Stealth Mode
Stealth-mode offers optional hardening of the OS, which removes packages and files from the Solaris operating system that are not used by SunScreen EFS 3.0. Stealth-mode requires the Screen to partition a single network.
Stealth mode firewall partitions an existing network and, consequently, does not require you to sub-net the network. Stealth-mode interfaces do not have IP addresses, and do MAC-layer bridging.
In stealth mode, SunScreen EFS 3.0 is similar to the SunScreen SPF-200 product; however, it differs from it in the following ways:
-
It is a layered product instead of a dedicated installation.
-
It no longer boots from the CD-ROM.
-
It no longer requires an installation diskette.
-
(Optional) Hardening of the operating system (OS) is equal to SunScreen SPF-200 when the minimum required OS packages are installed with the minimum required patches.
If you configure a network interface that you later set to Stealth mode, the Screen will hang upon activation. If this happens, you must reboot the Screen in single-user mode, then remove the /etc/hostname.interface_name file (which unconfigures that interface), and reboot the Screen again.
If you accidentally misconfigure the system in this way, here is the procedure for restoring proper operation:
-
Type control-C a few times to break out and send your machine into single-user mode.
-
After typing your root password, you must type the following to remount the root partition read-write:
# mount -o remount /# ls /etc/hostname*/etc/hostname.hme0 /etc/hostname.qfe2
The qfe2 interface is the admin interface in this example.
Note -
Do not disturb your admin interface, as it must be the only hostname interface file in the /etc directory.
As the example shows, the problem is the existence of a hme0 interface file.
-
To rename or remove the problem hostname interface file, type:
# mv /etc/hostname.hme0 /etc/hostname.hme0.old
-
Reboot the machine.
Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz), No Keyboard OpenBoot 3.11, 128 MB memory installed, Serial #10411258. Ethernet address 8:0:20:9e:dc:fa, Host ID: 809edcfa. Rebooting with command: boot Boot device: disk:a File and args: kadb kadb: kernel/sparcv9/unix Size: 314284+93248+121472 Bytes /platform/sun4u/kernel/sparcv9/unix loaded - 0xca000 bytes used SunOS Release 5.7 Version Generic 64-bit [UNIX(R) System V Release 4.0] Copyright (c) 1983-1998, Sun Microsystems, Inc. plumbing SunScreen network interfaces:^C INIT: Cannot create /var/adm/utmp or /var/adm/utmpx INIT: failed write of utmpx entry:" " INIT: failed write of utmpx entry:" " INIT: SINGLE USER MODE Type Ctrl-d to proceed with normal startup, (or give root password for system maintenance): Entering System Maintenance Mode May 5 17:10:04 su: 'su root' succeeded for root on /dev/syscon Sun Microsystems Inc. SunOS 5.7 Generic October 1998 # mount -o remount / # ls /etc/hostname* /etc/hostname.hme0 /etc/hostname.qfe2 # mv /etc/hostname.hme0 /etc/hostname.hme0.old # ls /etc/hostname* /etc/hostname.hme0.old /etc/hostname.qfe2 # reboot
- © 2010, Oracle Corporation and/or its affiliates