Solaris 10 hardening
For all the people who have always found that their Solaris boxes were running too many services after a default install, Solaris 10 ships with so called "profiles".these profiles are found under /var/svc/profile.
if you take a look there, you'll find a symlink named 'generic.xml' pointing to a file named 'generic_open.xml'.
however, there's also a file named 'generic_limited_net.xml'.
if you make the 'generic.xml' symlink point to the 'generic_limited_net.xml' file, much fewer smf(5) services and instances of services are started upon reboot.
of course, you don't actually have to reboot to make these changes.
smf(5) provides you the svccfg(1M) command.
simply invoke svccfg(1M) as such:
# svccfg apply filename
in this case, we would apply the 'generic_limited_net.xml' filename.
do make sure though to symlink the generic.xml file to the generic_limited_net.xml so the new profile will become persistent accross reboots.
posted by .marco. @ 09:46
0 Comments:
Post a Comment
<< Home