Solaris 10 10/09 Installation Guide: Planning for Installation and Upgrade

What's New in the Solaris 10 11/06 Release for Installation

Enhanced Security Using the Restricted Networking Profile

Starting with the Solaris 10 11/06 release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this new security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a restricted network profile by using a new service_profile keyword in the sysidcfg file. This security option is only available for initial installations. An upgrade maintains all previously set services. If necessary, you can restrict network services after an upgrade by using the netservices command.

If you choose to restrict network security, numerous services are fully disabled. Other services are still enabled, but these services are restricted to local connections only. Secure Shell remains available for remote administrative access to the system.

With this restricted networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.

The network services can be enabled after installation by using the netservices open command or by enabling individual services by using SMF commands. See Revising Security Settings After Installation.

For additional information about this security option, see the following references.

Table 2–1 Additional Information About the Limited Network Profile


For More Information 

Administer security for network services 

How to Create an SMF Profile in System Administration Guide: Basic Administration

Reopen network services after installation 

Revising Security Settings After Installation

Plan installation configuration 

Planning Network Security

Select restricted network security during a hands-on installation 

Chapter 2, Installing With the Solaris Installation Program For UFS File Systems (Tasks), in Solaris 10 10/09 Installation Guide: Basic Installations

Set up restricted network security for a JumpStart installation 

service_profile Keyword in Solaris 10 10/09 Installation Guide: Network-Based Installations

Installing Solaris Trusted Extensions

Starting with the Solaris 10 11/06 release, Solaris Trusted Extensions provides multilevel security for the Solaris OS. This feature enables you to control information in a flexible but highly secure manner. You can now enforce strict access controls to your data based on data sensitivity, not just data ownership.

An installation that accesses Solaris Trusted Extensions differs from a standard installation. For a list of these installation differences and further information about Solaris Trusted Extensions, see Installing or Upgrading the Solaris OS for Trusted Extensions in Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases.

Solaris Flash Can Create an Archive That Includes Large Files

The flarcreate command no longer has size limitations on individual files. You can create a Solaris Flash archive that contains individual files that are greater than 4 Gbytes. The following two archive utilities are available for use:

For more information, see Creating an Archive That Contains Large Files in Solaris 10 10/09 Installation Guide: Solaris Flash Archives (Creation and Installation).