A Long Night With Solaris 10
13 Oct 2005 02:11 AM / Filed in: I.T.
The time has come for me to get serious about testing and getting acquainted with the new release of Sun's operating system: Solaris 10. As a security consultant who he is also fond of Unix-like and Linux systems, I need to use this operating system for two main reasons:
1. See how different it is from Solaris 8, the latest release of Solaris I've been using from both a security perspective and an administration one. I am curious to see how nice or bad the new features of Solaris 10 are (DTrace, zones, and SMF mainly).
2. Try to harden it reasonably.
To install Solaris 10, I either need a sparc64 or an amd64 supported box. Budget being what it is, I don't have the financial resources to buy a brand new machine just for the sake of playing with an operating system. I don't have any personal need to put it in production. My current FreeBSD, OpenBSD and Mac OS X systems already fit the bill very nicely. I just want to update my skill set and see how secure I can make Solaris be. Wait a minute! What's collecting dust under one of the desks? Oh! that's the venerable rope (as in "rope to hang yourself with, anytime, anywhere!").
rope is an Ultra 10 equipped with an UltraSPARC II-i 440Mhz, 512MB of RAM, 2 IDE harddrives (30Go and 80Go) and a PCI SCSI adapter. It served me well during many months as a DNS, file and backup server under OpenBSD. It was retired after I bought a Dell server with much more disk space (which is of course running OpenBSD). But can it be loaded with Solaris 10? Well, according to the documentation I read, no problem! So let's try.
After connecting a serial cable, a network cable, and the power cable, I inserted the Solaris 10 disc 1 in the CD-ROM drive and here you go: boot cdrom in the OpenBoot Prompt. Damn, it doesn't work. the cdrom alias is not mapped correctly (I installed OpenBSD on it from the network without ever using the CD-ROM drive). I summon nvalias for help and there you go! Enter Solaris 10 installation.
As you may know, Ultra 10 is far from being a work horse. Even during its time (it was released in '97 or '98 IIRC), and due to its IDE bus (among other things), it was not considered a fast machine. Time to go fetch a coffee...
When I came back I was welcomed with Solaris 10 asking me what language do I want for installation, what kind of terminal I have, what type of installation I 'd like to perform, network data etc. etc. It is pretty much the same as the Solaris 8 installer. For this first attempt, I got as far as the point where it starts loading the installation media (just before the file system layout). And it hanged there, timing out on the CD-ROM drive (which was working perfectly just a few moments ago). Did rope collect too much dust? Time for cleaning and checking everything.
Armed with my B&D electrical screwdriver, an invertible air duster and a contact cleaner and lubricant, I opened the box, cleaned it and checked every single cable I could lay my hand on, particularly the IDE and power cables. I also removed extra cards I don't need at the moment (the PCI SCSI and modem cards).
Time for a second attempt. But, for extra security, I used the probe-ide OBP command which worked just fine. Great! then let's boot cdrom. For this second attempt, it stopped exactly at the same point. Can't be the cables, so it must be either the lame LG CD-ROM drive that comes by default with Ultra 10s, the installation media I burned from the official Sun ISO or a combination of it. After much investigation (the night starts stretching a little bit beyond my initial estimates), it was clear that the LG CD-ROM doesn't play well with Verbatim CD-Rs burned at 48x speed.
So I decided to try with another media and burning at a slow speed. Third attempt. Great! the LG CD-ROM drive seems to play fine with this new media. It'd have been great to include some media checking utility like the one included with some Linux distros or am I asking too much? Right, Solaris seasoned administrators use Jumpstart. But hey, AFAIK you need another Solaris box for that. Can't avoid my LG darling. For this third attempt, I got past the "loading installation media" sequence and reached the filesystem layout part. After telling the installer that I don't want to preserve any existing data on my disks, it asked me to choose one of my two harddrives to host Solaris 10. So c0t0d0s0 or c0t2d0s0? Wait a sec, wait a sec...either my coffee was not too strong or it was way too strong. Solaris only sees 8GB of space on each! Hey, these harddrives are 30GB and 80GB. Oh no! Don't tell me that you have the stupid 8GB limitation with IDE disks. I thought this belonged to the long-forgotten Solaris 2.6 time. Time for some investigation (good night honey, can't come to bed at the moment. Gotta have a word with this Solaris guy).
Given that the disks were labeled using OpenBSD and that both operating systems use a BSD-style layout (overlap and such), I need to zero out the disk labels before going any further. Sigh. Is this a modern operating system we are talking about? Or my Ultra 10 is just too old? The best way I could do that (at least at this time of night where my brain is kind of slow after a busy working day) is to boot from an OpenBSD installation CD-ROM, escape to the shell and use dd and /dev/zero on the overlaps. As almost everything with OpenBSD, it works just fine.
Fourth attempt. Got past the layout. We are making progress here. The installer sees the real capacity of my harddrives. CD 1 finished. Asking for CD 2. Installation in progress. Hope in the horizon.... I might go to bed soonish. Oops! I should have kept my brain shut :
Oct 13 00:34:14 rope scsi: Sense Key: Media Error
Oct 13 00:34:14 rope scsi: ASC: 0x11 (L-EC uncorrectable error), ASCQ: 0x5, FRU: 0x0
Oct 13 00:34:21 rope scsi: WARNING: /pci@1f,0/pci@1,1/ide@3/sd@3,0 (sd1):
Oct 13 00:34:21 rope Error for Command: read(10) Error Level: Retryable
Oct 13 00:34:21 rope scsi: Requested Block: 321510 Error Block: 321510
Oct 13 00:34:21 rope scsi: Vendor: LG Serial Number:
Oct 13 00:34:21 rope scsi: Sense Key: Media Error
Oct 13 00:34:21 rope scsi: ASC: 0x11 (L-EC uncorrectable error), ASCQ: 0x5, FRU: 0x0
[....]
Are you kidding me? OK. I am fed up with this. Guess what's the first thing I will do in the next few days before my fifth attempt? Throw away that stupid LG CD-ROM drive and put a real CD-ROM drive in this box.
And if Sun people are reading this, how about a media checker or advice on what brand to use and speed for burning your ISOs to make them work with your legacy machines? Oh right, no business incentive to do that. You are not as nuts as the OpenBSD people to support old cruft.
Off to bed, hopefully not having bad dreams starring Solaris 10 and Sun hardware. Oh wait! I just got a look at my xterm to shutdown the box properly (a BREAK and a power-off are your friends) and what do I see ? Can't describe it :
Please specify the media from which you will install Solaris 10 Software 3 for
SPARC Platforms.
Did the LG drive "sensed" my anger? Good! Maybe no fifth attempt after all. Let's load CD 3. Instead of starring blankly at the progress bar showing slow progress (well you could do that if you are really bored. I'm not), I decided to update my Mac OS X with the latest updates after Apple's last announcement. iTunes 6 after releasing iTunes 5 only one month ago and important bugfixes for QuickTime. Well, where our Solaris 10 fourth attempt is heading?
Please specify the media from which you will install Solaris 10 Software 4 for
SPARC Platforms.
Yes!, that's 4. Here goes the dreaded (regress) progress bar again. Damn, my cable broadband connection just went down in the middle of the updates for my Mac OS X. My first name, Saad, means luck in Arabic. No such thing as luck tonight. Time to switch to my backup ADSL connection and restart the update process on the Mac.
Letter to my bed:
My dear bed, I hope you are not angry. I would be more than happy to come and let you show me around through the land of Morpheus but I have a small problem (nothing to worry about, really!) with this Solaris guy. I am not on some tight schedule or something like that but well. he is challenging me! And even though I know I'm gonna be really tired in a few hours (it's 1:28 AM and the progress bar for CD 4 is only at 25% percent and there is still the Companion CD to install) when I will need to go to work, I just want to get over with this.
Sincerly yours (after the Solaris guy gets done with me that is)
Saad
*yawn*. 1:53 AM. CD 4 installation finished. Companion CD installation starting. It contains many pieces of open source software that I might not need such as ProFTPD, Squid, GD, ... But as one of my goals is to test the new Solaris Software Update to keep my system up-to-date, I would also like to see if these additional software is supported as well and the kind of reactivity I can expect from Sun when it comes to plugging security holes contained in these applications.
My sane self is taking over. I am going to crash into my bed andtomorrow in a few hours, when I wake up before going to work I'll check to see if everything went fine.
1. See how different it is from Solaris 8, the latest release of Solaris I've been using from both a security perspective and an administration one. I am curious to see how nice or bad the new features of Solaris 10 are (DTrace, zones, and SMF mainly).
2. Try to harden it reasonably.
To install Solaris 10, I either need a sparc64 or an amd64 supported box. Budget being what it is, I don't have the financial resources to buy a brand new machine just for the sake of playing with an operating system. I don't have any personal need to put it in production. My current FreeBSD, OpenBSD and Mac OS X systems already fit the bill very nicely. I just want to update my skill set and see how secure I can make Solaris be. Wait a minute! What's collecting dust under one of the desks? Oh! that's the venerable rope (as in "rope to hang yourself with, anytime, anywhere!").
rope is an Ultra 10 equipped with an UltraSPARC II-i 440Mhz, 512MB of RAM, 2 IDE harddrives (30Go and 80Go) and a PCI SCSI adapter. It served me well during many months as a DNS, file and backup server under OpenBSD. It was retired after I bought a Dell server with much more disk space (which is of course running OpenBSD). But can it be loaded with Solaris 10? Well, according to the documentation I read, no problem! So let's try.
After connecting a serial cable, a network cable, and the power cable, I inserted the Solaris 10 disc 1 in the CD-ROM drive and here you go: boot cdrom in the OpenBoot Prompt. Damn, it doesn't work. the cdrom alias is not mapped correctly (I installed OpenBSD on it from the network without ever using the CD-ROM drive). I summon nvalias for help and there you go! Enter Solaris 10 installation.
As you may know, Ultra 10 is far from being a work horse. Even during its time (it was released in '97 or '98 IIRC), and due to its IDE bus (among other things), it was not considered a fast machine. Time to go fetch a coffee...
When I came back I was welcomed with Solaris 10 asking me what language do I want for installation, what kind of terminal I have, what type of installation I 'd like to perform, network data etc. etc. It is pretty much the same as the Solaris 8 installer. For this first attempt, I got as far as the point where it starts loading the installation media (just before the file system layout). And it hanged there, timing out on the CD-ROM drive (which was working perfectly just a few moments ago). Did rope collect too much dust? Time for cleaning and checking everything.
Armed with my B&D electrical screwdriver, an invertible air duster and a contact cleaner and lubricant, I opened the box, cleaned it and checked every single cable I could lay my hand on, particularly the IDE and power cables. I also removed extra cards I don't need at the moment (the PCI SCSI and modem cards).
Time for a second attempt. But, for extra security, I used the probe-ide OBP command which worked just fine. Great! then let's boot cdrom. For this second attempt, it stopped exactly at the same point. Can't be the cables, so it must be either the lame LG CD-ROM drive that comes by default with Ultra 10s, the installation media I burned from the official Sun ISO or a combination of it. After much investigation (the night starts stretching a little bit beyond my initial estimates), it was clear that the LG CD-ROM doesn't play well with Verbatim CD-Rs burned at 48x speed.
So I decided to try with another media and burning at a slow speed. Third attempt. Great! the LG CD-ROM drive seems to play fine with this new media. It'd have been great to include some media checking utility like the one included with some Linux distros or am I asking too much? Right, Solaris seasoned administrators use Jumpstart. But hey, AFAIK you need another Solaris box for that. Can't avoid my LG darling. For this third attempt, I got past the "loading installation media" sequence and reached the filesystem layout part. After telling the installer that I don't want to preserve any existing data on my disks, it asked me to choose one of my two harddrives to host Solaris 10. So c0t0d0s0 or c0t2d0s0? Wait a sec, wait a sec...either my coffee was not too strong or it was way too strong. Solaris only sees 8GB of space on each! Hey, these harddrives are 30GB and 80GB. Oh no! Don't tell me that you have the stupid 8GB limitation with IDE disks. I thought this belonged to the long-forgotten Solaris 2.6 time. Time for some investigation (good night honey, can't come to bed at the moment. Gotta have a word with this Solaris guy).
Given that the disks were labeled using OpenBSD and that both operating systems use a BSD-style layout (overlap and such), I need to zero out the disk labels before going any further. Sigh. Is this a modern operating system we are talking about? Or my Ultra 10 is just too old? The best way I could do that (at least at this time of night where my brain is kind of slow after a busy working day) is to boot from an OpenBSD installation CD-ROM, escape to the shell and use dd and /dev/zero on the overlaps. As almost everything with OpenBSD, it works just fine.
Fourth attempt. Got past the layout. We are making progress here. The installer sees the real capacity of my harddrives. CD 1 finished. Asking for CD 2. Installation in progress. Hope in the horizon.... I might go to bed soonish. Oops! I should have kept my brain shut :
Oct 13 00:34:14 rope scsi: Sense Key: Media Error
Oct 13 00:34:14 rope scsi: ASC: 0x11 (L-EC uncorrectable error), ASCQ: 0x5, FRU: 0x0
Oct 13 00:34:21 rope scsi: WARNING: /pci@1f,0/pci@1,1/ide@3/sd@3,0 (sd1):
Oct 13 00:34:21 rope Error for Command: read(10) Error Level: Retryable
Oct 13 00:34:21 rope scsi: Requested Block: 321510 Error Block: 321510
Oct 13 00:34:21 rope scsi: Vendor: LG Serial Number:
Oct 13 00:34:21 rope scsi: Sense Key: Media Error
Oct 13 00:34:21 rope scsi: ASC: 0x11 (L-EC uncorrectable error), ASCQ: 0x5, FRU: 0x0
[....]
Are you kidding me? OK. I am fed up with this. Guess what's the first thing I will do in the next few days before my fifth attempt? Throw away that stupid LG CD-ROM drive and put a real CD-ROM drive in this box.
And if Sun people are reading this, how about a media checker or advice on what brand to use and speed for burning your ISOs to make them work with your legacy machines? Oh right, no business incentive to do that. You are not as nuts as the OpenBSD people to support old cruft.
Off to bed, hopefully not having bad dreams starring Solaris 10 and Sun hardware. Oh wait! I just got a look at my xterm to shutdown the box properly (a BREAK and a power-off are your friends) and what do I see ? Can't describe it :
Please specify the media from which you will install Solaris 10 Software 3 for
SPARC Platforms.
Did the LG drive "sensed" my anger? Good! Maybe no fifth attempt after all. Let's load CD 3. Instead of starring blankly at the progress bar showing slow progress (well you could do that if you are really bored. I'm not), I decided to update my Mac OS X with the latest updates after Apple's last announcement. iTunes 6 after releasing iTunes 5 only one month ago and important bugfixes for QuickTime. Well, where our Solaris 10 fourth attempt is heading?
Please specify the media from which you will install Solaris 10 Software 4 for
SPARC Platforms.
Yes!, that's 4. Here goes the dreaded (regress) progress bar again. Damn, my cable broadband connection just went down in the middle of the updates for my Mac OS X. My first name, Saad, means luck in Arabic. No such thing as luck tonight. Time to switch to my backup ADSL connection and restart the update process on the Mac.
Letter to my bed:
My dear bed, I hope you are not angry. I would be more than happy to come and let you show me around through the land of Morpheus but I have a small problem (nothing to worry about, really!) with this Solaris guy. I am not on some tight schedule or something like that but well. he is challenging me! And even though I know I'm gonna be really tired in a few hours (it's 1:28 AM and the progress bar for CD 4 is only at 25% percent and there is still the Companion CD to install) when I will need to go to work, I just want to get over with this.
Sincerly yours (after the Solaris guy gets done with me that is)
Saad
*yawn*. 1:53 AM. CD 4 installation finished. Companion CD installation starting. It contains many pieces of open source software that I might not need such as ProFTPD, Squid, GD, ... But as one of my goals is to test the new Solaris Software Update to keep my system up-to-date, I would also like to see if these additional software is supported as well and the kind of reactivity I can expect from Sun when it comes to plugging security holes contained in these applications.
My sane self is taking over. I am going to crash into my bed and