Installing Logical Domains Manager and Solaris Security Toolkit Software Manually

Perform the following procedures to install the Logical Domains Manager and Solaris Security Toolkit Software manually:

• Install the Logical Domains Manager (LDoms) 1.2 Software Manually.

• (Optional) Install the Solaris Security Toolkit 4.2 Software Manually.

• (Optional) Harden the Control Domain Manually.

Install the Logical Domains Manager (LDoms) 1.2 Software Manually

Before You Begin

Download the Logical Domains Manager 1.2 software, the SUNWldm package, from the Sun Software Download site. See Download the Software for specific instructions.

1. Use the pkgadd(1M) command to install the SUNWldm.v package. Use the -G option to install the package in the global zone only and the -d option to specify the path to the directory that contains the SUNWldm.v package.

   # pkgadd -Gd . SUNWldm.v

2. Answer y for yes to all questions in the interactive prompts.

3. Use the pkginfo(1) command to verify that the SUNWldm package for Logical Domains Manager 1.2 software is installed.

   The revision (REV) information shown below is an example.

   # pkginfo -l SUNWldm | grep VERSION VERSION=1.2,REV=2007.08.23.10.20

(Optional) Install the Solaris Security Toolkit 4.2 Software Manually

If you want to secure your system, download and install the SUNWjass package. The required patches (122608-03 and 125672-01) are included in the SUNWjass package. See Download the Software for specific instructions about downloading the software.

See Chapter 2, Security in this document for more information about security considerations when using Logical Domains Manager software. For further reference, you can find Solaris Security Toolkit 4.2 documentation at:

http://docs.sun.com

1. Use the pkgadd(1M) command to install the SUNWjass package.

   # pkgadd -d . SUNWjass

2. Use the pkginfo(1) command to verify that the SUNWjass package for Solaris Security Toolkit 4.2 software is installed.

   # pkginfo -l SUNWjass | grep VERSION VERSION: 4.2.0

(Optional) Harden the Control Domain Manually

Perform this procedure only if you have installed the Solaris Security Toolkit 4.2 package.

When you use the Solaris Security Toolkit to harden the control domain, you disable many system services and place certain restrictions on network access. Refer to Related Documentation to find Solaris Security Toolkit 4.2 documentation for more information.

1. Harden using the ldm_control-secure.driver.

   # /opt/SUNWjass/bin/jass-execute -d ldm_control-secure.driver

   You can use other drivers to harden your system. You can also customize drivers to tune the security of your environment. Refer to the Solaris Security Toolkit 4.2 Reference Manual for more information about drivers and customizing them.

2. Answer y for yes to all questions in the interactive prompts.

3. Shut down and reboot your server for the hardening to take place.

   # /usr/sbin/shutdown -y -g0 -i6

Validate Hardening

1. Check whether the Logical Domains hardening driver (ldom_control-secure.driver) applied hardening correctly.

   If you want to check on another driver, substitute that driver's name in this command example.

   # /opt/SUNWjass/bin/jass-execute -a ldom_control-secure.driver

Undo Hardening

1. Undo the configuration changes applied by the Solaris Security Toolkit.

   # /opt/SUNWjass/bin/jass-execute -u

   The Solaris Security Toolkit asks you which hardening runs you want to undo.

2. Select the hardening runs you want to undo.

3. Reboot the system so that the unhardened configuration takes place.

   # /usr/sbin/shutdown -y -g0 -i6

   ---

   Note –

   If you undo hardening that was performed during a JumpStart installation, you must run the following SMF commands to restart the Logical Domains Manager daemon (ldmd) and the virtual network terminal server daemon (vntsd).

   ---

   # svcadm enable svc:/ldoms/ldmd:default