ake.netlify.com

1. Jul 23, 2019  This document contains an index of all Oracle Solaris 11.3 LSU releases and where to download them. To learn more about Support Repositories, see Support Repositories Explained. For the list of Service Alerts affecting each Oracle Solaris 11.3 SRU, see Important Oracle Solaris 11.3 SRU Issues (Doc ID 2076753.1).
2. Apr 27, 2017  Please follow the below oracle document to download the Solaris iso images:- Single Sign-On PFB patch details:- Oracle Solaris 11.2 ISO and USB Images (aka patch.
3. Oracle ® Solaris 11.3 Release Notes March 2018. Describes the important installation issues, update issues, and runtime issues that you might need to consider before installing or running the Oracle Solaris 11.3 operating system (OS).

1. Download Solaris 11 X86 Iso
2. Oracle Solaris 11.3 Downloadd
3. Oracle Solaris 11.3 Latest Sru Download
4. Oracle Solaris 11.3 Sparc Download
5. Oracle Solaris 11.3 Sru Download
6. Download Solaris 11 Iso

Nov 15, 2018  I tried to download iso image of solaris 11.3 but it is split into 5 parts. Where can I find a single iso for install in a LDOM? Oracle Solaris 11.3 IPS Repository for SPARC and x86-64 will require in case you can not provide internet access for LDOM. It's split in 5 zip archive. It's not iso image.

Last updated on JULY 23, 2019 Free boeing 747 simulator game.

Applies to:

Solaris Operating System - Version 11.3 to 11.3 [Release 11.0]
Information in this document applies to any platform.

Purpose

Gujarati video song. This document contains an index of all Oracle Solaris 11.3 LSU releases and where to download them.

Scope

• To learn more about Support Repositories, see Support Repositories Explained.
• For the list of Service Alerts affecting each Oracle Solaris 11.3 SRU, see Important Oracle Solaris 11.3 SRU Issues (Doc ID 2076753.1)

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

Purpose

Scope

Details

Oracle Solaris 11.3 Limited Support Updates

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Solaris 11.3 gnome desktop

The allure of a hobbyist server running the 'official' version of the legendary Solaris operating system has been growing stronger while I have been playing with openindiana open-source community-driven illumos distribution for a couple of years now primarily as a central storage server for devices across our home networks to share files, and secondarily for having fun with a true Solaris derived environment.
Oracle, the current owners of Solaris, seem to be allowing hobbyist installations of authentic Solaris perfectly legally for non-commercial non-production deployment ('evaluation') via free Oracle Technology Network (OTN) memberships. Best of all, Oracle provide downloads of pre-built and configured Oracle Solaris 11.3 VirtualBox VMs based on the Solaris 11.3 live installation media ready to install and configure, including a complete gnome-derived graphical desktop environment.

Download Oracle Solaris 11.3 Live Media Installation with Desktop EnvironmentVirtualBox VM

I finally gave in to temptation and went ahead to download Oracle Solaris 11.3 VM Template for Oracle VM VirtualBox to give official Solaris 11.3 a spin. The download extracts to a 1.83 GB sol-11_3-vbox.ova file that is readily imported by Oracle VirtualBox and boots neatly to an awesome Solaris 11 desktop.

Oracle OTN Solaris 11.3 Certificate and Key for Authenticating Access to Solaris Repositories

There is no need to sign up with OTN to download the Solaris 11 VM. However, I did sign up with OTN to access pkg-register.oracle.com to obtain for free a key file 'pkg.oracle.com.key.pem'and certificate 'pkg.oracle.com.certificate.pem' that enabled access to the repositories 'Oracle Developer Studio Tools and Oracle Solaris Studio Release' and 'Oracle Solaris Cluster 4'.

Official Solaris 11.3 OTN Repository Accesses Granted via OTN membership

Instructions on doing this are clearly documented and accessed by clicking on the 'Show Details' button next to repositories that access has been granted to via OTN; basically just save the two .pem files to disk and use these commands as root (or use sudo from a user account) to add the repositories to the Solaris 11 package manager:
# pkg set-publisher -k pkg.oracle.com.key.pem -c pkg.oracle.com.certificate.pem -G '*' -g https://pkg.oracle.com/solarisstudio/release solarisstudio

# pkg set-publisher -k pkg.oracle.com.key.pem -c pkg.oracle.com.certificate.pem -G '*' -g https://pkg.oracle.com/ha-cluster/release ha-cluster
The package manager will now list additional repositories solarisstudio and ha-cluster. Subequent pkg update commands include these additional repositories.

Solaris 11 Additional Package Repositories in Package Manager

However, at the end of the day, I did not install any of the packages made available to me now via the 'Oracle Developer Studio Tools and Oracle Solaris Studio Release' and 'Oracle Solaris Cluster 4' repositories because a complete suite of GNU C, C++ and FORTRAN development tools is included with the release in the default 'solaris' repository and I am far more familiar with gcc than Solaris compilers.
In fact, it appears Oracle has included a great set of 'FOSS' (Free and Open Source Software) for evaluation with this Solaris 11.3 release, with a goal of formalizing the FOSS collection into the upcoming release of Solaris 12. Here is more information on selected FOSS evaluation packages for Oracle Solaris.

Basic Solaris 11 Hardening for Increased Security

I always harden my operating systems before deployment, and found some tips on basic hardening of the already-very-secure Solaris 11 operating system at Oracle's Official Guide as well as documented experiences of others. The following are the Solaris hardening steps I performed.
Edit /etc/system and add the following two lines at the bottom of the file:
set noexec_user_stack=1
set noexec_user_stack_log=1
The default Solaris 11.3 installation seems to enable a huge list of network services:
root@solaris11-3:~# svcs grep network
online 20:27:57 svc:/network/connectx/unified-driver-post-upgrade:default
online 20:27:58 svc:/network/socket-config:default
online 20:28:37 svc:/network/netcfg:default
online 20:28:39 svc:/network/tcp/congestion-control:cubic
online 20:28:45 svc:/network/tcp/congestion-control:highspeed
online 20:28:45 svc:/network/sctp/congestion-control:vegas
online 20:28:46 svc:/network/sctp/congestion-control:newreno
online 20:28:46 svc:/network/sctp/congestion-control:highspeed
online 20:28:46 svc:/network/tcp/congestion-control:newreno
online 20:28:46 svc:/network/sctp/congestion-control:cubic
online 20:28:46 svc:/network/tcp/congestion-control:vegas
online 20:28:49 svc:/network/ib/ib-management:default
online 20:29:02 svc:/network/tcp/tcpkey:default
online 20:29:06 svc:/network/smb:default
online 20:29:11 svc:/network/datalink-management:default
online 20:29:19 svc:/network/ipsec/ipsecalgs:default
online 20:29:24 svc:/network/ip-interface-management:default
online 20:29:34 svc:/network/eoib/eoib-post-upgrade:default
online 20:29:41 svc:/network/loopback:default
online 20:29:46 svc:/network/ipmp:default
online 20:30:44 svc:/network/ilomconfig-interconnect:default
online 20:30:44 svc:/network/uucp-lock-cleanup:default
online 20:30:54 svc:/network/npiv_config:default
online 20:31:08 svc:/network/physical:upgrade
online 20:31:11 svc:/network/install:default
online 20:31:11 svc:/network/location:upgrade
online 20:31:25 svc:/network/physical:default
online 20:31:32 svc:/network/location:default
online 20:31:38 svc:/network/ipsec/policy:default
online 20:31:39 svc:/milestone/network:default
online 20:31:45 svc:/network/initial:default
online 20:31:46 svc:/network/iptun:default
online 20:31:49 svc:/network/netmask:default
online 20:31:49 svc:/network/nfs/fedfs-client:default
online 20:31:50 svc:/network/dns/client:default
online 20:31:53 svc:/network/service:default
online 20:31:59 svc:/network/iscsi/initiator:default
online 20:32:00 svc:/network/ntp:default
online 20:32:40 svc:/network/shares:default
online 20:33:11 svc:/network/routing-setup:default
online 20:33:41 svc:/network/rpc/bind:default
online 20:33:43 svc:/network/inetd:default
online 20:33:51 svc:/network/rpc/gss:default
online 20:33:52 svc:/network/rpc/smserver:default
online 20:33:57 svc:/network/routing/ndp:default
online 20:33:58 svc:/network/ssh:default
online 20:34:08 svc:/network/sendmail-client:default
online 20:34:10 svc:/network/smtp:sendmail
root@solaris11-3:/etc/ssh# svcadm refresh ssh
root@solaris11-3:/etc/ssh# svcadm restart ssh
root@solaris11-3:/etc/ssh# svcs -xv ssh
svc:/network/ssh:default (SSH server)
State: online since May 28, 2017 11:58:55 PM UTC
See: man -M /usr/share/man -s 1M sshd
See: /var/svc/log/network-ssh:default.log
Impact: None.
Enable additional audit logging of privileged actions. Replace <admin-user> with the non-root username you created while installing Solaris (as you know, root is a role in Solaris, not a username).
root@solaris11-3:~# usermod -K audit_flags=cusa:no <admin-user>
UX: usermod: <admin-user> is currently logged in, some changes may not take effect until next login.
root@solaris11-3:~# rolemod -K audit_flags=cusa:no root
root@solaris11-3:~# auditconfig -setpolicy +argv
root@solaris11-3:~# auditconfig -setpolicy +arge
Enable TCP Wrappers in general for inetd based network services:
root@solaris11-3:~# inetadm -M tcp_wrappers=TRUE

Relax Default Solaris 11 Password Rules

As a purely personal preference, I do not like operating system enforcement of secure password rules. Problems with weak passwords are always due to human stupidity, and we should not call on machines to compensate. Solaris 11.3 default password rules require at least one numeric digit.
I relaxed this rule by editing the file /etc/default/passwd to explicitly specify MINNONALPHA=0 instead of the commented-out default of #MINNONALPHA=1 and tested this change by using the passwd command to temporarily set both the user and root passwords to not contain any digits before setting them back to strong secure passwords.

Enable Solaris 11 SNMP Agent

I run a Pandora FMS server to monitor the various networks in my home and on the internet. The Pandora FMS server is configured with Recon tasks that auto-discover hosts on the networks, and SNMP is then used extensively to poll the hosts. In general, an SNMP agent running on any host is often useful in quick monitoring or troubleshooting tasks.

Solaris 11.3 SNMP agent Net-SNMP

The Solaris 11.3 gnome desktop environment conveniently comes with a shortcut 'Add More Software' which launches the Package Manager. Not knowing what, if any, SNMP package was already installed, I launched the Package Manager and typed in 'SNMP' in the search box. To my pleasant surprise, Net-SNMP agent files and libraries which I am quite familiar with from the Linux world along with Fault Management SNMP agent plugins and MIB and SNMP Notification daemon for system events were already installed. I just had to configure and start the Net-SNMP service up.
The Net-SNMP configuration files on Solaris 11 reside in the directory /etc/net-snmp/snmp. I backed up and changed the main configuration file /etc/net-snmp/snmp/snmpd.conf to have the following very simple configuration, where mycommunitystring stands for the actual community string needed to access this agent securely.
# snmpd.conf
# - All private IPs allowed with community mycommunitystring
com2sec local 10.0.0.0/8 mycommunitystring
com2sec local 172.16.0.0/12 mycommunitystring
com2sec local 192.168.0.0/16 mycommunitystring
com2sec local 127.0.0.1 mycommunitystring

group MyROGroup v1 local
group MyROGroup v2c local
group MyROGroup usm local
view all included .1 80
access MyROGroup ' any noauth exact all none none

syslocation tatooine
syscontact Admin {supratim at riseup dot net}

# Send traps to Pandora FMS Server
trapsink 10.100.0.10
trapcommunity mycommunitystring

Forward SYSLOG to Remote SYSLOG SERVER over Secure Tunnel

I run a central syslog server on a VPS in the cloud where I send the system logs from all of my servers. I use the stunnel secure-tunnel utility to forward log entries securely over the internet as described in this post.
The configuration file for syslog daemon on Solaris 11.3 is /etc/syslog.conf. I edited the file to enable forwarding of system log entries to the local LAN endpoint server for the stunnel (10.42.2.1) which forwards them in turn securely to the remote VPS central syslog server. I also adjusted entries for the auth facility to log authorization failures suitably for use with the fail2ban tool that I have discussed in detail in this post.
Here is my complete syslog.conf file. Important: The delimiters in the middle of the lines have to be TAB characters, SPACEs do not work!
#
# Copyright (c) 1991, 2014, Oracle and/or its affiliates. All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#

# -- Supratim's Remote syslog hosts
# - Forward to CentOS which in turn forwards to VPS and Papertrailapp
# - White space delimiter has to be TABs for this to work; SPACEs do not work!
*.debug @10.42.2.1
# --

*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

*.alert;kern.err;daemon.err operator
*.alert root

*.emerg *

Download Solaris 11 X86 Iso

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
# Required for fail2ban
auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
auth.info /var/adm/auth.log

mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause 'user'
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
After editing the syslog.conf configuration file, create an empty /var/adm/auth.log file (it is not created by syslog even if configured in the config file), and refresh and restart the syslog daemon:
root@solaris11-3:/etc# touch /var/adm/auth.log
root@solaris11-3:/etc# svcadm refresh system-log
root@solaris11-3:/etc# svcadm restart system-log
root@solaris11-3:/etc# svcs -xv system-log
svc:/system/system-log:default (system log)
State: online since May 27, 2017 08:39:29 PM UTC
See: man -M /usr/share/man -s 1M syslogd
See: /var/svc/log/system-system-log:default.log
Impact: None.

Enable Solaris 11 NTP Time Synchronization Service

A quick check against the Solaris 11 package manager again reveals good news - a NTP v4 daemon is already installed. I just have to configure it to be able to keep the Solaris clock synchronized.

Solaris 11 NTP v4 daemon

The Solaris 11 NTP configuration file is /etc/inet/ntp.conf. The initial installation includes two templates in that directory: /etc/inet/ntp.client and /etc/inet/ntp.server,the intent being one of them can be used as the starting point of the final ntp.conf file. But, I already have a fully functional Solaris 11 NTP configuration file as described in this post, and simply dropped my working ntp.conf into /etc/inet/ directory.
I then checked to make sure the NTP service has not already been started automatically yet:
root@solaris11-3:/etc/inet# svcs -xv ntp
svc:/network/ntp:default (Network Time Protocol (NTP) Version 4)
State: disabled since Sat May 27 16:44:31 2017
Reason: Disabled by an administrator.
See: http://support.oracle.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M ntpd
See: man -M /usr/share/man -s 4 ntp.conf
See: man -M /usr/share/man -s 1M ntpq
See: /var/svc/log/network-ntp:default.log
Impact: This service is not running.
I then refresh and enable the NTP service, and confirm it is now running.
root@solaris11-3:/etc/inet# ls -l /etc/inet/ntp.conf
-rw-r--r-- 1 root root 3267 May 27 23:08 /etc/inet/ntp.conf
root@solaris11-3:/etc/inet# svcadm refresh ntp
root@solaris11-3:/etc/inet# svcadm enable ntp
root@solaris11-3:/etc/inet# svcs -xv ntp
svc:/network/ntp:default (Network Time Protocol (NTP) Version 4)
State: online since Sat May 27 23:12:26 2017
See: man -M /usr/share/man -s 1M ntpd
See: man -M /usr/share/man -s 4 ntp.conf
See: man -M /usr/share/man -s 1M ntpq
See: /var/svc/log/network-ntp:default.log
Impact: None.
Warning: Trying the advice on this Oracle blog post to modify /etc/system to attempt to increase 'the system clock tick rate from the default of 100 per second to 1,000 per second, effectively changing the clock resolution from 10ms to 1ms' by adding set hires_tick=1 by itself, as well as followed by set hires_hz=10000 hang the Solaris boot-up process. Do not try these. I had fortunately taken a boot image backup using the beadm create command before trying these and failing, and was able to recover and will not attempt these changes in /etc/system ever again.

Install gnu C, C++, Objective C and FORTRAN Development Environment

GNU Development Environment for Solaris 11 Group Package Installation

Launch the Package Manager and select 'All Publishers' in the Publisher drop-down list. Then navigate to Meta Packages -> Group Packages on the left pane. Find the group package 'developer-gnu' in the list of group packages on the right pane. Check the selection box at the left of that package, and click the Install/Update button at the top. That's it, when installation finishes, the familiar GNU C and C++ compilers and build tools will be available, along with Fortran and Objective C.
I did a quick check of the C++ compiler, and it all looked good with gcc 4.8.2 compiler working:
user@solaris11-3:~$ gcc --version
gcc (GCC) 4.8.2
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

user@solaris11-3:~$ g++ --version
g++ (GCC) 4.8.2
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

user@solaris11-3:~$ gmake --version
GNU Make 3.82
Built for i386-pc-solaris2.11
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

user@solaris11-3:~$ cat hello.cpp
#include <iostream>
using namespace std;

int main()
{
std::cout << 'hello world!n';
return 0;
}

user@solaris11-3:~$ g++ -o hello hello.cpp

user@solaris11-3:~$ ./hello
hello world!

Install and Configure FTP Server on Solaris 11 with Anonymous FTP Access

Oracle Solaris 11.3 Downloadd

The default Solaris 11.3 VirtualBox image did not come pre-installed with a FTP server. I found FTP Server and Utilities' in the Package Manager and installed it.

Solaris 11 FTP Server Package Installation

The FTP server installed is proftpd, which uses the main configuration file /etc/proftpd.conf.
My goal was to deploy a simple anonymous FTP server with read-only access to clients. The basic onfiguration file made available here for establishing 'a single server and a single anonymous login' fit the bill perfectly, more so as the Solaris package installer for FTP did create the required 'ftp' account and the 'nobody' account was already present. as seen in /etc/passwd.
I took a backup of the file and dropped in the basic proftpd.conf in, and restarted the service. However, the service did not start up at this first attempt:
root@solaris11-3:/etc# svcadm refresh ftp
root@solaris11-3:/etc# svcadm enable ftp
root@solaris11-3:/etc# svcs -xv ftp
svc:/network/ftp:default (FTP server)
State: maintenance since May 30, 2017 12:31:02 PM UTC
Reason: Start method failed repeatedly, last exited with status 1.
See: http://support.oracle.com/msg/SMF-8000-KS
See: man -M /usr/share/man -s 1M proftpd
See: file://usr/share/doc/proftpd/
See: /var/svc/log/network-ftp:default.log
Impact: This service is not running.
root@solaris11-3:/etc# cat /var/svc/log/network-ftp:default.log
[ May 30 04:30:17 Disabled. ]
[ May 30 04:30:37 Rereading configuration. ]
[ May 30 12:30:47 Rereading configuration. ]
[ May 30 12:30:54 Enabled. ]
[ May 30 12:30:55 Executing start method ('/usr/lib/inet/proftpd'). ]
2017-05-30 12:30:55,679 solaris11-3.sanyalnet.lan proftpd[3482]: fatal: unknown configuration directive 'DisplayFirstChdir' on line 58 of '/etc/proftpd.conf'
[ May 30 12:30:59 Method 'start' exited with status 1. ]
The FTP server now came up. However, a quick test to login to the FTP server with anonymous account still failed, showing the following error in /var/adm/authlog:
USER ftp (Login failed): User in /etc/ftpusers
It turns out the error message is perfect; default installation includes the user 'ftp' in the list of users to deny FTP service to in the file /etc/ftpusers. The 'anonymous' FTP user is an alias of this 'ftp' user in /etc/proftpd.conf. So I edited the /etc/ftpusers file and deleted the 'ftp' user from it, and retried to log in to the FTP server as anonymous:

Compaq-Presario-CQ61] ➤ ftp 10.200.0.50
Connected to 10.200.0.50.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [::ffff:10.200.0.50]
Name (10.200.0.50:user): anonymous
331 Anonymous login ok, send your complete email address as your password
Password: @
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
lrwxrwxrwx 1 root root 9 Oct 7 2015 bin -> ./usr/bin
drwxr-xr-x 5 root sys 9 Oct 7 2015 boot
drwxr-xr-x 2 root root 3 Oct 7 2015 cdrom
drwxr-xr-x 200 root sys 200 May 30 01:33 dev
drwxr-xr-x 4 root sys 12 May 30 01:33 devices
drwxr-xr-x 97 root sys 195 May 30 12:56 etc
drwxr-xr-x 3 root sys 3 May 27 15:18 export
dr-xr-xr-x 2 root root 2 Oct 6 2015 home
drwxr-xr-x 19 root sys 19 Oct 7 2015 kernel
drwxr-xr-x 12 root bin 335 May 27 21:06 lib
drwxr-xr-x 2 root root 3 May 30 01:42 media
drwxr-xr-x 2 root sys 2 Oct 7 2015 mnt
dr-xr-xr-x 2 root root 2 Oct 7 2015 net
dr-xr-xr-x 2 root root 2 Oct 7 2015 nfs4
drwxr-xr-x 5 root sys 5 Oct 7 2015 opt
drwxr-xr-x 5 root sys 5 Oct 6 2015 platform
dr-xr-xr-x 124 root root 480032 May 30 12:57 proc
drwx------ 8 root root 14 May 29 13:18 root
drwxr-xr-x 3 root root 3 Oct 7 2015 rpool
lrwxrwxrwx 1 root root 10 Oct 7 2015 sbin -> ./usr/sbin
drwxr-xr-x 7 root root 7 Oct 7 2015 system
drwxrwxrwt 16 root sys 1542 May 30 12:30 tmp
drwxr-xr-x 33 root sys 45 May 28 05:10 usr
drwxr-xr-x 41 root sys 48 May 27 21:05 var
-r--r--r-- 1 root root 277648 Oct 6 2015 zvboot
226 Transfer complete
ftp> pwd
257 '/' is the current directory
ftp> bye
221 Goodbye.

$ ftp 10.200.0.50
Connected to 10.200.0.50.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [::ffff:10.200.0.50]
Name (10.200.0.50:rumtuk): anonymous
331 Anonymous login ok, send your complete email address as your password
Password: @
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
Torley_Wong-1981_A.D.mp3
226 Transfer complete
27 bytes received in 0.0026 seconds (10.08 Kbytes/s)
ftp> bin
200 Type set to I
ftp> hash
Hash mark printing on (8192 bytes/hash mark).
ftp> get Torley_Wong-1981_A.D.mp3
200 PORT command successful
150 Opening BINARY mode data connection for Torley_Wong-1981_A.D.mp3 (4487168 bytes)
####################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
226 Transfer complete
local: Torley_Wong-1981_A.D.mp3 remote: Torley_Wong-1981_A.D.mp3
4487168 bytes received in 1.4 seconds (3088.44 Kbytes/s)
ftp> bye
221 Goodbye.

Configure a Public Passwordless Workgroup-Mode Samba SMB CIFS Server for Sharing Files in Private Networks

A primary purpose of my Solaris 11 installation is to be a shared network drive and file server for all the computers and devices in our home. Specifically, an external USB Hard Disk will be made available as a SMB/CIFS share across the network. No credentials will be required to access this share from any computer on the home subnets as long as the SMB client IP address is in the private address space.
I used the network/samba package because it is independent of ZFS-level sharing features of the
The network/samba package is not the same as service/filesystem/smb package. If you have the service/filesystem/smb package installed, you need to at least disable it using the svcadm disable command first before installing network/samba.
root@solaris11-3:~# svcs -xv smb
svc:/network/smb:default (SMB properties)
State: online since May 31, 2017 02:52:35 AM UTC
See: man -M /usr/share/man -s 4 smb
See: /system/volatile/network-smb:default.log
See: /var/svc/log/network-smb:default.log
Impact: None.
root@solaris11-3:~# svcadm disable smb

Solaris 11 Samba SMB/CIFS File Server Package

With these goals, I fired up the package manager and searched for 'samba'. I then installed the 'network/samba' package from the search results. Alternatively the GUI can be avoided and the same can be done from the command line using the pkg install command like so:
root@solaris11-3:~# pkg install network/samba
Packages to install: 2
Services to change: 1
Create boot environment: No
Create backup boot environment: No

DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 2/2 3038/3038 104.6/104.6 433k/s

PHASE ITEMS
Installing new actions 2600/3302
Installing new actions 3302/3302
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 3/3
Please keep in mind the network/samba package ('samba - A Windows SMB/CIFS fileserver for UNIX') is not the same as service/filesystem/smb package ('SMB/CIFS server libraries and commands'). If you have the service/filesystem/smb package installed, you need to at least disable it using the svcadm disable command before installing network/samba:
root@solaris11-3:~# svcs -xv smb
svc:/network/smb:default (SMB properties)
State: online since May 31, 2017 02:52:35 AM UTC
See: man -M /usr/share/man -s 4 smb
See: /system/volatile/network-smb:default.log
See: /var/svc/log/network-smb:default.log
Impact: None.
root@solaris11-3:~# svcadm disable smb
The Samba server configuration file is /etc/samba/smb.conf. I created a /etc/samba/smb.conf with the following simple contents to enable a public share:
# -----
# /etc/samba/smb.conf
# Simple Samba/CIFS server configuration for unauthenticated shared network drive
# accessible from intranet private IP address space
# For network/samba package on Solaris 11.3 (SunOS 5.11)
# Supratim Sanyal, May 31, 2017
# -----

[global]
workgroup = ENTERPRISE
server string = SANYALnet Solaris 11.3 LAN Samba/CIFS Shared Drive
hosts allow = 10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user

# Disable printer support
disable spoolss = yes
load printers = no
printing = bsd
printcap name = /dev/null

[sanyalnet-shared]
path = /media/USB-Storage/sanyalnet-shared
public = yes
only guest = yes
writable = yes
printable = no
guest ok = yes
read only = no
I then created the log directory and set global read-write permissions on the shared directory:
root@solaris11-3:/etc/samba# mkdir /var/log/samba

Samba Server hosted on Solaris 11 Accessed from Windows 10

Configure Solaris 11.3 as a http web server using Apache httpd daemon

Web page served by Apache httpd web-server on Solaris 11

The Oracle Solaris 11.3 VirtualBox Virtual Machine came with Apache web server installed at the directory /usr/apache2/2.2 with the configuration files in /etc/apache2/2.2 and the DocumentRoot (web-root) directory for the default website configured to be at /var/apache2/2.2/htdocs. The primary configuration file is at /etc/apache2/2.2/httpd.conf. The version of Apache httpd daemon installed is 2.2.31:
root@solaris11-3:~# /usr/apache2/2.2/bin/httpd -v
Server version: Apache/2.2.31 (Unix)
Server built: Sep 24 2015 08:41:55
I enhanced the Apache configuration file /etc/apache2/2.2/httpd.conf for a bit of added security mostly following this article. Here is my complete /etc/apache2/2.2/httpd.conf:
Then I commented out the following lines from both the 32-bit and 64-bit Apache module configuration files /etc/apache2/2.2/conf.d/modules-32.load and /etc/apache2/2.2/conf.d/modules-64.load to disable the DAV and Info modules:
#LoadModule dav_module libexec/mod_dav.so
For added security, I changed the owner of the Apache installation directory tree from root:sys to the non-privileged Apache daemon user and took out all world permissions from the Apache binary and configuration directories:
root@solaris11-3:~# chown -R webservd:webservd /usr/apache2
root@solaris11-3:~# chmod -R 750 /usr/apache2/2.2/bin /etc/apache2/2.2
I then simply put in my custom index.html and all associated files into /var/apache2/2.2/htdocs. Then I refreshed and enabled the http service and have a functional web server on Solaris 11.
root@solaris11-3:~# svcadm disable http
root@solaris11-3:~# svcadm refresh http
root@solaris11-3:~# svcadm enable http
root@solaris11-3:~# svcs -xv http
svc:/network/http:apache22 (Apache 2.2 HTTP server)
State: online since May 31, 2017 08:52:28 PM UTC
See: man -M /usr/apache2/2.2/man -s 8 httpd
See: http://httpd.apache.org
See: /var/svc/log/network-http:apache22.log
Impact: None.
The access and error logs are written to /var/apache2/2.2/logs as configured in /etc/apache2/2.2/httpd.conf.

TAKE A BACKUP!

At this point taking a backup is extremely important, since the next steps are dangerous because we will be playing with external USB hard disks. You can take a backup of the entire Virtual Machine as well as use the beadm create and beadm activate commands twice to create a boot environment to fall back to if the 2nd (more recent) environment is hosed, i.e. something like
root@solaris11-3:~# beadm create -d 'baseline before USB HDD support' BeforeExtHDD
root@solaris11-3:~# beadm create -d 'USB HDD experiment' ExtHDDExperimental
root@solaris11-3:~# beadm activate ExtHDDExperimental
root@solaris11-3:~# reboot
This way, if the External Hard Disk mounting attempts result in a kernel that keeps panicking, you can choose a prior boot environment from the grub menu.

MOUNTING EXTERNAL USB HDD WITH WINDOWS 95 / FAT 32 FILE SYSTEM FOR READING AND WRITING ON SOLARIS 11.3

Install VirtualBox Guest Additions

In a nutshell, for an external USB drive to work seamlessly at USB 2.0 speeds with VirtualBox Solaris 11.3 virtual machine, we need to install the companion version of VirtualBox Guest Additions corresponding to the installed version of Oracle VirtualBox host software itself, on both the VirtualBox host software installation and the Solaris 11.3 virtual machine that runs under the VirtualBox virtualization environment.
To get USB 2.0 transfer speeds from an external USB hard disk, I needed to upgrade the VirtualBox Guest Additions included in the Oracle Solaris 11.3 Oracle VirtualBox VM to the same version as my installed VirtualBox release on the host computer. I had already installed the extension pack on the VirtualBox host software right after installing VirtualBox itself by downloading and double-clicking 'Oracle_VM_VirtualBox_Extension_Pack-5.1.22-115126.vbox-extpack' corresponding to the installed version of VirtualBox.
However, the Solaris 11.3 virtual appliance had an older version of VirtualBox Guest Additions. I first uninstalled the obsolete VirtualBox Guest Additions package from the Solaris 11.3 VM:

root@solaris11-3:~# pkginfo grep -i guest
application SUNWvboxguest Oracle VM VirtualBox Guest Additions
A couple of kernel modules were busy and could not be unloaded as highlighted above. However, according to the messages, they 'will be unloaded upon reboot'. I wanted a complete uninstallation of the shipped VirtualBox Guest Additions before installing the new version to avoid conflicts with active kernel modules from the old version while installing the new version, and rebooted:
root@solaris11-3:~# reboot
Once Solaris 11.3 returned after reboot, I used VirtualBox's 'Devices' menu to select 'Insert Guest Additions CD Image'. As soon as I did this, the virtual Guest Additions CD was auto-mounted at /media/VBOXADDITIONS_5.1.22_115126 and new icon was added to the Desktop. I then installed the package VBoxSolarisAdditions.pkg from /media/VBOXADDITIONS_5.1.22_115126.

root@solaris11-3:/media/VBOXADDITIONS_5.1.22_115126# ls -l
total 102841
dr-xr-xr-x 2 root root 2048 Apr 28 15:35 32Bit
dr-xr-xr-x 2 root root 2048 Apr 28 15:35 64Bit
-r-xr-xr-x 1 root root 647 Aug 16 2016 AUTORUN.INF
-r-xr-xr-x 1 root root 6381 Apr 28 16:27 autorun.sh
dr-xr-xr-x 2 root root 2048 Apr 28 15:35 cert
dr-xr-xr-x 2 root root 4096 Apr 28 15:35 OS2
-r-xr-xr-x 1 root root 4824 Apr 28 16:27 runasroot.sh
-r-xr-xr-x 1 root root 8140237 Apr 28 16:27 VBoxLinuxAdditions.run
-r-xr-xr-x 1 root root 17782784 Apr 28 17:28 VBoxSolarisAdditions.pkg
-r-xr-xr-x 1 root root 16400296 Apr 28 16:35 VBoxWindowsAdditions-amd64.exe
-r-xr-xr-x 1 root root 10039072 Apr 28 16:29 VBoxWindowsAdditions-x86.exe
-r-xr-xr-x 1 root root 268496 Apr 28 16:27 VBoxWindowsAdditions.exe
root@solaris11-3:/media/VBOXADDITIONS_5.1.22_115126# pkgadd -d VBoxSolarisAdditions.pkg

The following packages are available:
1 SUNWvboxguest Oracle VM VirtualBox Guest Additions
(i386) 5.1.22,REV=r115126.2017.04.28.18.28

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SUNWvboxguest> from </media/VBOXADDITIONS_5.1.22_115126/VBoxSolarisAdditions.pkg>

Oracle VM VirtualBox Guest Additions(i386) 5.1.22,REV=r115126.2017.04.28.18.28
Oracle Corporation
Using </> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-user
permission during the process of installing this package.

Do you want to continue with the installation of <SUNWvboxguest> [y,n,?] y

Installing Oracle VM VirtualBox Guest Additions as <SUNWvboxguest>

## Installing part 1 of 1.
/etc/fs/vboxfs/mount <symbolic link>
/opt/VirtualBoxAdditions/1099.vboxclient
/opt/VirtualBoxAdditions/LICENSE
/opt/VirtualBoxAdditions/VBox.sh
/opt/VirtualBoxAdditions/amd64/VBoxClient.Z
/opt/VirtualBoxAdditions/amd64/VBoxControl.Z
/opt/VirtualBoxAdditions/amd64/VBoxService.Z
/opt/VirtualBoxAdditions/amd64/pam_vbox.so
/opt/VirtualBoxAdditions/amd64/vboxfs
/opt/VirtualBoxAdditions/amd64/vboxfs_s10
/opt/VirtualBoxAdditions/amd64/vboxfsmount
/opt/VirtualBoxAdditions/amd64/vboxmslnk
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_110.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_111.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_112.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_113.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_114.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_117.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_118.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_13.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_14.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_15.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_16.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_17.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_18.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_19.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_70.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_71.so.Z
/opt/VirtualBoxAdditions/i386/VBoxClient.Z
/opt/VirtualBoxAdditions/i386/VBoxControl.Z
/opt/VirtualBoxAdditions/i386/VBoxService.Z
/opt/VirtualBoxAdditions/i386/pam_vbox.so
/opt/VirtualBoxAdditions/i386/vboxfs
/opt/VirtualBoxAdditions/i386/vboxfs_s10
/opt/VirtualBoxAdditions/i386/vboxfsmount
/opt/VirtualBoxAdditions/i386/vboxmslnk
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_110.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_111.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_112.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_113.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_114.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_117.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_118.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_13.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_14.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_15.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_16.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_17.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_18.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_19.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_70.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_71.so.Z
/opt/VirtualBoxAdditions/solaris_xorg.conf
/opt/VirtualBoxAdditions/solaris_xorg_modeless.conf
/opt/VirtualBoxAdditions/vbox_vendor_select
/opt/VirtualBoxAdditions/vboxclient.desktop
/opt/VirtualBoxAdditions/vboxguest.sh
/opt/VirtualBoxAdditions/vboxmslnk
/opt/VirtualBoxAdditions/x11config15sol.pl
/opt/VirtualBoxAdditions/x11restore.pl
/usr/bin/VBoxClient <symbolic link>
/usr/bin/VBoxClient-all <symbolic link>
/usr/bin/VBoxControl <symbolic link>
/usr/bin/VBoxService <symbolic link>
/usr/kernel/drv/amd64/vboxguest
/usr/kernel/drv/amd64/vboxms
/usr/kernel/drv/vboxguest
/usr/kernel/drv/vboxguest.conf
/usr/kernel/drv/vboxms
/usr/kernel/drv/vboxms.conf
/usr/lib/VBoxOGL.so
/usr/lib/VBoxOGLarrayspu.so
/usr/lib/VBoxOGLcrutil.so
/usr/lib/VBoxOGLerrorspu.so
/usr/lib/VBoxOGLfeedbackspu.so
/usr/lib/VBoxOGLpackspu.so
/usr/lib/VBoxOGLpassthroughspu.so
/usr/lib/amd64/VBoxOGL.so
/usr/lib/amd64/VBoxOGLarrayspu.so
/usr/lib/amd64/VBoxOGLcrutil.so
/usr/lib/amd64/VBoxOGLerrorspu.so
/usr/lib/amd64/VBoxOGLfeedbackspu.so
/usr/lib/amd64/VBoxOGLpackspu.so
/usr/lib/amd64/VBoxOGLpassthroughspu.so
/usr/sbin/vboxmslnk <symbolic link>
[ verifying class <none> ]
/opt/VirtualBoxAdditions/VBoxClient <linked pathname>
/opt/VirtualBoxAdditions/VBoxControl <linked pathname>
/opt/VirtualBoxAdditions/VBoxISAExec <linked pathname>
/opt/VirtualBoxAdditions/VBoxService <linked pathname>
[ verifying class <manifest> ]
## Executing postinstall script.
Uncompressing files..
Configuring VirtualBox guest kernel module..
VirtualBox guest kernel module loaded.
VirtualBox pointer integration module loaded.
Creating links..
Installing video driver for X.Org 1.14.5..
Configuring client..
Installing 64-bit shared folders module..
Installing 32-bit shared folders module..
Configuring services (this might take a while)..
Enabling services..
Updating boot archive..
Done.
Please re-login to activate the X11 guest additions.
If you have just un-installed the previous guest additions a REBOOT is required.

Installation of <SUNWvboxguest> was successful.
root@solaris11-3:/media/VBOXADDITIONS_5.1.22_115126# cd

Connect External Hard Disk with NTFS Formatted Volume to Solaris 11.3 and find device name

I shut Solaris 11.3 down from the desktop GUI and connected an NTFS-formatted Western Digital USB disk drive to a USB port on the VM host, reconfiguring the VM to connect the USB drive to Solaris 11 over USB 2.0.

Oracle VirtualBox USB 2.0 EHCI Controller Configuration for Solaris 11.3 Virtual Machine

I then launched the Solaris 11.3 virtual machine, logged in and ran the Applications -> System Tools -> GParted Partition Editor tool. GParted took some time to scan the attached drives for partitions, after which I could select the external USB drive from a drop-down list at the top right corner. From the information presented, the device name for the USB drive is /dev/dsk/c3t0d0p1.

GParted on Solaris 11.3 Showing NTFS volume on external USB Hard Drive

Install the Tools to Mount NTFS Volume: FUSE and NTFS-3G for Solaris 11

Now that I know the name of the device corresponding to the Windows NTFS volume on the external USB hard disk, I proceeded to install the software tools needed to mount it on Solaris 11.3.

Adding SFE Solaris 11 Repo

The software needed to mount NTFS volumes on Solaris 11 are available for free from SFE - Software Packages for Solaris, OpenIndiana and OmniOS, To get access to the software, I launched the Package Manager from the desktop icon and first added the Solaris 11 IPS Packages Repository as a publisher using File -> Add Publisher.. with the URI http://sfe.opencsw.org/localhosts11.

Adding Solaris 11 SFE Repository to Package Manager using Publisher URI

On clicking 'Add', the Package Manager downloads, refreshes and caches the new catalog, and reports success in a pop-up window when all done.

Install fusefs on Oracle Solaris 11.3 to read/write NTFS volumes

To install FUSE (File System in User Space), I searched for 'fuse' in the Package Manager searchbox at the top right, checked the fusefs from publisher localhosts11 and library/libfuse from publisher solaris check-boxes, and clicked on 'Install/Update'. I then clicked Proceed on the Install Confirmation pop-up.

Install FUSE file system and FuseFS libraries on Solaris 11

After installing fusefs, I rebooted the system just to start clean since fusefs is a kernel module.

Install ntfs-3g on Oracle Solaris 11.3 to read/write NTFS volumes

Installing ntfs-3g turned out to be a bit tricky, and I had to build and install it from the source package. The problem with the ntfs-3g binary package is it includes the tools in the ntfsprogs package which was already installed in the Oracle Solaris 11.3 VirtualBox Virtual Machine distribution. Trying to uninstall ntfsprogs threw up dependencies on GParted and partition manager tools that I did not want to uninstall in turn because they are so useful. Building and installing ntfs-3g from source actually overwrites the ntfsprogs tools without requiring complex resolution of dependencies by uninstalling useful programs.
I installed the ntfs-3g/src source package from the SFE localhosts11 repository using the package manager.

NTFS-3G Source Package Installation on Solaris 11.3

Installing the ntfs-3g source package ntfs-3g/src using the Package Manager basically dropped the compressed source tarball at /usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES/ntfs-3g_ntfsprogs-2016.2.22AR.2.tgz. I uncompressed, built and installed ntfs-3g from this source tarball:
root@solaris11-3:~# cd /usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES

Mounting the NTFS Volume

Desktop Icon for External USB Hard Disk NTFS Volume on Solaris 11.3

Auto-mount NTFS volume on Solaris 11.3 using ntfs-3g and fuse
To mount the USB HDD automatically on reboot of Solaris 11.3, I created a file /etc/rc.local with the following contents
# ---
# /etc/rc.local
#
# Commands to execute at end of boot
# This is a linked from /etc/rc3.d/S99local
# Solaris 11 still supports this
# ---
/usr/bin/lowntfs-3g /dev/dsk/c3t0d0p1 /media/USB-Storage/

# chmod +x /etc/rc.local
# ln -s /etc/rc.local /etc/rc3.d/S99local
# ls -l /etc/rc.local /etc/rc3.d/S99local
-rwxr-xr-x 1 root root 357 Jan 23 19:30 /etc/rc.local
lrwxrwxrwx 1 root root 13 Jan 20 19:12 /etc/rc3.d/S99local -> /etc/rc.local
Then I rebooted and verified if the auto-mount on boot worked.
root@solaris11-3:~# uptime
1:48pm up 13 min(s), 2 users, load average: 2.64, 1.84, 1.01
root@solaris11-3:~# dmesg grep lowntfs
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Version 2016.2.22AR.2 integrated FUSE 27
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Requested device /dev/dsk/c3t0d0p1 canonicalized as /devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Mounted /devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r (Read-Write, label 'WD My Book 1110 External HDD USB', NTFS 3.1)
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Cmdline options:
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Mount options: allow_other,nonempty,relatime,fsname=/devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Ownership and permissions disabled, configuration type 6
root@solaris11-3:~# mount grep -i USB-Storage
/media/USB-Storage on /devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r read/write/nosetuid/nodevices/rstchown/dev=5080000 on Fri Jun 9 13:44:18 2017
root@solaris11-3:~# ls -l /media/USB-Storage/
total 305
drwxrwxrwx 1 root root 0 Jun 2 23:54 $RECYCLE.BIN
-rwxrwxrwx 1 root root 187 Jun 9 03:37 release
drwxrwxrwx 1 root root 151552 Jun 7 19:16 sanyalnet-shared
drwxrwxrwx 1 root root 4096 Jun 2 23:55 System Volume Information
Looks like everything worked and we are all set!

Configure final IP v4 address and Default Routing Gateway

I reconfigured Solaris 11 networking to the final production IP v4 address and gateway, based on excellent online documentation provided by Oracle including Creating Persistent (Static) Routes and Configuring IP Interfaces. I have no use for IPv6 which I did not configure.

Configure Solaris 11.3 IP Address

Configure Solaris 11.3 Routing Default Gateway

The completed reconfigured network configuration looks like this.
root@solaris11-3:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
net0: flags=100001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,PHYSRUNNING> mtu 1500 index 2
inet 10.42.2.3 netmask ffffff00 broadcast 10.42.2.255
ether 8:0:27:11:5:2f
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
net0: flags=120002000840<RUNNING,MULTICAST,IPv6,PHYSRUNNING> mtu 1500 index 2
inet6 ::/0
ether 8:0:27:11:5:2f

Wrapping Up

Install fail2ban with intrusion reporting to blocklist.de

I installed and configured fail2ban with reporting to my existing server account at blocklist.de by first executing:
root@solaris11-3:~# pkg install network/fail2ban
Packages to install: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No

DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 99/99 0.1/0.1 47.8k/s

Oracle Solaris 11.3 Latest Sru Download

PHASE ITEMS

Oracle Solaris 11.3 Sparc Download

Installing new actions 134/134
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 4/4
root@solaris11-3:~# svcs -xv fail2ban
svc:/network/fail2ban:default (?)
State: disabled since June 10, 2017 06:52:11 PM UTC
Reason: Disabled by an administrator.
See: http://support.oracle.com/msg/SMF-8000-05
See: /var/svc/log/network-fail2ban:default.log
Impact: This service is not running.
root@solaris11-3:~# svcadm refresh fail2ban
root@solaris11-3:~# svcadm enable fail2ban
root@solaris11-3:~# svcs -xv fail2ban
svc:/network/fail2ban:default (?)
State: online since June 10, 2017 06:53:35 PM UTC
See: /var/svc/log/network-fail2ban:default.log
Impact: None.

Oracle Solaris 11.3 Sru Download

and then grabbed action.d/blocklist_de.local from here. I then took help from my prior post about Fail2Ban on openindiana 'Fail2Ban Intrusion Prevention on Solaris 11 OPENINDIANA SunOS 5.11 Illumos with Reporting to Blocklist.de' to configure it with full reporting capability to blocklist.de.

Other final reconfiguration

I then reconfigured the ProFTP FTP server to use a folder on the external USB drive as ftproot. Finally I zeroed out the empty space on the ZFS file system and compacted the virtual machine hard drive, took a backup and put it into production at http://sanyal.duckdns.org:81.

Download Solaris 11 Iso