Solaris 10, the most advanced UNIX has recently announced its third update. The following is a summary of features, functions and benefits of the new build.
I. Security
- Solaris Trusted Extensions - Customers with government mandated security requirements can now enforce strict access controls based upon data sensitivity in addition to it’s ownership. The Mandatory Access Control policy is the heart of the trusted extensions, which meet the CAPP, RBAC and LSPP at EAL4+.
- Secured by Default Networking - Less experienced customers running Solaris with the Secure Networking by Default profile feature will immediately reduce their risk of exposure on the Internet or LAN.
- Configuration Solaris Container Privileges - Security and system administrators may now configure Solaris containers to allow certain security windows of capability.
NexentaOS is a complete GNU-based open source operating system built on top of the OpenSolaris kernel and runtime. So what’s the big deal?
It’s a “best of both worlds” kind of operating system gluing SunOS kernel with GNU software. SunOS kernel is the most sophisticated UNIX kernel, period. Even Google Inc. is experimenting with the open-source version of Sun Microsystems Inc.’s Solaris operating system as a possible long-term prelude to replacing its massive global network of Linux servers, according to sources. GNU software is what make Linux so popular among different class of users.
Nexenta’s Alpha 5 release is available as an installable ISO or LiveCD that is released on 15 June. NexentaOS currently requires 32- or 64-bit x86/x64 platform with at least 256MB RAM, and a CD-ROM drive. You can try out the OS using the Getting Started Guide (pdf) to install. LiveCD needs 512MB RAM for root partition’s ramdisk and kernel loaded together.
Solaris Service Management Facility (SMF) is a core part of the Predictive Self-Healing technology available in Solaris 10, which provides automatic recovery from software and hardware failures as well as administrative errors. To get a quick start of SMF, follow this link.
Tip 1: Alert you about SMF activities
While the facility eases the support of a large set of services in a unified model on each Solaris system, there is no transparency of the actual process. When a SMF service fails for some reason and automatically restarts, you don’t really know about it unless you keep a close eye on your services logs. This is when a utility written in Perl like SMF Monitor Alert is useful. It runs as a daemon and monitors the SMF service specified in and mail to recipient if something happens. You have a choice of using Mail::Sender Perl module or sendmail. To start the daemon, you need to type something like
#./smfalert.pl -m -p -i "apache:default print/server:default" -r itechnot@itechnote.com
Ever been asked a question similar to “I wanna to find out who is logged in last night at 8:34″?
The last command for Solaris tells who was or still is on the system. You may want to use with ‘| more‘ to be able to page through the log. It offers great feature for tracking who was on your system last, how long they stayed logged in and from which terminal or machine (IP) they came from. It will save your day by tracking those would-be party-crashers.
If you want an enhanced version of last, you may want to try out Matty’s lastx. lastx is an extension of the last utility shipped with Solaris. It prints all 32-characters of the users utmpx entry, and provides facilities to display last data over a period of days. It also allows the user to print unique logins, and the total number of attempted logins. However, you need to compile the program yourself as it comes with source only.
Mr. Cantrill came up with the general idea for DTrace in 1996, while he was a computer-science student at Brown University, but didn’t get to start work on it until late 2001. It took nearly three years for him and his team — Michael Shapiro, a Sun distinguished engineer, and Adam Leventhal, a staff engineer — to make it work; a final version shipped early last year as part of Sun’s Solaris 10 operating system.
Where most debugging takes place as software is being developed, DTrace analyzes problems with systems that are in production — running a company’s database, say, or executing stock trades. It does this with a process called “dynamic tracing,” which enables a developer or systems administrator to run diagnostic tests on a system without causing it to crash. Before DTrace, such tests often took days or weeks to reproduce the problem and identify the cause. With DTrace, performance problems can be tracked to their underlying causes in hours, even minutes.
It is time to get serious about DTrace folks. Sun has provided quite a number of guides to get you started. You can find the official resources at BigAdmin DTrace and also enough examples to get you excited at Brendan Gregg’s Homepage.
via WSJ
Enabling TCP Wrappers to block inter-zone traffic
1 Comment Published September 25th, 2006 in Solaris.TCP Wrappers has been around for many, many years. It is used to restrict access to TCP services based on host name, IP address, network address, and so on. For more details on what TCP Wrappers is and how you can use it, see tcpd(1M). TCP Wrappers was integrated into the Solaris Operating System starting in the Solaris 9 release, where both Solaris Secure Shell and inetd-based (streams, nowait) services were wrapped. Bonus points are awarded to anyone who knows why UDP services are not wrapped by default.
If you have a Solaris 10 box configured with multiple zones, then each zone on the box is by default able to communicate with any other zone on the box, provided that it has a route. There’s two ways of mediating inter-zone traffic on the same box which do work. The first of these involves a little twist on routing, and the second involves tcp_wrappers.
Continue reading ‘Enabling TCP Wrappers to block inter-zone traffic’
Roch Bourbonnais at Kernel Performance Engineering, Sun Microsystems reckons ZFS is not quite ready for the prime time. The result shows an increasing better performance on each ZFS build and is not far from a super tuned UFS.
To achieve acceptable performance levels:
The latest ZFS code base. ZFS improves fast these days. We will need to keep tracking releases for a little while. The current OpenSolaris release as well as the upcoming Solaris 10 Update 3 (this fall), should perform for these tests, as well as the Build 44 results shown here.
UFS/DIO : 100 %
UFS : xx no directio (to be updated)
ZFS Best : 75% best tuned config with latest bits.
ZFS S10U2 : 50% best tuned config.
ZFS S10U2 : 25% simple tuning.
UFS (with DIO) has been heavily tuned over the years to provide very good support for DBMS. We are just beginning to explore the tweaks and tunings necessary to achieve comparable performance from ZFS in this specialized domain. We knew that running a DBMS would be a challenge since, a database tickles filesystems in ways that are quite different from other types of loads.