Using JumpStart to Install the Logical Domains Manager 1.2 and Solaris Security Toolkit 4.2 Software
Refer to JumpStart Technology: Effective Use in the Solaris Operating Environment for complete information about using JumpStart.
Caution – Do not disconnect from the virtual console during a network installation.
Set Up a JumpStart Server
-
If you have already set up a JumpStart server, proceed to Install Using JumpStart Software of this administration guide.
-
If you have not already set up a JumpStart server, you must do so.
Refer to the Solaris 10 5/09 Installation Guide: Custom JumpStart and Advanced Installations for complete information about this procedure.
-
Refer to the Solaris 10 5/09 Installation Guide: Custom JumpStart and Advanced Installations.
Perform the following steps.
-
Validate the rules file with the procedure in “Validating the rules File.”
The Solaris Security Toolkit provides profiles and finish scripts. Refer to the Solaris Security Toolkit 4.2 Reference Manual for more information about profiles and finish scripts.
Install Using JumpStart Software
-
Change to the directory where you have downloaded the Solaris Security Toolkit package (SUNWjass).
# cd /path-to-download
-
Install SUNWjass so that it creates the JumpStart (jumpstart) directory structure.
# pkgadd -R /jumpstart -d . SUNWjass
-
Use your text editor to modify the /jumpstart/opt/SUNWjass/Sysidcfg/Solaris_10/sysidcfg file to reflect your network environment.
-
Copy the /jumpstart/opt/SUNWjass/Drivers/user.init.SAMPLE file to the /jumpstart/opt/SUNWjass/Drivers/user.init file.
# cp user.init.SAMPLE user.init
-
Edit the user.init file to reflect your paths.
-
To install the Solaris Security Toolkit package (SUNWjass) onto the target system during a JumpStart install, you must place the package in the JASS_PACKAGE_MOUNT directory defined in your user.init file. For example:
# cp -r /path/to/LDoms_Manager-1_0_2/Product/SUNWjass /jumpstart/opt/SUNWjass/Packages
-
To install the Logical Domains Manager package (SUNWldm.v) onto the target system during a JumpStart install, you must place the package from the download area in the JASS_PACKAGE_MOUNT directory defined in your user.init file. For example:
# cp -r /path/to/LDoms_Manager-1_0_2/Product/SUNWldm.v /jumpstart/opt/SUNWjass/Packages
-
If you experience problems with a multihomed JumpStart server, modify the two entries in the user.init file for JASS_PACKAGE_MOUNT and JASS_PATCH_MOUNT to the correct path to the JASS_HOME_DIR/Patches and JASS_HOME_DIR/Packages directories. Refer to the comments in the user.init.SAMPLE file for more information.
-
Use the ldm_control-secure.driver as the basic driver for the Logical Domains Manager control domain.
Refer to Chapter 4 in the Solaris Security Toolkit 4.2 Reference Manual for information about how to modify the driver for your use. The main driver in the Solaris Security Toolkit that is the counterpart to the ldm_control-secure.driver is the secure.driver.
-
After completing the modifications to the ldm_control-secure.driver, make the correct entry in the rules file.
-
If you want to minimize the LDoms control domain, specify the minimal-ldm-control.profile in your rules file similar to the following:
hostname imbulu - Profiles/minimal-ldm_control.profile Drivers/ldm_control-secure-abc.driver
Note –You must manually install the LDoms MIB software package after you install the LDoms and Solaris Security Toolkit packages. They are not automatically installed with the other packages.
-
If you do not want to minimize the LDoms control domain, your entry should be similar to the following:
hostname imbulu - Profiles/oem.profile Drivers/ldm_control-secure-abc.driver
-
-
If you undo hardening during a JumpStart install, you must run the following SMF command to restart the Logical Domains Manager.
# svcadm enable svc:/ldoms/ldmd:default
- © 2010, Oracle Corporation and/or its affiliates