Caldera has a graphical installation for 2.2 called "lizard", with a number of nice features. During the installation it will force you to create a user account, hopefully this will encourage people to not constantly log in as root. As well there is an entry for "sulogin" in the /etc/inittab file, meaning you can't just type "linux single" at the lilo boot prompt and get dumped to a command prompt as root, you must first enter root's password. There are however several problems with the default installation that you will need to correct.
The file /etc/inetd.conf which controls various Internet related services has many older, and dangerous services turned on:
echo stream tcp nowait root internal echo dgram udp wait root internal discard stream tcp nowait root internal discard dgram udp wait root internal daytime stream tcp nowait root internal daytime dgram udp wait root internal chargen stream tcp nowait root internal chargen dgram udp wait root internal gopher stream tcp nowait root /usr/sbin/tcpd gn shell stream tcp nowait root /usr/sbin/tcpd in.rshd login stream tcp nowait root /usr/sbin/tcpd in.rlogind exec stream tcp nowait root /usr/sbin/tcpd in.rexecd talk dgram udp wait nobody.tty /usr/sbin/tcpd in.talkd ntalk dgram udp wait nobody.tty /usr/sbin/tcpd in.ntalkd uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/sbin/uucico -l
These should all be commented out (place a "#" at the beginning of the line), and restart inetd with "killall -1 inetd".
One service many people will want turn off is portmap, it is used for a variety of services, such as nfs, and has had a history of problems. Turning it off in OpenLinux is a bit of a pain however since it is started from the same script that initializes inetd. You can either remove the portmap package ("rpm -e portmap") or you can go into /etc/rc.d/init.d/inet and edit the following:
NAME1=inetd DAEMON1=/usr/sbin/$NAME1 NAME2=rpc.portmap DAEMON2=/usr/sbin/$NAME2
NAME1=inetd DAEMON1=/usr/sbin/$NAME1 #NAME2=rpc.portmap #DAEMON2=/usr/sbin/$NAME2
# Bail out if neither is present [ -x $DAEMON1 ] || [ -x $DAEMON2 ] || exit 2
# Bail out if neither is present [ -x $DAEMON1 ] || exit 2
[ -x $DAEMON1 ] && ssd -S -n $NAME1 -x $DAEMON1 -- $INETD_OPTIONS [ -x $DAEMON2 ] && ssd -S -n $NAME2 -x $DAEMON2 -- $PORTMAP_OPTIONS
[ -x $DAEMON1 ] && ssd -S -n $NAME1 -x $DAEMON1 -- $INETD_OPTIONS # [ -x $DAEMON2 ] && ssd -S -n $NAME2 -x $DAEMON2 -- $PORTMAP_OPTIONS
and then comment out this entirely:
NFS="" cat /etc/mtab | while read dev mpoint type foo; do [ "$type" = "nfs" ] && NFS="$mpoint $NFS" done if [ -n "$NFS" ]; then echo -n "Unmounting NFS filesystems: " POLICY=I # Ignore 'device busy' during shutdown [ "$PROBABLY" != "halting" ] && POLICY=1 # exit on 'busy' for mpoint in $NFS; do SVIrun S $POLICY "$mpoint" "!$mpoint" \ umount $mpoint done echo "." fi
Another service installed by default in OpenLinux 2.2 is the Auto Mount Daemon (amd). It allows you to define directories and devices of nfs locations, so I can define /auto/cdrom as being /dev/cdrom, so when you "cd /auto/cdrom" the system automatically mounts /dev/cdrom as /auto/cdrom with the appropriate options (read-only, etc.). The amd service uses a semi-random port number, usually in the 600-800 range. This service is definitely very useful on a workstation, it saves the users from having to manually mount every removable media device they wish to use (cdrom and floppy being the most common). However I would not recommend on machines running as servers due to a history of problems amd has had. Turning off amd is easy, simply move the symlinks from "S30amd" to "K70amd".
mv /etc/rc.d/rc3.d/S30amd /etc/rc.d/rc3.d/K70amd mv /etc/rc.d/rc5.d/S30amd /etc/rc.d/rc5.d/K70amd
SSH rpm's are not available for OpenLinux 2.2 (that is to say I have not found any). The SSH rpm's for Red Hat systems fail miserably, and the source rpm's also fail to compile, SSH does compile cleanly from source code, with no problems. You can get the SSH source code from: ftp://ftp.replay.com/pub/replay/crypto/SSH/. To start sshd you need to minimally run "/usr/local/bin/sshd" at boot time from a script, it will look for it's config files in /etc, and should start ok.
Haven't tested the Novell software yet, unknown if there are any issues.
Updates for Caldera OpenLinux 2.2 are available from: ftp://ftp.calderasystems.com/pub/openlinux/2.2/current/RPMS/.
Written by Kurt Seifried