Table of contents:

1. Intro
2. OS installation:
3. OS Cleanup
4. Others packages available
5. References & Links
6. pgp key

From the logs of this ftp server, I can see that people are reading this page and downloading some package, but I am getting nearly no feedback at all.

*Please*, don't hesitate to drop me an E-mail if you are using this package. Thanks!

Introduction:

This is a short "how to", dedicated to people having to deal with host security under solaris  2.6//2.7

The goal is to install Solaris and have a good host security without having to spent hours in modification. Also, as the basic configuration will be standard, I have add a set of useful tools compiled and package to make their installation easiest.
At the end, the install should be *clean* (= "pkgchk -n" has no error)

The first step is to disable everything which is not needed.

Each package will install their default configuration files if they do not exist, and run any init script if needed. They won't delete their configurations files at the de-install time which ease your work for updating these package.
We have used this packaging to install files servers, ftp servers, NIS servers, firewalls and host. It is quite nice not to have to wonder how to do that and very useful to be able to update package independently.

As the source of the SECclean package are available, it is easy for you to copy it and to localize it so it will reflect your configuration. From this package, we have derived different classes of package to install NIS server, NFS server and end user workstation.

For more information on the SECclean package and on how to localize it to meet your need, see: ftp://ftp.parc.xerox.com/pub/jean/solins/secclean.html

OS installation:

Do the install from CD-ROM (Either the original Solaris 2.6//2.7 distribution, either the latest hardware release)

Provide the information as needed:

• Hostname: YourHostName
• Networked: YES
• IP address: X.X.X.X
• Name service: NONE
• System part of a subnet: Depending of your site. If yes, setup also your Netmask.
• Setup the timezone
• Setup Time & Date
• Choose "Initial" install option
• System type: Standalone
• Software: The software configuration choice will depend of the use of your server. I was used to recommend people to always try to use the smallest soft package offered, but unfortunately, lot of software now request to have the end user or development package selected.
  Note also that is you choose the core package, the /usr/sbin/patchadd script won't work anymore as it refer to /usr/xpg4/bin/grep. You will need to edit /usr/sbin/patchadd and replace all instance of /usr/xpg4/bin/grep by /usr/bin/grep.
• Disk: Chose the disk(s) you want to configure:
  Partition choice are and will stay forever controversial.
  You need to keep in mind that some systems cannot boot from partitions > 1GB, all 32bit sparcs cannot boot from partitions > 2GB and only Ultra 2.6 or later can boot from big partition.
  It's up to you... :-)
• No remote mounts
• Click on "Begin Installation" , click "automatic reboot" and wait... It will also make the patch install from the hardware release if you are using it.
• At the reboot, setup the root passwd
• log as root.
• For Solaris 2.6, Get the Recommended Patches cluster for Solaris 2.6 (ftp://sunsolve.sun.com/pub/patches/2.6_Recommended.tar.Z)
  For Solaris 2.7, Get the Recommended Patches cluster for Solaris 2.7 (ftp://sunsolve.sun.com/pub/patches/7_Recommended.zip)
  For Solaris i386 2.7, Get the Recommended Patches cluster for Solaris i86 2.7 (ftp://sunsolve.sun.com/pub/patches/7_x86_Recommended.zip)
  up to date, from sunsolve and copy them to the workstation you are installing by the way of a hard drive, or using a private network connection, so that your host which is still vulnerable, won't be exposed on a network.
  Install them: uncompress and untar the cluster patch, run the install script and remove them.

  > cd /var; mkdir tempo; cd tempo
  > zcat <where.ever.is.your.patch.file>.tar.Z | tar xf -
  > ./install_cluster
  > cd /
  > rm -r /var/tempo <where.ever.is.your.patch.file>.tar.Z

  This might take a while!!!! Be patient or plan to do that at the end of the day, to get the result the day after.
  Verify that the installation was ok: check the log file under /var/sadm/install_data/Solaris_2.6_Recommended_log or a similar location as shown at the end of the installation of the patch cluster.
• Reboot

  > reboot

OS Cleanup

It's time now to modify filemode of various files (Too permissive) updating; the content database to reflect these filemode change and to correct the content database (The standard install (or the patch) generate a content database incoherent with the files installed). These two step have been gathered in a single process to simplify the install:
1. The first step will be done using the fixmode utilities provided by Casper Dik <casper@holland.Sun.COM> (See ftp.wins.uva.nl:/pub/solaris/fix-modes.tar.gz). It will make system file permissions more sane (secure).
2. The second step is a shell script doing a bunch of removef and installf to correct the content database when needed. The goal of this second step is to cleanup the content database so that everything *is* coherent: we could now built or system on top of it and be careful to keep it coherent.
The same precaution of not connecting the host to a public network as it is still vulnerable is *still* a strong recommendation.

How to install it:

• For Solaris 2.6 Download it from ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/clean-up_5.6.tar.Z
  check its pgp signature : ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/clean-up_5.6.tar.Z.asc
• For Solaris 2.7 Download it from ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/clean-up_5.7.tar.Z
  check its pgp signature : ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/clean-up_5.7.tar.Z.asc
• For Solaris 2.7 i386 (Intel based) Download it from ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/clean-up.i386_5.7.tar.Z
  check its pgp signature : ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/clean-up.i386_7.6.tar.Z.asc
• Untar it: It will expand using the absolute path: /var/sadm/clean-up[6 or 7]
  > zcat <Where.ever.I.have.download.the.file>.tar.Z |tar xf -
  You have now a directory /var/sadm/clean-up_5.6/[6 or 7], containing a shell script install.sh and others files&dirs.
• Run the install script
  > /var/sadm/clean-up_5.[6|7]/install.sh
  => They should be no errors and the output of the last command "pkgchk -n" should be null, except a warning on "/home" as the automounter is still running.
• Remove the temporally files&dirs:
  > cd /
  > rm -rf <Where.ever.I.have.download.the.file>.tar.Z
• reboot

Notes regarding the installation of this step:
This is the only step modifying the basic install which is *not* a package, but the way the shell script was written enable you to undo these *two* steps. ( I didn't look if it was really useful to have it as a package format, as it is mainly dealing with the package content database)

How to undo this step:


> /var/sadm/clean-up_5.[6|7]/un-install.sh
> cd /
> rm -rf /var/sadm/clean-up_5.[6|7]
> reboot

Security package

This is time now to cleanup the system configuration.
• The first step is to install a set of shells functions provided as a file in a package PARCpkgu. These shell functions are some basic files manipulation functions to ease file saving and restoration within a Solaris package and are used by various others higher level packages.
• Download the package from: ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/parcpkgu.Z.
• Check its pgp signature from: ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/parcpkgu.Z.asc
• Transfer it to the workstation (which should still have *no* network connectivity with a public network) under /tmp.
• uncompress the file:
  > cd /tmp; uncompress parcpkgu.Z
• Add the package:
  > pkgadd -d parcpkgu
• The second step is to install the SECclean package. It will modify or initialize: /etc/passwd, /etc/inet/services, /etc/inet/inetd.conf, /etc/init.d/inetsvc, /etc/init.d/inetinit, /etc/profile, /etc/shells, /etc/system, /etc/syslog.conf, /etc/default/inetinit and /etc/ftpusers.

It will also cleanup most of the /etc/rc?.d/S* files, and the existing cronfiles...
The goal is to have the strict minimum of processes running and sane configuration for inetd, syslog and other demons. Also, having the system in a standard configuration ease the process for others packages: we *know* the current state.
• Download the package from: ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/secclean.Z. The current version is 3.3.
• Check its pgp signature from: ftp://ftp.parc.xerox.com/pub/jean/solins/OS-cleanup/secclean.Z.asc
• Transfer it to the workstation (which should still have *no* network connectivity with a public network) under /tmp.
• uncompress the file:
  > cd /tmp; uncompress secclean.Z
• Add the package:
  > pkgadd -d secclean
  BE PATIENT: The postinstall script may take a while to be executed!
• reboot
• logon as root and check the processes running:
  > ps -eaf
  The output should be similar to:

  	      SU-lists{165} ps -eaf
  	           UID   PID  PPID  C    STIME TTY      TIME CMD
  	          root     0     0  0 13:41:04 ?        0:00 sched
  	          root     1     0  0 13:41:08 ?        0:00 /etc/init -
  	          root     2     0  0 13:41:08 ?        0:00 pageout
  	          root     3     0  0 13:41:08 ?        0:00 fsflush
  	          root   135   132  0 13:41:29 ?        0:00 /usr/lib/saf/ttymon
  	          root   100     1  0 13:41:26 ?        0:00 /usr/sbin/inetd -s -t
  	          root   132     1  0 13:41:29 ?        0:00 /usr/lib/saf/sac -t 300
  	          root   142   133  0 13:56:21 console  0:00 ps -efa
  	          root   133     1  0 13:41:29 console  0:00 -sh
  	          root   124     1  0 13:41:28 ?        0:00 /usr/lib/utmpd
  	          root   108     1  0 13:41:26 ?        0:00 /usr/sbin/cron
  	          root   110     1  0 13:41:27 ?        0:01 /usr/sbin/syslogd
                

At this point, you have a fresh & clean solaris install. On top of it, you could install what ever need to run on this workstation/server. We have use this install to build NIS server, files server, bastion host... Keep is mind that for any services you want to enable, you will have *FIRST* to check that everything he need to use is running, as by default all most of the standard Sun services are turn off.
For example, to use NIS/YP on such workstation, you will need first to create a file under /etc/domainname with the name of your domain, and them turn on the rpc standard services by moving back the S71rpc file:
> cd /etc/rc2.d; ln ../init.d/rpc ./S71rpc.

Same for NFS, openwin and lot of others service: rpcbind is needed.

For more information on the SECclean package and on how to localize it to meet your need, see: ftp://ftp.parc.xerox.com/pub/jean/solins/secclean.html

All the following package have been built on top of this install. No human action and no check are needed if you are installing them on top of the install describe here. Only configuration files will have to be localize.

• Manual cleanup after the SECclean install:
  
  • After the SECclean instal, you might also want to modify /etc/vfstab so that /usr is mounted read-only and any other file system except / is mounted no-suid. / can be mount no-suid only if you have created a separate partition for /dev and /devices.
  • You can disable <Stop-A> to halt your workstation from the console by editing /etc/default/kbd and setting KEYBOARD_ABORT to disable
    keep in mind that it disable you to <Stop-A> and then do a # sync which may be useful...
  • You can turn on EEPROM security functionality by typing:
    > eeprom security-mode=command
  • If you are using multiple network interfaces, you may want to use a different MAC address for each of them. By default, Solaris will use the same MAC addresses for all the network interfaces connected to the same box (It will use the MAC address which is burnt in the EEPROM motherboard). If you want each network interfaces to use its own MAC address, type:
    > eeprom local-mac-address\?=true
    and reboot.

Others packages available.

These packages have been compiled under Solaris 2.6. (Solaris 2.5.1 is no more supported outside PARC).
They all have been compiled using gcc, except for BIND which have been compiled using Sunpro CC (4.2).

The "DESC" field of the package give you the specific option chosen at the configuration time, if any (See tcpd or ssh for ex.). The DESC field is seen using the pkginfo -l pkgname command.

They all use /opt/local as the install prefix, except

• perl which install itself under /opt/perl
• tcp_wrappers and BIND which install themselves under /usr as they can be used during the boot time. (BIND library and include are installed under /usr/local/bin as default)

They are all stored as a compressed Solaris stream package: to install, uncompress the file then do:


> pkgadd -d <nameof the uncompressed file>

Compiled under Solaris 2.6, will work under 2.6 or 2.7 SPARC architecture:

• tcsh (version 6.08): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/cztcsh.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/cztcsh.Z.asc

  DESC="The package contains tcsh 6.08.00, configured with --prefix=/opt/local"

• ssh (version 1.2.27-SDI) with new securID support (See ftp://ftp.parc.xerox.com:/pub/jean/sshsdi/README): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/sshsdi.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/sshsdi.Z.asc

  DESC="The package contains the full distrib of ssh-1.2.27 (client and server) w/ new SDI (SecurID) Authentication and the following config: --prefix=/opt/local --without-rsh --with-sdiauth=/opt/ACEserv/ace/examples --with-libwrap"

• tcp Wrapper (version 7.6): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/wvtcpd.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/wvtcpd.Z.asc

  DESC="[Wietse Venema] tcp_wrappers 7.6, see ftp://ftp.porcupine.org/pub/security/index.html . Compiled For Advanced installation, with STYLE=-DPROCESS_OPTIONS and no BUGS defined as Solaris2.6 is clean. libwrap.a is included. Man8 has been moved to man1m."

• perl (version 5.005_03): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/perl.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/perl.Z.asc

  DESC=" perl, configured with --prefix=/opt/perl"

• NEW BIND (version 8.2.2-P5): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/iscbind.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/iscbind.Z.asc

  DESC=" Berkeley Internet Name Daemon, an implementation of the DNS protocols now su pported by the Internet Software Consortium, compiled on 2.6 with SUN's sunprocc"

• Sleepycat Software's Berkeley DB (version 2.7.5): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/scbsddb.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/scbsddb.Z.asc

  DESC="Version 2.7.5 of Sleepycat Software's Berkeley DB compiled on Solaris 2.6"

• top (version 3.5beta9): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/wlftop.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/wlftop.Z.asc

  DESC="top 3.5beta9, from William LeFebvre and a cast of dozens. See ftp://ftp.groupsys.com/pub/top, compiled on Solaris 2.6"

• Cyclic Software CVS (version 1.10): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/cyccvs.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/cyccvs.Z.asc

  DESC="Cyclic Software CVS 1.10, configured with --prefix=/opt/local. make check ran OK after few correction in the sanity.sh script."

• GNU gcc (version 2.95.1): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugcc95.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugcc95.Z.asc

  DESC="GNU gcc (version 2.95.1), configured with --prefix=/opt/local (make bootstrap)"

• GNU gcc (version 2.8.1): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugcc.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugcc.Z.asc

  DESC="GNU gcc (version 2.8.1), configured with --prefix=/opt/local"

• GNU emacs (version 20.3): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnuemacs.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnuemacs.Z.asc

  DESC="GNU emacs (version 20.3), configured with --prefix=/opt/local"

• Xemacs (version xemacs-21.1.4): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/xemacs.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/xemacs.Z.asc

  DESC="Xemacs 21.1.4 with xpm and png included, with the sumo tarball, configured with --prefix=/opt/local"

• GNU grep (version 2.3): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugrep.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugrep.Z.asc

  DESC=" GNU grep-2.3, configured with --prefix=/opt/local"

• GNU gzip (version 1.2.4a): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugzip.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugzip.Z.asc

  DESC=" GNU gzip-1.2.4a, configured with --prefix=/opt/local"

• GNU less (version 440): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnuless.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnuless.Z.asc

  DESC=" GNU less 440, configured with --prefix=/opt/local"

• GNU make (version 3.77): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnumake.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnumake.Z.asc

  DESC=" GNU make 3.77, configured with --prefix=/opt/local"

• GNU rcs and GNU diffutils (version 5.7 // 2.7): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnurcs.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnurcs.Z.asc

  DESC=" GNU rcs-5.7 and diffutils-2.7, configured with --prefix=/opt/local --with-diffutils"

• GNU tar (version 1.13): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnutar.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnutar.Z.asc

  DESC=" GNU tar, configured with --prefix=/opt/local"

• GNU gawk (version 3.0.4): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugawk.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugawk.Z.asc

  DESC=" GNU gawk, configured with --prefix=/opt/local"

• GNU bison (version 1.28): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnubison.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnubison.Z.asc

  DESC=" GNU bison, configured with --prefix=/opt/local"

• GNU dbm (version 1.8.0): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnudbm.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnudbm.Z.asc

  DESC=" GNU dbm, configured with --prefix=/opt/local"

• GNU flex (version 2.5.4): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnuflex.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnuflex.Z.asc

  DESC=" GNU flex, configured with --prefix=/opt/local"

• GNU gdb (version 4.18): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugdb.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnugdb.Z.asc

  DESC=" GNU gdb, configured with --prefix=/opt/local"

• GNU m4 (version 1.4): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnum4.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/gnum4.Z.asc

  DESC=" GNU m4, configured with --prefix=/opt/local"

Compiled under Solaris 2.6, will work *ONLY* under 2.6 SPARC architecture:

Traceroute is part of Solaris 7
• traceroute (version 1.4a5): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/lbnltr.Z
  pgp signature ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/5.6/lbnltr.Z.asc

  DESC="traceroute-1.4a5 compiled on Solaris 2.6, From Lawrence Berkeley National Laboratory, Network Research Group "

Compiled under Solaris 2.7, will work *ONLY* under 2.7 SPARC architecture:

Nothing yet...

Compiled under Solaris 2.7, will work *ONLY* under 2.7 Intel (i386) architecture:

• ssh (version 1.2.27-SDI) with new securID support (See ftp://ftp.parc.xerox.com:/pub/jean/sshsdi/README): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/i386-5.7/sshsdi.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/i386-5.7/sshsdi.Z.asc

  DESC="The package contains the full distrib of ssh-1.2.27 (client and server) w/ new SDI (SecurID) Authentication and the following config: --prefix=/opt/local --without-rsh --with-sdiauth=/opt/ACEserv/ace/examples --with-libwrap"

• tcsh (version 6.08): ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/i386-5.7/cztcsh.Z
  pgp signature: ftp://ftp.parc.xerox.com/pub/jean/solins/pkg/i386-5.7/cztcsh.Z.asc

  DESC="The package contains tcsh 6.08.00, configured with --prefix=/opt/local"




---

Others references & Links

• Very good page on tcp tuning under solaris by Jens-S. Vöckler
• Casper's tools (fixmode and others): great solaris tools
• Hal Pomeranz's solaris course done at SANS .
• The Solaris Security FAQ Has been updated !!! Yeah!
• The Titan Project

The followings references need a valid sunsolve login

• SUN ndd/TCP page: http://sunsolve.Sun.COM/private-cgi/retrieve.pl?type=0&doc=infodoc%2F12618&zone_32=12618
• SUN Solaris Routing FAQ: http://sunsolve.Sun.COM/private-cgi/retrieve.pl?type=0&doc=infodoc%2F17947&zone_32=17947
  

---

My PGP Key


-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGP for Personal Privacy 5.5.3 


mQCNAjHH+nUAAAEEALtlzCJ2o7xVEq+HMwGdyPMlRY//7NFFID5BviZXURL0LLLe
Ogda3JyR77VlZ9/RvBQOxqyisHcSFcFs4ea1J/ngPEs6yxXsSvpzkWL4vR6DfvuM
KuZ3VPTRqn2BBnDaDlhj3ko60LeFKMwLi0aqoV2r7DN81LB8CGKD550WCxh7AAUR
tClKZWFuIENob3VhbmFyZCA8Y2hvdWFuYXJkQHBhcmMueGVyb3guY29tPokAlQMF
EDTXdRNig+edFgsYewEB9dwD/RUIONAu7aN6xg6p4BFIHz1ucY8xMTCsISGUqhJG
SQnB+KO6UVietQI8BemXL/fpBQM8jxMwY+OPNr4hgG9UHi3ORKFiYvT0NAnLMrjl
OTsXLHsfUsKolGgGdrfzBdj+KzzwPmJpDVIiQPnv5VaDlKidVYphcR3TRHd6+iKv
YrnjtCZKZWFuIENob3VhbmFyZCA8amVhbkBjaW5vcHMueGVyb3guY29tPokAlQIF
EDO5WPRig+edFgsYewEBhycEAJ8BERgm53HWUQpbxjTBEVrRfCv72xA/A7I8PPw8
i2kIvZDpOH1mWF5pQrmNzctproJo1eesBoQZCM5Bc1b1tdy4Om7PiGxRtPUYwrKh
GWZWtm5RFbzmHRJ1+4RHC6wx4SW3IQutoeb/jBJWUCLKBN9E/PyC0YZupvJ2c4aT
fpbltCRKZWFuIENob3VhbmFyZCA8amVhbkBwYXJjLnhlcm94LmNvbT6JAJUDBRA0
/eHFYoPnnRYLGHsBAZCbA/oDj6nctvYVLzVqzwvq8U9L2JanQDkJuCkosLjLKprI
43XCi1zuvEKQ08sqAW3NeESRz8nkeezhV2lG5HGLRjy/3nspTF6y5zhgecoBOC8y
O33D1VaqyRaMC4lJCxaKe6JzOiK+D8CNjJydf/XlCl5KvjzOj0Izho/QJfmOKdb9
rrQeSmVhbiBDaG91YW5hcmQgPGplYW5AaDJ0cC5jb20+iQCVAwUQNXNwVGKD550W
Cxh7AQGgBgP/YKLiUiwxXLkBd5A4P7tVZch2tjPN8ce/PdWjgFqxmtuwgGW2egUs
cyTa6SF7Gnz1wVukxPXeie4zjalTJh1wnLjscG8AavOEkDwY3Ksy2TjzCuGHZFJ8
VB13JnFG+acNeKPPd8GXHpd5m4TwC0vFpjbjHgY3dWOYxSoc6NFSj48=
=lGIG
-----END PGP PUBLIC KEY BLOCK----- 

---

Last Modified: $Id: solins.html,v 1.19 1999/11/15 07:56:24 chouanar Exp $; by Jean Chouanard, Xerox PARC