Method 1 - Search for both person & mail:

(& (objectClass=person) (objectClass=mail))
filter   => "(&             
	     (objectclass=person)                 
             (objectclass=mail)   
             )",

Method 2 - Search for either (or) person or mail:

filter   => "(|             
	     (objectclass=person)                 
             (objectclass=mail)   
             )",                            

To allow any of the devices inside your network to perform a traceroute on the Internet. You'll need to enable setup a access-list which allows icmp echo-reply & time-exceeded.

access-list outside_to_inside permit icmp any any echo-reply
access-list outside_to_inside permit icmp any any time-exceeded
access-group outside_to_inside in interface outside

user@host ~ $ traceroute -I www.google.com
traceroute: Warning: www.google.com has multiple addresses; using 64.233.169.99
traceroute to www.l.google.com (64.233.169.99), 64 hops max, 60 byte packets
<removed some hops here on purpose>
 9  216.239.48.108 (216.239.48.108)  14.780 ms  19.313 ms  16.400 ms
10  64.233.175.111 (64.233.175.111)  16.388 ms 64.233.175.109 (64.233.175.109)  18.220 ms  17.279 ms
11  216.239.49.149 (216.239.49.149)  16.927 ms 216.239.49.145 (216.239.49.145)  18.281 ms 216.239.49.149 (216.239.49.149)  19.312 ms
12  yo-in-f99.google.com (64.233.169.99)  15.279 ms  15.314 ms  20.127 ms

Note: Use -I to use ICMP ECHO instead of UDP. You can also use -n to avoid dns lookups for each hop.

Below is an example of configuring the Sun T5220 ILOM Hostname & Network. Once you have configured the network, you can then ssh to the console on the Sun T5220. There is an example below. In summary:

1. Console in via serial, my recommendation is you run `tip hardwire` from another box so you do not need to attach a machine
2. Login as root
3. Password is changeme
4. Change the hostname from its default hostname of SUNSPxxxxxxxx
5. Configure the IP address

$ tip hardwire
connected

SUNSPxxxxxxxxxx login: root
Password:
Waiting for daemons to initialize...

Daemons ready

Sun(TM) Integrated Lights Out Manager

Version 2.0.4.20.c

Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.

Warning: password is set to factory default.

-> cd /SP
/SP

-> set hostname=console
Set 'hostname' to 'console'

-> cd /SP/network
/SP/network

-> set pendingipdiscovery=static
Set 'pendingipdiscovery' to 'static'

-> set pendingipaddress=10.10.10.50
Set 'pendingipaddress' to '10.10.10.50'

-> set pendingipnetmask=255.255.255.0
Set 'pendingipnetmask' to '255.255.255.0'

-> set pendingipgateway=10.10.10.1
Set 'pendingipgateway' to '10.10.10.1'

-> set commitpending=true
Set 'commitpending' to 'true'

-> set state=enabled
Set 'state' to 'enabled'

You can use the capture command on the Cisco ASA for some simple traffic analysis.

access-list capture_ip_traffic permit ip any any
capture capture_ip_traffic access-list capture_ip_traffic interface outside
show capture capture_ip_traffic

You can also copy the pcap file to a system and use Wireshark to analyze the traffic.

For more information, visit Cisco MIBs

cd
wget ftp://ftp-sj.cisco.com/pub/mibs/v2/v2.tar.gz
cd /usr/share/snmp/mibs
tar xvfz ~/v2.tar.gz