UNIX XING / LinkedIn / Amazon

Short tip: First steps after HP-UX 11i v1/v2 installation

There are plenty of changes that have to be made after a fresh HP-UX 11i v1/v2 installation because of missing pre-configuration. For example:

  1. Name resolution
    By default, the file /etc/nsswitch.conf doesn’t exist and has to be created and modified using a template. If this isn’t done, neither XF86 nor the sw utility family (swinstall, swremove,…) are working:

    # ls -1 /etc/nss*
    # cp /etc/nsswitch.files /etc/nsswitch.conf
    # vi /etc/nssswitch.conf
    hosts:        files dns

    In this example the system is configured to resolve services, protocolls, user/groups, et cetera using local files. Hostnames are additionally resolved using DNS.

  2. Expand volume groups/logical volumes
    If you missed selecting the advanced installation assistant for expanding logical volumes, it might be the right moment to do this now. Elsewise the installation of additional software or patches might fail because of missing space on the hard drive.
  3. Install Hardware Enablement Bundle / Support-Plus Package
    Depending on the age of the Operation Environment installation media it might be wise to install the latest Hardware Enablement Bundle and/or Support-Plus Packge to enable hardware support and fix security issues and bugs.
  4. Modify screen settings (if used)
    If you’re using a graphical interface, you might want to select the screen resolution before the first use. Using sam you’re not only able to modify the screen resolution and color depth but also the amount of used screens.
  5. Enable SSH
    By default, telnet is used for remote administration purposes – this should be changes as soon as possible after the installation. A for HP-UX modified OpenSSH derivate, which also comes with Kerberos and IPv6 support, is available under the Name “HP-UX Secure Shell” at no charge. The software can be downloaded after a short registration on the HP website: [click me!]

    # swinstall -s /path/to/hpux-secureshell.depot
    # /sbin/init.d/secsh start

    It is possible that the Secure shell daemon doesn’t start automatically after a reboot because the required “Pseudo Random Number Generator Daemon” (PRNGD) wasn’t started yet. To fix this, modify the daemon start order.

    After the successfully activation of SSH, telnet should be disabled as soon as possible!

  6. Disable unrequired services
    Unfortunately, there are plenty additional pre-enabled services that aren’t required on conventional servers. For example:

    • FTP
    • NFS
    • kshell/rlogin
    • daytime
    • time

Of course, there are plenty additional settings that might be altered on a new HP-UX system. The above-named steps are the first steps that I do on a new machine.

Sharing is caring

Leave a Reply

Your email address will not be published. Required fields are marked *