This is a description of features provided by "autoinstall", as configured by NACS/DDCS. This document was last updated on Nov 22 14:57:02 PST 1995.

Operating systems covered:

  • "SunOS 5" currently means "SunOS 5.4" and "SunOS 5.5", which are components of "Solaris 2.4" and "Solaris 2.5" respectively.
  • "Irix" currently means "Irix 5.3".
  • "OSF/1" currently means "OSF/1 3.2c", also known as "Digital Unix 3.2c".
  • "SunOS 4" currently means "SunOS 4.1.4".

Facities added (or improved), collected into groups of operating systems - to emphasize commonality of configuration procedures:

  • SunOS 5, Irix 5, OSF/1, and SunOS 4 - that is, on all autoinstall-supported Unix platforms:
    • mail
      • well-secured sendmail
      • easy sendmail.cf with daemon-independant syntax
      • procmail used for delivery (fast, highly reliable)
      • hub/client distinction made for high reliability, low maintenance
      • header rewriting
      • upgrade of sendmail on each reboot (if a new daemon has been placed in dcslib)
      • ensurance of good MX usage
      • nightly check for mail messages that have remained undelivered too long
    • optional generation of /etc/printcap on reboot, from "printcap.m4"
    • NIS master (all but "ypinit -m"), slave (100%) and client (100%) configuration
    • ypservers and groupleader NIS map support (autoinstalled NIS master only)
    • non-NIS account addition (deprecated)
    • automounter: variable added to distinguish between unix platforms
    • static mounts for dcslib, with simple load balancing between dcslib servers
    • configuration of NACS-utilized backup systems (dump/restore and networker)
    • (by default) root and uucp not allowed to ftp into the machine
    • gsu configuration (/var/adm/groupleader)
    • optional tailoring of local groups (deprecated)
    • optional mounting of local disks
    • configuration of IP address, hostname, netmask, broadcast, default route
    • removal of /etc/hosts.equiv with a "+"
    • configuration of /etc/hosts.lpd ("+" by default)
    • configuration of klaxon (simple but useful early warning system for breakin attempts)
    • periodic, automated truncation of logs that commonly grow too large
    • ensurance that /var/adm/lpd-errs exists, to facilitate printer logging
    • periodic, automated check for old, undelivered mail
    • disable no-password accounts (especially for Irix)
    • symlink to facilitate easy access to usenet from pine
    • optional popper configuration
    • rdist permissions reduced (rdist is a frequent source of security trouble)
    • DNS client configuration
    • automated, periodic removal of old core files (not just files named "core")
    • automated, periodic removal of old (non-NFS'd) files in /tmp and /var/tmp
    • automated, periodic removal of old print jobs (and partial print jobs)
    • dcslib shells enabled (tcsh, bash, zsh)
    • dcslib skeletal csh and tcsh startup files linked appropriately
    • srsh configuration (for automated data collection, patch application)
    • stamp invoked at install time (facilitates upgrades and problem location)
    • configuration of swap space
    • simplified, consistent syslog.conf
    • configuration of tcp wrappers, to facilitate access restrictions and logging
    • timezone setting
    • configured consistent xntpd (for good time-keeping). Pointed at campus time-servers
    • name service switch configuration
    • optional login restrictions added (for large NIS domains)
    • mount points of local filesystems automatically created
    • rarpd configuration
    • tftpd configuration
    • identd configuration, allows remote username collection
    • optional nanny, to periodically check/restart critical daemons
    • mechanism for updating key executables upon each reboot
    • bootparamd configuration
    • consistent dtterm and xterm definitions

  • SunOS 5, Irix, and OSF/1:
    • enable interoperability with bad NFS clients (EG, Ultrix, some PC's)
    • rwhod configuration, to enable response to rwho requests
    • configuration of NQS (batch execution mechanism)

  • SunOS 5, and Irix:
    • enabling of vendor-supported logging of incoming logins

  • SunOS 5, OSF/1, and SunOS 4:

    • consistent CAP configuration, for interoperability with apple equipment
    • bootpd configuration (Irix may be done with RFC-compatible bootp later)
    • optional configuration of pcnfsd

  • SunOS 5 and OSF/1:

    • optional anonymous ftp configuration
    • extra ptys (for increased telnet, rlogin, &c sessions)
    • vendor-supplied uucp cron job removed

  • SunOS 5 and SunOS 4:

    • turn off setuid on /usr/kvm/crash
    • swap file configuration
    • configure with ytalk and ntalkd, for improved "talk" interoperability
    • choice of xdm options added and enabled
    • openwindows (optional but on by default) symlinked from dcslib
    • "securenets" support, to prevent offcampus NIS binding - beyond the check added by portmap/rpcbind

  • SunOS 5 alone:

    • choice of print system: native SysV/LPlite, bsd-print, plpd. plpd default.
    • Native NIS
    • Prestoserve configuration
    • extensive vendor patch application
    • symlink required for C compiler
    • optional skeletal httpd configuration
    • optional simple HP jetdirect configuration
    • rpcbind replaced with secure version. Used to restrict off-campus usage
    • 5.4: workaround for telnetd and rlogind "logindmux" problem
    • removal of "lp" crontab
    • "make" symlink into /usr/bin
    • optional configuration of multicast routing
    • screenblanker installed
    • comments added about interoperability with marginal SCSI disks
    • comment added about setting maximum process (per user) limit
    • 5.4: appropriate permissions ensured on /tmp
    • 5.4: umask set appropriately in /etc/rc*
    • 5.4: utmpd configured, to prune utmp files
    • 5.5: CDE configuration (with optional CDE "dtlogin")
    • autoinstall environment doubles for emergency-alternate-boot device
  • Irix and OSF/1:

    • NIS enabled by default (off in vendor distribution by default)
    • automounter enabled (off by default in vendor distribution)

  • Irix alone:

    • good vendor patch application
    • X windows security (xauth turned on, xhost in Xsession turned off)
    • turn off setuid on /usr/etc/arp
    • default runlevel set to 3 (vendor ships with 2), for consistency
    • virtual swap set very high
    • wtmpx and utmpx logging enabled
    • vendor-supplied xdm support enabled
    • /etc/defaultrouter mechanism, to allow clean addition of static route

  • OSF/1 alone:

    • Fortran configuration
    • Automatic license addition
    • (soon) automatic kernel rebuild to enable packet filtering (allows CAP)
    • NFS enabled (off in vendor distribution by default)
    • workaround for xwebster bug, in /etc/services
    • symlink for dxbook (graphical online documentation)
    • rstatd configuration, to enable rup, xmeter, &c
    • swap over-allocation enabled
    • telnetd security hole patched

  • SunOS 4 alone:

    • Added SysVR4 rc structure (native /etc/rc.local, &c not removed)
    • good pre-applied patches
    • symlink required for sun-provided language packages
    • broadcast changed to be RFC-conformant (vendor distribution isn't)
    • portmap replaced with secure version. Used to restrict off-campus usage
    • root login disabled on all but console. su still works
    • /etc/utmp secured
http://www.nacs.uci.edu/support/dcs/automation/trees.html