Enhanced Security Using the Restricted Networking Profile (Solaris Express Installation Guide: Planning for Installation and Upgrade)

Solaris Express Installation Guide: Planning for Installation and Upgrade

Enhanced Security Using the Restricted Networking Profile

Starting with the Solaris Express 7/06, the generic installation has been changed so that all network services, except Secure Shell, are disabled or restricted to respond to local requests only. This change minimizes the potential vulnerabilities a remote attacker might try to exploit. In addition, the change provides a base for customers to enable only the services they require.

For Solaris Express releases, the hardening changes are automatically applied whenever a fresh install is performed. This effect is achieved by invoking the netservices command from the SMF upgrade file found in /var/svc/profile. Behavior is unchanged if the system is upgraded.

All of the affected services are controlled by the Service Management Framework (SMF). Any individual service can be enabled by using the svsadm(1M) and svccfg(1M) commands. The netservices(1M) command can be used to switch the service startup behavior.