### Core Installation of Solaris 8 for FW 4.1 ###

	*** NOTE:  This paper is Beta, CheckPoint does ***
	    not yet support Solaris 8 for FireWall-1.

PURPOSE
-------
To outline, in detail, the minimum installation of Solaris 8
for CheckPoint FW-1 version 4.1

DISCLAIMER
----------
All information discussed below is based on Sun Microsystems
Ultra 5 with one qfe Ethernet card and using Solaris 8.  Your 
mileage may vary for different hardware platforms.

INTENT
------
This document is for users who want to use the Core installation
package.  A minimal installation of an operating system helps
build a more secure platform for the Firewall application.  We
will attempt to build a platform with the fewest packages possible.
The end goal is to have a minimum of 23 packages installed.

INSTALLATION
------------
Solaris 8 media comes with three CDROM's for installation.

Solaris 8 Installation 
Solaris 8 Software, Disk 1 of 2
Solaris 8 Software, Disk 2 of 2

Solaris 8 Installation Disk is bootable CDROM.  It is only required 
if you want to install software from several CD's using a single, 
browser based tool.  We will not be using this CDROM.

Solaris 8 Software, Disk 1 of 2 is a bootable CDROM.  This is the
CDROM I recommend you boot off of for installing the Core operating
system.

Solaris 8 Software, Disk 2 of 2.  Contains additional software packages
to add.  We will use this CDROM to add 3 software packages.

To install Solaris 8, I recommend you use the Solaris 8 Software, Disk 1 
of 2.  Boot off this CDROM as you normally would for other software 
installations and follow the normal install procedures.  Be sure to select
the Core installation package.


THE PACKAGES
------------
Once the installation is complete, you should have 44 packages total. 
Below are the 44 packages listed.  We will remove 23 of the packages.

                 ---- Core Install ----

system      SUNWadmr       System & Network Administration Root
system      SUNWatfsr      AutoFS, (Root)
system      SUNWatfsu      AutoFS, (Usr)
system      SUNWauda       Audio Applications
system      SUNWaudd       Audio Drivers
system      SUNWcar        Core Architecture, (Root)
system      SUNWcg6        GX (cg6) Device Driver
system      SUNWcsd        Core Solaris Devices
system      SUNWcsl        Core Solaris, (Shared Libs)
system      SUNWcsr        Core Solaris, (Root)
system      SUNWcsu        Core Solaris, (Usr)
system      SUNWdfb        Dumb Frame Buffer Device Drivers
system      SUNWdtcor      Solaris Desktop /usr/dt filesystem anchor
system      SUNWesu        Extended System Utilities
system      SUNWftpr       FTP Server, (Root)
system      SUNWftpu       FTP Server, (Usr)
system      SUNWhmd        SunSwift SBus Adapter Drivers
system      SUNWkey        Keyboard configuration tables
system      SUNWkvm        Core Architecture, (Kvm)
system      SUNWlibms      Sun WorkShop Bundled shared libm
system      SUNWloc        System Localization
system      SUNWluxop      Sun Enterprise Network Array firmware and utilities
system      SUNWnisr       Network Information System, (Root)
system      SUNWnisu       Network Information System, (Usr)
system      SUNWpcelx      3COM EtherLink III PCMCIA Ethernet Driver
system      SUNWpcmci      PCMCIA Card Services, (Root)
system      SUNWpcmcu      PCMCIA Card Services, (Usr)
system      SUNWpcmem      PCMCIA memory card driver
system      SUNWpcser      PCMCIA serial card driver
system      SUNWpd         PCI Drivers
system      SUNWpl5u       Perl 5.005_03
system      SUNWpsdpr      PCMCIA ATA card driver
system      SUNWqfed       Sun Quad FastEthernet Adapter Driver
system      SUNWrmodu      Realmode Modules, (Usr)
system      SUNWses        SCSI Enclosure Services Device Driver
system      SUNWsndmr      Sendmail root
system      SUNWsndmu      Sendmail user
system      SUNWsolnm      Solaris Naming Enabler
system      SUNWswmt       Install and Patch Utilities
system      SUNWudf        Universal Disk Format 1.50, (Usr)
system      SUNWudfr       Universal Disk Format 1.50
system      SUNWusb        USB Device Drivers
system      SUNWxwdv       X Windows System Window Drivers
system      SUNWxwmod      OpenWindows kernel modules

REMOVING PACKAGES
-----------------
Of these 44 packages, you can remove 23 of them.  To remove a package,
you use the pkgrm(1M) command.  For example, the following command removes
the package SUNWdtcor.

mozart #pkgrm SUNWdtcor

The following 23 packages aer not required to run FW-1 ver 4.1.  Some
of the packages will complain about dependencies.  Don't worry,
you are removing the dependencies also.

               --------- pkgrm -----------

system      SUNWsndmr      Sendmail root
system      SUNWsndmu      Sendmail user
system      SUNWftpr       FTP Server, (Root)
system      SUNWftpu       FTP Server, (Usr)
system      SUNWpcelx      3COM EtherLink III PCMCIA Ethernet Driver
system      SUNWpcmci      PCMCIA Card Services, (Root)
system      SUNWpcmcu      PCMCIA Card Services, (Usr)
system      SUNWpcmem      PCMCIA memory card driver
system      SUNWpcser      PCMCIA serial card driver
system      SUNWpsdpr      PCMCIA ATA card driver
system      SUNWxwdv       X Windows System Window Drivers
system      SUNWxwmod      OpenWindows kernel modules
system      SUNWnisr       Network Information System, (Root)
system      SUNWnisu       Network Information System, (Usr)
system      SUNWpl5u       Perl 5.005_03
system      SUNWcg6        GX (cg6) Device Driver
system      SUNWadmr       System & Network Administration Root
system      SUNWdtcor      Solaris Desktop /usr/dt filesystem anchor
system      SUNWsolnm      Solaris Naming Enabler
system      SUNWatfsr      AutoFS, (Root)
system      SUNWatfsu      AutoFS, (Usr)
system      SUNWauda       Audio Applications
system      SUNWaudd       Audio Drivers

ADDING PACKAGES
---------------
There are several required packages you have to add for FW-1 4.1 to install 
and function properly.  There are also several optional packages you may
want to install.  To install packages, first mount the CDROM.  You will have
to do this manually, as volume manager is not installed with Core.

For the Ultra5
mozart #mount -F hsfs -o ro /dev/dsk/c0t2d0s0 /cdrom

For most other Sparc systems
mozart #mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /cdrom

mozart $cd /cdrom/Solaris_8/Product


   ---------- required packages by FW-1 -------

system      SUNWlibC       Sun Workshop Compilers Bundled libC (CDROM 1 of 2)
                           required by FWDIR/bin/cpconfig

system      SUNWter        Terminal Information		       (CDROM 2 of 2)
                           required for FW-1 installation

system      SUNWscpu       Source Compatibility, (Usr)         (CDROM 1 of 2)
                           /usr/ucb/ln required for upgrades

NOTE: The only purpose for SUNWscpu is for /usr/ucb/ln.  If you do not want
to install the whole package, you can simply execute the following for the
same functionality.

/bin/ln -s /bin/ln /usr/ucb/ln

   ---------- optional packages -------
system      SUNWadmc       System administration core libraries (CDROM 1 of 2)
system      SUNWadmfw      System & Network Administration Framework  (1 of 2)
                           includes showrev(1M)

system      SUNWdoc        Documentation Tools                  (CDROM 1 of 2)
system      SUNWman        On-Line Manual Pages                 (CDROM 2 of 2)
system      SUNWgzip       The GNU Zip (gzip) compression utility     (2 of 2)

If you want to add compiling capabilities (not recommended)
system      SUNWsprot      Solaris Bundled tools
system      SUNWhea        SunOS Header Files
system      SUNWtoo        Programming Tools
system      SUNWarc        Archive Libraries
system      SUNWbtool      CCS tools bundled with SunOS



To learn what binaries belong to what package, use the command pkgchk(1M).  
For example, to learn what package truss belongs to, use the following command
on another Solaris system with truss installed on it.

# pkgchk -l -p  /usr/bin/truss
Pathname: /usr/bin/truss
Type: regular file
Expected mode: 0555
Expected owner: bin
Expected group: bin
Expected file size (bytes): 123736
Expected sum(1) of contents: 41220
Expected last modification: Jun 18 17:11:15 1998
Referenced by the following packages:
        SUNWtoo        
Current status: installed

PACKAGES COMPLETED
------------------
When you are done installing the operating system and removing/adding
packages, you should have the following 23 packages installed (not counting
any optional packages).

system      SUNWcar        Core Architecture, (Root)
system      SUNWcsd        Core Solaris Devices
system      SUNWcsl        Core Solaris, (Shared Libs)
system      SUNWcsr        Core Solaris, (Root)
system      SUNWcsu        Core Solaris, (Usr)
system      SUNWdfb        Dumb Frame Buffer Device Drivers
system      SUNWesu        Extended System Utilities
system      SUNWhmd        SunSwift SBus Adapter Drivers
system      SUNWkey        Keyboard configuration tables
system      SUNWkvm        Core Architecture, (Kvm)
system      SUNWlibC       Sun Workshop Compilers Bundled libC
system      SUNWlibms      Sun WorkShop Bundled shared libm
system      SUNWloc        System Localization
system      SUNWluxop      Sun Enterprise Network Array firmware and utilities
system      SUNWpd         PCI Drivers
system      SUNWqfed       Sun Quad FastEthernet Adapter Driver
system      SUNWrmodu      Realmode Modules, (Usr)
system      SUNWses        SCSI Enclosure Services Device Driver
system      SUNWswmt       Install and Patch Utilities
system      SUNWter        Terminal Information
system      SUNWudf        Universal Disk Format 1.50, (Usr)
system      SUNWudfr       Universal Disk Format 1.50
system      SUNWusb        USB Device Drivers

CONCLUSION
----------
Your operating system should now have 23 packages installed (depending
on hardware platform).  This should help build a more secure platform
for your firewall application).

Please send any corrections or suggestions to lance@spitzner.net

EOF