You should have already contacted your Departmental Network Liaison (DNL) to get an IP number for your workstation. You will also need to tell the DNC the hostname that you have chosen for the workstation. This change must be registered in the UGA nameservers before you can proceed.
Edit the file /etc/sys_id and change the existing name to your hostname. Do
not include the subdomain and domain name. For example, if you are going to name
your workstation woozy.chem.uga.edu, the file /etc/sys_id should only contain
the line:
woozy
Edit the file /etc/hosts. Remove all of the lines except
for the following two:
# This entry must be present or the system will not work. 127.0.0.1 localhost(The spacing may be different than above.) Do not modify these lines. On the next line, add your IP address (a number of the form 128.192.xxx.yyy) and fully qualified hostname followed by your hostname only. For example:
128.192.5.100 woozy.chem.uga.edu woozy
Your /etc/hosts file should now look like:
# This entry must be present or the system will not work. 127.0.0.1 localhost 128.192.5.100 woozy.chem.uga.edu woozy
These configuration flags control whether or not particular subsystems or programs start
up when the workstation is booted. It is important to set at least the following flags
to the appropriate values. From the command line, enter (exactly!):
chkconfig network on chkconfig autoconfig_ipaddress off chkconfig esp off chkconfig mrouted off chkconfig nss-fasttrack off chkconfig routed off chkconfig rsvpd off chkconfig sendmail_cf off (V6.5-9 or higher) chkconfig sdpd off chkconfig timed off chkconfig webface off
Run the chkconfig command with no arguments to see the current values.
Set a password for the root account using the passwd command.
Make it a sensible password - something that is not derived from your name,
your department, etc. - but one that you will be able to remember. Be sure that
it has a mixture of lowercase, uppercase, and non-alphanumerical characters,
such as HeyY0u!@. Passwords should be seven or eight characters in length.
On a new system, none of the administrative and maintenance logins have passwords. This means that anyone can telnet or walk up to your system and login as those users without having to type a password. To see which accounts are unlocked, type the following on the command line:
grep '::' /etc/passwd
You should get a listing of lines similar to the following (but there will be more lines listed):
nuucp::3:5:UUCP Owner:/usr/lib/uucp:/bin/csh lp::9:9:Print Spooler Owner:/var/spool/lp:/bin/sh guest::998:998:Guest User:/usr/people/guest:/bin/csh EZsetup::992:998:System Setup:/var/sysadmdesktop/EZsetup:/bin/csh demos::993:997:Demonstration User:/usr/demos:/bin/csh OutOfBox::995:997:Out of Box Experience:/usr/people/OutOfBox:/bin/csh
If an entry has the first two colons next to each other without anything between them, that account has no passwords. For every entry like that, you need to enter the following command, with username being the first field on the line. For example, to lock the accounts above:
passwd -l uucp passwd -l lp passwd -l guest
If you would rather put a password on one of the accounts instead of locking it, you would do the following:
passwd guest
You would then be prompted for the password for guest.
You have to set your default route in order to connect to the campus ftp server.
/usr/etc/route flush /usr/etc/route add default 128.192.xxx.1
In the above case, your subnet replace the xxx.
Now is the time to connect your system to the network. If you need assistance
with this, contact your Departmental Network Coordinator.
The system now needs to be rebooted, or restarted, in order for some of
the changes you have just made to take effect. To reboot the system, type
reboot one the command line and press the Enter key. It should only take
a couple of minutes for the system to reboot and come back up to the login screen.
Watch the screen during the reboot for messages. After the system has rebooted,
log back in as root.
You will now need to ftp to the UGA anonymous ftp server and get a couple
of packages to install. Before you can connect to the ftp server, your workstation's
hostname and address must be in the campus nameserver. If it is not, ask your
Departmental Network Liaison to do this for you (see above).
Follow the following steps to create a directory to place these files in temporarily:
cd /tmp
mkdir ugasetup
cd ugasetup
Now connect to the ftp server and get the files that you need. In the following example, the response from the computer will be shown in italics. When asked for a password, enter your e-mail address.
ftp 128.192.252.19 Connected to cousteau.uga.edu. 220 cousteau FTP server (Version wu-2.4(2) Tue Aug 8 09:19:16 EDT 1995) ready. Name (ftp.uga.edu:stewart): ftp Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd /pub/unix/sgi ftp> ls ftp> bin ftp> get ugasetup_6x.tardist.gz ftp> get sendmail_uga.tardist.gz ftp> get xntpd_uga.tardist.gz ftp> quit
The .gz suffix on these files indicate they are compressed using the gzip program. You need to uncompress and untar them:
gunzip ugasetup_6x.tardist gunzip sendmail_uga.tardist gunzip xntpd_uga.tardist tar xvf ugasetup_6x.tardist tar xvf sendmail_uga.tardist tar xvf xntpd_uga.tardist
Now you have a number of new files in this directory. This is called an inst-able distribution. To install the UGA customization files included in this distribution, you would do the following (the response from the computer is in italics):
inst -f . inst> install all inst> go inst> quit
This will install a network customization file to set the proper default route (/etc/init.d/network.local), time synchronization programs ( /usr/local/bin/xntpd, /usr/local/bin/xntpdc), set up the system to use the campus nameservers (/etc/resolv.conf), set the correct timezone (/etc/TIMEZONE), and install the latest sendmail (/usr/lib/sendmail and /etc/sendmail.cf).
You will need to modify the file /etc/aliases so that mail sent to
postmaster will go to a real person. Uncomment the line that looks like
the following and change postmaster to a valid username and email
address:
#root:postmaster
to something like the following:
root:user@arches.uga.edu
Ensure the modification to the /etc/aliases file takes effect by entering the following at the system prompt:
newaliases
To further secure your system against attacks and make it easier for you to monitor
your system, edit the file /etc/default/login and make the following changes using
an editor. Set the values to be the following:
CONSOLE=/dev/console
PASSREQ=YES
MANDPASS=YES
DISABLETIME=20
MAXTRYS=3
LOGFAILURES=3
IDLEWEEKS=1
The comments preceding each value in the file explain what they affect.
SGI maintains a list of recommended and security patches. The URL
is
http://www.sgi.com/Support/patch_intro.html. You probably
should also look at
http://www.sgi.com/Support.
Now that you have a functional, customized workstation you should back
it up, preferably with tar. As you are backing it up, you should
work out a schedule to regularly back up user files and mail.
| Comments and Suggestions | OCIO Home | EITS Home | UGA Home |