test

SunScreen 3.2 Installation Guide

Chapter 9 Removing SunScreen Software

This chapter describes how to remove the SunScreen software.

Topics covered in this chapter:

The following procedure describes how to remove the SunScreen software.

Removing the SunScreen Software

The following procedure describes how to remove the SunScreen software.

To Remove the SunScreen Software

If you remove SunScreen packages from a Screen when the active configuration includes rules that use proxies, the disabled Solaris services, such as the standard FTP daemon, are not reinstated.

To ensure that they are reinstated, perform the following steps before removing the SunScreen packages:

Note -

Remove the Screen from the managed group, if it is a secondary Screen. Use the instructions in the Section, "To Remove a Member From a Certificate Group" in the SunScreen 3.2 Administration Guide.

  1. If you used the SunScreen GUI-based installer to install the SunScreen software and the product registry was present:

    1. When running the Solaris 8, update 3 or newer, software, remove the SunScreen software through the product registry by typing:


      # /usr/bin/prodreg

      SunScreen appears as an installed component, which you can select and remove by clicking the "uninstall" button.

    2. When running a release lower than the Solaris 8, update 3, software, execute the GUI-based uninstaller directly by typing:


      # cd /var/sadm/prod
# java uninstall_SunScreen_3_2_Full

  2. To verify that the SunScreen packages were removed, type:


    # pkginfo SUNWsfwau

    This package should no longer be installed on the system if the GUI uninstaller was successful in removing SunScreen.

  3. If you used pkgadd to install the SunScreen software, use pkgrm to remove the software packages originally installed on the system.

    For a list of the software packages to remove see "Command Line Installation" in the SunScreen 3.2 Installation Guide.

  4. To remove the configurations and log files, delete the following:

    • /var/sunscreen and its descendants, which contain the SunScreen packet logfiles.

    • /etc/sunscreen and its descendants, which contain the SunScreen configurations and policies.

    • /etc/skip and its descendants, which contain the SKIP keys and certificates.

      Note -

      Because these three sets of files are not removed as part of the pkgrm command, you must remove these files manually, if you are done with them.

    If you do not remove these files and reinstall the software, the old configurations and rules are retained in addition to your initial policy. Use the administration GUI to delete unwanted duplicates.

    If you do not remove the old SKIP keys and certificates, when the software is reinstalled multiple Screen identities are created. To remove the SKIP identities completely, see the SunScreen SKIP User's Guide, Release 1.5.1, for more information about skiplocal and skipdb.

  5. Reboot to complete the removal of the SunScreen software by typing:


    # sync; init 6
    Note -

    Reboot is required to remove the packet filtering modules to be unloaded.

The following procedure describes how to remove the SunScreen software when using proxies.

To Remove SunScreen When Using Proxies

  1. If you have used proxies in your configuration: Remove all rules that use proxies (or else instantiate a policy that uses no proxies) to restore the sendmail and inetd daemons to their original Solaris functionality. On configurations with a number of centrally managed Screens, it may be simpler to restore these daemons manually:

    1. If the FTP or telnet proxy is in use, remove the #efs# prefix that comments them out in /etc/inet/inetd.conf. For example:


      # efs#ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd

# efs#telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd

    2. If the SMTP proxy is in use, the command that invokes sendmail as a listening daemon was altered. For example:


      # /usr/lib/sendmail -q15m & #efs{-bd}

      Move the commented {-bd} option back into its original location:


      # /usr/lib/sendmail -bd -q15m &

  2. Stop the current proxies in one of the following two ways:

    1. Activate a policy that does not contain proxy rules.

    2. Deactivate the proxies manually using the command line, as root, by typing:


      # rm /etc/opt/SUNWicg/SunScreen/.active/*.conf# /etc/init.d/proxy stop

Note -

This method is specific to SunScreen 3.2, as it uses path names and interfaces that are not guaranteed to exist in future releases.

The original daemons (that is, sendmail, telnetd, and ftpd) are reinstated.