Documente Academic
Documente Profesional
Documente Cultură
Solaris 10 Edition
Training Notes 20060801.01
Table of Contents
Apache Web Server - Notes.......................................................................................................................3 BIND DNS Implementation - Notes.......................................................................................................... 6 System Scheduler Cron - Notes.............................................................................................................. 8 File System Management - Notes............................................................................................................ 10 Volume Management - Notes.................................................................................................................. 12 File Transfer Protocol Daemon (FTPD) Implementation - Notes........................................................... 15 GNU Privacy Guard (GPG) - Notes........................................................................................................ 17 MySQL Implementation - Notes..............................................................................................................18 NETSTAT - Notes................................................................................................................................... 19 Network Configuration Overview - Notes...............................................................................................20 Network File System(NFS) - Notes......................................................................................................... 22 AutoFS - Notes.........................................................................................................................................23 Network Mapper Nmap - Notes...............................................................................................................23 Network Time Protocol (NTP) - Notes....................................................................................................24 Quota Implementation & Management - Notes....................................................................................... 25 Samba Windows Integration - Notes.................................................................................................... 25 Remote Desktop Installation - Notes....................................................................................................... 26 Samba Server Configuration - Notes....................................................................................................... 26 System Security Overview - Notes.......................................................................................................... 27 Sendmail MTA Features - Notes............................................................................................................. 27 Snoop Network Sniffer - Notes.............................................................................................................30 TCPDump Network Sniffer - Notes......................................................................................................30 Snort Network Intrusion Detection System (NIDS) - Notes....................................................................31 SYSLOG Implementation - Notes........................................................................................................... 32 Log Rotation using logadm - Notes......................................................................................................... 32 Zettabyte File System (ZFS) - Notes....................................................................................................... 33 Solaris Zones - Notes............................................................................................................................... 34
Note: Apache ALWAYS maintains a DEFAULT HOST. Config is in httpd.conf and outside of ANY and ALL virtual hosts containers Note: Apache requires the following info. for the DEFAULT HOST: 1. ServerName linuxcbtsun1.linuxcbt.internal 2. ServerAdmin 3. DocumentRoot - where to serve content from 4. IP Address:Port to bind to - optional 5. Logging information - custom/combined & error logs Note: Listen directive controls IPs and ports that Apache binds to Note: specify 'Listen' directive(s) in the DEFAULT HOST(httpd.conf) Note: You can specify multiple Listen Directives Note: Apache binds to ALL IP addresses when 'Listen' is specified without an IP address DEFAULT HOST(IP:PORT) -Virtual Host 1 -Virtual Host 2 <Directory "/var/apache2/htdocs"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/apache2/htdocs/temp"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
Note: <Directory "/var/apache2/htdocs"> - applies to all sub-directories ###Order, Allow, Deny Rules### Note: Order is specified and Deny or Allow or combination follows Note: Allow|Deny supports the following attributes 1. IP Address - 127.0.0.1 2. IP Address range 3. IP Subnet Mask using CIDR or Class notation - 192.168.1.0/24 or 192.168.1.0/255.255.255.0 4. 192.168.1 5. ALL 6. Environment variables - referrer, user agents Used to influence default doc: DirectoryIndex index.html index.html.var LogFormat is used to define logging keywords that can be referenced Apache can log to multiple log files, various keywords, simultaneously ###Alias Directive### Maps webspace location to file system location, usually non-document root ###Files Directive### Facilitates restrictions on matchings files regardless of location on server <Files noaccess.html> Order allow,deny Deny from all </Files> Note: When applied OUTSIDE of <Directory> block, applies to all instances of named file throughout the web server Task: Create web-accessible directory, but, restrict access to certain IPs Steps: 1. mkdir /var/apache2/private 2. Create appropriate Alias - Alias /private/ /var/apache2/private/ 3. Create appropriate <Directory> block ###Virtual Hosts Support### 2 Types of Virtual Hosts are supported: 1. IP-based - Each virtual host is associated with a distinct address 2. Name Based - All or a group of Virtual Hosts share a distinct address ###IP-based Virtual Hosting### Note: System requires multiple IP addresses Note: Default Apache Host binds to ALL IP addresses on port 80 Steps: 1. Implement appropriate 'Listen' directive 2. Configure Virtual Hosts 3. Restart Apache 4. Test configuration Listen 192.168.1.50:80 <VirtualHost 192.168.1.50:80> ServerName linuxcbtsun1.linuxcbt.internal ServerAdmin unixcbt@linuxcbtsun1.linuxcbt.internal
DocumentRoot /var/apache2/ipvhost1 ErrorLog /var/apache2/logs/ipvhost1.error.log CustomLog /var/apache2/logs/ipvhost1.access.log </VirtualHost> Note: Apache will serve content from the DocumentRoot of DEFAULT HOST if a request does NOT match any of the Virtual Hosts Listen 192.168.1.51:80 <VirtualHost 192.168.1.51:80> ServerName linuxcbtsun3.linuxcbt.internal ServerAdmin unixcbt@linuxcbtsun1.linuxcbt.internal DocumentRoot /var/apache2/ipvhost2 ErrorLog /var/apache2/logs/ipvhost2.error.log CustomLog /var/apache2/logs/ipvhost2.access.log combined </VirtualHost> ###NameBased Virtual Hosting### Facilitates the sharing of 1 IP address by a group of web sites Steps: 1. Define appropriate Listen directive(s) 2. Define appropriate NameVirtualHost directive(s) 3. Define Virtual Hosts 4. Restart Apache 5. Confirm configuration Listen 80 NameVirtualHost *:80 - means to permit NameBased Virtual Hosts on ALL IPs Note: NameVirtualHost directive MUST match VirtualHost directive <VirtualHost *:80> ServerName linuxcbtsun1.linuxcbt.internal ServerAdmin unixcbt@linuxcbtsun1.linuxcbt.internal DocumentRoot /var/apache2/namevhost1 ErrorLog /var/apache2/logs/namevhost1.error.log CustomLog /var/apache2/logs/namevhost2.access.log combined </VirtualHost>
###Slave DNS Server Configuration### Note: There really isn't a Slave DNS Server with BIND, however, there is a SLAVE ZONE Steps: 1. copy the following files to slave server: a. db.127.0.0 - houses reverse, loopback zone info. b. db.cache - houses root hints c. named.conf - primary DNS BIND configuration file Note: DNS BIND server can also be a slave server in addtion to caching-only and authoritative server.
11 * * * * repquota -va >> /reports/`date +%F`.quota.report Note: set EDITOR variable to desired editor export EDITOR=vim ###unixcbt - execute quota -v### #!/usr/bin/bash HOME=/export/home/unixcbt quota -v >> $HOME/`date +%F`.unixcbt.quota.report #END Note: aim to reference scripts(shell/perl/python/ruby/PHP,etc.) instead of the various characters Note: Default Solaris install creates 'at.deny' & 'cron.deny' You MUST not be included in either file to be able to submit at & cron entries Conversely, if cron.allow and at.allow files exist, you MUST belong to either file to submit at or cron entries
swap -a /data2/swap2 - activates swap file To remove swap file: swap -d /data2/swap2 - removes swap space from kernel. does NOT remove file rm -rf /data2/swap2 ###Swap Partition Creation### format - select disk - partition - select slice/modify swap -a /dev/dsk/c0t2d0s1 Modify /etc/vfstab
###Configure slices to accomodate State Database Replicas### c0t1d0s0 c0t2d0s0 RAID 0 (STRIPE) - 60GB ###Create RAID 0 (STRIPE) - NOT REDUNDANT### c0t1d0s0 c0t2d0s0 RAID 0 (STRIPE) - 60GB - /dev/md/dsk/d0 Note: Volumes can be created using slices from a single or multiple disks Note: State database replicas serve for ALL volumes managed by Volume Manager Note: RAID 0 Concatenation - exhausts DISK1 before writing to DISK2 Note: RAID 0 Stripe - distributes data evenly across members Note: Use the same size slices when using RAID0 with Striping Note: after defining volume, create file system newfs /dev/md/rdsk/d0 ###Suggested layout for creating volumes using volume manger### SERVER -DISK0 - SYSTEM DISK VOLUME MANAGE SECONDARY DISKS -DISK1 - SECONDARY DISK -DISK2 - SECONDARY DISK ##RAID-1 Configuration### Note: RAID-1 relies upon submirrors or existing RAID-0 volumes c0t1d0s0 - /dev/md/dsk/d0 c0t2d0s0 - /dev/md/dsk/d1 /dev/md/dsk/d2 d0 - source sub-mirror d1 - destination sub-mirror Create file system on mirrored volume '/dev/md/dsk/d2' newfs /dev/md/rdsk/d2 ###RAID-5 Configuration### Steps: 1. Ensure that 3 components(slices/disks) are available for configuration 2. Ensure that components are identical in size Slices for c0t1d0s0 c0t1d0s0 c0t2d0s0 RAID-5 10GB 10GB 10GB
/dev/md/dsk/d0 = RAID-5 = 20GB Note: You may attach components to RAID-5 volume, but they will not store parity information, however, their data will be protected. ###Using growfs to extend volumes### growfs extends mounted/unmounted volumes(UFS/ZFS)
Steps to grow a mounted/unmounted file syste 1. Find free slice(s) to add as component(s) to volume using SMC or metattach CLI 2. Add component slice - wait for initialization(concatenation) to complete 3. execute 'growfs -M /d0 /dev/md/rdsk/d0' Note: Once you've extended a volume, you CANNOT decrease it in size. Note: Concatenation of RAID-1/5 volumes yields an untrue RAID-1/5 volume. SLICE1 SLICE2 SLICE3 SLICE4 - Concatenated - NOT a true RAID-1/5 member (no parity is stored) Note: When extending RAID-1 volumes, extend each sub-mirror first, and then Solaris will automatically extend the RAID-1 volume. Then run 'growfs.' ###Soft Partitions### 1. Provides an abstracted, extensible partition object 2. Permits virtually unlimited segmentation of disk c0t1d0 - s0-9 (0-7 except 2, usable) 3. Permits creation of partitions on top of 1 or more slices Steps: 1. Clean up partitions on existing disks: c0t1d0 & c0t2d0
###Guest User Support### Jailed/chrooted environment Steps: 1. useradd -d /home/guests/unixcbt4 -s /bin/true 2. mkdir /export/home/guests/unixcbt4 3. chown unixcbt4 /export/home/guests/unixcbt4 4. ftpconfig -d /export/home/guests/unixcbt4 - sets up chrooted environment 5. updated /etc/ftpd/ftpaccess - config file guestuser unixcbt4 6. restart ftp using svcadm restart ftp
Note: Guest users are similar to real users except guest users are chrooted/jailed. ###Virtual Hosts### wu-ftpd - supports 2 forms of virtual hosts: 1. Limited - relies upon primary config files /etc/ftpd{ftpaccess,ftpusers...} Admin. may define unique attributes including the following: a. banner b. logfile c. hostname d. email e. distinct IP address 2. Full - relies upon distinct config files in specified directory a. offers everything included with limited virtual hosts mode b. also adds distinct config files c. Note: Full-mode will use default config files in /etc/ftpd if the full virtual hosts instance is unable to find a distinct file. ###Limited Virtual Hosts Configuration### /etc/ftpaccess virtual 192.168.1.51 root /var/ftp2 virtual 192.168.1.51 hostname linuxcbtdb1.linuxcbt.internal virtual 192.168.1.51 banner /var/ftp2/.welcome_message.msg virtual 192.168.1.51 logfile /var/log/ftp2/xferlog virtual 192.168.1.51 allow unixcbt3
Note: Virtual hosts do not allow real & guest users access by default ###Full Virtual Hosts Configuration### /etc/ftpd/ftpservers address configuration_direction 192.168.1.51 /etc/ftpd/ftp2 192.168.1.52 /etc/ftpd/ftp3
###Install GPG### 1. www.sunfreeware.com 2. gunzip gnupg-1.2.6-sol10-intel-local.gz && pkgadd -d gnupg-1.2.6-sol10-intellocal Note: GPG manages by default, 2 key chains: 1. Public - your public key, and potentially others a. use 'gpg --list-keys' to enumerate public keys 2. Private - your private key(s) Note: gpg uses recipient's public key to encrypt communications(e-mail/files) ###Create Public/Private Key-Pair### gpg --gen-key Note: 'gpg --gen-key' functions similarly to 'ssh-keygen' utility Note: passphrase is associated with 'private key' of pub/priv pair Note: GPG is compatible with PGP ###Import other's public keys###
NETSTAT - Notes
Lists connections for ALL protocols & address families to and from machine Address Families (AF) include: INET - ipv4 INET6 - ipv6 UNIX - Unix Domain Sockets(Solaris/FreeBSD/Linux/etc.) Protocols Supported in INET/INET6 include: TCP, IP, ICMP(PING(echo/echo-reply)), IGMP, RAWIP, UDP(DHCP,TFTP,etc.) Lists routing table Lists DHCP status for various interfaces Lists net-to-media table - network to MAC(network card) table ###NETSTAT Usage### netstat - returns sockets by protocol using /etc/services for lookup /etc/nssswitch.conf is consulted by netstat to resolve names for IPs netstat -a - returns ALL protocols for ALL address families (TCP/UDP/UNIX) netstat -an - -n option disables name resolution of hosts & ports netstat -i - returns the state of interfaces. pay attention to errors/collisions/queue columns when troubleshooting performance netstat -m - returns streams(TCP) statistics netstat -p - returns net-to-media info (MAC/layer-2 info.) i.e. arp netstat -P protocol (ip|ipv6|icmp|icmpv6|tcp|udp|rawip|raw|igmp) - returns active sockets for selected protocol netstat -r - returns routing table netstat -D - returns DHCP configuration (lease duration/renewal/etc.) netstat -an -f address_family netstat -an -f inet|inet6|unix netstat -an -f inet - returns ipv4 only information netstat -n -f inet netstat -anf inet -P tcp netstat -anf inet -P udp
###Ensure that newly-plumbed interface settings persists across reboots### Steps include updating/creating the following files: 1. echo "172.16.20.10" > /etc/hostname.iprb0 2. create entry in /etc/hosts - 172.16.20.10 linuxcbtsun1 3. echo "172.16.20.0 255.255.255.0" >> /etc/inet/netmasks Note: To down interface, execute: ifconfig interface_name down ifconfig iprb0 down && ifconfig iprb0 ###Sub-interfaces/Logical Interfaces### e1000g0(physical interface) - 192.168.1.50(Primary Apache website) 192.168.1.51(Secondary Apache website) 192.168.1.52(Used for SSH) iprb0 - 172.16.20.10 iprb1 Use 'ifconfig interface_name addif ip_address <netmask>' ifconfig e1000g0 addif 192.168.1.51 (RFC-1918 - defaults /24) Note: This will automatically create an 'e1000g0:1' logical interface Note: Solaris places new logical interface in DOWN mode by default Note: use 'ifconfig e1000g0:1 up' to bring the interface up Note: logical/sub-interfaces are contingent upon physical interfaces Note: if physical interface is down, so will the logical interface(s) Note: connections are sourced using IP address of physical interface ###Save logical/sub-interface configuration for persistence across reboots### 1. 2. 3. 4. gedit /etc/hostname.e1000g0:1 - 192.168.1.51 gedit /etc/hostname.e1000g0:2 - 192.168.1.52 Optionally update /etc/hosts - /etc/inet/hosts Optionally update /etc/inet/netmasks - when subnetting
Note: To remove logical interface execute the following: ifconfig physical_interface_name removeif ip_address ifconfig iprb0 removeif 172.16.20.20 ###/etc/nsswitch.conf - name service configuration information ### functions as a policy/rules file for various resolution: 1. DNS 2. passwd(/etc/passwd,/etc/shadow),group(/etc/group) 3. protocols(/etc/inet/protocols) 4. ethers or mac-to-IP mappings 5. hosts - where to look for hostname resolution: files(/etc/hosts) dns(/etc/resolv.conf)
NFS versions 3 & higher supports large files (>2GB) NFS 2 3 4 Major versions: original improved upon version 2 current version
Note: Solaris 10 simultaneously supports ALL NFS versions /etc/default/nfs - contains defaults for NFS server & client Note: client->server NFS connection involves negotiation of NFS version to use ###Steps for mounting remote file systems### 1. ensure that a local mount point exists & is empty Note: local mount points with files and/or directories will be unavailable while a remote file system is locally-mounted 2. ensure that NFS server is available and sharing directories 3. mount locally the remote file system. mount -F nfs -o ro linuxcbtmedia:/tempnfs1 /tempnfs1 Note: use 'man mount' to determine mount options for various FSs 4. setup persistent mounts in /etc/vfstab file ###Steps for sharing local file systems locations### 1. ensure that NFS is running svcs -a | grep -i nfs Note: you may enable the NFS server and update share information independently Start using: svcadm svc:network/nfs/server Note: NFS Server will NOT start if there are NO directories to share 2. share -F nfs -d test_share /tempnfssun1 - exports for current session. Does NOT persist across reboots 3. Configure NFS sharing for persistence, using share command share -F nfs -d test_share /tempnfssun1 shareall Note: consult 'man share_nfs' for permissions info.
AutoFS - Notes
Features: 1. Just-in-time mounting of file systems 2. Controlled by 'automountd' daemon 3. Managed via autofs service 4. References map files to determine file systems to mount 5. Obviates need to distribute root password to non-privileged users /etc/default/autofs - contains configuration directives for autofs ###AutoFS Maps### 3 Types: 1. Master map - /etc/auto_master 2. Direct map - /etc/auto_direct - facilitates direct mappings 3. Indirect map - /etc/auto_* - referenced from /etc/auto_master ###/etc/auto_master### Note: /etc/auto_master is always read by autofs(automountd daemon) /etc/nsswitch.conf - used to determine lookup location for automount -hosts - references hosts defined in /etc/hosts & the hosts MUST export shares using NFS Note: changes to /etc/auto_master(primary autofs policy file) usually requires a service restart: svcadm restart autofs Note: AutoFS defaults to permitting client to browse potential mount points ###Direct mapping example### Note: Direct mappings seamlessly merge remote exports with local directories Steps: 1. create auto_direct mapping in /etc/auto_master: /- auto_direct -vers=3
Nmap can export to the following file types: 1. Normal 2. XML 3. Greppable
smbclient -A ./.smbpaswd //linuxcbtwin1/solaris10 .smbpaswd username=unixcbt password=abc123 3. smbtar - facilitates backups of remote shares smbtar -s linuxcbtwin1 -x solaris10 -t solaris10.tar - backup smbtar -s linuxcbtwin1 -x solaris10 -r -t solaris10.tar - restore
database to grant or deny access to shared resources 1. /etc/passwd 2. /etc/sfw/smbpasswd - handles translation of Windows auth to Unix auth 3. /etc/sfw/smbusers - provides translation between Unix & Windows users i.e. translation of Windows' 'guest' user to Unix' 'nobody' user ###User Authentication Mode### Note: NETBIOS names are restricted to 16 characters, however, 15 characters are configurable linuxcbtsun1.linuxcbt.internal = FQDN Note: smbpasswd -a unixcbt - create permitted samba users in /etc/sfw/private/smbpasswd file - otherwise, access will be denied ###Samba Web Administration Tool (SWAT)### Steps to enable Swat: 1. create an /etc/services entry for SWAT - TCP:901 2. create an /etc/inetd.conf entry for SWAT swat stream tcp nowait root /usr/sfw/sbin/swat swat 3. Convert the inetd entry for SWAT to SMF using 'inetconv'
svcadm restart sendmail svcs -l sendmail Typical 1. MTA 2. MUA 3. MDA Mail Components in distributed mail environments: - Message Transfer Agent (Sendmail/Postfix/qmail) - Mail User Agent (mail, mutt, mailx, MS Outlook, Eudora, etc.) - Mail Delivery Agent (mail.local, procmail, etc.)
Config files: 1. /etc/mail/sendmail.cf - primary config file for Sendmail MTA 2. /etc/mail/submit.cf - primary config file for Sendmail MSP (smmsp) Config files macros using m4 language: 1. /etc/mail/cf/cf/sendmail.mc 2. /etc/mail/cf/cf/submit.mc Note: Sendmail does NOT understand m4 files. Use m4 to generate updated .cf files if necessary ####/etc/aliases - used for local mail delivery### Contains key aliases for 'postmaster' & system daemons unixcbt:unixcbt@linuxcbtsun1 unixcbt@localhost unixcbt@linuxcbtsun1 unixcbt@linuxcbtsun1.linuxcbt.internal /etc/mail/local-host-names unixcbt.internal unixcbt@linuxcbtsun1.unixcbt.internal newaliases - generates updated DB for aliases ###per-user mail### 1. Sendmail stores mail using the older mbox format, which stores all mail in 1 potentially huge ASCII text files 2. /var/mail/username - flagged with the STICKY bit ###Mail delivery using local tools### sendmail is monolothic - 1 program does it all (client/server/MSP/MTA) sendmail -v unixcbt Note: MSP submits to: /var/spool/clientmqueue ###Virtual Domains/Users Support### /etc/mail/relay-domains /etc/mail/local-host-names unixcbt.internal Virtual Users: Create: /etc/mail/virtusertable Populate with mappings: virtual_email_address local_mailbox|remote_email unixcbt@unixcbt.internal unixcbt Configure /etc/mail/sendmail.cf via /etc/mail/cf/cf/sendmail.mc
- FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db') makemap hash virtusertable - creates the DB file: /etc/mail/virtusertable.db ###Relay Domains### /etc/mail/relay-domains Houses domains that sendmail should relay; local and/or remote linuxcbt.com 192.168.1.100 ###IMAP/POP2|3 Support### Differences between IMAP & POP 1. IMAP stores messages on server 2. POP downloads messages to client Note: IMAP server must support mbox mail storage format and optionally Maildir mail storage format Download IMAP2004g from sunfreeware.com ###Configure INETD control of IMAP & POP3 services### /etc/inetd.conf pop3 stream tcp nowait root /usr/local/sbin/ipop3d ipop3d imap stream tcp nowait root /usr/local/sbin/imapd imapd Note: use 'inetconv' to convert INETD entries in /etc/inetd.conf to SMF ###Evolution MUA - Connect to POP3 & IMAP Service### Installed openssl-0.9.8 to support IMAP2004g Configure Evolution Note: Retrieving & Sending messages are distinct functions 1. SMTP - Sending 2. IMAP/POP3/MS Exchange/etc. - Retrieval
tcpdump options expression tcpdump tcpdump tcpdump tcpdump tcpdump -D -i -q -n - returns available interfaces interface_name - binds to specific interface suppresses some packet header information - avoids name resoltion - improves performance
/etc/logadm.conf - default configuration file Note: don't memorize all parameters. Execute 'logadm -h' Note: command-line directives override /etc/logadm.conf directives Note: logadm preserves 10 backups of log files named logname.0-.9 Note: logadm supports shell wildcards '*', '?'
zfs list - returns ZFS dataset info. zfs mount - returns pools and mount points zpool status - returns virtual devices that constitute pools Note: ZFS requires a minimum of 128MB virtual device to create a pool zpool destroy pool1 - Destroys pool and associated file systems ###Create file systems within pool1### zfs create pool1/home - creates file system named 'home' in pool1 Note: Default action of 'zfs create pool1/home' assigns all storage available to 'pool1', to 'pool1/home' ###Set quota on existing file system###
zfs set quota=10G pool1/home ###Create user-based file system beneath pool1/home### zfs create pool1/home/unixcbt Note: ZFS inherits properties from immediate ancestor zfs get -r compression pool1 - returns compression property for file systems associated with 'pool1' ###Rename File System### zfs rename pool1/home/unixcbt pool1/home/unixcbt2 ###Extending dynamically, pool storage### zpool add pool1 c0t2d0 ###ZFS Redundancy/Replication### 1. Mirroring - RAID-1 2. RAID-5 - RAID-Z Virtual Devices: 1. c0t1d0 - 36GB 2. c0t2d0 - 36GB Note: Redundancy/Replication is associated directly with the pool zpool create poolmirror1 mirror c0t1d0 c0t2d0 ###ZFS Snapshots### Features: 1. Read-only copies of volumes or file systems 2. Use no additional space, initially zfs list -t snapshot - returns available snapshots
3. Manage distinct hostname and tables files 4. Cannot communicate with other non-global zones by default. NIC must be used, which means, use standard network API(TCP) 5. GLOBAL zone admin. can delegate non-global zone administration ###Zone Configuration### Use: zonecfg - to configure zones Note: zonecfg can be run: interactively, non-interactively, command-file modes Requirements for non-global zones: 1. hostname 2. zone root path. i.e. /export/home/zones/testzone1 3. IP address - bound to logical or physical interface Zone Types: 1. Sparse Root Zones - share key files with global zone 2. Whole Root Zones - require more storage Steps for configuring non-global zone: 1. mkdir /export/home/zones/testzone1 && chmod 700 /export/home/zones/testzone1 2. zonecfg -z testzone1 3. create 4. set zonepath=/export/home/zones/testzone1 - sets root of zone 5. add net ; set address=192.168.1.60 6. set physical=e1000g0 7. (optional) set autoboot=true - testzone1 will be started when system boots 8. (optional) add attr ; set name=comment; set type=string; set value="TestZone1" 9. verify zone - verifies zone for errors 10. commit changes - commit 11. Zone Installation - zoneadm -z testzone1 install - places zone, 'testzone1' into 'installed' state. NOT ready for production 12. zoneadm -z testzone1 boot - boots the zone, changing its state ###Zlogin - is used to login to zones### Note: each non-global zone maintains a console. Use 'zlogin -C zonename' after installing zone to complete zone configuration Note: Zlogin permits login to non-global zone via the following: 1. Interactive - i.e. zlogin -l username zonename 2. Non-interactive - zlogin options command 3. Console mode - zlogin -C zonename 4. Safe mode - zlogin -S zoneadm -z testzone1 reboot - reboots the zone zlogin testzone1 shutdown