8/22/2019»»Thursday
Oracle Solaris 11.3 Download
8/22/2019
- Jul 23, 2019 This document contains an index of all Oracle Solaris 11.3 LSU releases and where to download them. To learn more about Support Repositories, see Support Repositories Explained. For the list of Service Alerts affecting each Oracle Solaris 11.3 SRU, see Important Oracle Solaris 11.3 SRU Issues (Doc ID 2076753.1).
- Apr 27, 2017 Please follow the below oracle document to download the Solaris iso images:- Single Sign-On PFB patch details:- Oracle Solaris 11.2 ISO and USB Images (aka patch.
- Oracle ® Solaris 11.3 Release Notes March 2018. Describes the important installation issues, update issues, and runtime issues that you might need to consider before installing or running the Oracle Solaris 11.3 operating system (OS).
- Download Solaris 11 X86 Iso
- Oracle Solaris 11.3 Downloadd
- Oracle Solaris 11.3 Latest Sru Download
- Oracle Solaris 11.3 Sparc Download
- Oracle Solaris 11.3 Sru Download
- Download Solaris 11 Iso
Nov 15, 2018 I tried to download iso image of solaris 11.3 but it is split into 5 parts. Where can I find a single iso for install in a LDOM? Oracle Solaris 11.3 IPS Repository for SPARC and x86-64 will require in case you can not provide internet access for LDOM. It's split in 5 zip archive. It's not iso image.
Last updated on JULY 23, 2019 Free boeing 747 simulator game.
Applies to:
Solaris Operating System - Version 11.3 to 11.3 [Release 11.0]Information in this document applies to any platform.
Purpose
Gujarati video song. This document contains an index of all Oracle Solaris 11.3 LSU releases and where to download them.
Scope
- To learn more about Support Repositories, see Support Repositories Explained.
- For the list of Service Alerts affecting each Oracle Solaris 11.3 SRU, see Important Oracle Solaris 11.3 SRU Issues (Doc ID 2076753.1)
Details
To view full details, sign in with your My Oracle Support account. |
Don't have a My Oracle Support account? Click to get started! |
Purpose |
Scope |
Details |
Oracle Solaris 11.3 Limited Support Updates |
References |
Oracle Solaris 11.3 gnome desktop |
The allure of a hobbyist server running the 'official' version of the legendary Solaris operating system has been growing stronger while I have been playing with openindiana open-source community-driven illumos distribution for a couple of years now primarily as a central storage server for devices across our home networks to share files, and secondarily for having fun with a true Solaris derived environment.
Oracle, the current owners of Solaris, seem to be allowing hobbyist installations of authentic Solaris perfectly legally for non-commercial non-production deployment ('evaluation') via free Oracle Technology Network (OTN) memberships. Best of all, Oracle provide downloads of pre-built and configured Oracle Solaris 11.3 VirtualBox VMs based on the Solaris 11.3 live installation media ready to install and configure, including a complete gnome-derived graphical desktop environment.
Download Oracle Solaris 11.3 Live Media Installation with Desktop EnvironmentVirtualBox VM |
I finally gave in to temptation and went ahead to download Oracle Solaris 11.3 VM Template for Oracle VM VirtualBox to give official Solaris 11.3 a spin. The download extracts to a 1.83 GB sol-11_3-vbox.ova file that is readily imported by Oracle VirtualBox and boots neatly to an awesome Solaris 11 desktop.
Oracle OTN Solaris 11.3 Certificate and Key for Authenticating Access to Solaris Repositories |
There is no need to sign up with OTN to download the Solaris 11 VM. However, I did sign up with OTN to access pkg-register.oracle.com to obtain for free a key file 'pkg.oracle.com.key.pem'and certificate 'pkg.oracle.com.certificate.pem' that enabled access to the repositories 'Oracle Developer Studio Tools and Oracle Solaris Studio Release' and 'Oracle Solaris Cluster 4'.
Official Solaris 11.3 OTN Repository Accesses Granted via OTN membership |
Instructions on doing this are clearly documented and accessed by clicking on the 'Show Details' button next to repositories that access has been granted to via OTN; basically just save the two .pem files to disk and use these commands as root (or use sudo from a user account) to add the repositories to the Solaris 11 package manager:
# pkg set-publisher -k pkg.oracle.com.key.pem -c pkg.oracle.com.certificate.pem -G '*' -g https://pkg.oracle.com/solarisstudio/release solarisstudio
# pkg set-publisher -k pkg.oracle.com.key.pem -c pkg.oracle.com.certificate.pem -G '*' -g https://pkg.oracle.com/ha-cluster/release ha-cluster
The package manager will now list additional repositories solarisstudio and ha-cluster. Subequent pkg update commands include these additional repositories.
Solaris 11 Additional Package Repositories in Package Manager |
However, at the end of the day, I did not install any of the packages made available to me now via the 'Oracle Developer Studio Tools and Oracle Solaris Studio Release' and 'Oracle Solaris Cluster 4' repositories because a complete suite of GNU C, C++ and FORTRAN development tools is included with the release in the default 'solaris' repository and I am far more familiar with gcc than Solaris compilers.
In fact, it appears Oracle has included a great set of 'FOSS' (Free and Open Source Software) for evaluation with this Solaris 11.3 release, with a goal of formalizing the FOSS collection into the upcoming release of Solaris 12. Here is more information on selected FOSS evaluation packages for Oracle Solaris.
Basic Solaris 11 Hardening for Increased Security
I always harden my operating systems before deployment, and found some tips on basic hardening of the already-very-secure Solaris 11 operating system at Oracle's Official Guide as well as documented experiences of others. The following are the Solaris hardening steps I performed.Edit /etc/system and add the following two lines at the bottom of the file:
set noexec_user_stack=1
set noexec_user_stack_log=1
The default installation comes with package signature policy set to 'verify', which is good:
PROPERTY VALUE
However, we would like to enforce the stricter signature policy of 'require-signatures' for packages from the official repositories, which in our case are:
root@solaris11-3:~# pkg publisher
solaris origin online F http://pkg.oracle.com/solaris/release/
solarisstudio origin online F https://pkg.oracle.com/solarisstudio/release/
ha-cluster origin online F https://pkg.oracle.com/ha-cluster/release/
To set 'require-signatures' policy and verify for each of our repositories one by one:
root@solaris11-3:~# pkg set-publisher --set-property signature-policy=require-signatures solaris
Properties:
root@solaris11-3:~# pkg set-publisher --set-property signature-policy=require-signatures solarisstudio
..
Properties:
Properties:
root@solaris11-3:~# pkg set-publisher --set-property signature-policy=require-signatures ha-cluster
..
Properties:
Properties:
root@solaris11-3:~# svcs grep network
online 20:27:57 svc:/network/connectx/unified-driver-post-upgrade:default
online 20:27:58 svc:/network/socket-config:default
online 20:28:37 svc:/network/netcfg:default
online 20:28:39 svc:/network/tcp/congestion-control:cubic
online 20:28:45 svc:/network/tcp/congestion-control:highspeed
online 20:28:45 svc:/network/sctp/congestion-control:vegas
online 20:28:46 svc:/network/sctp/congestion-control:newreno
online 20:28:46 svc:/network/sctp/congestion-control:highspeed
online 20:28:46 svc:/network/tcp/congestion-control:newreno
online 20:28:46 svc:/network/sctp/congestion-control:cubic
online 20:28:46 svc:/network/tcp/congestion-control:vegas
online 20:28:49 svc:/network/ib/ib-management:default
online 20:29:02 svc:/network/tcp/tcpkey:default
online 20:29:06 svc:/network/smb:default
online 20:29:11 svc:/network/datalink-management:default
online 20:29:19 svc:/network/ipsec/ipsecalgs:default
online 20:29:24 svc:/network/ip-interface-management:default
online 20:29:34 svc:/network/eoib/eoib-post-upgrade:default
online 20:29:41 svc:/network/loopback:default
online 20:29:46 svc:/network/ipmp:default
online 20:30:44 svc:/network/ilomconfig-interconnect:default
online 20:30:44 svc:/network/uucp-lock-cleanup:default
online 20:30:54 svc:/network/npiv_config:default
online 20:31:08 svc:/network/physical:upgrade
online 20:31:11 svc:/network/install:default
online 20:31:11 svc:/network/location:upgrade
online 20:31:25 svc:/network/physical:default
online 20:31:32 svc:/network/location:default
online 20:31:38 svc:/network/ipsec/policy:default
online 20:31:39 svc:/milestone/network:default
online 20:31:45 svc:/network/initial:default
online 20:31:46 svc:/network/iptun:default
online 20:31:49 svc:/network/netmask:default
online 20:31:49 svc:/network/nfs/fedfs-client:default
online 20:31:50 svc:/network/dns/client:default
online 20:31:53 svc:/network/service:default
online 20:31:59 svc:/network/iscsi/initiator:default
online 20:32:00 svc:/network/ntp:default
online 20:32:40 svc:/network/shares:default
online 20:33:11 svc:/network/routing-setup:default
online 20:33:41 svc:/network/rpc/bind:default
online 20:33:43 svc:/network/inetd:default
online 20:33:51 svc:/network/rpc/gss:default
online 20:33:52 svc:/network/rpc/smserver:default
online 20:33:57 svc:/network/routing/ndp:default
online 20:33:58 svc:/network/ssh:default
online 20:34:08 svc:/network/sendmail-client:default
online 20:34:10 svc:/network/smtp:sendmail
At the least, I disabled the sendmail-related services because I will configure postfix later as my email transport service, and also disabled services related to rpc and nfs; there are surely many other services in the list above that we can disable for a hobbyist installation later.
root@solaris11-3:~# svcadm disable /network/smtp:sendmail
root@solaris11-3:~# svcadm disable /network/sendmail-client
root@solaris11-3:~# svcadm disable /network/nfs/fedfs-client
root@solaris11-3:~# svcadm disable /network/rpc/bind
root@solaris11-3:~# svcadm disable /network/rpc/gss
root@solaris11-3:~# svcadm disable /network/rpc/smserver
root@solaris11-3:~# svcadm disable svc:/network/nis/client
root@solaris11-3:~# svcadm disable svc:/network/nis/client
Tighten up the login process by editing /etc/default/login and changing the following parameters as described:
# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
#
# -- Change to abandon idle sessions after 15 minutes - Supratim
TIMEOUT=900
TIMEOUT=900
..
# SLEEPTIME controls the number of seconds that the command should
# wait before printing the 'login incorrect' message when a
# bad password is provided. The range is limited from
#
# Max this out to discourage continues dictionary attacks - Supratim
# DISABLETIME If present, and greater than zero, the number of seconds
# login will wait after RETRIES failed attempts or the PAM framework returns
# PAM_ABORT. Default is 20. Minimum is 0. No maximum is imposed.
#DISABLETIME=20
# Bump up to ten minutes, i.e. if you got the password wrong three times in a
row, wait ten minutes for login prompt to reappear - Supratim
# RETRIES determines the number of failed logins that will be
# allowed before login exits. Default is 5 and maximum is 15.
# If account locking is configured (user_attr(4)/policy.conf(4))
# for a local user's account (passwd(4)/shadow(4)), that account
# will be locked if failed logins equals or exceeds RETRIES.
#RETRIES=5
# If you know the password, you should not need more than three tries - Supratim
#
# The SYSLOG_FAILED_LOGINS variable is used to determine how many failed
# login attempts will be allowed by the system before a failed login
# message is logged, using the syslog(3) LOG_NOTICE facility. For example,
# if the variable is set to 0, login will log -all- failed login attempts.
#SYSLOG_FAILED_LOGINS=5
# Yes we want to log ALL failed attempts - Supratim
We then harden the ssh daemon that is perhaps the most frequently used service for logging into the Solaris server from other internet or intranet hosts. Here is the /etc/ssh/sshd_config file I use for ssh server configuration. It incorporates many tips about securing ssh, as you can see in the comments. You can probably use this file straightaway as-is.
You should also put some sort of notice in /etc/issue file that is presented as a Banner to ssh login users during the login process. In addition, you should also put something appropriate in the /etc/motd file that is presented to the user by the system scripts that run automatically after login. Oracle provides some nice examples and more details about these files here.
You should also put some sort of notice in /etc/issue file that is presented as a Banner to ssh login users during the login process. In addition, you should also put something appropriate in the /etc/motd file that is presented to the user by the system scripts that run automatically after login. Oracle provides some nice examples and more details about these files here.
To have the modified ssh server configuration file take effect and make sure it starts up:
root@solaris11-3:/etc/ssh# svcadm refresh sshroot@solaris11-3:/etc/ssh# svcadm restart ssh
root@solaris11-3:/etc/ssh# svcs -xv ssh
svc:/network/ssh:default (SSH server)
State: online since May 28, 2017 11:58:55 PM UTC
See: man -M /usr/share/man -s 1M sshd
See: /var/svc/log/network-ssh:default.log
Impact: None.
Enable additional audit logging of privileged actions. Replace <admin-user> with the non-root username you created while installing Solaris (as you know, root is a role in Solaris, not a username).
root@solaris11-3:~# usermod -K audit_flags=cusa:no <admin-user>
UX: usermod: <admin-user> is currently logged in, some changes may not take effect until next login.
root@solaris11-3:~# rolemod -K audit_flags=cusa:no root
root@solaris11-3:~# auditconfig -setpolicy +argv
root@solaris11-3:~# auditconfig -setpolicy +arge
Enable TCP Wrappers in general for inetd based network services:
root@solaris11-3:~# inetadm -M tcp_wrappers=TRUE
You should have a reasonably secure Solaris 11.3 server at this point, good enough to handle an internet-facing network.
Relax Default Solaris 11 Password Rules
As a purely personal preference, I do not like operating system enforcement of secure password rules. Problems with weak passwords are always due to human stupidity, and we should not call on machines to compensate. Solaris 11.3 default password rules require at least one numeric digit.I relaxed this rule by editing the file /etc/default/passwd to explicitly specify MINNONALPHA=0 instead of the commented-out default of #MINNONALPHA=1 and tested this change by using the passwd command to temporarily set both the user and root passwords to not contain any digits before setting them back to strong secure passwords.
Enable Solaris 11 SNMP Agent
I run a Pandora FMS server to monitor the various networks in my home and on the internet. The Pandora FMS server is configured with Recon tasks that auto-discover hosts on the networks, and SNMP is then used extensively to poll the hosts. In general, an SNMP agent running on any host is often useful in quick monitoring or troubleshooting tasks.Solaris 11.3 SNMP agent Net-SNMP |
The Solaris 11.3 gnome desktop environment conveniently comes with a shortcut 'Add More Software' which launches the Package Manager. Not knowing what, if any, SNMP package was already installed, I launched the Package Manager and typed in 'SNMP' in the search box. To my pleasant surprise, Net-SNMP agent files and libraries which I am quite familiar with from the Linux world along with Fault Management SNMP agent plugins and MIB and SNMP Notification daemon for system events were already installed. I just had to configure and start the Net-SNMP service up.
The Net-SNMP configuration files on Solaris 11 reside in the directory /etc/net-snmp/snmp. I backed up and changed the main configuration file /etc/net-snmp/snmp/snmpd.conf to have the following very simple configuration, where mycommunitystring stands for the actual community string needed to access this agent securely.
# snmpd.conf
# - All private IPs allowed with community mycommunitystring
com2sec local 10.0.0.0/8 mycommunitystring
com2sec local 172.16.0.0/12 mycommunitystring
com2sec local 192.168.0.0/16 mycommunitystring
com2sec local 127.0.0.1 mycommunitystring
group MyROGroup v1 local
group MyROGroup v2c local
group MyROGroup usm local
view all included .1 80
access MyROGroup ' any noauth exact all none none
syslocation tatooine
syscontact Admin {supratim at riseup dot net}
# Send traps to Pandora FMS Server
trapsink 10.100.0.10
trapcommunity mycommunitystring
Configuration being done, it was time to start the SNMP service up. A quick check showed the service was not enabled by the default installation:
svc:/application/management/net-snmp:default (net-snmp SNMP daemon)
State: disabled since May 27, 2017 04:44:29 PM UTC
See: http://support.oracle.com/msg/SMF-8000-05
See: /var/svc/log/application-management-net-snmp:default.log
root@solaris11-3:~# svcadm enable net-snmp
Check to make sure service is now running:
svc:/application/management/net-snmp:default (net-snmp SNMP daemon)
See: man -M /usr/share/man/ -s 8 snmpd
See: /var/svc/log/application-management-net-snmp:default.log
Walk the MIB from another host querying the Solaris 11 host (10.200.0.50):
$ snmpwalk -c mycommunitystring -v2c 10.200.0.50 ISO grep -i solaris
SNMPv2-MIB::sysDescr.0 = STRING: SunOS solaris11-3.sanyalnet.lan 5.11 11.3 i86pc
SNMPv2-MIB::sysName.0 = STRING: solaris11-3.sanyalnet.lan
HOST-RESOURCES-MIB::hrSWRunParameters.679 = STRING: '-g -d /dev/console -l console -m ldterm,ttcompat -h -p solaris'
HOST-RESOURCES-MIB::hrSWRunParameters.739 = STRING: '-g -d /dev/vt/6 -l console -m ldterm,ttcompat -h -p solaris11-'
HOST-RESOURCES-MIB::hrSWRunParameters.741 = STRING: '-g -d /dev/vt/2 -l console -m ldterm,ttcompat -h -p solaris11-'
HOST-RESOURCES-MIB::hrSWRunParameters.751 = STRING: '-g -d /dev/vt/3 -l console -m ldterm,ttcompat -h -p solaris11-'
HOST-RESOURCES-MIB::hrSWRunParameters.752 = STRING: '-g -d /dev/vt/5 -l console -m ldterm,ttcompat -h -p solaris11-'
HOST-RESOURCES-MIB::hrSWRunParameters.753 = STRING: '-g -d /dev/vt/4 -l console -m ldterm,ttcompat -h -p solaris11-'
HOST-RESOURCES-MIB::hrSWRunParameters.1205 = STRING: '-Djava.security.policy=/usr/share/vpanels/java.policy com.oracle.solaris.v'
HOST-RESOURCES-MIB::hrSWInstalledName.169 = STRING: 'SUNWopensolaris-backgrounds'
HOST-RESOURCES-MIB::hrSWInstalledName.501 = STRING: 'SUNWopensolaris-backgrounds-xtra'
Forward SYSLOG to Remote SYSLOG SERVER over Secure Tunnel
I run a central syslog server on a VPS in the cloud where I send the system logs from all of my servers. I use the stunnel secure-tunnel utility to forward log entries securely over the internet as described in this post.
The configuration file for syslog daemon on Solaris 11.3 is /etc/syslog.conf. I edited the file to enable forwarding of system log entries to the local LAN endpoint server for the stunnel (10.42.2.1) which forwards them in turn securely to the remote VPS central syslog server. I also adjusted entries for the auth facility to log authorization failures suitably for use with the fail2ban tool that I have discussed in detail in this post.
Here is my complete syslog.conf file. Important: The delimiters in the middle of the lines have to be TAB characters, SPACEs do not work!
#
# Copyright (c) 1991, 2014, Oracle and/or its affiliates. All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
# -- Supratim's Remote syslog hosts
# - Forward to CentOS which in turn forwards to VPS and Papertrailapp
# - White space delimiter has to be TABs for this to work; SPACEs do not work!
*.debug @10.42.2.1
# --
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
Download Solaris 11 X86 Iso
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
# Required for fail2ban
auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
auth.info /var/adm/auth.log
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause 'user'
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
After editing the syslog.conf configuration file, create an empty /var/adm/auth.log file (it is not created by syslog even if configured in the config file), and refresh and restart the syslog daemon:
root@solaris11-3:/etc# touch /var/adm/auth.log
root@solaris11-3:/etc# svcadm refresh system-log
root@solaris11-3:/etc# svcadm restart system-log
root@solaris11-3:/etc# svcs -xv system-log
svc:/system/system-log:default (system log)
State: online since May 27, 2017 08:39:29 PM UTC
See: man -M /usr/share/man -s 1M syslogd
See: /var/svc/log/system-system-log:default.log
Impact: None.
Enable Solaris 11 NTP Time Synchronization Service
A quick check against the Solaris 11 package manager again reveals good news - a NTP v4 daemon is already installed. I just have to configure it to be able to keep the Solaris clock synchronized.Solaris 11 NTP v4 daemon |
The Solaris 11 NTP configuration file is /etc/inet/ntp.conf. The initial installation includes two templates in that directory: /etc/inet/ntp.client and /etc/inet/ntp.server,the intent being one of them can be used as the starting point of the final ntp.conf file. But, I already have a fully functional Solaris 11 NTP configuration file as described in this post, and simply dropped my working ntp.conf into /etc/inet/ directory.
I then checked to make sure the NTP service has not already been started automatically yet:
root@solaris11-3:/etc/inet# svcs -xv ntp
svc:/network/ntp:default (Network Time Protocol (NTP) Version 4)
State: disabled since Sat May 27 16:44:31 2017
Reason: Disabled by an administrator.
See: http://support.oracle.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M ntpd
See: man -M /usr/share/man -s 4 ntp.conf
See: man -M /usr/share/man -s 1M ntpq
See: /var/svc/log/network-ntp:default.log
Impact: This service is not running.
root@solaris11-3:/etc/inet# ls -l /etc/inet/ntp.conf
-rw-r--r-- 1 root root 3267 May 27 23:08 /etc/inet/ntp.conf
root@solaris11-3:/etc/inet# svcadm refresh ntp
root@solaris11-3:/etc/inet# svcadm enable ntp
root@solaris11-3:/etc/inet# svcs -xv ntp
svc:/network/ntp:default (Network Time Protocol (NTP) Version 4)
State: online since Sat May 27 23:12:26 2017
See: man -M /usr/share/man -s 1M ntpd
See: man -M /usr/share/man -s 4 ntp.conf
See: man -M /usr/share/man -s 1M ntpq
See: /var/svc/log/network-ntp:default.log
Impact: None.
ntpd errors 'frequency error -512 PPM exceeds tolerance 500 PPM' in system log
I have observed entries like 'frequency error -512 PPM exceeds tolerance 500 PPM' in my openindiana system logs at /var/adm/messages regularly, and this was also happening on my new Solaris 11.3 system log. Here are typical examples of this:
May 28 10:37:46 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -511 PPM exceeds tolerance 500 PPM
May 28 10:45:48 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -511 PPM exceeds tolerance 500 PPM
May 28 10:45:52 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:03:31 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:18:18 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:28:19 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:54:23 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 12:04:27 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 12:18:04 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 12:30:23 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 10:45:48 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -511 PPM exceeds tolerance 500 PPM
May 28 10:45:52 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:03:31 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:18:18 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:28:19 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 11:54:23 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 12:04:27 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 12:18:04 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
May 28 12:30:23 solaris11-3.sanyalnet.lan ntpd[556]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
My guess is the Solaris family of kernels do not like to be stuck inside virtual machines, and NTP's 500 PPM tolerance is regularly exceeded in Solaris virtual machines.
Adding the following tinker panic 0 line at the top of /etc/inet/ntp.conf file may help, according to some online posts that I found. However, it does not solve the issue, and I am still looking for a resolution. I am not overly concerned because the logs seem to indicate these are notices (daemon.notice), not errors.
# Workaround for unstable clock in virtual machine
tinker panic 0
Warning: Trying the advice on this Oracle blog post to modify /etc/system to attempt to increase 'the system clock tick rate from the default of 100 per second to 1,000 per second, effectively changing the clock resolution from 10ms to 1ms' by adding set hires_tick=1 by itself, as well as followed by set hires_hz=10000 hang the Solaris boot-up process. Do not try these. I had fortunately taken a boot image backup using the beadm create command before trying these and failing, and was able to recover and will not attempt these changes in /etc/system ever again.Install gnu C, C++, Objective C and FORTRAN Development Environment
GNU Development Environment for Solaris 11 Group Package Installation |
Launch the Package Manager and select 'All Publishers' in the Publisher drop-down list. Then navigate to Meta Packages -> Group Packages on the left pane. Find the group package 'developer-gnu' in the list of group packages on the right pane. Check the selection box at the left of that package, and click the Install/Update button at the top. That's it, when installation finishes, the familiar GNU C and C++ compilers and build tools will be available, along with Fortran and Objective C.
I did a quick check of the C++ compiler, and it all looked good with gcc 4.8.2 compiler working:
user@solaris11-3:~$ gcc --version
gcc (GCC) 4.8.2
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
user@solaris11-3:~$ g++ --version
g++ (GCC) 4.8.2
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
user@solaris11-3:~$ gmake --version
GNU Make 3.82
Built for i386-pc-solaris2.11
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
user@solaris11-3:~$ cat hello.cpp
#include <iostream>
using namespace std;
int main()
{
std::cout << 'hello world!n';
return 0;
}
user@solaris11-3:~$ g++ -o hello hello.cpp
user@solaris11-3:~$ ./hello
hello world!
Install and Configure FTP Server on Solaris 11 with Anonymous FTP Access
Oracle Solaris 11.3 Downloadd
The default Solaris 11.3 VirtualBox image did not come pre-installed with a FTP server. I found FTP Server and Utilities' in the Package Manager and installed it.Solaris 11 FTP Server Package Installation |
The FTP server installed is proftpd, which uses the main configuration file /etc/proftpd.conf.
My goal was to deploy a simple anonymous FTP server with read-only access to clients. The basic onfiguration file made available here for establishing 'a single server and a single anonymous login' fit the bill perfectly, more so as the Solaris package installer for FTP did create the required 'ftp' account and the 'nobody' account was already present. as seen in /etc/passwd.
I took a backup of the file and dropped in the basic proftpd.conf in, and restarted the service. However, the service did not start up at this first attempt:
root@solaris11-3:/etc# svcadm refresh ftp
root@solaris11-3:/etc# svcadm enable ftp
root@solaris11-3:/etc# svcs -xv ftp
svc:/network/ftp:default (FTP server)
State: maintenance since May 30, 2017 12:31:02 PM UTC
Reason: Start method failed repeatedly, last exited with status 1.
See: http://support.oracle.com/msg/SMF-8000-KS
See: man -M /usr/share/man -s 1M proftpd
See: file://usr/share/doc/proftpd/
See: /var/svc/log/network-ftp:default.log
Impact: This service is not running.
root@solaris11-3:/etc# cat /var/svc/log/network-ftp:default.log
[ May 30 04:30:17 Disabled. ]
[ May 30 04:30:37 Rereading configuration. ]
[ May 30 12:30:47 Rereading configuration. ]
[ May 30 12:30:54 Enabled. ]
[ May 30 12:30:55 Executing start method ('/usr/lib/inet/proftpd'). ]
2017-05-30 12:30:55,679 solaris11-3.sanyalnet.lan proftpd[3482]: fatal: unknown configuration directive 'DisplayFirstChdir' on line 58 of '/etc/proftpd.conf'
[ May 30 12:30:59 Method 'start' exited with status 1. ]
The problematic 'DisplayFirstChdir' directive seems to enable display of a '.message' file in each newly chdired directory. I did not really care about this feature, and commented out the 'DisplayFirstChdir' directive in the configuration file, and retried. Note: On Solaris 11, a service in maintenance needs to be taken out of maintenance by disabling and enabling it again after fixing the issues that put it into maintenance.
root@solaris11-3:/etc# svcadm refresh ftp
root@solaris11-3:/etc# svcs -xv ftp
State: offline* transitioning to online since May 30, 2017 12:39:31 PM UTC
See: http://support.oracle.com/msg/SMF-8000-C4
See: file://usr/share/doc/proftpd/
Impact: This service is not running.
svc:/network/ftp:default (FTP server)
See: man -M /usr/share/man -s 1M proftpd
See: /var/svc/log/network-ftp:default.log
USER ftp (Login failed): User in /etc/ftpusers
It turns out the error message is perfect; default installation includes the user 'ftp' in the list of users to deny FTP service to in the file /etc/ftpusers. The 'anonymous' FTP user is an alias of this 'ftp' user in /etc/proftpd.conf. So I edited the /etc/ftpusers file and deleted the 'ftp' user from it, and retried to log in to the FTP server as anonymous:
Compaq-Presario-CQ61] ➤ ftp 10.200.0.50
Connected to 10.200.0.50.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [::ffff:10.200.0.50]
Name (10.200.0.50:user): anonymous
331 Anonymous login ok, send your complete email address as your password
Password: @
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
lrwxrwxrwx 1 root root 9 Oct 7 2015 bin -> ./usr/bin
drwxr-xr-x 5 root sys 9 Oct 7 2015 boot
drwxr-xr-x 2 root root 3 Oct 7 2015 cdrom
drwxr-xr-x 200 root sys 200 May 30 01:33 dev
drwxr-xr-x 4 root sys 12 May 30 01:33 devices
drwxr-xr-x 97 root sys 195 May 30 12:56 etc
drwxr-xr-x 3 root sys 3 May 27 15:18 export
dr-xr-xr-x 2 root root 2 Oct 6 2015 home
drwxr-xr-x 19 root sys 19 Oct 7 2015 kernel
drwxr-xr-x 12 root bin 335 May 27 21:06 lib
drwxr-xr-x 2 root root 3 May 30 01:42 media
drwxr-xr-x 2 root sys 2 Oct 7 2015 mnt
dr-xr-xr-x 2 root root 2 Oct 7 2015 net
dr-xr-xr-x 2 root root 2 Oct 7 2015 nfs4
drwxr-xr-x 5 root sys 5 Oct 7 2015 opt
drwxr-xr-x 5 root sys 5 Oct 6 2015 platform
dr-xr-xr-x 124 root root 480032 May 30 12:57 proc
drwx------ 8 root root 14 May 29 13:18 root
drwxr-xr-x 3 root root 3 Oct 7 2015 rpool
lrwxrwxrwx 1 root root 10 Oct 7 2015 sbin -> ./usr/sbin
drwxr-xr-x 7 root root 7 Oct 7 2015 system
drwxrwxrwt 16 root sys 1542 May 30 12:30 tmp
drwxr-xr-x 33 root sys 45 May 28 05:10 usr
drwxr-xr-x 41 root sys 48 May 27 21:05 var
-r--r--r-- 1 root root 277648 Oct 6 2015 zvboot
226 Transfer complete
ftp> pwd
257 '/' is the current directory
ftp> bye
221 Goodbye.
Anonymous login to the proftpd FTP server now worked, but exposing all these directories to anonymous users is obviously not a good thing. The /etc/passwd file did specify / as the login directory for the 'ftp' user.
ftp:x:21:21:FTPD Reserved UID:/:
I changed the home directory of the 'ftp' user to /media for now since I am not at the point of mounting devices at /media yet.
ftp:x:21:21:FTPD Reserved UID:/media:
ftp:x:21:21:FTPD Reserved UID:/:
I changed the home directory of the 'ftp' user to /media for now since I am not at the point of mounting devices at /media yet.
ftp:x:21:21:FTPD Reserved UID:/media:
Finally, I dropped a MP3 file from the internet archive into /media/ and retried anonymous FTP, and verified it works as expected.
$ ftp 10.200.0.50
Connected to 10.200.0.50.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [::ffff:10.200.0.50]
Name (10.200.0.50:rumtuk): anonymous
331 Anonymous login ok, send your complete email address as your password
Password: @
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
Torley_Wong-1981_A.D.mp3
226 Transfer complete
27 bytes received in 0.0026 seconds (10.08 Kbytes/s)
ftp> bin
200 Type set to I
ftp> hash
Hash mark printing on (8192 bytes/hash mark).
ftp> get Torley_Wong-1981_A.D.mp3
200 PORT command successful
150 Opening BINARY mode data connection for Torley_Wong-1981_A.D.mp3 (4487168 bytes)
####################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
226 Transfer complete
local: Torley_Wong-1981_A.D.mp3 remote: Torley_Wong-1981_A.D.mp3
4487168 bytes received in 1.4 seconds (3088.44 Kbytes/s)
ftp> bye
221 Goodbye.
If you wish, you can additionally follow the instructions here to protect the FTP network service using TCP Wrappers module of ProFTPD (Solaris 11 hardening step).
Configure a Public Passwordless Workgroup-Mode Samba SMB CIFS Server for Sharing Files in Private Networks
A primary purpose of my Solaris 11 installation is to be a shared network drive and file server for all the computers and devices in our home. Specifically, an external USB Hard Disk will be made available as a SMB/CIFS share across the network. No credentials will be required to access this share from any computer on the home subnets as long as the SMB client IP address is in the private address space.
I used the network/samba package because it is independent of ZFS-level sharing features of the
The network/samba package is not the same as service/filesystem/smb package. If you have the service/filesystem/smb package installed, you need to at least disable it using the svcadm disable command first before installing network/samba.
root@solaris11-3:~# svcs -xv smb
svc:/network/smb:default (SMB properties)
State: online since May 31, 2017 02:52:35 AM UTC
See: man -M /usr/share/man -s 4 smb
See: /system/volatile/network-smb:default.log
See: /var/svc/log/network-smb:default.log
Impact: None.
root@solaris11-3:~# svcadm disable smb
Solaris 11 Samba SMB/CIFS File Server Package |
With these goals, I fired up the package manager and searched for 'samba'. I then installed the 'network/samba' package from the search results. Alternatively the GUI can be avoided and the same can be done from the command line using the pkg install command like so:
root@solaris11-3:~# pkg install network/samba
Packages to install: 2
Services to change: 1
Create boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 2/2 3038/3038 104.6/104.6 433k/s
PHASE ITEMS
Installing new actions 2600/3302
Installing new actions 3302/3302
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 3/3
Please keep in mind the network/samba package ('samba - A Windows SMB/CIFS fileserver for UNIX') is not the same as service/filesystem/smb package ('SMB/CIFS server libraries and commands'). If you have the service/filesystem/smb package installed, you need to at least disable it using the svcadm disable command before installing network/samba:
root@solaris11-3:~# svcs -xv smb
svc:/network/smb:default (SMB properties)
State: online since May 31, 2017 02:52:35 AM UTC
See: man -M /usr/share/man -s 4 smb
See: /system/volatile/network-smb:default.log
See: /var/svc/log/network-smb:default.log
Impact: None.
root@solaris11-3:~# svcadm disable smb
The Samba server configuration file is /etc/samba/smb.conf. I created a /etc/samba/smb.conf with the following simple contents to enable a public share:
# -----
# /etc/samba/smb.conf
# Simple Samba/CIFS server configuration for unauthenticated shared network drive
# accessible from intranet private IP address space
# For network/samba package on Solaris 11.3 (SunOS 5.11)
# Supratim Sanyal, May 31, 2017
# -----
[global]
workgroup = ENTERPRISE
server string = SANYALnet Solaris 11.3 LAN Samba/CIFS Shared Drive
hosts allow = 10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
# Disable printer support
disable spoolss = yes
load printers = no
printing = bsd
printcap name = /dev/null
[sanyalnet-shared]
path = /media/USB-Storage/sanyalnet-shared
public = yes
only guest = yes
writable = yes
printable = no
guest ok = yes
read only = no
I then created the log directory and set global read-write permissions on the shared directory:
root@solaris11-3:/etc/samba# mkdir /var/log/samba
Then I refreshed, started and verified the samba service.
root@solaris11-3:/etc/samba# svcadm enable samba
svc:/network/samba:default (SMB file server)
State: offline* transitioning to online since May 31, 2017 04:31:55 PM UTC
See: http://support.oracle.com/msg/SMF-8000-C4
See: man -M /usr/share/man -s 4 smb.conf
Impact: This service is not running.
svc:/network/samba:default (SMB file server)
See: man -M /usr/share/man -s 1m smbsmbd
See: /var/svc/log/network-samba:default.log
Finally, I successfully verified the shared drive is visible and I could transfer files from and to the shared drive from a Windows 10 workstation on the same network.
Samba Server hosted on Solaris 11 Accessed from Windows 10 |
Configure Solaris 11.3 as a http web server using Apache httpd daemon
Web page served by Apache httpd web-server on Solaris 11 |
The Oracle Solaris 11.3 VirtualBox Virtual Machine came with Apache web server installed at the directory /usr/apache2/2.2 with the configuration files in /etc/apache2/2.2 and the DocumentRoot (web-root) directory for the default website configured to be at /var/apache2/2.2/htdocs. The primary configuration file is at /etc/apache2/2.2/httpd.conf. The version of Apache httpd daemon installed is 2.2.31:
root@solaris11-3:~# /usr/apache2/2.2/bin/httpd -v
Server version: Apache/2.2.31 (Unix)
Server built: Sep 24 2015 08:41:55
I enhanced the Apache configuration file /etc/apache2/2.2/httpd.conf for a bit of added security mostly following this article. Here is my complete /etc/apache2/2.2/httpd.conf:
Then I commented out the following lines from both the 32-bit and 64-bit Apache module configuration files /etc/apache2/2.2/conf.d/modules-32.load and /etc/apache2/2.2/conf.d/modules-64.load to disable the DAV and Info modules:
#LoadModule dav_module libexec/mod_dav.so
root@solaris11-3:~# chown -R webservd:webservd /usr/apache2
root@solaris11-3:~# chmod -R 750 /usr/apache2/2.2/bin /etc/apache2/2.2
I then simply put in my custom index.html and all associated files into /var/apache2/2.2/htdocs. Then I refreshed and enabled the http service and have a functional web server on Solaris 11.
root@solaris11-3:~# svcadm disable http
root@solaris11-3:~# svcadm refresh http
root@solaris11-3:~# svcadm enable http
root@solaris11-3:~# svcs -xv http
svc:/network/http:apache22 (Apache 2.2 HTTP server)
State: online since May 31, 2017 08:52:28 PM UTC
See: man -M /usr/apache2/2.2/man -s 8 httpd
See: http://httpd.apache.org
See: /var/svc/log/network-http:apache22.log
Impact: None.
TAKE A BACKUP!
At this point taking a backup is extremely important, since the next steps are dangerous because we will be playing with external USB hard disks. You can take a backup of the entire Virtual Machine as well as use the beadm create and beadm activate commands twice to create a boot environment to fall back to if the 2nd (more recent) environment is hosed, i.e. something likeroot@solaris11-3:~# beadm create -d 'baseline before USB HDD support' BeforeExtHDD
root@solaris11-3:~# beadm create -d 'USB HDD experiment' ExtHDDExperimental
root@solaris11-3:~# beadm activate ExtHDDExperimental
root@solaris11-3:~# reboot
This way, if the External Hard Disk mounting attempts result in a kernel that keeps panicking, you can choose a prior boot environment from the grub menu.
MOUNTING EXTERNAL USB HDD WITH WINDOWS 95 / FAT 32 FILE SYSTEM FOR READING AND WRITING ON SOLARIS 11.3
Install VirtualBox Guest Additions
In a nutshell, for an external USB drive to work seamlessly at USB 2.0 speeds with VirtualBox Solaris 11.3 virtual machine, we need to install the companion version of VirtualBox Guest Additions corresponding to the installed version of Oracle VirtualBox host software itself, on both the VirtualBox host software installation and the Solaris 11.3 virtual machine that runs under the VirtualBox virtualization environment.To get USB 2.0 transfer speeds from an external USB hard disk, I needed to upgrade the VirtualBox Guest Additions included in the Oracle Solaris 11.3 Oracle VirtualBox VM to the same version as my installed VirtualBox release on the host computer. I had already installed the extension pack on the VirtualBox host software right after installing VirtualBox itself by downloading and double-clicking 'Oracle_VM_VirtualBox_Extension_Pack-5.1.22-115126.vbox-extpack' corresponding to the installed version of VirtualBox.
However, the Solaris 11.3 virtual appliance had an older version of VirtualBox Guest Additions. I first uninstalled the obsolete VirtualBox Guest Additions package from the Solaris 11.3 VM:
root@solaris11-3:~# pkginfo grep -i guest
application SUNWvboxguest Oracle VM VirtualBox Guest Additions
SUNWvboxguest Oracle VM VirtualBox Guest Additions
## Removing installed package instance <SUNWvboxguest>
This package contains scripts which will be executed with super-user
permission during the process of removing this package.
Do you want to continue with the removal of this package [y,n,?,q] y
## Verifying package <SUNWvboxguest> dependencies in global zone
## Executing preremove script.
Removing VirtualBox kernel modules..
Cannot unload module: vboxms
VirtualBox pointer integration module unloaded.
Cannot unload module: vboxguest
VirtualBox guest kernel module unloaded.
Done.
## Removing pathnames in class <none>
/usr/share/gnome/autostart/vboxclient.desktop
/usr/lib/xorg/modules/drivers/vboxvideo_drv.so
/usr/lib/amd64/VBoxOGLpackspu.so
/usr/lib/amd64/VBoxOGLerrorspu.so
/usr/lib/amd64/VBoxOGLarrayspu.so
/usr/lib/VBoxOGLpassthroughspu.so
/usr/lib/VBoxOGLfeedbackspu.so
/usr/lib/VBoxOGLcrutil.so
/usr/lib/VBoxOGL.so
/usr/kernel/fs/amd64/vboxfs
/usr/kernel/drv/vboxms
/usr/kernel/drv/vboxguest
/usr/kernel/drv/amd64/vboxguest
/usr/bin/VBoxControl
/usr/bin/VBoxClient
/opt/VirtualBoxAdditions/x11config15sol.pl
/opt/VirtualBoxAdditions/vboxguest.sh
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_71.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_19.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_17.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_15.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_13.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_117.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_114.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_113.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_112.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_111.so
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_110.so
/opt/VirtualBoxAdditions/i386/vboxfsmount
/opt/VirtualBoxAdditions/i386/VBoxService
/opt/VirtualBoxAdditions/i386/VBoxClient
/opt/VirtualBoxAdditions/amd64/vboxmslnk
/opt/VirtualBoxAdditions/amd64/pam_vbox.so
/opt/VirtualBoxAdditions/amd64/VBoxControl
/opt/VirtualBoxAdditions/amd64
/opt/VirtualBoxAdditions/VBoxISAExec
/opt/VirtualBoxAdditions/VBoxClient
/opt/VirtualBoxAdditions/LICENSE
/opt/VirtualBoxAdditions
/etc/fs/vboxfs
## Updating system information.
Removal of <SUNWvboxguest> was successful.
A couple of kernel modules were busy and could not be unloaded as highlighted above. However, according to the messages, they 'will be unloaded upon reboot'. I wanted a complete uninstallation of the shipped VirtualBox Guest Additions before installing the new version to avoid conflicts with active kernel modules from the old version while installing the new version, and rebooted:root@solaris11-3:~# reboot
Once Solaris 11.3 returned after reboot, I used VirtualBox's 'Devices' menu to select 'Insert Guest Additions CD Image'. As soon as I did this, the virtual Guest Additions CD was auto-mounted at /media/VBOXADDITIONS_5.1.22_115126 and new icon was added to the Desktop. I then installed the package VBoxSolarisAdditions.pkg from /media/VBOXADDITIONS_5.1.22_115126.
root@solaris11-3:/media/VBOXADDITIONS_5.1.22_115126# ls -l
total 102841
dr-xr-xr-x 2 root root 2048 Apr 28 15:35 32Bit
dr-xr-xr-x 2 root root 2048 Apr 28 15:35 64Bit
-r-xr-xr-x 1 root root 647 Aug 16 2016 AUTORUN.INF
-r-xr-xr-x 1 root root 6381 Apr 28 16:27 autorun.sh
dr-xr-xr-x 2 root root 2048 Apr 28 15:35 cert
dr-xr-xr-x 2 root root 4096 Apr 28 15:35 OS2
-r-xr-xr-x 1 root root 4824 Apr 28 16:27 runasroot.sh
-r-xr-xr-x 1 root root 8140237 Apr 28 16:27 VBoxLinuxAdditions.run
-r-xr-xr-x 1 root root 17782784 Apr 28 17:28 VBoxSolarisAdditions.pkg
-r-xr-xr-x 1 root root 16400296 Apr 28 16:35 VBoxWindowsAdditions-amd64.exe
-r-xr-xr-x 1 root root 10039072 Apr 28 16:29 VBoxWindowsAdditions-x86.exe
-r-xr-xr-x 1 root root 268496 Apr 28 16:27 VBoxWindowsAdditions.exe
root@solaris11-3:/media/VBOXADDITIONS_5.1.22_115126# pkgadd -d VBoxSolarisAdditions.pkg
The following packages are available:
1 SUNWvboxguest Oracle VM VirtualBox Guest Additions
(i386) 5.1.22,REV=r115126.2017.04.28.18.28
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Processing package instance <SUNWvboxguest> from </media/VBOXADDITIONS_5.1.22_115126/VBoxSolarisAdditions.pkg>
Oracle VM VirtualBox Guest Additions(i386) 5.1.22,REV=r115126.2017.04.28.18.28
Oracle Corporation
Using </> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
This package contains scripts which will be executed with super-user
permission during the process of installing this package.
Do you want to continue with the installation of <SUNWvboxguest> [y,n,?] y
Installing Oracle VM VirtualBox Guest Additions as <SUNWvboxguest>
## Installing part 1 of 1.
/etc/fs/vboxfs/mount <symbolic link>
/opt/VirtualBoxAdditions/1099.vboxclient
/opt/VirtualBoxAdditions/LICENSE
/opt/VirtualBoxAdditions/VBox.sh
/opt/VirtualBoxAdditions/amd64/VBoxClient.Z
/opt/VirtualBoxAdditions/amd64/VBoxControl.Z
/opt/VirtualBoxAdditions/amd64/VBoxService.Z
/opt/VirtualBoxAdditions/amd64/pam_vbox.so
/opt/VirtualBoxAdditions/amd64/vboxfs
/opt/VirtualBoxAdditions/amd64/vboxfs_s10
/opt/VirtualBoxAdditions/amd64/vboxfsmount
/opt/VirtualBoxAdditions/amd64/vboxmslnk
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_110.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_111.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_112.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_113.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_114.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_117.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_118.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_13.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_14.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_15.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_16.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_17.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_18.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_19.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_70.so.Z
/opt/VirtualBoxAdditions/amd64/vboxvideo_drv_71.so.Z
/opt/VirtualBoxAdditions/i386/VBoxClient.Z
/opt/VirtualBoxAdditions/i386/VBoxControl.Z
/opt/VirtualBoxAdditions/i386/VBoxService.Z
/opt/VirtualBoxAdditions/i386/pam_vbox.so
/opt/VirtualBoxAdditions/i386/vboxfs
/opt/VirtualBoxAdditions/i386/vboxfs_s10
/opt/VirtualBoxAdditions/i386/vboxfsmount
/opt/VirtualBoxAdditions/i386/vboxmslnk
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_110.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_111.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_112.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_113.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_114.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_117.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_118.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_13.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_14.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_15.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_16.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_17.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_18.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_19.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_70.so.Z
/opt/VirtualBoxAdditions/i386/vboxvideo_drv_71.so.Z
/opt/VirtualBoxAdditions/solaris_xorg.conf
/opt/VirtualBoxAdditions/solaris_xorg_modeless.conf
/opt/VirtualBoxAdditions/vbox_vendor_select
/opt/VirtualBoxAdditions/vboxclient.desktop
/opt/VirtualBoxAdditions/vboxguest.sh
/opt/VirtualBoxAdditions/vboxmslnk
/opt/VirtualBoxAdditions/x11config15sol.pl
/opt/VirtualBoxAdditions/x11restore.pl
/usr/bin/VBoxClient <symbolic link>
/usr/bin/VBoxClient-all <symbolic link>
/usr/bin/VBoxControl <symbolic link>
/usr/bin/VBoxService <symbolic link>
/usr/kernel/drv/amd64/vboxguest
/usr/kernel/drv/amd64/vboxms
/usr/kernel/drv/vboxguest
/usr/kernel/drv/vboxguest.conf
/usr/kernel/drv/vboxms
/usr/kernel/drv/vboxms.conf
/usr/lib/VBoxOGL.so
/usr/lib/VBoxOGLarrayspu.so
/usr/lib/VBoxOGLcrutil.so
/usr/lib/VBoxOGLerrorspu.so
/usr/lib/VBoxOGLfeedbackspu.so
/usr/lib/VBoxOGLpackspu.so
/usr/lib/VBoxOGLpassthroughspu.so
/usr/lib/amd64/VBoxOGL.so
/usr/lib/amd64/VBoxOGLarrayspu.so
/usr/lib/amd64/VBoxOGLcrutil.so
/usr/lib/amd64/VBoxOGLerrorspu.so
/usr/lib/amd64/VBoxOGLfeedbackspu.so
/usr/lib/amd64/VBoxOGLpackspu.so
/usr/lib/amd64/VBoxOGLpassthroughspu.so
/usr/sbin/vboxmslnk <symbolic link>
[ verifying class <none> ]
/opt/VirtualBoxAdditions/VBoxClient <linked pathname>
/opt/VirtualBoxAdditions/VBoxControl <linked pathname>
/opt/VirtualBoxAdditions/VBoxISAExec <linked pathname>
/opt/VirtualBoxAdditions/VBoxService <linked pathname>
[ verifying class <manifest> ]
## Executing postinstall script.
Uncompressing files..
Configuring VirtualBox guest kernel module..
VirtualBox guest kernel module loaded.
VirtualBox pointer integration module loaded.
Creating links..
Installing video driver for X.Org 1.14.5..
Configuring client..
Installing 64-bit shared folders module..
Installing 32-bit shared folders module..
Configuring services (this might take a while)..
Enabling services..
Updating boot archive..
Done.
Please re-login to activate the X11 guest additions.
If you have just un-installed the previous guest additions a REBOOT is required.
Installation of <SUNWvboxguest> was successful.
root@solaris11-3:/media/VBOXADDITIONS_5.1.22_115126# cd
Connect External Hard Disk with NTFS Formatted Volume to Solaris 11.3 and find device name
I shut Solaris 11.3 down from the desktop GUI and connected an NTFS-formatted Western Digital USB disk drive to a USB port on the VM host, reconfiguring the VM to connect the USB drive to Solaris 11 over USB 2.0.
|
GParted on Solaris 11.3 Showing NTFS volume on external USB Hard Drive |
Install the Tools to Mount NTFS Volume: FUSE and NTFS-3G for Solaris 11
Now that I know the name of the device corresponding to the Windows NTFS volume on the external USB hard disk, I proceeded to install the software tools needed to mount it on Solaris 11.3.Adding SFE Solaris 11 Repo
The software needed to mount NTFS volumes on Solaris 11 are available for free from SFE - Software Packages for Solaris, OpenIndiana and OmniOS, To get access to the software, I launched the Package Manager from the desktop icon and first added the Solaris 11 IPS Packages Repository as a publisher using File -> Add Publisher.. with the URI http://sfe.opencsw.org/localhosts11.Adding Solaris 11 SFE Repository to Package Manager using Publisher URI |
Install fusefs on Oracle Solaris 11.3 to read/write NTFS volumes
To install FUSE (File System in User Space), I searched for 'fuse' in the Package Manager searchbox at the top right, checked the fusefs from publisher localhosts11 and library/libfuse from publisher solaris check-boxes, and clicked on 'Install/Update'. I then clicked Proceed on the Install Confirmation pop-up.Install FUSE file system and FuseFS libraries on Solaris 11 |
Install ntfs-3g on Oracle Solaris 11.3 to read/write NTFS volumes
Installing ntfs-3g turned out to be a bit tricky, and I had to build and install it from the source package. The problem with the ntfs-3g binary package is it includes the tools in the ntfsprogs package which was already installed in the Oracle Solaris 11.3 VirtualBox Virtual Machine distribution. Trying to uninstall ntfsprogs threw up dependencies on GParted and partition manager tools that I did not want to uninstall in turn because they are so useful. Building and installing ntfs-3g from source actually overwrites the ntfsprogs tools without requiring complex resolution of dependencies by uninstalling useful programs.I installed the ntfs-3g/src source package from the SFE localhosts11 repository using the package manager.
NTFS-3G Source Package Installation on Solaris 11.3 |
Installing the ntfs-3g source package ntfs-3g/src using the Package Manager basically dropped the compressed source tarball at /usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES/ntfs-3g_ntfsprogs-2016.2.22AR.2.tgz. I uncompressed, built and installed ntfs-3g from this source tarball:
root@solaris11-3:~# cd /usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES
root@solaris11-3:/usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES# tar xvzf ntfs-3g_ntfsprogs-2016.2.22AR.2.tgz
root@solaris11-3:/usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES# cd ntfs-3g_ntfsprogs-2016.2.22AR.2
root@solaris11-3:/usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES/ntfs-3g_ntfsprogs-2016.2.22AR.2# ./configure
root@solaris11-3:/usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES/ntfs-3g_ntfsprogs-2016.2.22AR.2# make
root@solaris11-3:/usr/src/SFEntfs-3g-2016.2.22AR.2/SOURCES/ntfs-3g_ntfsprogs-2016.2.22AR.2# make install
Here is a log of the complete terminal session of building ntfs-3g on Solaris from source and installing it.
Mounting the NTFS Volume
The device name for the NTFS partition of the external USB drive is /dev/dsk/c3t0d0p1 as I had found by running GParted previously. With fusefs and ntfs-3g now installed, we can now finally mount the NTFS volume from the USB disk on a directory:
root@solaris11-3:~# lowntfs-3g /dev/dsk/c3t0d0p1 /media/USB-Storage/
The file system wasn't safely closed on Windows. Fixing.
The 'The disk contains an unclean file system (0, 0). The file system wasn't safely closed on Windows. Fixing.' message typically happens during mounting a NTFS volume on Solaris 11.3 using lowntfs-3g or ntfs-3g if the volume was previously mounted on Windows and Windows was shut down in the 'hybrid' fast-startup (fastboot) mode.
A quick test to make sure we can write to and read from the NTFS volume, and we are all set on a read-write NTFS volume mounted on Solaris 11.3 using fuse and ntfs-3g.
..
/media/USB-Storage on /devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r read/write/nosetuid/nodevices/rstchown/dev=5080000 on Fri Jun 9 03:30:14 2017
root@solaris11-3:~# cp /etc/release /media/USB-Storage/
total 305
-rwxrwxrwx 1 root root 187 Jun 9 03:37 release
drwxrwxrwx 1 root root 151552 Jun 7 19:16 sanyalnet-shared
drwxrwxrwx 1 root root 4096 Jun 2 23:55 System Volume Information
Once the NTFS volume is mounted and available, Solaris 11.3 even places an icon for the new NTFS volume on the desktop automatically. Double-clicking on this new icon opens up File Browser showing the files contained in the NTFS volume:
Desktop Icon for External USB Hard Disk NTFS Volume on Solaris 11.3 |
To mount the USB HDD automatically on reboot of Solaris 11.3, I created a file /etc/rc.local with the following contents
# ---
# /etc/rc.local
#
# Commands to execute at end of boot
# This is a linked from /etc/rc3.d/S99local
# Solaris 11 still supports this
# ---
/usr/bin/lowntfs-3g /dev/dsk/c3t0d0p1 /media/USB-Storage/
and then placed a symbolic link from /etc/rc3.d/S99local to /etc/rc.local
# chmod +x /etc/rc.local
# ln -s /etc/rc.local /etc/rc3.d/S99local
# ls -l /etc/rc.local /etc/rc3.d/S99local
-rwxr-xr-x 1 root root 357 Jan 23 19:30 /etc/rc.local
lrwxrwxrwx 1 root root 13 Jan 20 19:12 /etc/rc3.d/S99local -> /etc/rc.local
Then I rebooted and verified if the auto-mount on boot worked.
root@solaris11-3:~# uptime
1:48pm up 13 min(s), 2 users, load average: 2.64, 1.84, 1.01
root@solaris11-3:~# dmesg grep lowntfs
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Version 2016.2.22AR.2 integrated FUSE 27
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Requested device /dev/dsk/c3t0d0p1 canonicalized as /devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Mounted /devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r (Read-Write, label 'WD My Book 1110 External HDD USB', NTFS 3.1)
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Cmdline options:
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Mount options: allow_other,nonempty,relatime,fsname=/devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r
Jun 9 13:44:18 solaris11-3.sanyalnet.lan lowntfs-3g[970]: [ID 702911 daemon.notice] Ownership and permissions disabled, configuration type 6
root@solaris11-3:~# mount grep -i USB-Storage
/media/USB-Storage on /devices/pci@0,0/pci8086,265c@b/storage@1/disk@0,0:r read/write/nosetuid/nodevices/rstchown/dev=5080000 on Fri Jun 9 13:44:18 2017
root@solaris11-3:~# ls -l /media/USB-Storage/
total 305
drwxrwxrwx 1 root root 0 Jun 2 23:54 $RECYCLE.BIN
-rwxrwxrwx 1 root root 187 Jun 9 03:37 release
drwxrwxrwx 1 root root 151552 Jun 7 19:16 sanyalnet-shared
drwxrwxrwx 1 root root 4096 Jun 2 23:55 System Volume Information
Configure final IP v4 address and Default Routing Gateway
I reconfigured Solaris 11 networking to the final production IP v4 address and gateway, based on excellent online documentation provided by Oracle including Creating Persistent (Static) Routes and Configuring IP Interfaces. I have no use for IPv6 which I did not configure.Configure Solaris 11.3 IP Address
LINK MEDIA STATE SPEED DUPLEX DEVICE
root@solaris11-3:~# dladm show-link
net0 phys 1500 up --
IFNAME CLASS STATE ACTIVE OVER
net0 ip ok yes --
ADDROBJ TYPE STATE ADDR
net0/v4 static ok 10.200.0.50/24
net0/v6 addrconf ok fe80::a00:27ff:fe11:52f/10
root@solaris11-3:~# ipadm show-addr
lo0/v4 static ok 127.0.0.1/8
root@solaris11-3:~# ipadm create-ip net0
root@solaris11-3:~# ipadm create-addr -T static -a 10.42.2.3/24 net0/v4
ADDROBJ TYPE STATE ADDR
net0/v4 static ok 10.42.2.3/24
Configure Solaris 11.3 Routing Default Gateway
persistent: route add default 10.200.0.1
delete persistent net default: gateway 10.200.0.1
root@solaris11-3:~# route -p show
root@solaris11-3:~# route -p add default 10.42.2.1
add persistent net default: gateway 10.42.2.1
persistent: route add default 10.42.2.1
The completed reconfigured network configuration looks like this.
root@solaris11-3:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
net0: flags=100001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,PHYSRUNNING> mtu 1500 index 2
inet 10.42.2.3 netmask ffffff00 broadcast 10.42.2.255
ether 8:0:27:11:5:2f
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
net0: flags=120002000840<RUNNING,MULTICAST,IPv6,PHYSRUNNING> mtu 1500 index 2
inet6 ::/0
ether 8:0:27:11:5:2f
root@solaris11-3:~# netstat -rn
Routing Table: IPv4
-------------------- -------------------- ----- ----- ---------- ---------
10.42.2.0 10.42.2.3 U 5 1550 net0
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
Wrapping Up
Install fail2ban with intrusion reporting to blocklist.de
I installed and configured fail2ban with reporting to my existing server account at blocklist.de by first executing:
root@solaris11-3:~# pkg install network/fail2ban
Packages to install: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 99/99 0.1/0.1 47.8k/s
Oracle Solaris 11.3 Latest Sru Download
PHASE ITEMS
Oracle Solaris 11.3 Sparc Download
Installing new actions 134/134Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 4/4
root@solaris11-3:~# svcs -xv fail2ban
svc:/network/fail2ban:default (?)
State: disabled since June 10, 2017 06:52:11 PM UTC
Reason: Disabled by an administrator.
See: http://support.oracle.com/msg/SMF-8000-05
See: /var/svc/log/network-fail2ban:default.log
Impact: This service is not running.
root@solaris11-3:~# svcadm refresh fail2ban
root@solaris11-3:~# svcadm enable fail2ban
root@solaris11-3:~# svcs -xv fail2ban
svc:/network/fail2ban:default (?)
State: online since June 10, 2017 06:53:35 PM UTC
See: /var/svc/log/network-fail2ban:default.log
Impact: None.
Oracle Solaris 11.3 Sru Download
and then grabbed action.d/blocklist_de.local from here. I then took help from my prior post about Fail2Ban on openindiana 'Fail2Ban Intrusion Prevention on Solaris 11 OPENINDIANA SunOS 5.11 Illumos with Reporting to Blocklist.de' to configure it with full reporting capability to blocklist.de.Other final reconfiguration
I then reconfigured the ProFTP FTP server to use a folder on the external USB drive as ftproot. Finally I zeroed out the empty space on the ZFS file system and compacted the virtual machine hard drive, took a backup and put it into production at http://sanyal.duckdns.org:81.