Installation Enhancements
The following installation features and enhancements have been added to the Solaris 10 11/06 release.
Solaris Flash Archives
This Solaris Flash enhancement enables a user to create an archive that includes large files. The flarcreate command creates a Solaris Flash archive that can contain individual files of 4 Gbytes or more. The available archive utilities are as follows:
-
The cpio archive utility is the default. Individual files cannot be larger than 2 or 4 Gbytes The size limitation depends on the version of cpio used.
-
The portable archive interchange utility, pax, is started with the -L pax option. If the -L pax option is specified, the archive can be created without size limitations on individual files. The pax utility was included in the Solaris 7 OS release. The Solaris Flash archives created by using the pax utility can only be deployed on a Solaris OS with a pax utility. When a user deploys the archive on systems that are running the Solaris 2.6 or earlier versions, the user must use the cpio option.
For more information, see the pax(1) and the cpio(1) man pages. See also the Solaris 10 11/06 Installation Guide: Solaris Flash Archives (Creation and Installation).
Secure By Default Network Profile
Starting with this release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a limited network profile by using a new service_profile keyword in the sysidcfg file.
If you choose to restrict network security during the initial installation, numerous services are fully disabled during the installation. Other services are still enabled, but these services are limited to local connections only. Solaris Secure Shell remains available for remote administrative access to the system.
With this limited networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.
The existing service configuration is not altered by an upgrade.
The network services can be easily reopened after installation by using the netservices open or by enabling individual services by using SMF commands.
For more information about this new security option, see the following references.
Table 2–1 Additional Security Information|
Administer security for network services |
How to Create an SMF Profile in System Administration Guide: Basic Administration |
|
Reopen network services after installation | |
|
Plan installation configuration | |
|
Select restricted network security during a hands-on installation | |
|
Set up restricted network security for a JumpStart installations |
service_profile Keyword in Solaris 10 11/06 Installation Guide: Network-Based Installations |
Installing Solaris Trusted Extensions
Solaris Trusted Extensions provides multilevel security for the Solaris OS. This feature enables you to control information in a flexible but highly secure manner. You can now enforce strict access controls to your data, based on data sensitivity, not just data ownership.
An installation that accesses Solaris Trusted Extensions differs from a standard installation. For a list of these installation differences and further information about Solaris Trusted Extensions, see Chapter 3, Installing Solaris Trusted Extensions Software (Tasks), in Solaris Trusted Extensions Installation and Configuration..
For more information about Solaris Trusted Extensions, see the README file in the Solaris_10/ExtraValue/CoBundled/Trusted_Extensions directory. See also, Solaris Trusted Extensions.
- © 2010, Oracle Corporation and/or its affiliates