Notes and Stuff
Check if there are any updates available:
pkg list -u-u will show only the packages for which updates are available.
Check the latest package version in the repository:
pkg info -r system/zones(Optional) Perform a dry run:
pkg update -nvUpdate:
pkg updateIf it’s the first time using the Support Repository, you need to configure the solaris publisher with the new certificate and key found on the certificate page:
pkg set-publisher -g https://pkg.oracle.com/solaris/support/ -c pkg.oracle.com.certificate.pem -k pkg.oracle.com.key.pem solaris
To verify that the configuration has succeeded:
$ pkg publisher solaris
Publisher: solaris
Alias:
Origin URI: https://pkg.oracle.com/solaris/support/
Origin Status: Online
SSL Key: /var/pkg/ssl/key
SSL Cert: /var/pkg/ssl/cert
Cert. Effective Date: March 19, 2020 at 9:11:27 PM
Cert. Expiration Date: March 27, 2022 at 9:11:27 PM
Client UUID: uuid
Catalog Updated: March 11, 2020 at 5:41:19 PM
Enabled: YesTo update expired certificate and key, simply run the command above omitting the -g switch, as the repository is already configured on the system.
By default, Solaris uses its native syslog as the default log manager:
svcs system-log STATE STIME FMRI disabled 12:07:34 svc:/system/system-log:rsyslog online 12:08:10 svc:/system/system-log:default
If you want to use rsyslog, check if the package is installed (on my machine it’s already there):
pkg info system/rsyslog
To install it:
pkg install system/rsyslog
Now, to use rsyslog, first you have to disable the native syslog:
svcadm disable system/system-log:default
Then enable and refresh the service:
svcadm enable system/system-log:rsyslog svcadm refresh system/system-log:rsyslog
To check the status:
svcs -p rsyslog
STATE STIME FMRI
online 12:10:04 svc:/system/system-log:rsyslog
12:10:04 1199 rsyslogd
Once you’ve installed an OpenSSH server, you also have an SFTP server. In Solaris, you should check if the subsystem is configured properly or not.
Configuration is stored in /etc/ssh/sshd_config file:
# sftp subsystem
Subsystem sftp internal-sftp
PubkeyAuthentication yesRestart the service:
svcadm refresh svc:/network/ssh:defaultBy default, Solaris 11 does not logs any failed login attempt, from any source.
If you want to capture these messages, first of all you need to edit /etc/default/login uncommenting:
#SYSLOG_FAILED_LOGINS=5
and set, if you want, an acceptable threshold (default is 5).
To log only failed logins from terminal windows:
# touch /var/adm/loginlog # chmod 600 /var/adm/loginlog # chgrp sys /var/adm/loginlog
For the changes to be effective, you need to restart the syslog service:
# svcadm restart system/system-log
To log every failed login:
# touch /var/adm/authlog # chmod 600 /var/adm/authlog # chgrp sys /var/adm/authlog
Edit /etc/syslog.conf:
auth.notice /var/adm/authlog
and refresh the service:
# svcadm refresh system/system-log
I’ve recently installed Solaris 11.4 on a VM and, as soon as I tried to log in remotely using SSH, my connection was refused straight away. First of all, I checked if the service was enabled:
$ svcs ssh STATE STIME FMRI online 13:23:15 svc:/network/ssh:default
I checked SSH directory under /etc and something was definitely not quite right with the auto-generated keys:
-rw------- 1 root root 0 Jan 4 13:23 ssh_host_ed25519_key -rw-r--r-- 1 root root 0 Jan 4 13:23 ssh_host_ed25519_key.pub -rw------- 1 root root 0 Jan 4 13:23 ssh_host_rsa_key -rw-r--r-- 1 root root 0 Jan 4 13:23 ssh_host_rsa_key.pub
The keys were there… but truncated to zero.
Something, somewhere went wrong during the key generation (usually when OpenSSH is run for the first time) so I deleted the keys and restarted the service:
# svcadm restart ssh
The keys were re-generated and I was able to log in.