Solaris Secure by Default - Part 2



For the second installment of Getting to Know - Solaris Secure by Default) (SBD), I would like to point you to the newly published Secure by Default OpenSolaris project page. In particular, please be sure to check out the very cool design document.

The design document goes a long way toward explaining exactly what was done by the SBD project when it integrated into Nevada in build 42. It provides a handy quick reference for what changes were made by SBD including the introduction of new service FMRIs, service state (enabled or disabled) as well as any properties that are being used to control service behavior.

So, please give it a look and let us know what you think!

Take care,

Glenn

References: Part 1 of 3 Part 3 of 3

Technorati Tag:

Comments:

Why leave SSH enabled? Root cannot log in remotely by default and there are no user accounts by default, so it could just be enabled at the same time that users are added if people want it.

Posted by Ceri Davies on July 13, 2006 at 10:30 PM EDT #

Ceri,

This is not exactly true. If you select a naming service such as LDAP or NIS as part of the initial installation of a system, then those services will also be enabled potentially allowing a remote user to use SSH to log into the freshly installed system. It is also conceivable that in a future release, you will be able to automatically specify that an account be created as part of the initial installation thereby allowing you (once again) to remotely log into the system.

Certainly, if you do not want to use SSH, you are free to disable it in JumpStart (using the site.xml SMF profile) or immediately after the system reboots (using svcadm).

Thank you for your feedback!

Glenn

Posted by Glenn Brunette on July 14, 2006 at 02:24 AM EDT #

Thanks, Glenn, it's the naming service selection that I was missing. I had forgotten that those could be configured purely via sysidcfg, which obviously alleviates the requirement for any custom finish scripts that I had imagined. Cheers!

Posted by Ceri Davies on July 14, 2006 at 08:09 AM EDT #

Post a Comment:
Comments are closed for this entry.
About

gbrunett

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today