Friday, August 31, 2012

Custom JumpStart finish (extras)

Assume that the setup is according to Custom JumpStart framework setup.
For convenience, a finish script can reference /jumpstart/extras subdirectories:
 
# cd /jumpstart/extras
# ll -a
total ...
drwxr-xr-x   2 root   root      12 Aug 31 14:38 .
drwxr-xr-x   3 root   root       8 Aug 31 12:47 ..
-rw-r--r--   1 root   other     49 Aug 29 14:36 .bashrc
-rw-r--r--   1 root   other     30 Aug 29 14:32 .inputrc
-rw-r--r--   1 root   other    411 Aug 31 11:10 .profile
-rw-r--r--   1 root   other     20 Aug 29 14:32 .screenrc
-rwxr-xr-x   1 root   root     28M Aug 20 08:51 install_stb.sh
-rw-r--r--   1 root   sys      270 Aug 30 13:54 issue
-rw-r--r--   1 root   root    2.8K Aug 30 14:27 pam.conf
-rw-r--r--   1 root   root    1.1K Aug 30 13:50 syslog.conf
-r--r--r--   1 root   sys     1.2K Oct 10 08:39 site.xml
-rw-r-----   1 root   sys       11 Aug 30 13:52 user.allow
  
It may be good to document the contents of some of these files in more detail.
  
# cat issue

THIS IS ... INFORMATION SYSTEM.
ACCESS IS PROVIDED FOR AUTHORIZED USE ONLY.
YOU MUST COMPLY WITH THE POLICIES AND CONDITIONS.
COMMUNICATION CAN BE MONITORED AND DATA INSPECTED AND SEIZED.

  
# cat .screenrc
defscrollback 10000
  
# cat .bashrc
if [ "$LOGNAME" = "root" ]
then
    typeset +x PS1=

      '\[\e[31m\]\h\[\e[0m\]'
else
    typeset +x PS1=

      '\[\e[0;36m\]\u\[\e[0;34m\]@\[\e[2;34m\]\h\[\e[0m\]'
fi
typeset +x PS1=$PS1':\[\e[0;34m\]\w\[\e[0m\] \$ '
 

alias ll='ls -lh'
  
# cat .inputrc
$if term=xterm
"\e[3~":delete-char
$endif
 
# cat .profile
PATH=/usr/bin:/usr/sbin
PATH=$PATH:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:/usr/sfw/bin
[ -d /opt/sfw ] && PATH=/opt/sfw/bin:/opt/sfw/sbin:$PATH
 
MANPATH=/usr/man
 
if [ -d /opt/SUNWexplo ]
then
    PATH=$PATH:/opt/SUNWexplo/bin
    MANPATH=$MANPATH:/opt/SUNWexplo/man
fi
 
if [ -d /opt/SUNWlwact ]
then
    PATH=$PATH:/opt/SUNWlwact/bin
    MANPATH=$MANPATH:/opt/SUNWlwact/man
fi
 
if [ -d /opt/SUNWsneep ]
then
    PATH=$PATH:/opt/SUNWsneep/bin
    MANPATH=$MANPATH:/opt/SUNWsneep/man
fi
 
if [ -d /opt/CTEact ]
then
    PATH=$PATH:/opt/CTEact/bin
    MANPATH=$MANPATH:/opt/CTEact/man
fi
 
if [ -d /opt/CTEactx ]
then
    PATH=$PATH:/opt/CTEactx/bin
fi
 
if [ -d /opt/ocm ]
then
    PATH=$PATH:/opt/ocm/ccr/bin:/opt/ocm/bin
    MANPATH=$MANPATH:/opt/ocm/ccr/sysman
fi
 
if [ -d /opt/SUNWsasm ]
then
    PATH=$PATH:/opt/SUNWsasm/bin
fi
 
if [ -d /opt/SUNWsftransport ]
then
    PATH=$PATH:/opt/SUNWsftransport/bin
    MANPATH=$MANPATH:/opt/SUNWsftransport/man
fi
 
case `uname -p` in
 
sparc)

   
    if [ -d /usr/platform/`uname -i`/rsc ]
    then
        PATH=$PATH:/usr/platform/`uname -i`/rsc
    fi
 
    if [ -d /opt/SUNWconn/man ]
    then
        PATH=$PATH:/opt/SUNWconn/man
        MANPATH=
$MANPATH:/opt/SUNWconn/man:
                         /opt/SUNWconn/trunking/man
    fi
  

    if [ -d /opt/SUNWrtvc ]
    then
        PATH=$PATH:/opt/SUNWrtvc/bin
        MANPATH=$MANPATH:/opt/SUNWrtvc/man
    fi
 
    if [ -d /opt/SUNWswasr ]
    then
        [ -d /opt/SUNWswasr/bin ] &&

        PATH=$PATH:/opt/SUNWswasr/bin
        PATH=$PATH:/opt/SUNWswasr/asrassetbundle

    fi
  
    ;;
  
i386)
    ;;
  
esac      
 
if [ -e /opt/sfw/bin/vim ]
then
        EDITOR=/opt/sfw/bin/vim
else
        EDITOR=/usr/bin/vi
fi
 
PAGER="/usr/bin/less -ins"
 
case ${SHELL} in
*bash)
    source .bashrc
    ;;
esac
 
export PATH
export MANPATH
export EDITOR
export PAGER

   
# cat syslog.conf
*.err;kern.notice;auth.notice               /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit    /var/adm/messages

*.alert;kern.err;daemon.err                 operator
*.alert                                     root
*.emerg                                     *

auth.notice                                 /var/log/authlog
mail.debug                                  /var/log/syslog
 
# cat user.allow
root
prime
...
   
# cat pam.conf
ppp     auth     requisite  pam_deny.so.1
ppp     account  requisite  pam_deny.so.1
ppp     session  requisite  pam_deny.so.1
ppp     password requisite  pam_deny.so.1

krlogin auth     required   pam_unix_cred.so.1
krlogin auth     required   pam_krb5.so.1

rlogin  auth     requisite  pam_deny.so.1
rlogin  account  requisite  pam_deny.so.1
rlogin  session  requisite  pam_deny.so.1
rlogin  password requisite  pam_deny.so.1

krsh    auth     required   pam_unix_cred.so.1
krsh    auth     required   pam_krb5.so.1

rsh     auth     requisite  pam_deny.so.1
rsh     account  requisite  pam_deny.so.1
rsh     session  requisite  pam_deny.so.1
rsh     password requisite  pam_deny.so.1

ktelnet auth     required   pam_unix_cred.so.1
ktelnet auth     required   pam_krb5.so.1

telnet  auth     requisite  pam_deny.so.1
telnet  account  requisite  pam_deny.so.1
telnet  session  requisite  pam_deny.so.1
telnet  password requisite  pam_deny.so.1

passwd  auth     required   pam_passwd_auth.so.1
cron    account  required   pam_unix_account.so.1
cups    account  required   pam_unix_account.so.1

other   auth     requisite  pam_authtok_get.so.1
other   auth     required   pam_dhkeys.so.1
other   auth     required   pam_unix_cred.so.1
#other  auth     sufficient pam_krb5.so.1
other   auth     required   pam_unix_auth.so.1

other   account  requisite  pam_roles.so.1
other   account  requisite  pam_list.so.1   allow=/etc/user.allow
#other  account  sufficient pam_krb5.so.1
other   account  required   pam_unix_account.so.1

other   session  required   pam_unix_session.so.1

other   password required   pam_dhkeys.so.1
other   password requisite  pam_authtok_get.so.1
other   password requisite  pam_authtok_check.so.1    force_check
#other  password sufficient pam_krb5.so.1
other   password required   pam_authtok_store.so.1

# cat site.xml 
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>


<!--
    Copyright (c) 2012 ...
    All rights reserved.

    This file, /var/svc/profile/site.xml, 

    is a distinguished location for
    a site-specific service profile,
    treated otherwise equivalently to

    generic_limited_net.xml file.
-->


<service_bundle type='profile' name='site'
         xmlns:xi='http://www.w3.org/2003/XInclude' >

  <!--
      Disable otherwise enabled CDE services.
  -->


  <service 
name='application/cde-printinfo'
    version='1' type='service'>
      <instance name='default' enabled='false' />
  </service>


  <service 
name='network/rpc/cde-ttdbserver'
    version='1' type='service'>
      <instance name='tcp' enabled='false' />
  </service>


  <service 
name='application/graphical-login/cde-login'
    version='1' type='service'>
      <instance name='default' enabled='false' />
  </service>


  <service 
name='network/rpc/cde-calendar-manager'
    version='1' type='service'>
      <instance name='default' enabled='false'/>
  </service>

  <!--
      Disable yet other services.
  -->


  <service 
name='system/webconsole' 
    version='0' type='service'>
      <instance name='console' enabled='false'/>
  </service>

</service_bundle>