#### This File is a log of installing Yassp beta#15 ######## #### Sean Boran/22 Nov'00 ### Script started on Wed Nov 22 10:12:36 2000 # gunzip aubtocsin lrwxrwxrwx 1 7644 100 9 Nov 22 10:13 aubtocsin_sparc -> aubtocsin -rw-r--r-- 1 7644 100 136192 Nov 20 06:54 gnugzip_i386 -rw-r--r-- 1 7644 100 147456 Nov 20 06:54 gnugzip_sparc -rw-r--r-- 1 7644 100 903168 Nov 20 06:54 gnurcs_i386 -rw-r--r-- 1 7644 100 1021952 Nov 20 06:54 gnurcs_sparc drwxr--r-- 3 7644 100 512 Nov 20 06:53 html_doc -r-xr-xr-x 1 7644 100 5323 Nov 20 05:25 install.sh -rw-r--r-- 1 7644 100 3180544 Nov 20 06:54 openssh_i386 -rw-r--r-- 1 7644 100 4121600 Nov 20 06:54 openssh_sparc -rw-r--r-- 1 7644 100 26624 Nov 20 06:54 parcdaily lrwxrwxrwx 1 7644 100 9 Nov 22 10:12 parcdaily_i386 -> parcdaily lrwxrwxrwx 1 7644 100 9 Nov 22 10:12 parcdaily_sparc -> parcdaily -rw-r--r-- 1 7644 100 231936 Nov 20 06:54 prftripw_i386 -rw-r--r-- 1 7644 100 293888 Nov 20 06:54 prftripw_sparc -rw-r--r-- 1 7644 100 1290240 Nov 20 06:54 secclean lrwxrwxrwx 1 7644 100 8 Nov 22 10:12 secclean_i386 -> secclean lrwxrwxrwx 1 7644 100 8 Nov 22 10:12 secclean_sparc -> secclean -rw-r--r-- 1 7644 100 271360 Nov 20 06:54 wvtcpd_i386 -rw-r--r-- 1 7644 100 609792 Nov 20 06:54 wvtcpd_sparc # ls -al total 24368 drwxr-xr-x 4 7644 7001 1024 Nov 20 06:54 . drwxr-xr-x 3 root other 1024 Nov 22 10:13 .. drwxr-xr-x 2 7644 7001 512 Nov 20 06:54 RCS -r-------- 1 7644 100 14482 Nov 20 06:54 README -r--r--r-- 1 7644 100 8418 Nov 20 06:52 WhatIsNew -rw-r--r-- 1 7644 7001 66 May 21 2000 admin -rw-r--r-- 1 7644 100 61952 Nov 20 01:20 aubtocsin lrwxrwxrwx 1 7644 100 9 Nov 22 10:13 aubtocsin_i386 -> aubtocsin lrwxrwxrwx 1 7644 100 9 Nov 22 10:13 aubtocsin_sparc -> aubtocsin -rw-r--r-- 1 7644 100 136192 Nov 20 06:54 gnugzip_i386 -rw-r--r-- 1 7644 100 147456 Nov 20 06:54 gnugzip_sparc -rw-r--r-- 1 7644 100 903168 Nov 20 06:54 gnurcs_i386 -rw-r--r-- 1 7644 100 1021952 Nov 20 06:54 gnurcs_sparc drwxr--r-- 3 7644 100 512 Nov 20 06:53 html_doc -r-xr-xr-x 1 7644 100 5323 Nov 20 05:25 install.sh -rw-r--r-- 1 7644 100 3180544 Nov 20 06:54 openssh_i386 -rw-r--r-- 1 7644 100 4121600 Nov 20 06:54 openssh_sparc -rw-r--r-- 1 7644 100 26624 Nov 20 06:54 parcdaily lrwxrwxrwx 1 7644 100 9 Nov 22 10:12 parcdaily_i386 -> parcdaily lrwxrwxrwx 1 7644 100 9 Nov 22 10:12 parcdaily_sparc -> parcdaily -rw-r--r-- 1 7644 100 231936 Nov 20 06:54 prftripw_i386 -rw-r--r-- 1 7644 100 293888 Nov 20 06:54 prftripw_sparc -rw-r--r-- 1 7644 100 1290240 Nov 20 06:54 secclean lrwxrwxrwx 1 7644 100 8 Nov 22 10:12 secclean_i386 -> secclean lrwxrwxrwx 1 7644 100 8 Nov 22 10:12 secclean_sparc -> secclean -rw-r--r-- 1 7644 100 271360 Nov 20 06:54 wvtcpd_i386 -rw-r--r-- 1 7644 100 609792 Nov 20 06:54 wvtcpd_sparc # # # ./install.sh YASSP v0 Beta#15 Are you ready to install YASSP? It will modify lot of system resources... and will prevent some non-essential services from running on your system. Do you really want to install YASSP? [y|n] (n) y Note: you can always overwrite YASSP package choices by setting up the environment variable PKGLIST before running YASSP to the list of packages you want to install. If PKGLIST is defined, yassp's install won't ask you to choose which package you want to install. By default, YASSP will install the following packages: SECclean : The core package, securing your Solaris installation. GNUrcs : RCS 5.7 and diff 2.7 [GNU] GNUgzip : gzip 1.2.4a [GNU] PARCdaily : Some daily script, loggs rotation, backup and RCS for systems files... Need GNUgzip and GNUrcs WVtcpd : tcp_wrappers 7.6 + rpcbind 2.1 [Wietse Venema] PRFtripw : Tripwire 1.2 [Purdue Research Foundation of Purdue University] OPENssh : OpenSSH 2.3.0p1 [OpenSSH.com] Type the package list you want to install or hit return to accept the default: SECclean GNUrcs GNUgzip PARCdaily WVtcpd PRFtripw OPENssh YASSP will install: SECclean GNUrcs GNUgzip PARCdaily WVtcpd PRFtripw OPENssh Installing the various package: ========== SECclean ========== Using /opt/local as the root dir. Linking /usr/local to it. Backing up all files under /yassp.bk/Before_2000.11.22-10.17.33: /etc/auto_home /etc/auto_master /etc/dfs/dfstab /var/spool/cron/crontabs/adm /var/spool/cron/crontabs/lp /etc/profile /etc/default/login /etc/default/su /etc/default/inetinit /etc/motd /etc/default/passwd /etc/default/sys-suspend /etc/skel/local.cshrc /etc/skel/local.profile /usr/dt/config/Xaccess /etc/ftpusers /etc/syslog.conf /etc/.login /var/spool/cron/crontabs/root /etc/passwd /etc/shadow /etc/init.d/inetsvc /etc/init.d/inetinit /etc/init.d/network /etc/init.d/xntpd /etc/init.d/nfs.client /etc/init.d/autofs /etc/init.d/nscd /etc/init.d/nfs.server /etc/init.d/volmgt /etc/init.d/sendmail /etc/init.d/dtlogin /etc/init.d/cacheos /etc/init.d/cachefs.root /etc/init.d/cachefs.daemon /etc/init.d/spc /etc/init.d/autoinstall /etc/init.d/lp /etc/init.d/PRESERVE /etc/init.d/cacheos.finish /etc/init.d/sysid.sys /etc/init.d/sysid.net /etc/init.d/power /etc/init.d/init.dmi /etc/init.d/init.snmpdx /etc/init.d/utmpd /etc/init.d/devfsadm /etc/init.d/devlinks /etc/init.d/dhcpagent /etc/init.d/ldap.client /etc/init.d/llc2 /etc/init.d/slpd /etc/init.d/webstart /etc/init.d/init.wbem /etc/init.d/rpc /etc/init.d/syslog /etc/inet/inetd.conf /etc/inet/services /etc/system /etc/rmmount.conf /etc/inittab /etc/pam.conf Modifying /etc/inet/inetd.conf Modifying /etc/inet/services Modifying /etc/inittab Modifying /etc/pam.conf Modifying /etc/rmmount.conf Modifying /etc/system The postinstall script is silently running. It may take a while on slow machine. Just be patient Disabling Startup files: inetsvc inetinit network Modifying Startup files to use /etc/yassp.conf: xntpd nfs.client autofs nscd nfs.server volmgt sendmail dtlogin cacheos cachefs.root asppp uucp cachefs.daemon spc autoinstall lp PRESERVE cacheos.finish sysid.sys sysid.net snmpdx dmi power init.dmi init.snmpdx utmpd devfsadm devlinks apache dhcp dhcpagent ldap.client llc2 ncakmod ncalogd slpd webstart init.wbem rpc Creating your default /etc/yassp.conf Saving files: /etc/auto_home /etc/auto_master /etc/dfs/dfstab /var/spool/cron/crontabs/adm /var/spool/cron/crontabs/lp /var/spool/cron/crontabs/uucp /etc/profile /etc/default/login /etc/default/su /etc/default/inetinit /etc/motd /etc/default/passwd /etc/default/sys-suspend /etc/skel/local.cshrc /etc/skel/local.profile /usr/dt/config/Xaccess /etc/dt/config/Xaccess /etc/ftpusers /etc/syslog.conf /etc/.login /etc/cron.d/at.allow /etc/cron.d/cron.allow /etc/hosts.equiv /.rhosts /etc/issue /etc/ftp-banner /etc/default/ftpd /etc/default/telnetd /var/spool/cron/crontabs/root /etc/init.d/inetsvc /etc/init.d/inetinit /etc/init.d/network Enabling syslogd to run without listening to the network by default Closing the package we touched: SUNWftpr SUNWdtdte SUNWpmowr SUNWwbcor SUNWslpr SUNWllcr SUNWsacom SUNWpmr SUNWpsr SUNWadmr SUNWpcr SUNWdtlog SUNWsndmr SUNWvolr SUNWatfsr SUNWntpr SUNWcsr SUNWcsr Choosing architecture dependent binaries: /usr/sbin/noshell_sparc -> /usr/sbin/noshell /opt/local/bin/md5_sparc -> /opt/local/bin/md5 Updating SECclean package DB: /etc/profile /etc/default/login /etc/default/su /etc/default/inetinit /etc/motd /etc/default/passwd /etc/default/sys-suspend /etc/skel/local.cshrc /etc/skel/local.profile /usr/dt/config/Xaccess /etc/dt/config/Xaccess /etc/ftpusers /etc/syslog.conf /etc/.login /etc/cron.d/at.allow /etc/cron.d/cron.allow /etc/hosts.equiv /.rhosts /etc/issue /etc/ftp-banner /etc/default/ftpd /etc/default/telnetd /var/spool/cron/crontabs/root /etc/shells /etc/init.d/inetsvc_5.6 /etc/init.d/inetsvc_5.7 /etc/init.d/inetsvc_5.8 /etc/init.d/inetinit_5.6 /etc/init.d/inetinit_5.7 /etc/init.d/inetinit_5.8 /etc/init.d/network_5.8 /usr/sbin/noshell_sparc /usr/sbin/noshell_i386 /opt/local/bin/md5_sparc /opt/local/bin/md5_i386 Closing SECclean DB Replacing: /etc/profile /etc/default/login /etc/default/su /etc/default/inetinit /etc/motd /etc/default/passwd /etc/default/sys-suspend /etc/skel/local.cshrc /etc/skel/local.profile /usr/dt/config/Xaccess /etc/dt/config/Xaccess /etc/ftpusers /etc/syslog.conf /etc/.login /etc/cron.d/at.allow /etc/cron.d/cron.allow /etc/hosts.equiv /.rhosts /etc/issue /etc/ftp-banner /etc/default/ftpd /etc/default/telnetd /var/spool/cron/crontabs/root Choosing the right startup files: /etc/init.d/inetsvc /etc/init.d/inetinit /etc/init.d/network for your OS: Solaris 5.8 Replacing Special startup files: /etc/init.d/inetsvc /etc/init.d/inetinit /etc/init.d/network and creating the symlink Registrating binaries : /usr/sbin/noshell /opt/local/bin/md5 for your architecture: sparc Closing again SECclean DB tuning /etc/system to comment out priority_paging Cleaning the passwd file... Disabling UID 0 account(s): Disabling system account(s): daemon bin sys adm lp uucp nuucp listen nobody noaccess nobody4 Deleting account(s): root identity will be changed to "Root at unsecxy" password and shadow files saved under /etc/passwd.Old and /etc/shadow.Old Doing the OS Clean-up Running fix-modes 2.6 2000/01/13 14:13:35 casper fix-modes done, log file under: /var/sadm/clean-up/clean_up.log clean-up the contents database cleanup done, log file under: /var/sadm/clean-up/clean_up.log Running /usr/lib/makewhatis /opt/local/man ====================================================== SECclean installation has finished. Changes to the file-system and package database are documented in: /var/sadm/clean-up/clean_up.log All changed or replaced files are archived in /yassp.bk If crontabs for the users: lp adm uucp root exists, they have been deleted. Please, re-enable manually the entries needed Backup for the crontab files are under: /yassp.bk/var/spool/cron/crontabs/ To finish hardening, this host must be rebooted. However, you should first check that /etc/yassp.conf is configured to your requirements. See also yassp(1) and yassp.conf(4). ====================================================== Installation of was successful. ========== GNUrcs ========== Installation of was successful. ========== GNUgzip ========== Installation of was successful. ========== PARCdaily ========== Modifying /usr/lib/newsyslog Installation of was successful. ========== WVtcpd ========== Modifying /etc/inet/inetd.conf Creating /etc/hosts.deny from the distribution file *** Please configure it! Creating /etc/hosts.allow from the distribution file *** Please configure it! Installation of was successful. ========== PRFtripw ========== Creating /secure/tripwire/tw.config from the distribution one: /secure/tripwire/tw.config.Dist *** Please configure it! you may use tripwire now. Type: "cd /secure/tripwire/; ./tripwire -i 2 -initialise -c tw.config" to create a new database, Use "cd /secure/tripwire/; ./tripwire -q -i 2 -c tw.config" to check, ***** SAVE YOUR DATABASE IN A SECURE PLACE ***** Installation of was successful. ========== OPENssh ========== Creating /etc/ssh_config from the distribution file *** Please configure it! Creating /etc/sshd_config from the distribution file *** Please configure it! ssh has been installed. run '/etc/init.d/sshd stop;/etc/init.d/sshd start' to use the new binaries/configuration Installation of was successful. Rebuilding the whatis database YASSP is installed. Most of these changes will take action at the next reboot. **** YOUR WORK IS NOT DONE YET **** *) Edit and configure /etc/yassp.conf *) Edit and configure /etc/hosts.deny /etc/hosts.allow *) Read http://www.yassp.org/after.html and the papers linked under http://www.yassp.org/ref.html *) make any additional changes/software installation *) CREATE YOUR tripwire DATABASE AND SAVE IT!!! Type: vi /etc/yassp.conf /etc/hosts.deny /etc/hosts.allow ; cd /secure/tripwire; ./tripwire -i 2 -initialise -c tw.config; cp /secure/tripwire/databases/tw.db_unsecxy TO_A_SECURE_PLACE ***YOUR feedback*** is important: please send comments or flame to: sansro@sans.org, chouanard@parc.xerox.com with "YASSP" in the subject # vi /etc/hosts.allow # pkgadd -d aubtocsin The following packages are available: 1 AUBtocsin Auburn Univ. Engineering tocsin network scan detector (sparc,i386) 2.1 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 1  Processing package instance from Auburn Univ. Engineering tocsin network scan detector (sparc,i386) 2.1 (c) Copyright 1995, 2000 Doug Hughes All rights reserved. Redistribution and use in source and binary forms are permitted provided that this paragraph is duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Doug Hughes at Auburn University. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. All contributed software is covered by this copyright and any persons contributing enhancements, modifications, patches, or other software are allowing their works to be covered. Credit is given in the source file where applicable. tocsin installation base directory: [/opt/local] [?] Using as the package base directory. ## Processing package information. ## Processing system information. ## Verifying package dependencies. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. This package contains scripts which will be executed with super-user permission during the process of installing this package. Do you want to continue with the installation of [y,n,?] y Installing Auburn Univ. Engineering tocsin network scan detector as ## Installing part 1 of 1. /etc/init.d/tocsin.Origin /etc/rc2.d/S70tocsin /etc/rcS.d/K10tocsin /opt/local/man/man1m/tocsin.1m /opt/local/man/man1m /opt/local/sbin/tocsin /opt/local/sbin/tocsin.i386 /opt/local/sbin/tocsin.sparc [ verifying class ] ## Executing postinstall script. /opt/local/sbin/tocsin.sparc /opt/local/sbin/tocsin.i386 Installation of was successful. # vi /etc/yassp.conf # crontab -e #58 23 * * * /opt/local/sbin/daily #PARCdaily # exit script done on Wed Nov 22 11:00:51 2000