|
HP-UX 10.20 Localization Checklist
CU Generic Localization Checklist for HPUX 10.20
MACHINENAME: generic
UnixOps support type (check all that apply):
[ ] No support - one time localization only
[ ] NET support
[ ] FULL support (includes first 3 and user support)
[ ] GATE support (host has >1 network interface and subnet)
[ ] DUMPS backups
To use this checklist:
Place your initials inside each brace after the task is completed.
Place NA (Not Applicable) if the task doesn't apply here.
A CAPITALIZED word in front of brackets indicates on optional task.
Blanks in front of brackets indicate "mandatory".
This checklist is not necessarily meant to be done in order.
VERIFY EVERYTHING. GET SOMEONE ELSE TO DO IT IF YOU CAN'T!!!
The following constitutes localization:
[ ] Move this file to hostname:/Localization and continue
to update it there
[ ] All parts have arrived, final location known,
wiring asked to make any necessary connections.
[ ] has a valid CU-Boulder Internet adress and all host
attributes are in addhost database.
[ ] This host has a nametag plastered on it and all its
peripherals including proper disk labeling with the
partition table. (use mklabels)
[ ] Install vanilla OS
(when in doubt, no NIS. NIS is evil - we have replaced
its functionality with rdist.)
HPUX10.20 allows us to have one partition over the entire
disk.
[ ] Make sure that the /etc/rc.config.d/netconf has the correct
information:
Valid host name
Correct operating system
Loopback address: 127.0.0.1
Correct interface
Valid ip address that matches in /etc/hosts
Subnet mask: 255.255.255.0
Valid route gateway
[ ] make the machines clean out their /tmp dirs
edit the /etc/rc.config.d/clean_tmps file to be:
LIST_TEMPS=0
CLEAR_TMP=1
[ ] Make sure /tmp and any scratch partitions are mod 1777.
[ ] Check that /etc/utmp is mod 644
[ ] created /core by soft-linking to /dev/null
ln -s /dev/null /core
[ ] Stop crash dumps in /var/adm/crash by setting
SAVECORE=0 in /etc/rc.config.d/savecore
[ ] Disable the automounter unless you absolutely NEED it!
edit /etc/rc.config.d/nfsconf and change the line that
says "AUTOMOUNT=1" to be "AUTOMOUNT=0", then kill the
automountd PID by hand.
[ ] change root's login shell to be /bin/csh
[ ] make link : ln -s /etc/group /etc/logingroup
NET [ ] configure machine to be rdisted to by distribution
host (has /usr/local/etc first in root's path, has
/usr/local/etc/rdistd and trusts distrib host).
or
has grabfiles installed. Make sure that "telnet machinename
grabfiles" causes grabfiles to run. (grabfiles is only used
by machines that are not on UnixOps support)
[ ] remove system version of rdist
rm /usr/bin/rdist
[ ] set up /usr/local/etc/hourlydist if this machine has
clients which will be sharing passwd, group, sudoers, etc
and add it to root crontab as:
8 * * * * /usr/local/etc/rdist -q -f /usr/local/etc/hourlydist
[ ] create /etc/motd.local, include any messages specfic to this
machine or lab
NET [ ] edit the /etc/resolv.conf file to include:
;
domain Colorado.EDU
search Colorado.EDU cs.Colorado.EDU
;
nameserver 128.138.240.1 ; boulder
nameserver 128.138.238.154 ; cujo
nameserver 128.138.213.13 ; ns1.westnet.net
NET [ ] localized syslog.conf - copied from localized system of
same OS and class config.
NET [ ] if standalone or server, add to pingem list on pingemhost.
[ ] HPUX does not have routed. The default route is
defined in the file /etc/rc.config.d/netconf
If the machine has more than one network interface,
run gated.
[ ] Make /etc/shells and include all shells expected to be
on system. (this will save much confusion as ftp will
not allow people to ftp in if their shell is not on
this list).
[ ] install tcp wrappers. install identd. install log daemons.
Binaries are located via anonymous ftp from boulder
[ ] strip suid from cu
chmod 555 /usr/bin/cu
[ ] strip suid from the audio server (security hole)
chmod 555 /opt/audio/bin/Aserver
[ ] create audio security file:
/opt/audio/bin/asecure -C
feed it a bogus password and fix mods on security file:
chmod 444 /etc/opt/audio/audio.sec
[ ] install Secure Shell package, including ssh and sshd.
configure sshd to start at boot time. Package is
available via anon FTP from boulder.
[ ] install latest version of sendmail chmod 4711 owner root
in /usr/sbin and make the link :
ln -s /usr/sbin/sendmail /etc/mail/sendmail
[ ] Put our aliases file in /etc/mail/aliases. Remove any
other aliases.* files from /etc, /etc/mail, and /usr/lib,
especially if they're .dir and .pag files.
[ ] Create links:
ln -s /etc/mail/aliases /usr/lib/aliases
ln -s /etc/mail/aliases.db /usr/lib/aliases.db
ln -s /etc/mail/aliases /etc/aliases
ln -s /etc/mail/aliases.db /etc/aliases.db
[ ] Install /etc/mail/sendmail.cf. Remove or rename
any other files in /etc, /usr/lib, or /etc/mail that
are named sendmail.cf.
[ ] create link: ln -s /etc/mail/sendmail.cf /etc/sendmail.cf
[ ] create link: ln -s /usr/sbin/newaliases /usr/bin/newaliases
[ ] create link: ln -s /usr/sbin/sendmail /usr/sbin/newaliases
[ ] touch /etc/mail/aliases.db
[ ] run newaliases.
[ ] verify that /sbin/init.d/sendmail exists. Copy from
another machine of the same OS if not there.
make the link ln -s /sbin/init.d/sendmail /sbin/rc2.d/S540sendmail
[ ] start sendmail:
sudo /sbin/rc2.d/S540sendmail start
[ ] Verify the mail system works completely
by sending test messages to/from users that live on this
host. Also telnet to port 25. Test the sendmail by
'expn your.name', 'expn diary', and any other alias
that might cause sendmail to choke.
[ ] test that mail recognizes mail outside of the local
domain by sending mail to bouncer@nic.near.net or
rainbow-request@rmit.edu.au. bouncer@nic.near.net gives
a breakdown of the headers it receives from the sender.
NET [ ] root owns /.rhosts (mode 600) and it contains *only*
machines it gets it's files from. (FQDNs only)
[ ] has valid tech.alias, trouble.alias, admin.alias, and
wiring.alias in /usr/local/adm/unixops. chmod to 644.
[ ] link /usr/local/adm/logs to /var/adm/log
sudo ln -s /var/adm/log /usr/local/adm/logs
[ ] fix the /etc/group an /etc/passwd so nobody and nogroup
no longer have negitive uid/gid
[ ] has diary file as /usr/local/adm/logs/diary mode 4664.
owner nobody, group mail.
[ ] /usr/bin/quota is replaced with link to /bin/true unless
quotas will be used.
[ ] run /usr/sbin/sam as root to add acess to remote printers.
or jetadmin for local printers
[ ] we have a concrete vendor service agreement on this host.
NET/ [ ] If UnixOps supported, this host has a unixops agreement
FULL/DUMPS
[ ] this host has blessing to mount NFS partitions. add
remote partitons to mount to /etc/fstab OR to
/etc/auto_master (but not both).
[ ] If it is the NFS server, edit /etc/exports to include the
partitions to be exported. Run exportfs -a to push out the
mount permissions.
[ ] IF it is an NFS client, blessed mounts are setup in
/etc/fstab with rw,bg. if mounting /var/mail via NFS,
use rw,bg,actimeo=0 as mount options. Create mount points.
Run mount -a
or:
[ ] blessed mounts are setup in /etc/auto_master with
-rw,nosuid,intr,soft,grpid.
create mount points, mount.
[ ] run showmount -e on machine and make sure no
partitions are mountable by only authorized
machines.
[ ] political/technical OK to join Club UniqUID
[ ] if in Club UniqUID, install adduser - be sure to
configure /usr/local/lib/adduser/adduser.conf to the
customer's specifications. Make sure there are a good
set of user dot files in /usr/local/lib/adduser/homedir
or
[ ] if in Club UniqUID and this machine is to be part of a CNS
lab, install durm - configure /usr/local/durm/lib/type_db
to the customer's specifications. Make sure there are a
good set of user dot files in /usr/local/durm/skel
[ ] if in Club UniqUID, install passport and have it
run as a cron job once a month.
[ ] All vendor specific relevant security fixes patched.
NET/ [ ] root password is what it should be
FULL
[ ] Do a "catman -w" to build whatis database
[ ] If UnixOps supported, update the /usr/local/adm/unixops/
system.list file - make sure any changes in OS are
reflected.
DUMPS [ ] Machine has operator login with correct operator
password. NOTE: most of the AMANDA install steps below
can be done by simply disting the appropriate package
from distrib host, after operator login has been created.
DUMPS [ ] Machine has group operator (and the user operator is in
group operator)
DUMPS [ ] AMANDA utilities `senddump' and `sendsize' are installed
in /usr/local/amanda/libexec [most of the amanda install
process is automated if the amanda package is specfied to
be rdisted to this host by the central distrib host]
DUMPS [ ] AMANDA services added to /etc/services:
amsendsize 10069/udp
amsenddump 10070/tcp
DUMPS [ ] AMANDA services added to /etc/inetd.conf (send a HUP
to inetd after changing this file):
amsendsize dgram udp wait operator \
/usr/local/amanda/libexec/sendsize sendsize
amsenddump stream tcp nowait operator \
/usr/local/amanda/libexec/senddump senddump
DUMPS [ ] AMANDA master host is in ~operator/.rhosts, and
~operator/.rhosts is mode 600, owned by operator
DUMPS [ ] all raw disk devices are mode 640, group operator
DUMPS [ ] /etc/dumpdates is mode 664, group operator
[ ] create configuration file for Localization level 0
backup. In refuge/share/dumps/configs, create a
file hostname.lvl0. Use a similar machine to
create the correct format.
[ ] do a localization level 0 backup of the system as soon
as the localization is completed. (or at any time the
pain threshold is higher for going thru this list than
doing a restore).
DUMPS [ ] Operators have been mailed the following information:
* Output from a "bdf"
* Which partitions are to be dumped
DUMPS [ ] If a machine is a server complete the above for all
diskful Clients as well.
DUMPS [ ] Operations manager has an account on the machine with
sudo (and knows about it).
[ ] Optional jobs to be run out of cron:
8 * * * * /usr/local/etc/rdist -q -h -f /usr/local/etc/hourlydist
11 4 * * * /usr/local/gnu/lib/locate/updatedb
3 6,18 * * * /usr/local/etc/ntpdate -s timehost
3 5 15 * * /usr/local/etc/passport
Mandatory Software Packages:
Verify packages. Get someone else to verify them if you don't know how.
(most source code can be found in src tree.)
[ ] sudo, visudo. setup blessed sudoers. if its a full service
machine make it log to boulder. (get source from ftp.cs)
[ ] ssh
[ ] mailhome (if in Uniquid)
[ ] ntpdate
(do a "make ntpdate/ntpdate" from xntpd source) This should
be installed in cron as "ntpdate -s timehost"
[ ] tcsh (add to /etc/shells)
[ ] durm -or-
[ ] adduser
Free Optional Software Packages:
Ask customer before installing any of these.
Initial, or put REJ (rejected by customer).
[ ] da
[ ] webster (server "webster")
[ ] serial file transfer protocols - sz, rz, kermit.
[ ] perl
[ ] pine
[ ] metamail
[ ] elm
[ ] trn (threaded news reader - needs /usr/local/news)
[ ] scrub
[ ] spacegripe
[ ] enscript ( nenscript )
[ ] CDE - Common Desktop Environment Windowing System (/usr/dt)
Extra-Cost Optional software packages:
If customer has a full-service agreement with unixops, install any/all
of these at no extra charge. If customer has only net support, this is a
one-time localization, or this is time and materials work, let them know
about the charges marked beside the packages. be sure to inform billing about
which packages you installed.
$ 100 [ ] X11R6 (mount from X nfs server if blessed)
$ 100 [ ] TeX / detex / latex /culogo font for tex
$ 100 [ ] GNU distribution (includes, gzip, RCS, *roffs, gs, gcc, g++)
$ 50 [ ] RAND MH
$ 50 [ ] emacs (gnu version: most recent)
NOTE : HPUX comes with a basic cc. People may need the unbundeled
compilers from HP or gcc.
[ ] unbundled C, C++, Fortran, Fortran90
People interested in the compilers should contact
diploma@Colorado.EDU to purchase the compilers.
When done:
[ ] Level 0 (see directions above for how).
[ ] Mail checklist to boss and diary@hostname
[ ] Notify UnixOps Billing to recharge.
|
|
