For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
See the nca.if(4) man page for more information. For example:
# cat /etc/nca/nca.if hme0 hme1
Each interface must have an accompanying hostname.interface-name file and an entry in /etc/hosts file for the contents of hostname.interface-name.
To start the NCA feature on all interfaces, place an asterisk, *, in the nca.if file.
# cat /etc/nca/ncakmod.conf # # NCA Kernel Module Configuration File # status=enabled httpd_door_path=/system/volatile/nca_httpd_1.door nca_active=disabled
See the ncakmod.conf(4) man page for more information.
Change the status entry in /etc/nca/ncalogd.conf to enabled.
# cat /etc/nca/ncalogd.conf # # NCA Logging Configuration File # status=enabled logd_path_name="/var/nca/log" logd_file_size=1000000
You can change the location of the log file by changing the path that is indicated by the logd_path_name entry. The log file can be a raw device or a file. See the ncalogd.conf(4) man page for more information about the configuration file.
The following example causes NCA to monitor port 80 on all configured IP addresses.
# cat /etc/nca/ncaport.conf # # NCA Kernel Module Port Configuration File # . . ncaport=*/80
# eeprom kernelbase=0x90000000 # eeprom kernelbase kernelbase=0x90000000
The second command verifies that the parameter has been set.
The logd_path_name string in ncalogd.conf can define a raw device as the place to store the NCA log file. The advantage to using a raw device is that the service can run faster because the overhead in accessing a raw device is less.
The NCA service tests any raw device that is listed in the file to ensure that no file system is in place. This test ensures that no active file systems are accidentally written over.
The following example shows how to prevent this test from finding a file system, run the following command. The example command destroys part of the file system on any disk partition that had been configured as a file system. In this example, /dev/rdsk/c0t0d0s7 is the raw device that has an old file system in place.
# dd if=/dev/zero of=/dev/rdsk/c0t0d0s7 bs=1024 count=1
After running the dd command, you can then add the raw device to the ncalogd.conf file.
# cat /etc/nca/ncalogd.conf # # NCA Logging Configuration File # status=enabled logd_path_name="/dev/rdsk/c0t0d0s7" logd_file_size=1000000Example 4 Using Multiple Files for NCA Logging
The logd_path_name string in ncalogd.conf can define multiple targets as the place to store the NCA log file. The second file is used when the first file is full. The following example shows how to select to write to the /var/nca/log file first and then use a raw partition.
# cat /etc/nca/ncalogd.conf # # NCA Logging Configuration File # status=enabled logd_path_name="/var/nca/log /dev/rdsk/c0t0d0s7" logd_file_size=1000000