We assume that your server was installed (in our case Solaris 8) and patched with the up-to-date recommended patches.
We also assume that you did transfered to a local directory the tarball.tar.Z file needed for this install.
Last, we assume that no modifications were done to the system.
Command typed by the sysadmin are in bold, comments are in color.
zeta console login: root
Password:
Last login: Wed Jul 19 18:02:40 on console
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
#
# ps -eaf
Default running processes, for a full Solaris 8 installation.
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 17:57:09 ? 0:15 sched
root 1 0 0 17:57:10 ? 0:00 /etc/init -
root 2 0 0 17:57:10 ? 0:00 pageout
root 3 0 0 17:57:10 ? 0:09 fsflush
root 264 1 0 17:58:12 ? 0:00 /usr/lib/saf/sac -t 300
root 127 1 0 17:57:56 ? 0:00 /usr/sbin/rpcbind
root 48 1 0 17:57:20 ? 0:00 /usr/lib/devfsadm/devfseventd
root 52 1 0 17:57:31 ? 0:00 /usr/lib/devfsadm/devfsadmd
root 110 1 0 17:57:56 ? 0:00 /usr/sbin/in.routed -q
daemon 167 1 0 17:57:58 ? 0:00 /usr/lib/nfs/statd
root 166 1 0 17:57:58 ? 0:00 /usr/lib/nfs/lockd
root 196 1 0 17:58:01 ? 0:00 /usr/sbin/nscd
root 170 1 0 17:57:59 ? 0:00 /usr/lib/autofs/automountd
root 202 1 0 17:58:02 ? 0:00 /usr/lib/lpsched
root 181 1 0 17:58:00 ? 0:00 /usr/sbin/syslogd
root 159 1 0 17:57:58 ? 0:00 /usr/sbin/inetd -s
root 185 1 0 17:58:00 ? 0:00 /usr/sbin/cron
root 215 1 0 17:58:03 ? 0:00 /usr/lib/power/powerd
root 227 1 0 17:58:03 ? 0:00 /usr/sadm/lib/wbem/cimomboot start
root 224 1 0 17:58:03 ? 0:00 /usr/lib/utmpd
root 229 1 0 17:58:04 ? 0:00 /usr/sbin/vold
root 278 1 0 17:59:05 ? 0:00 /usr/lib/sendmail -bd -q15m
root 267 264 0 17:58:13 ? 0:00 /usr/lib/saf/ttymon
root 286 1 1 18:10:19 console 0:00 -sh
root 250 1 0 17:58:07 ? 0:00 /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf
root 300 286 1 19:07:12 console 0:00 ps -eaf
root 253 250 0 17:58:08 ? 0:02 mibiisa -r -p 32781
root 296 159 0 19:00:36 ? 0:00 rpc.rusersd
root 257 1 0 17:58:11 ? 0:00 /usr/lib/dmi/dmispd
root 259 1 0 17:58:11 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 260 1 0 17:58:11 ? 0:00 /usr/lib/dmi/snmpXdmid -s zeta
# netstat -an
Default open networks ports, for a full Solaris 8 installation.
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
*.520 Idle
*.* Unbound
*.111 Idle
*.* Unbound
*.32771 Idle
*.42 Idle
*.512 Idle
*.517 Idle
*.37 Idle
*.7 Idle
*.9 Idle
*.13 Idle
*.19 Idle
*.32772 Idle
*.32773 Idle
*.32774 Idle
*.32775 Idle
*.* Unbound
*.32776 Idle
*.32777 Idle
*.32778 Idle
*.32779 Idle
*.4045 Idle
*.514 Idle
*.* Unbound
*.161 Idle
*.32782 Idle
*.32783 Idle
*.32781 Idle
*.* Unbound
*.32784 Idle
*.32785 Idle
*.32786 Idle
*.6500 Idle
*.177 Idle
*.* Unbound
UDP: IPv6
Local Address Remote Address State If
--------------------------------- --------------------------------- ---------- -----
*.37 Idle
*.7 Idle
*.9 Idle
*.13 Idle
*.19 Idle
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
*.* *.* 0 0 24576 0 IDLE
*.111 *.* 0 0 24576 0 LISTEN
*.* *.* 0 0 24576 0 IDLE
*.21 *.* 0 0 24576 0 LISTEN
*.23 *.* 0 0 24576 0 LISTEN
*.514 *.* 0 0 24576 0 LISTEN
*.514 *.* 0 0 24576 0 LISTEN
*.513 *.* 0 0 24576 0 LISTEN
*.512 *.* 0 0 24576 0 LISTEN
*.512 *.* 0 0 24576 0 LISTEN
*.540 *.* 0 0 24576 0 LISTEN
*.79 *.* 0 0 24576 0 LISTEN
*.37 *.* 0 0 24576 0 LISTEN
*.7 *.* 0 0 24576 0 LISTEN
*.9 *.* 0 0 24576 0 LISTEN
*.13 *.* 0 0 24576 0 LISTEN
*.19 *.* 0 0 24576 0 LISTEN
*.32771 *.* 0 0 24576 0 LISTEN
*.32772 *.* 0 0 24576 0 LISTEN
*.32773 *.* 0 0 24576 0 LISTEN
*.7100 *.* 0 0 24576 0 LISTEN
*.32774 *.* 0 0 24576 0 LISTEN
*.515 *.* 0 0 24576 0 LISTEN
*.6112 *.* 0 0 24576 0 LISTEN
*.32775 *.* 0 0 24576 0 LISTEN
*.4045 *.* 0 0 24576 0 LISTEN
*.5987 *.* 0 0 24576 0 LISTEN
*.* *.* 0 0 24576 0 IDLE
*.32776 *.* 0 0 24576 0 LISTEN
*.32777 *.* 0 0 24576 0 LISTEN
*.32778 *.* 0 0 24576 0 LISTEN
*.25 *.* 0 0 24576 0 LISTEN
*.* *.* 0 0 24576 0 IDLE
TCP: IPv6
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
--------------------------------- --------------------------------- ----- ------ ----- ------ ----------- -----
*.* *.* 0 0 24576 0 IDLE
*.21 *.* 0 0 24576 0 LISTEN
*.23 *.* 0 0 24576 0 LISTEN
*.514 *.* 0 0 24576 0 LISTEN
*.513 *.* 0 0 24576 0 LISTEN
*.512 *.* 0 0 24576 0 LISTEN
*.79 *.* 0 0 24576 0 LISTEN
*.37 *.* 0 0 24576 0 LISTEN
*.7 *.* 0 0 24576 0 LISTEN
*.9 *.* 0 0 24576 0 LISTEN
*.13 *.* 0 0 24576 0 LISTEN
*.19 *.* 0 0 24576 0 LISTEN
*.515 *.* 0 0 24576 0 LISTEN
*.25 *.* 0 0 24576 0 LISTEN
# pkgchk -n
Package database incoherences.
ERROR: /etc/mnttab
file size <0> expected <797> actual
file cksum <0> expected <62927> actual
ERROR: /etc/path_to_inst
permissions <0644> expected <0444> actual
group name <sys> expected <root> actual
ERROR: /usr/openwin/server/etc/OWconfig
group name <bin> expected <other> actual
ERROR: /usr/share/lib/termcap
file size <136663> expected <137359> actual
file cksum <35225> expected <23929> actual
#
#
# cd /var/tmp/Tempo
We are in a temporally directory used for the installation and which may be removed after.
# uncompress yassp.tar.Z
# tar xvf yassp.tar
x yassp, 0 bytes, 0 tape blocks
x yassp/secclean, 1288192 bytes, 2516 tape blocks
x yassp/parcdaily, 26112 bytes, 51 tape blocks
x yassp/secclean_i386 symbolic link to secclean
x yassp/admin, 66 bytes, 1 tape blocks
x yassp/install.sh, 5235 bytes, 11 tape blocks
x yassp/secclean_sparc symbolic link to secclean
x yassp/parcdaily_i386 symbolic link to parcdaily
x yassp/gnurcs_i386, 903168 bytes, 1764 tape blocks
x yassp/RCS, 0 bytes, 0 tape blocks
x yassp/RCS/install.sh,v, 15248 bytes, 30 tape blocks
x yassp/RCS/deinstall.sh,v, 2908 bytes, 6 tape blocks
x yassp/RCS/WhatIsNew,v, 11112 bytes, 22 tape blocks
x yassp/RCS/README,v, 30139 bytes, 59 tape blocks
x yassp/WhatIsNew, 7467 bytes, 15 tape blocks
x yassp/README, 14482 bytes, 29 tape blocks
x yassp/gnugzip_i386, 136192 bytes, 266 tape blocks
x yassp/wvtcpd_i386, 271360 bytes, 530 tape blocks
x yassp/prftripw_i386, 231936 bytes, 453 tape blocks
x yassp/parcdaily_sparc symbolic link to parcdaily
x yassp/gnurcs_sparc, 1021952 bytes, 1996 tape blocks
x yassp/gnugzip_sparc, 147456 bytes, 288 tape blocks
x yassp/wvtcpd_sparc, 609792 bytes, 1191 tape blocks
x yassp/prftripw_sparc, 293888 bytes, 574 tape blocks
x yassp/openssh_i386, 3180544 bytes, 6212 tape blocks
x yassp/openssh_sparc, 4121600 bytes, 8050 tape blocks
# cd yassp
# ./install.sh
Running YASSP installation script.
YASSP v0 Beta#14
Are you ready to install YASSP? It will modify lot of system resources...
and will prevent some non-essential services from running on your system.
Do you really want to install YASSP? [y|n] (n) y
Note:
you can always overwrite YASSP package choices by setting up
the environment variable PKGLIST before running YASSP to the
list of packages you want to install.
If PKGLIST is defined, yassp's install won't ask you to choose
which package you want to install.
By default, YASSP will install the following packages:
SECclean : The core package, securing your Solaris installation.
GNUrcs : RCS 5.7 and diff 2.7 [GNU]
GNUgzip : gzip 1.2.4a [GNU]
PARCdaily : Some daily script, loggs rotation, backup and RCS for systems files... Need GNUgzip and GNUrcs
WVtcpd : tcp_wrappers 7.6 + rpcbind 2.1 [Wietse Venema]
PRFtripw : Tripwire 1.2 [Purdue Research Foundation of Purdue University]
OPENssh : OpenSSH 2.3.0p1 [OpenSSH.com]
Type the package list you want to install or hit return to accept the default:
SECclean GNUrcs GNUgzip PARCdaily WVtcpd PRFtripw OPENssh
<return>
We chose to install all packages proposed.
YASSP will install: SECclean GNUrcs GNUgzip PARCdaily WVtcpd PRFtripw OPENssh
Installing the various package:
==========
SECclean
==========
SECclean installation start.
The pre-install runs, initialize some variable and back-up files it will modify.
Using /opt/local as the root dir.
Linking /usr/local to it.
Backing up all files under /yassp.bk/Before_2000.11.18-12.33.44:
/etc/auto_home /etc/auto_master /etc/dfs/dfstab
/var/spool/cron/crontabs/adm /var/spool/cron/crontabs/lp
/var/spool/cron/crontabs/uucp /etc/profile /etc/default/login
/etc/default/su /etc/default/inetinit /etc/motd
/etc/default/passwd /etc/default/sys-suspend
/etc/skel/local.cshrc /etc/skel/local.profile
/usr/dt/config/Xaccess /etc/ftpusers /etc/syslog.conf
/etc/.login /var/spool/cron/crontabs/root /etc/passwd
/etc/shadow /etc/init.d/inetsvc /etc/init.d/inetinit
/etc/init.d/network /etc/init.d/xntpd /etc/init.d/nfs.client
/etc/init.d/autofs /etc/init.d/nscd /etc/init.d/nfs.server
/etc/init.d/volmgt /etc/init.d/sendmail /etc/init.d/dtlogin
/etc/init.d/cacheos /etc/init.d/cachefs.root /etc/init.d/asppp
/etc/init.d/uucp /etc/init.d/cachefs.daemon /etc/init.d/spc
/etc/init.d/autoinstall /etc/init.d/lp /etc/init.d/PRESERVE
/etc/init.d/cacheos.finish /etc/init.d/sysid.sys
/etc/init.d/sysid.net /etc/init.d/power /etc/init.d/init.dmi
/etc/init.d/init.snmpdx /etc/init.d/utmpd /etc/init.d/devfsadm
/etc/init.d/devlinks /etc/init.d/apache /etc/init.d/dhcp
/etc/init.d/dhcpagent /etc/init.d/ldap.client /etc/init.d/llc2
/etc/init.d/ncakmod /etc/init.d/ncalogd /etc/init.d/slpd
/etc/init.d/webstart /etc/init.d/init.wbem /etc/init.d/rpc
/etc/init.d/syslog /etc/inet/inetd.conf /etc/inet/services
/etc/system /etc/rmmount.conf /etc/inittab
/etc/pam.conf
Pre-install is done. The install runs: files declared in the prototype are installed silently. Files part of the sed class in the prototype are modify bu the associated sed script. Modifying /etc/inet/inetd.conf Modifying /etc/inet/services Modifying /etc/inittab Modifying /etc/pam.conf Modifying /etc/rmmount.conf Modifying /etc/system The postinstall start. It first reads the variables stored by the pre-install. The postinstall script is silently running. It may take a while on slow machine. Just be patient Disabling init files we will replace later. Disabling startup files: inetsvc inetinit network Modifying startup files to be controlled by yassp.conf.Modifying Startup files to use /etc/yassp.conf: xntpd nfs.client autofs nscd nfs.server volmgt sendmail dtlogin cacheos cachefs.root asppp uucp cachefs.daemon spc autoinstall lp PRESERVE cacheos.finish sysid.sys sysid.net snmpdx dmi power init.dmi init.snmpdx utmpd devfsadm devlinks apache dhcp dhcpagent ldap.client llc2 ncakmod ncalogd slpd webstart init.wbem rpc
Creating /etc/yassp.conf, as we know now which startup file were modified. Creating your default /etc/yassp.conf Saving (in the package's save directory) and deleting files. Some of them will be replaced by SECclean's own version later.Saving files: /etc/auto_home /etc/auto_master /etc/dfs/dfstab /var/spool/cron/crontabs/adm /var/spool/cron/crontabs/lp /var/spool/cron/crontabs/uucp /etc/profile /etc/default/login /etc/default/su /etc/default/inetinit /etc/motd /etc/default/passwd /etc/default/sys-suspend /etc/skel/local.cshrc /etc/skel/local.profile /usr/dt/config/Xaccess /etc/dt/config/Xaccess /etc/ftpusers /etc/syslog.conf /etc/.login /etc/cron.d/at.allow /etc/cron.d/cron.allow /etc/hosts.equiv /.rhosts /etc/issue /etc/ftp-banner /etc/default/ftpd /etc/default/telnetd /var/spool/cron/crontabs/root /etc/init.d/inetsvc /etc/init.d/inetinit /etc/init.d/network
We have unregistered (removef) all the files we deleted from the package database. We must now close (removef -f) these open packages.Closing the package we touched: SUNWftpr SUNWdtdte SUNWpmowr SUNWwbcor SUNWslpr SUNWncar SUNWllcr SUNWdhcsr SUNWapchr SUNWsacom SUNWpmr SUNWpsr SUNWadmr SUNWpcr SUNWbnur SUNWapppr SUNWdtlog SUNWsndmr SUNWvolr SUNWatfsr SUNWntpr SUNWcsr SUNWcsr
Binaries files need special care as they are achitecture dependent
Choosing architecture dependent binaries:
/usr/sbin/noshell_sparc -> /usr/sbin/noshell
/opt/local/bin/md5_sparc -> /opt/local/bin/md5
These are the files that will be replaced by SECclean version.
They have been installed (as part of SECclean's prototype file)
as /path/name/SECclean_{name_of_the_file}, and are registered under
this name as part of SECclean package.
We must first unregistered (removef on SECclean) them.
Updating SECclean package DB: /etc/profile
/etc/default/login /etc/default/su /etc/default/inetinit
/etc/motd /etc/default/passwd /etc/default/sys-suspend
/etc/skel/local.cshrc /etc/skel/local.profile
/usr/dt/config/Xaccess /etc/dt/config/Xaccess /etc/ftpusers
/etc/syslog.conf /etc/.login /etc/cron.d/at.allow
/etc/cron.d/cron.allow /etc/hosts.equiv /.rhosts /etc/issue
/etc/ftp-banner /etc/default/ftpd /etc/default/telnetd
/var/spool/cron/crontabs/root /etc/shells
/etc/init.d/inetsvc_5.6 /etc/init.d/inetsvc_5.7
/etc/init.d/inetsvc_5.8 /etc/init.d/inetinit_5.6
/etc/init.d/inetinit_5.7 /etc/init.d/inetinit_5.8
/etc/init.d/network_5.8 /usr/sbin/noshell_sparc
/usr/sbin/noshell_i386 /opt/local/bin/md5_sparc
/opt/local/bin/md5_i386
and close SECclean (removef -f SECclean)
Closing SECclean DB
Move the files from their SECclean_{name} to {name} and register them as part
of SECclean (installf)
Replacing: /etc/profile /etc/default/login
/etc/default/su /etc/default/inetinit /etc/motd
/etc/default/passwd /etc/default/sys-suspend
/etc/skel/local.cshrc /etc/skel/local.profile
/usr/dt/config/Xaccess /etc/dt/config/Xaccess /etc/ftpusers
/etc/syslog.conf /etc/.login /etc/cron.d/at.allow
/etc/cron.d/cron.allow /etc/hosts.equiv /.rhosts /etc/issue
/etc/ftp-banner /etc/default/ftpd /etc/default/telnetd
/var/spool/cron/crontabs/root
OS specific startup files: chose the right version.
Choosing the right startup files: /etc/init.d/inetsvc /etc/init.d/inetinit /etc/init.d/network for your OS: Solaris 5.8
Replacing them, registering (installf) as part of SECclean package, and creating the sym-link.
Replacing Special startup files: /etc/init.d/inetsvc /etc/init.d/inetinit /etc/init.d/network and creating the symlink
Binsries files installed need to be registered.
Registrating binaries : /usr/sbin/noshell /opt/local/bin/md5 for your architecture: sparc
Closing (installf -f SECclean) SECclean.
Closing again SECclean DB
Specific OS tuning: for Solaris 8, no priority_paging
tuning /etc/system to comment out priority_paging
Running clean_passwd
Cleaning the passwd file...
Disabling UID 0 account(s):
Disabling system account(s):
daemon bin sys adm lp uucp nuucp listen nobody noaccess nobody4
Deleting account(s):
root identity will be changed to "Root at zeta"
password and shadow files saved under /etc/passwd.Old and /etc/shadow.Old
Doing the OS cleanup: fix-mode is run first...
Doing the OS Clean-up
Running fix-modes 2.6 2000/01/13 14:13:35 casper
fix-modes done, log file under: /var/sadm/clean-up/clean_up.log
Then we correct well-known incoherences in the SUN installation
clean-up the contents database
cleanup done, log file under: /var/sadm/clean-up/clean_up.log
Running /usr/lib/makewhatis /opt/local/man
We are done with SECclean, echo the summary.
======================================================
SECclean installation has finished.
Changes to the file-system and package database are documented in:
/var/sadm/clean-up/clean_up.log
All changed or replaced files are archived in
/yassp.bk
If crontabs for the users:
lp adm uucp root
exists, they have been deleted. Please, re-enable manually the entries needed
Backup for the crontab files are under:
/yassp.bk/var/spool/cron/crontabs/
To finish hardening, this host must be rebooted.
However, you should first check that /etc/yassp.conf is configured
to your requirements. See also yassp(1) and yassp.conf(4).
======================================================
Installation of <SECclean> was successful.
==========
GNUrcs
==========
Installation of <GNUrcs> was successful.
==========
GNUgzip
==========
Installation of <GNUgzip> was successful.
==========
PARCdaily
==========
Modifying /usr/lib/newsyslog
Installation of <PARCdaily> was successful.
==========
WVtcpd
==========
tcp_wrappers add some example of how to use it in comment in /etc/inetd.conf
Modifying /etc/inet/inetd.conf
and install some default configuration file if they were not present.
Creating /etc/hosts.deny from the distribution file
*** Please configure it!
Creating /etc/hosts.allow from the distribution file
*** Please configure it!
Installation of <WVtcpd> was successful.
==========
PRFtripw
==========
Default configuration file is created if it was not present.
Creating /secure/tripwire/tw.config from the distribution one: /secure/tripwire/tw.config.Dist
*** Please configure it!
you may use tripwire now.
Type: "cd /secure/tripwire/; ./tripwire -i 2 -initialise -c tw.config"
to create a new database,
Use "cd /secure/tripwire/; ./tripwire -q -i 2 -c tw.config"
to check,
***** SAVE YOUR DATABASE IN A SECURE PLACE *****
Installation of <PRFtripw> was successful.
Creating /etc/ssh_config from the distribution file
*** Please configure it!
Creating /etc/sshd_config from the distribution file
*** Please configure it!
ssh has been installed.
run '/etc/init.d/sshd stop;/etc/init.d/sshd start'
to use the new binaries/configuration
Installation of <OPENssh> was successful.
YASSP install is done, now recreate the whatis database if it was present.
Rebuilding the whatis database
YASSP is installed.
Most of these changes will take action at the next reboot.
**** YOUR WORK IS NOT DONE YET ****
*) Edit and configure /etc/yassp.conf
*) Edit and configure /etc/hosts.deny /etc/hosts.allow
*) Edit and configure /etc/sshd_config /etc/ssh_config
*) Read http://www.yassp.org/after.html
and the papers linked under http://www.yassp.org/ref.html
*) make any additional changes/software installation
*) CREATE YOUR tripwire DATABASE AND SAVE IT!!!
Type:
vi /etc/yassp.conf /etc/hosts.deny /etc/hosts.allow
/etc/sshd_config /etc/ssh_config ; cd /secure/tripwire;
./tripwire -i 2 -initialise -c tw.config; cp
/secure/tripwire/databases/tw.db_zeta
TO_A_SECURE_PLACE
***YOUR feedback*** is important: please send comments or flame to:
sansro@sans.org, chouanard@parc.xerox.com
with "YASSP" in the subject
# reboot
Jul 19 22:48:16 zeta reboot: rebooted by root
Jul 19 22:48:16 zeta syslogd: going down on signal 15
Jul 19 22:48:16 rpcbind: rpcbind terminating on signal.
syncing file systems... done
rebooting...
Resetting ...
Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz), No Keyboard
OpenBoot 3.11, 256 MB memory installed, Serial #XXXXXXXX.
Ethernet address 8:0:20:XXXXXXXX, Host ID: XXXXXXXX.
Initializing Memory
Rebooting with command: boot
Boot device: disk File and args:
SunOS Release 5.8 Version Generic 64-bit
Copyright 1983-2000 Sun Microsystems, Inc. All rights reserved.
configuring IPv4 interfaces: hme0.
Hostname: zeta
Tweaking Solaris TCP/IP: Solaris 7 or above (excellent)
tweaking separate connection queues
tweaking against SYN flood symptoms
tweaking timeouts
tweaking pMTU discovery interval and common timers
tweaking misc. parameters
applying security tweaks...
tweaking windows, buffers and watermarks
done.
The system is coming up. Please wait.
checking ufs filesystems
/dev/rdsk/c0t0d0s5: is clean.
Setting netmask of hme0 to 255.255.255.0
syslog service starting.
If they don't exist, RSA and DSA keys for SSH are generated.
ssh-keygen: generating new DSA host key... done.
ssh-keygen: generating new RSA host key... done.
sshd starting.
The system is ready.
WARNING: To protect the system from unauthorized use and to ensure that the
system is functioning properly, activities on this system are monitored and
recorded and subject to audit. Use of this system is expressed consent to such
monitoring and recording. Any unauthorized access or use of this Automated
Information System is prohibited and could be subject to criminal and civil
penalties.
zeta console login: root
Password:
Last login: XXXXX on console
This computer system for authorized use only
# ps -eaf
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 22:49:18 ? 0:15 sched
root 1 0 0 22:49:19 ? 0:00 /etc/init -
root 2 0 0 22:49:19 ? 0:00 pageout
root 3 0 0 22:49:19 ? 0:00 fsflush
root 212 1 0 22:49:45 console 0:00 -sh
root 173 1 0 22:49:43 ? 0:00 /usr/sbin/syslogd -t
root 185 1 0 22:49:44 ? 0:04 /opt/local/sbin/sshd
root 227 212 0 22:53:42 console 0:00 ps -eaf
root 168 1 0 22:49:42 ? 0:00 /usr/sbin/cron
# netstat -an
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
*.* Unbound
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
*.* *.* 0 0 24576 0 IDLE
*.22 *.* 0 0 32768 0 LISTEN
*.* *.* 0 0 32768 0 IDLE
TCP: IPv6
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
--------------------------------- --------------------------------- ----- ------ ----- ------ ----------- -----
*.* *.* 0 0 24576 0 IDLE
# pkgchk -n
#