Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Cluster 3.3 5/11 Security Guide Oracle Solaris Cluster |
1. Introduction to Oracle Solaris Cluster Security
Overview of Oracle Solaris Cluster and Security
Secure Installation and Configuration
This section contains information about specific security mechanisms offered by Oracle Solaris Cluster.
A secure installation uses the following critical security features:
Role-Based Access Control (RBAC) – If you are not a superuser, use the RBAC roles of solaris.cluster.modify, solaris.cluster.admin, and solaris.cluster.read to access the cluster. For more information, see Oracle Solaris Cluster RBAC Rights Profiles in Oracle Solaris Cluster System Administration Guide.
IP Security Architecture (IPsec) – Configure IPsec for the clprivnet interface to provide secure TCP/IP communication on the cluster interconnect. For more information, see How to Configure IP Security Architecture (IPsec) on the Cluster Private Interconnect in Oracle Solaris Cluster Software Installation Guide.
New Nodes – Use the claccess command or clsetup utility with superuser privileges to add a node to a cluster. For more information, see Chapter 8, Adding and Removing a Node, in Oracle Solaris Cluster System Administration Guide.
Trusted Extensions – The Oracle Solaris Trusted Extensions feature can be enabled for use in a zone cluster. For more information, see Guidelines for Trusted Extensions in a Zone Cluster in Oracle Solaris Cluster Software Installation Guide and How to Prepare for Trusted Extensions Use With Zone Clusters in Oracle Solaris Cluster Software Installation Guide.
Zone Clusters – A zone cluster is a cluster of non-global Oracle Solaris Container zones. All nodes of a zone cluster are configured as non-global zones of the cluster brand. For more information, see Configuring a Zone Cluster in Oracle Solaris Cluster Software Installation Guide and Working With a Zone Cluster in Oracle Solaris Cluster System Administration Guide.
Secure Connections to Cluster Consoles – You must establish secure shell connections to the consoles of the cluster nodes. For more information, see How to Connect Securely to Cluster Consoles in Oracle Solaris Cluster System Administration Guide.
Common Agent Container – Oracle Solaris Cluster Manager uses strong encryption techniques to ensure secure communication between the Oracle Solaris Cluster Manager web server and each cluster node. For more information, see How to Regenerate Common Agent Container Security Keys in Oracle Solaris Cluster System Administration Guide and How to Use the Common Agent Container to Change the Port Numbers for Services or Management Agents in Oracle Solaris Cluster System Administration Guide.
Logging – Oracle Solaris Cluster uses the syslogd(1M) command to record error and status messages. Ensure that you set up the /etc/syslog.conf file to control where the messages are stored. You should also securely protect the log files, such as the /var/adm/messages file. For more information, see Beginning to Administer the Cluster in Oracle Solaris Cluster System Administration Guide.
Auditing – Oracle Solaris Cluster stores all executed commands in the /var/cluster/logs/commandlog file, and you should set the protections on the file as appropriate. For more information, see How to View the Contents of Oracle Solaris Cluster Command Logs in Oracle Solaris Cluster System Administration Guide.
Oracle Solaris Operating System (OS) Hardening – Oracle Solaris Cluster uses security hardening techniques to reconfigure the Solaris OS into a hardened state. Additionally, it can activate the Oracle Solaris system audit. Oracle's Solaris Security Toolkit, formerly known as the JumpStart Architecture and Security Scripts (JASS) Toolkit, can be used to secure SPARC-based and x86/x64-based systems. For more information, see the Solaris Security Toolkit.