Re: Solaris Beginner

[Alex Moen <alexm () ndtel com>]

Congratulations on your decision to try something other than  
Windows...  You are going to have some fun.  Once you get over the  
learning curve, and start using *nix software, you will be shocked on  
how efficient, stable, and versatile these operating systems are.  We  
are used to having servers running for (literally) a year or more  
without rebooting.  The longest that one of my servers has run is well  
over 1000 days.

For file sharing with Windows clients, you are on the right track with  
Samba.  Traditionally, *nix systems use (for example) NIS and NFS for  
sharing user info and data.   Samba is simply a software package  
(free, of course... you are out of the M$ world here) that gives a  
*nix server (whether it be Linux, Solaris, HP-UX, AIX, etc) the  
ability to communicate using the NetBIOS/NetBEUI protocols, and the  
SMB (or CIFS) protocol, all over TCP/IP, which M$ clients call the  
"Microsoft Windows Network".   There are many facets to Samba, such as  
the integration or mapping of the traditional *nix type filesystem  
access controls and the Windows filesystem access controls, password  
mapping, etc.

First off, I would recommend that you take some formal *nix training  
to get really familiar with the operating system that you are going to  
use, and then experiment and play with it for a while.  We use Solaris  
very extensively here, and Sun has very good training for basic and  
advanced system administration of their software.  Also, most *nix  
system admins are very "take charge" kinds of people, who research and  
learn how to use the available software out there.  It requires  
reading, communication with others through mailing lists, compiling  
and recompiling software, and lots of trial and error.  However, it  
promotes a broader view of how the operating system and software  
really work together, and how they integrate into a complete service.   
This is very different from the typical Windows admin, who simply  
points and clicks their way through life (no flaming please... this  
last comment was meant not as an insult, but simply as my observations  
of the Windows admins that I have known).

Personally, I have not had to integrate Samba into a Windows 2003 or  
AD (as we don't use any Windows servers), so I can't help a lot  
there.  However, http://www.samba.org/ has tons of documentation and  
howto's that will really help in explaining how to integrate the  
software into your environment.  They are the pros at this, and can  
explain the details much better than I can in an e-mail.

As far as security goes, I would venture to say that security is only  
as good as the system administrator wants or needs it to be, whether  
it is a *nix or Windows server.  That being said, I would also venture  
to say that a *nix server will be more secure than a Windows server,  
all things being equal.  Security is a very fundamental part of the  
*nix world, and has been around since the inception of these operating  
systems.  You have already run into part of this, in your own research  
into the shadow file.  Typically, the passwords in the shadow file are  
an MD5 or SHA hash, so there is no way to "crack" them, other than a  
brute force method.  So put the shadow file away and don't mess with it.

Putty is simply a terminal client, that you would use for Telnet or  
SSH command line access to a *nix server.  It's a relatively simple  
client, and there are more complex and more simple clients out there.   
However, Putty is free, so that's a good place to start.  Security  
point: do not use telnet, use SSH.  I'm not going into it here, just  
don't.

Again, good luck, and have fun with this.  It can seem daunting and  
frustrating at times, but when you have the "Ah ha!" moment, it's all  
worth it, and you will really understand what you and the software are  
doing.

Hope this helps,

Alex



On Jan 4, 2010, at 11:08 AM, pma111 wrote:

> Is it possible to access data from a Solaris Server on Windows XP  
> machine? If
> so could you provide tools or strategies to accomplish this. I've  
> heard of
> SAMBA but would prefer some detail on how this works, i.e a share on  
> the
> Solaris box would have to be a SAMBA share would it not? Is it  
> possible to
> access data on a solaris server from a windows machine in the same  
> active
> directory domain, but without any specialist software?
>
> I have a copy of the /etc/shadow/ file from the Solaris Server which
> contains the encrypted passwords but I cannot find any Windows based
> crackers that will crack these passwords. I also dont know what client
> software would be required to access data on the Server from a Windows
> machine even if I do decrypt some weak passwords? Did see some  
> mention of
> Putty but am unfamiliar with this or SAMBA. I also assume that any  
> "open
> file shares" on the Solaris box wont be mappable or reachable to a  
> windows
> machine, as is the case on win2k and windows 2003 servers, when all  
> you need
> is my network places and hope some of the shares hav been given the  
> deadly
> "everyone acl" in NTFS? I appreciate Solaris uses a totally  
> different file
> system to NTFS but I assume you can share directories with anyone on  
> the
> network if desired? Any tips on accessing data on this Server from  
> Windows
> much appreciated.
>
> Out of interest, what are the mailing lists views on Security of a  
> Solaris
> Server if every user on the internal network only have windows  
> machines?
> Even if there is a weak password or open file share on the Solaris  
> Server,
> without specialist software is it fair to say the windows users still
> wouldnt be able to get hold of data on the Server, or is that a very  
> naive
> view on things?


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------