Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Create Immutable Global Zones

Tamper-proofing with immutability enables global zones and non-global zones to create a resilient, high-integrity operating environment within which SuperCluster compute servers operate their own services. Building upon the inherent security capabilities of Oracle Solaris global and non-global zones, immutable zones ensure that (some or all) OS directories and files are unable to be changed (without administrator intervention). The enforcement of this read-only posture helps to prevent unauthorized changes, promotes stronger change management procedures, and deters the injection of both kernel and user-based malware.

While you should always confirm that application software operates as expected in an immutable environment, be aware that Oracle Database instances and Oracle RAC clusters are verified to run correctly within Oracle Solaris immutable non-global zones.

1. Log in to the Oracle Solaris global zone (Dedicated Domain, Root Domain, or I/O Domain) as superuser.

   See Log into a Compute Server.

2. Modify the Oracle Solaris global zone configuration by setting the file-mac-profile property.

   # zonecfg -z global set file-mac-profile=fixed-configuration
   zonecfg:global> commit
   

3. Reboot the Oracle Solaris global zone for the changes to take effect. Log into the domain through the ILOM console.
4. Start the immutable global zone trusted path console.

   As the immutable global zone is configured, it is important to enter the console login using one of these break sequences:

   • Graphical console – F1-A

   • Serial console – <Break> or the alternate break sequence (CR~ Ctrl-b)

   trusted path console login:
   

5. Log into the global zone of the I/O Domain and assume the root role to perform any specific updates to the system, then reboot the system to bring it back to read-only mode.

   # reboot