solaris 如何将某一服务重启和停止

　　1.Disabled Volume Management

　　# cd /etc/rc2.d

　　# mv S92volmgt s92volmgt

　　After this configuration, CD-ROMs will not be automatically mounted. To manually mount a CD-ROM use:

　　# mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /mnt

　　2.Disabled Dtlogin

　　Dtlogin is disabled if the server is not intended to run the Common Desktop Environment (CDE) or GUIs.

　　# cd /etc/rc2.d

　　# mv S99dtlogin s99dtlogin

　　3.Disabled Printing

　　# /usr/lib/lpshut

　　# cd /etc/rc2.d

　　# mv S80lp s80lp

　　4.Disabled RPC

　　RPC is disabled if the server is not intended to run CDE. To determine what is using rcp, use “rpcinfo –p”.

　　# cd /etc/rc2.d

　　# mv /etc/rc2.d/S71rpc /etc/rc2.d/s71rpc

　　5.Disabled the NFS Client

　　# /etc/init.d/nfs.client stop

　　# cd /etc/rc2.d

　　# mv S73nfs.client s73nfs.client

　　6.Disabled the NFS Server

　　# /etc/init.d/nfs.server stop

　　# cd /etc/rc3.d

　　# mv S15nfs.server s15nfs.server

　　7.Disabled UUCP

　　# cd /etc/rc2.d

　　# mv S70uucp s70uucp

　　8.Disabled the LDAP Client

　　# cd /etc/rc2.d

　　# mv S71ldap.client s71ldap.client

　　9.Disabled the Auto Mounter

　　# /etc/init.d/autofs stop

　　# cd /etc/rc2.d

　　# mv S74autofs s74autofs

　　10.Disabled the Network Time Daemon

　　# /etc/init.d/xntpd stop

　　# cd /etc/rc2.d

　　# mv S74xntpd s74xntpd

　　11.Disabled the Logical Link Control Driver

　　# cd /etc/rc2.d

　　# ./S40llc2 stop

　　# mv S40llc2 s40llc2

　　12.Disabled Auto Install

　　# cd /etc/rc2.d

　　# mv S72autoinstall s72autoinstall

　　13.Disabled Cachefs Daemon

　　# cd /etc/rc2.d

　　# mv S73cachefs.daemon s73cachefs.daemon

　　14.Disabled Asynchronous PPP Daemon

　　# cd /etc/rc2.d

　　# mv S47pppd s47pppd

　　15.Disabled cacheos.finish script

　　# cd /etc/rc2.d

　　# mv S93cacheos.finish s93cacheos.finish

　　16.Disabled Preservation of Files Killed by Vi

　　# cd /etc/rc2.d

　　# mv S80PRESERVE s80PRESERVE

　　17.Disabled Power Management

　　# cd /etc/rc2.d

　　# mv S85power s85power

　　18.Disabled Flash Prom Update

　　# cd /etc/rc2.d

　　# mv S75flashprom s75flashprom

　　Before attempting to update the eeprom, temporally enable this script.

　　19.Disabled “Buttons n Dials-Setup”

　　# cd /etc/rc2.d

　　# mv S89bdconfig s89bdconfig

　　20.Disabled Spc

　　# cd /etc/rc2.d

　　# mv S80spc s80spc

　　21.Disabled Sun Management Center

　　# cd /etc/rc2.d

　　# mv S90wbem s90wbem

　　22.Disabled Network Cache and Accelerator

　　# cd /etc/rc2.d

　　# mv S94ncalogd s94ncalogd

　　# mv S95ncad s95ncad

　　Used to increase web server performance

　　23.Disabled Mobile IP Agent

　　# cd /etc/rc3.d

　　# mv S80mipagent s80mipagent

　　24.Disabled SNMP

　　# cd /etc/rc3.d

　　# /usr/bin/pkill -9 -x -u 0 '(snmpdx|snmpv2d|mibiisa)'

　　# mv S76snmpdx s76snmpdx

　　25.Disabled Apache

　　# cd /etc/rc3.d

　　# mv S50apache s50apache

　　26.Disabled DMI

　　# cd /etc/rc3.d

　　# /usr/bin/pkill -9 -x -u 0 '(snmpXdmid|dmispd)'

　　# mv S77dmi s77dmi

　　27.Disabled the Sendmail Daemon

　　The system continues to send mail out. It does not receive mail in to the server. This eliminates a significant security

　　vulnerability.

　　# /etc/init.d/sendmail stop

　　Prevented sendmail from starting at boot:

　　# cd /etc/rc2.d

　　# mv S88sendmail s88sendmail

　　Ensured the sendmail queue is cleaned out:

　　# crontab –e

　　# The Sendmail daemon is not running - This tells it to send mail out

　　05,20,35,50 * * * * /usr/lib/sendmail –q

　　28.Disabled Multicasting

　　Multicasting is typically used for clustering. Ensure that it is not required by an application.

　　# vi /etc/init.d/inetsvc

　　#

　　# Add a static route for multicast packets out our default interface.

　　# The default interface is the interface that corresponds to the node name.

　　#

　　#mcastif=`/sbin/dhcpinfo Yiaddr`

　　#

　　#if [ $? -ne 0 ]; then

　　# mcastif=`uname -n`

　　#fi

　　#

　　#echo "Setting default interface for multicast: \c"

　　#/usr/sbin/route add -interface -netmask "240.0.0.0" "224.0.0.0" "$mcastif"

　　29.Disabled the Serial Port Listeners

　　This configuration can be accomplished unless there is a modem or console terminal attached to the system.

　　# vi /etc/inittab

　　Remove the line with “/usr/lib/saf/sac -t 300”

　　# chown root:sys /etc/inittab

　　# chmod 644 /etc/inittab

　　1.Added Warning Banners

　　These configurations replace the operating system version with a warning banner displayed during the login process.

　　Login:

　　# vi /etc/motd (replaced operating system version with a warning banner)

　　Property of Company

　　WARNING: To protect systems from unauthorized use and to ensure that the

　　system is functioning properly, activities on this system are monitored and

　　recorded and subject to audit. Use of this system is expressed consent to such

　　monitoring and recording. Any unauthorized access or use of this system is

　　prohibited and could be subject to criminal and civil penalties.

　　# cp /etc/motd /etc/issue

　　Telnet:

　　# vi /etc/default/telnetd

　　UMASK=022

　　BANNER=""

　　# chown root:sys /etc/default/telnetd

　　# chmod 444 /etc/default/telnetd

　　FTP:

　　# vi /etc/default/ftpd

　　UMASK=022

　　BANNER=`cat /etc/motd`

　　# chown root:sy

　　s /etc/default/ftpd

　　# chmod 444 /etc/default/ftpd

　　2.Enabled Logging of the su Command

　　This configuration logs both success and failure of su command usage.

　　NOTE: This configuration is required by the root login notification script (below).

　　# vi /etc/default/su

　　SULOG=/var/adm/sulog (uncommented)

　　# cd /var/adm

　　# touch sulog

　　# chgrp sys sulog

　　# chmod 600 sulog

　　3.Enabled AUTH Logging

　　The auth facility controls account access with login, su, etc.

　　# vi /etc/syslog.conf

　　auth.info /var/log/authlog

　　auth.notice /var/log/authlog

　　NOTE: The entries must be separated by tabs.

　　# /etc/init.d/syslog stop

　　# /etc/init.d/syslog start

　　4.Enabled Logging of Unsuccessful Login Attempts

　　The loginlog file records consecutive failed login attempts.

　　# cd /var/adm

　　# touch loginlog

　　# chgrp sys loginlog

　　# chmod 600 loginlog

　　5.Enabled Logging of Successful Logins

　　# cd /var/log

　　# touch logins

　　# chgrp sys logins

　　# chmod 600 logins

　　# vi /etc/syslog.conf

　　# log successful logins

　　local0.info /var/log/logins

　　NOTE: The entries must be separated by tabs.

　　# /etc/init.d/syslog stop

　　# /etc/init.d/syslog start

　　Added the following entry to /etc/profile and /etc/.login:

　　logger -p local0.info "User $LOGNAME has logged in"

　　6.Enabled Logging of CDE Login Attempts

　　# vi /etc/pam.conf

　　Added the word “debug” after the account management entries

　　#

　　# Account management

　　#

　　login account required /usr/lib/security/$ISA/pam_unix.so.1 debug

　　dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 debug

　　# vi /etc/syslog.conf

　　Added “;auth.debug;user.debug” to the line that logs successful logins

　　# log successful logins

　　local0.info;auth.debug;user.debug /var/log/logins

　　NOTE: The entries must be separated by tabs.

　　# /etc/init.d/syslog stop

　　# /etc/init.d/syslog start

　　7.Enabled Performance Logging

　　# su – sys

　　# EDITOR=vi; export EDITOR

　　# crontab –e

　　# The sys crontab should be used to do performance collection. See cron

　　# and performance manual pages for details on startup.

　　#

　　0 * * * 0-6 /usr/lib/sa/sa1

　　20,40 6-22 * * 1-5 /usr/lib/sa/sa1

　　5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A