Solaris 10 Query Appreciation Day

Occasionally, I look through the referer logs to see how people happen to come across my little patch of cyberspace. It is often very interesting to see what people are actually searching for when they are directed to this blog. Today, I would like to give back to those who have taken the time to visit and look around this site after being directed to it by a search engine. To that end, I will list some of the search queries that were in the referer listing today along with answers to questions or pointers that people can use for more information.

So without further ado...

The first search query reference comes from our friends at Yahoo from someone looking for more information on locked accounts in Solaris.

This topic has been covered previously. There is a little more information that can be found in the Solaris 10 What's New document as well as the passwd(1) manual page as well.

The next query comes from our friends at Google from someone looking for steps on how to disable the telnet service in Solaris 10.

The answer to this is very straightforward:

# svcadm disable telnet

That is all there is to it. Keep in mind that if you do not want the telnet service at all on your system you can also simply remove the SUNWtnetd and SUNWtnetr packages using the command:

# pkgrm SUNWtnetd SUNWtnetr

Further, if you want to simply use TCP Wrappers to control access to telnet in Solaris 10, check out this entry.

Another Google query was looking for information on minimal Solaris 10 configurations. This is a great topic. In Solaris 10, a new software installation cluster called the Reduced Networking Meta Cluster is available and should be leveraged when building minimal configurations. You can read about it here. Further, for a great read check out Eric Boutilier's seven part series on building a UNIX OE platform from scratch.

Well, that's enough for today. I would like to occassionally do more entries like this where we can provide more directed feedback based on what people are actually searching for. While it may be too late in some cases for them, it may help people down the road who have similar questions or concerns.

I am off to finalize a presentation on Solaris recommended practices for the NY State Cyber Security Conference. If you will be at the conference tomorrow, please drop by and say hello!

Take care!

Technorati Tag:

Comments:

How do I disable telnet and SMTP services on a sparc sol 10 box?

Posted by Priya on July 05, 2006 at 09:29 PM EDT #

How do I disable SMTP services on a sparc sol 10 box?How do I disable SMTP services on a sparc sol 10 box?

Posted by Priya on July 05, 2006 at 09:40 PM EDT #

How do I disable SNMP services on a sparc sol 10 box?

Posted by Priya on July 05, 2006 at 09:51 PM EDT #

Priya,

Sorry for the delay. I was out on vacation last week. To answer your questions:

You can disable telnet on Solaris 10 using the command:

# svcadm disable telnet

Disabling SMTP is a bit more interesting as it really depends on what you want to do. Do you want to simply prevent sendmail from listening for incoming connections or do you also want to prevent sendmail from running in queue only mode? Assuming you meant that you really want to disable sendmail, you can use the command:

# svcadm disable sendmail

If you want to configure sendmail for queue more processing only, it is more tricky. I suggest taking a look at the recommendations implemented by the Solaris Security Toolkit or the Center for Internet Security's Solaris 10 Security Benchmark.

Lastly, you asked about SNMP. To disable this, you will need to disable the run-control (rc3.d)scripts, S76snmpdx, S77dmi, and S82initsma. This is can also be more easily accomplished (and audited) using the Solaris Security Toolkit. Remember that you must run those run-control scripts with the "stop" argument for the services to be stopped on a running system. Otherwise, the changes will take effect on next reboot.

The good news is that in OpenSolaris and Nevada, this gets much easier. For example, to configure sendmail for local only use, you can just use the commands:

# svccfg -s sendmail setprop config/local_only = true
# svcadm refresh sendmail

For the SNMP services, you would use the following command. Note that DMI has been removed from OpenSolaris/Nevada:

# svcadm disable snmpdx sma

For more on this and other changes in OpenSolaris and Nevada, check out my entry on Solaris Secure by Default.

Please let me know if this helps. Take care,

Glenn

Posted by Glenn Brunette on July 10, 2006 at 08:17 AM EDT #

This is a very good site. Thanks !!!

Posted by mikgruff on January 31, 2007 at 07:32 AM EST #

Thanks for the help with disabling SNMP. Made it a snap.

Posted by Doug on April 19, 2007 at 03:38 AM EDT #

Dear friends . I want to enable snmp Service on Solaris 10..I know its already their but i don't know how can i check and enable ...Its Urgent Thanks Saqib

Posted by Saqib Sheikh on June 30, 2007 at 01:34 AM EDT #

All you need to do is:

# svcadm enable sma

You will still need to configure your newly enabled SNMP service. The configuration for this is in /etc/sma/snmp.

Hope this helps! Take care,

Glenn

Posted by Glenn Brunette on July 02, 2007 at 03:40 AM EDT #

Dear Glenn Do i need to configure snmp.conf file.."/etc/snmp/conf/snmp.conf ".I just need know ..Thanks From Saqib Sheikh

Posted by Saqib Sheikh on July 04, 2007 at 07:46 PM EDT #

You do not have to, but I would recommend that you edit the snmpd.conf file in order to change the community strings and "system" information to something specific to your organization. If you do not change the public community string (for example) anyone on your network (or who could reach the SNMP services on your network) could read the SNMP information.

Glenn

Posted by Glenn Brunette on July 09, 2007 at 04:09 AM EDT #

very nicely explained topics. Keep doing great. TC Kashif Malik

Posted by Kashif Malik on July 15, 2007 at 08:35 PM EDT #

Post a Comment:
Comments are closed for this entry.
About

gbrunett

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today