PURPOSE ------- To outline, in detail, the minimum installation of Solaris 2.7 for CheckPoint FW-1 version 4.1 DISCLAIMER ---------- All information discussed below is based on Sun Microsystems Ultra 5 with one qfe Ethernet card and using Solaris 2.7. Your mileage may vary for different hardware platforms. INTENT ------ This document is for users who want to use the Core installation package. A minimal installation of an operating system helps build a more secure platform for the Firewall application. We will attempt to build a platform with the fewest packages possible. The end goal is to have a minimum of 21 packages installed. INSTALLATION ------------ Solaris 2.7 media comes with one CDROM for installation. The CDROM is bootable CDROM. Install the CDROM into the CD Player and type "boot cdrom" from the OK prompt. Follow the instructions, ensuring you install the Core package. THE PACKAGES ------------ The core install consists of 39 packages, listed below. We will remove 20 of these packages. ---- Core Install ---- system SUNWadmr System & Network Administration Root system SUNWatfsr AutoFS, (Root) system SUNWatfsu AutoFS, (Usr) system SUNWcar Core Architecture, (Root) system SUNWcg6 GX (cg6) Device Driver system SUNWcsd Core Solaris Devices system SUNWcsl Core Solaris, (Shared Libs) system SUNWcsr Core Solaris, (Root) system SUNWcsu Core Solaris, (Usr) system SUNWdfb Dumb Frame Buffer Device Drivers system SUNWdtcor Solaris Desktop /usr/dt filesystem anchor system SUNWesu Extended System Utilities system SUNWftpr FTP Server, (Root) system SUNWftpu FTP Server, (Usr) system SUNWhmd SunSwift SBus Adapter Drivers system SUNWkey Keyboard configuration tables system SUNWkvm Core Architecture, (Kvm) system SUNWlibms Sun WorkShop Bundled shared libm system SUNWloc System Localization system SUNWnisr Network Information System, (Root) system SUNWnisu Network Information System, (Usr) system SUNWos86u Platform Support, OS Functionality (Usr) system SUNWpcelx 3COM EtherLink III PCMCIA Ethernet Driver system SUNWpcmci PCMCIA Card Services, (Root) system SUNWpcmcu PCMCIA Card Services, (Usr) system SUNWpcmem PCMCIA memory card driver system SUNWpcser PCMCIA serial card driver system SUNWpd PCI Drivers system SUNWploc Partial Locales system SUNWploc1 Supplementary Partial Locales system SUNWpsdpr PCMCIA ATA card driver system SUNWqfed Sun Quad FastEthernet Adapter 32bit Driver system SUNWsndmr Sendmail root system SUNWsndmu Sendmail user system SUNWsolnm Solaris Naming Enabler system SUNWswmt Install and Patch Utilities system SUNWudfr Universal Disk Format 1.50 system SUNWxwdv X Windows System Window Drivers system SUNWxwmod OpenWindows kernel modules REMOVING PACKAGES ----------------- Of these 39 packages, you can remove 20 of them. To remove a package, you use the pkgrm(1M) command. For example, the following command removes the package SUNWdtcor. mozart #pkgrm SUNWdtcor The following 20 packages are not required to run FW-1 ver 4.1. Some of the packages will complain about dependencies. Don't worry, you are removing the dependencies also. --------- pkgrm ----------- system SUNWsndmr Sendmail root system SUNWsndmu Sendmail user system SUNWftpr FTP Server, (Root) system SUNWftpu FTP Server, (Usr) system SUNWpcelx 3COM EtherLink III PCMCIA Ethernet Driver system SUNWpcmci PCMCIA Card Services, (Root) system SUNWpcmcu PCMCIA Card Services, (Usr) system SUNWpcmem PCMCIA memory card driver system SUNWpcser PCMCIA serial card driver system SUNWpsdpr PCMCIA ATA card driver system SUNWxwdv X Windows System Window Drivers system SUNWxwmod OpenWindows kernel modules system SUNWnisr Network Information System, (Root) system SUNWnisu Network Information System, (Usr) system SUNWcg6 GX (cg6) Device Driver system SUNWadmr System & Network Administration Root system SUNWdtcor Solaris Desktop /usr/dt filesystem anchor system SUNWsolnm Solaris Naming Enabler system SUNWatfsr AutoFS, (Root) system SUNWatfsu AutoFS, (Usr) ADDING PACKAGES --------------- There are several required packages you have to add for FW-1 4.1 to install and function properly. There are also several optional packages you may want to install. To install packages, first mount the CDROM. You will have to do this manually, as volume manager is not installed with Core. For the Ultra5 mozart #mount -F hsfs -o ro /dev/dsk/c0t2d0s0 /cdrom For most other Sparc systems mozart #mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /cdrom mozart $cd /cdrom/Solaris_2.7/Product ---------- required packages by FW-1 ------- system SUNWlibC Sun Workshop Compilers Bundled libC required by FWDIR/bin/cpconfig system SUNWter Terminal Information required for FW-1 installation system SUNWscpu Source Compatibility, (Usr) /usr/ucb/ln required for upgrades NOTE: The only purpose for SUNWscpu is for /usr/ucb/ln. If you do not want to install the whole package, you can simply execute the following for the same functionality. /bin/ln -s /bin/ln /usr/ucb/ln ---------- optional packages ------- system SUNWadmc System administration core libraries system SUNWadmfw System & Network Administration Framework includes showrev(1M) system SUNWdoc Documentation Tools system SUNWman On-Line Manual Pages For compiling (not recommended) system SUNWsprot Solaris Bundled tools system SUNWhea SunOS Header Files system SUNWtoo Programming Tools system SUNWarc Archive Libraries system SUNWbtool CCS tools bundled with SunOS To learn what binaries belong to what package, use the command pkgchk(1M). For example, to learn what package truss belongs to, use the following command on another Solaris system with truss installed on it. # pkgchk -l -p /usr/bin/truss Pathname: /usr/bin/truss Type: regular file Expected mode: 0555 Expected owner: bin Expected group: bin Expected file size (bytes): 123736 Expected sum(1) of contents: 41220 Expected last modification: Jun 18 17:11:15 1998 Referenced by the following packages: SUNWtoo Current status: installed PACKAGES COMPLETED ------------------ When you are done installing the operating system, and removing/adding packages, you should have the following 21 packages installed (not counting any optional packages). system SUNWcar Core Architecture, (Root) system SUNWcsd Core Solaris Devices system SUNWcsl Core Solaris, (Shared Libs) system SUNWcsr Core Solaris, (Root) system SUNWcsu Core Solaris, (Usr) system SUNWdfb Dumb Frame Buffer Device Drivers system SUNWesu Extended System Utilities system SUNWhmd SunSwift SBus Adapter Drivers system SUNWkey Keyboard configuration tables system SUNWkvm Core Architecture, (Kvm) system SUNWlibC Sun Workshop Compilers Bundled libC system SUNWlibms Sun WorkShop Bundled shared libm system SUNWloc System Localization system SUNWos86u Platform Support, OS Functionality (Usr) system SUNWpd PCI Drivers system SUNWploc Partial Locales system SUNWploc1 Supplementary Partial Locales system SUNWqfed Sun Quad FastEthernet Adapter 32bit Driver system SUNWswmt Install and Patch Utilities system SUNWter Terminal Information system SUNWudfr Universal Disk Format 1.50 CONCLUSION ---------- Your operating system should now have 21 packages installed (depending on hardware platform). This should help build a more secure platform for your firewall application). Please send any corrections or suggestions to lance@spitzner.net EOF