Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Cluster 4.1 Security Guide Oracle Solaris Cluster 4.1 |
1. Introduction to Oracle Solaris Cluster Security
Overview of Oracle Solaris Cluster and Security
Secure Installation and Configuration
This section contains information about specific security mechanisms offered by Oracle Solaris Cluster.
A secure installation uses the following critical security features:
Role-Based Access Control (RBAC) – Use the RBAC authorizations of solaris.cluster.modify, solaris.cluster.admin, and solaris.cluster.read to access the cluster. You must become an administrator who is assigned the User Security rights profile to change most of the security attributes of a role. For more information, see Part III, Roles, Rights Profiles, and Privileges, in Oracle Solaris 11.1 Administration: Security Services and Oracle Solaris Cluster RBAC Rights Profiles in Oracle Solaris Cluster System Administration Guide.
New Nodes – Use the claccess command or clsetup utility with privileges to add a node to a cluster. For more information, see Chapter 8, Adding and Removing a Node, in Oracle Solaris Cluster System Administration Guide.
Trusted Extensions – The Oracle Solaris Trusted Extensions feature can be enabled for use in a zone cluster. For more information, see Guidelines for Trusted Extensions in a Zone Cluster in Oracle Solaris Cluster Software Installation Guide and How to Install and Configure Trusted Extensions in Oracle Solaris Cluster Software Installation Guide.
Zone Clusters – A zone cluster is composed of one or more non-global zones of the solaris, solaris10, or labeled brand that are set with the cluster attribute. A labeled brand zone cluster is only for use with the Trusted Extensions feature of Oracle Solaris software. You create a zone cluster by using the clzonecluster command or the clsetup utility. You can run supported services on the zone cluster similar to a global cluster, with the isolation that is provided by Oracle Solaris zones. For more information, see Creating and Configuring a Zone Cluster in Oracle Solaris Cluster Software Installation Guide and Working With a Zone Cluster in Oracle Solaris Cluster System Administration Guide.
Secure Connections to Cluster Consoles – You must establish secure shell connections to the consoles of the cluster nodes. For more information on the pconsole utility, see How to Connect Securely to Cluster Consoles in Oracle Solaris Cluster System Administration Guide.
Logging – Oracle Solaris Cluster uses the syslogd(1M) command to record error and status messages. Ensure that you set up the /etc/syslog.conf file to control where the messages are stored. You should also securely protect the log files, such as the /var/adm/messages file. For more information, see Beginning to Administer the Cluster in Oracle Solaris Cluster System Administration Guide.
Auditing – Oracle Solaris Cluster is enabled by default, as it is in the Oracle Solaris OS. Auditing stores all executed commands in the /var/cluster/logs/commandlog file, and you should set the protections on the file as appropriate. For more information, see How to View the Contents of Oracle Solaris Cluster Command Logs in Oracle Solaris Cluster System Administration Guide.
Oracle Solaris OS Hardening – Oracle Solaris Cluster uses security hardening techniques to reconfigure the Oracle Solaris OS into a hardened state. Additionally, it can activate the Oracle Solaris system audit.