หน้าเว็บ

วันพฤหัสบดีที่ 3 มีนาคม พ.ศ. 2554

Multi-Booting the Solaris 10 OS, Linux, and Microsoft Windows on the Laptop

Multi-Booting the Solaris 10 OS, Linux, and Microsoft Windows on a Laptop

Introduction
As an intern working for Sun Microsystems, one of my first projects was to configure my laptop to multi-boot the Solaris Operating System, Linux, and Microsoft Windows. It sounded very exciting but daunting. However, as I went along, it proved to be a fairly easy exercise.
For more information on this topic, please see the Sun BluePrints OnLine document in PDF, Configuring Multiboot Environments on Sun x64 Systems with AMD Opteron Processors.
From my experience, these are the steps it takes to configure a system for multi-boot:
  1. Ensure the system meets the minimum hardware and disk space requirements.
  2. Obtain the media (CD/DVD) for the partitioning software and the operating systems.
  3. Back up the system.
  4. Decide how to partition the disk.
  5. Install Microsoft Windows.
  6. Install partitioning software, and partition the disk.
  7. Install Linux.
  8. Install the Solaris 10 OS for x86 platforms.
  9. Set up access to all three operating systems.

1. Ensure System Meets Minimum Hardware and Disk Space Requirements
Make sure your BIOS is set up to boot from a CD/DVD (see the "Practical How-to" at http://multiboot.solaris-x86.org/iv/1.html). Then check your system, especially your disk space and processor type, to ensure it meets the minimum requirements for all three operating systems.
Fedora requires a minimum processor speed of 200MHz, 92MB RAM for graphical installation, and a 6.9GB hard drive to install everything. Windows XP requires a minimum processor speed of 233MHz, 64MB RAM, and a 1.8GB hard drive during installation. The Solaris 10 OS requires a minimum processor speed of 120MHz, 256MB RAM, and a 2GB hard drive. For the Solaris OS on x86 platforms, check the Hardware Compatibility List (HCL) to see if your system is listed. If your system is not listed, as in the case of my Sony VAIO laptop, you might still be able to install the Solaris OS.
My laptop has 1GB memory, a 76GB hard drive, and an Intel Pentium M processor; its processor speed is 2.00GHz, so the system meets all the basic requirements for the three operating systems.

2. Obtain Media (CD/DVD) for Partitioning Software and Operating Systems
I used PowerQuest's PartitionMagic but you can download and use other free software packages such as SystemRescueCd and Ranish Partition Manager.
Here's how I got copies of the operating systems:
  • Windows XP is provided on my VAIO recovery disk.
  • I obtained Fedora Core 3 for free from the Fedora Project.
  • I found the Solaris 10 OS and the Solaris Companion CD available at no charge from Sun Microsystems.

3. Back Up Your System
As with any new install, my first step was to back up my current files. Installing operating systems, especially one involving different partitions of a single hard drive, is a volatile process. It is essential that you back up all your files; you can reinstall them after you partition the hard drive.

4. Decide How to Partition Your Disk
The next step was planning my partition. You should plan your partition based on how you are going to use each of the operating systems. Here is how I partitioned my hard drive.
====================================================================================
Partition Information for Disk 1:    76,316.6 Megabytes
Volume         PartType    Status    Size MB    PartSect  #   StartSect  TotalSects
====================================================================================
C:             NTFS        Pri      20,481.3           0  0          63  41,945,652
               Linux ext2  Pri      20,481.3           0  1  41,945,715  41,945,715
               Type BF     Pri,Boot 33,295.5           0  2  83,893,824  68,189,184
               ExtendedX   Pri       2,055.2           0  3 152,087,355   4,209,030
               EPBR        Log       2,055.2        None -- 152,087,355   4,209,030
*:SWAPSPACE2   Linux Swap  Log       2,055.2 152,087,355  0 152,087,418   4,208,967
I allocated more space to the Solaris OS because I planned to do most of my development on that OS. I allocated 20GB each to Linux and Windows to be able to do development and testing on those platforms.

5. Install Windows
I reinstalled Windows XP and the application programs from the recovery disks. Installing from the recovery disk is an interactive and easy process. I installed Windows XP first because PartitionMagic needs to be installed on Windows. I then booted Windows and made sure it was operational.

6. Install Partitioning Software and Partition Hard Drive
I installed PartitionMagic on Windows and started up PartitionMagic. Using the options in PartitionMagic's menu, I resized Windows to 20GB. I created a Linux partition of type ext2 and allocated 20GB to it. Finally, I created a Solaris partition, allocated 33GB, and formatted the partition as FAT 32. Although the Solaris OS uses a different file system, I formatted the Solaris OS as FAT32 because PartitionMagic does not recognize the Solaris file system and I wanted to avoid getting an unformatted partition message. I formatted the remaining space, which was now in the extended partition as Linux swap space; it was exactly 2GB.
The bottom left panel showed a list of all the pending actions that I had requested. I was able to go through the bottom panel and edit any mistakes I had made. After I confirmed that the list was correct, PartitionMagic restarted my computer, performed the requested actions, and gave me a detailed live progress report. When the process was complete, PartitionMagic restarted my computer again and loaded Windows. I checked that the partitions were the right size and type as requested. Next, I checked that the Windows applications were still operational, then I reinstalled my backed up files from my USB mass storage.

7. Install Linux
Installing Fedora seems relatively easy. The menu is very informative and it is easy to identify the information requested at the prompt. I indicated I wanted to manually partition my hard drive with Diskdruid instead of letting it use a default configuration. Fedora recognized my ext2 and Windows partition but called the Windows partition "other", so I had to change the name to "Windows". I indicated the ext2 partition as the installation location for Fedora, and indicated I wanted to be able to boot Windows from Fedora's GRUB menu.
It is important to change the location where the GRUB loader is to be installed from the Master Boot Record (MBR) (/dev/hda) to the beginning of the Linux partition, in this case /dev/hda2. With the Solaris 10 OS, if you do not change where GRUB is installed, the Solaris 10 OS will overwrite the MBR during installation and you will not be able to boot your Linux operating system. You need to know how you are going to be using this operating system because there are different software packages for different users. I intend to use Fedora as a development environment but never as a server, so I chose the software development package.
After the installation, I restarted my system and made sure I could boot Windows and Fedora from Fedora's GRUB menu.
If you are going to install the Solaris 10 1/06 OS, navigate to /boot/grub/menu.lst. Make a note of the paths to the Linux partition, Linux kernel, and Linux RAM disk. You will need this information later.
The menu list should be something like this:
root (hd0,1)
 kernel /boot/vmlinuz-2.6.9-1.667 ro root=LABEL=/ rhgb quiet
 initrd /boot/initrd-2.6.9-1.667.img
Note that if you are installing Linux device drivers, there are numerous Linux support web sites where you can get help.

8. Install the Solaris 10 OS for x86 Platforms
You need to supply the following information for installation. The default values are always None or No:
  • Network Connection (Yes/No): If you choose Yes, you need to connect your Ethernet cable so it can be configured. Choosing No still lets you connect to the Internet after installation but you have to do the configuration yourself.
  • DHCP (Yes/No): If you choose No, you need to supply IP, subnet address, and host name. Either way, you need to specify if you want IP Version 6 (IPv6), which is a secure protocol.
  • Kerberos (Yes/No): This is a security feature in the Solaris OS. If you choose Yes, you need to provide a default realm, administration server, and the first Key Distribution Center (KDC).
  • Name Service (Yes/No): If you choose Yes, you need to supply a domain name and choose a type (NIS+/NIS/DNS/LDAP/NONE). If you choose any option other than None, you will be prompted for more information specific to that configuration.
  • Default Route: You can choose to specify one or allow the Solaris installation program to find one.
  • Time Zone: Indicate how you want to specify your default time zone (by geographic region/offset from GMT/from Time Zone file).
  • Root Password: Provide a root password for the system and save this information. You'll need it to log in to the system.
  • Default or Custom Install: The default layout will install the Solaris OS in default locations with default directory sizes. Custom Install will let you modify the disk space allocated to different directories.
  • Locales: Choose the geographic regions you want to support.
  • Proxy Server Configuration: If you do not connect directly to the Internet but connect via a proxy server, you will need to provide a host name and port number.
  • Software Group: Choose from Entire Plus OEM/Entire/Developer/End User/Core/Reduced Networking. Entire is the default. The Solaris Companion CD supplies some of the software. The CD can be downloaded for free from Sun Microsystems.
  • Custom Package Selection: You can choose to add or remove software packages from the Software Group you selected.
  • Select Disks: Choose your hard drive (it will be numbered something like c0t0d0). The Solaris OS alerts you about the Linux fdisk partition and informs you that it doesn't support a Linux and Solaris fdisk partition on the same disk. You are then asked if you want to load the default layout. I chose no, because this maintains the order selected after partitioning. Do not choose Yes, because choosing Yes assumes that the entire hard drive is to be used for the Solaris OS and will erase any existing operating systems.
  • fdisk Partitioning: You are asked if you want to create, modify, or delete a Solaris fdisk partition. If you choose Yes, you will be asked to select the disk for customization. Choose the partition that you have allocated to the Solaris OS. You are then asked if you want to customize the chosen fdisk partition. I chose the Solaris partition as the one to be formatted for installation and formatted it to a Solaris file system for x86 platforms.
  • Preserve Data (Yes/No): This refers to data on the Solaris partition. I chose No since it was a fresh installation.
  • Auto Layout File Systems (Yes/No): If you choose No, you will have to specify the layout you want. The Allocating Disk and Swap Space section of the Solaris 10 Installation Guide offers guidelines on how to customize the layout of the Solaris file system. Again, you need to have a fairly good idea of how you are going to be using your system. The default was good enough for me.
  • Mount Remote File Systems (Yes/No): Choose No if the system does not need to access software on another file system. If you choose Yes, you will need to provide the server, IP address, remote file system, and local mount point.
Review your selection on the summary page and make any necessary changes. Then click Install. If you are installing via a CD, the first installation CD performs the following actions:
  • Installs the OS.
  • Reboots the system.
  • Logs into the Common Desktop Environment.
  • Prompts you to load discs 2, 3 and 4, respectively.

9. Set Up Access to All Three Operating Systems
If you install the Solaris 10 3/05 release, your system is set to boot all three operating systems. If you are using the Solaris 10 1/06 OS, you will be able to access the Solaris OS and Windows only at this point. (Note: At the time of this writing, Solaris 10 1/06 software is available from the OpenSolaris Project or the Solaris Express program).
To set up access to your Linux OS from Solaris GRUB, do the following:
  • Boot the Solaris OS.
  • Navigate to /boot/grub/menu.lst.
  • Add the three lines you copied from Linux menu.lst in Section 7 above.
That's it! The next time you restart your system, you'll have the option to boot all three operating systems.

Quote: http://www.sun.com/bigadmin/features/articles/multiboot_laptop.jsp
Cradit: Ifeyinwa

วันพุธที่ 2 มีนาคม พ.ศ. 2554

Threat Modeling and Risk Management

 
Since this book is about building secure Linux Internet servers from the ground up, you're probably expecting system-hardening procedures, guidelines for configuring applications securely, and other very specific and low-level information. And indeed, subsequent chapters contain a great deal of this.
But what, really, are we hardening against? The answer to that question is different from system to system and network to network, and in all cases, it changes over time. It's also more complicated than most people realize. In short, threat analysis is a moving target.
Far from a reason to avoid the question altogether, this means that threat modeling is an absolutely essential first step (a recurring step, actually) in securing a system or a network. Most people acknowledge that a sufficiently skilled and determined attacker[1] can compromise almost any system, even if you've carefully considered and planned against likely attack vectors. It therefore follows that if you don't plan for even the most plausible and likely threats to a given system's security, that system will be particularly vulnerable.
[1] As an abstraction, the "sufficiently determined attacker" (someone theoretically able to compromise any system on any network, outrun bullets, etc.) has a special place in the imaginations and nightmares of security professionals. On the one hand, in practice such people are rare: just like "physical world" criminals, many if not most people who risk the legal and social consequences of committing electronic crimes are fairly predictable. The most likely attackers therefore tend to be relatively easy to keep out. On the other hand, if you are targeted by a skilled and highly motivated attacker, especially one with "insider" knowledge or access, your only hope is to have prepared for the worst, and not just the most likely threats.
This chapter offers some simple methods for threat modeling and risk management, with real-life examples of many common threats and their consequences. The techniques covered should give enough detail about evaluating security risks to lend context, focus, and the proper air of urgency to the tools and techniques the rest of the book covers. At the very least, I hope it will help you to think about network security threats in a logical and organized way.

From: Linux Server Security