This section contains information about specific security mechanisms offered by Oracle Solaris Cluster software.
A secure installation uses the following critical security features:
Security Compliance – When Oracle Solaris Cluster is configured and running, the default compliance profile, Solaris Recommended, tests Oracle Solaris Cluster for compliance to internal and external security requirements. For a customized list of only Oracle Solaris Cluster-related checks, use the compliance tailor command. For more information about compliance profiles and about profile customization, see Oracle Solaris 11.4 Compliance Guide.
Cluster Authorizations – Use the role-based access control (RBAC) authorizations of solaris.cluster.modify, solaris.cluster.admin, and solaris.cluster.read to access the cluster. You must become an administrator who is assigned the User Security rights profile to change most of the security attributes of a role. For more information, see Managing the Use of Rights in Securing Users and Processes in Oracle Solaris 11.4 and Oracle Solaris Cluster Authorizations in Administering an Oracle Solaris Cluster 4.4 Configuration.
IP Security Architecture (IPsec) – Configure IPsec for the clprivnetinterface to provide secure TCP/IP communication on the cluster interconnect.
For more information, see Securing the Interconnect for Oracle Solaris Cluster With IPsec in Installing and Configuring an Oracle Solaris Cluster 4.4 Environment.
New Nodes – Use the claccess command or clsetup utility with privileges to add a node to a cluster. For more information, see Chapter 8, Administering Cluster Nodes in Administering an Oracle Solaris Cluster 4.4 Configuration.
The default setting for access status is claccess deny-all. You should change this only when you want to perform a privileged operation, such as adding a new node. You should restore the deny-all status when you are finished. If you expect to make frequent changes to cluster configurations, you can ensure maximum trust for new systems by selecting a more secure authentication protocol using the /usr/cluster/bin/claccess -p protocol=authentication-protocol command. For more information, see the claccess(8CL) man page and Chapter 5, Using Secure RPC on Oracle Solaris in Managing Authentication in Oracle Solaris 11.4.
Trusted Extensions – The Oracle Solaris Trusted Extensions feature can be enabled for use in a zone cluster. For more information, see Guidelines for Trusted Extensions in a Zone Cluster in Installing and Configuring an Oracle Solaris Cluster 4.4 Environment and How to Install and Configure Trusted Extensions in Installing and Configuring an Oracle Solaris Cluster 4.4 Environment.
Zone Clusters – A zone cluster is composed of one or more non-global zones of the solaris brand, the solaris10 brand, or the labeled brand set with the cluster attribute. A labeled brand zone cluster is only for use with the Trusted Extensions feature of Oracle Solaris software.
You create a zone cluster by using the clzonecluster command or the clsetup utility. You can run supported services on the zone cluster similar to a global cluster, with the isolation that is provided by Oracle Solaris zones. For more information, see Creating and Configuring a Zone Cluster in Installing and Configuring an Oracle Solaris Cluster 4.4 Environment and Working With a Zone Cluster in Administering an Oracle Solaris Cluster 4.4 Configuration.
Secure Connections to Cluster Consoles – You must establish secure shell connections to the consoles of the cluster nodes. For more information about the pconsole utility, see How to Connect Securely to Cluster Consoles in Administering an Oracle Solaris Cluster 4.4 Configuration.
Common Agent Container – The Oracle Solaris Cluster Manager browser interface uses strong encryption techniques to ensure secure communication between the Oracle Solaris Cluster management stacks on each cluster node. For more information, see Administering and Troubleshooting Oracle Solaris Cluster Manager in Administering an Oracle Solaris Cluster 4.4 Configuration.
Logging – Oracle Solaris Cluster software uses the syslogd command to record error and status messages. Ensure that you set up the /etc/syslog.conf file to control where the messages are stored. You should also securely protect the log files, such as the /var/adm/messages file. For more information, see Administering the Cluster in Administering an Oracle Solaris Cluster 4.4 Configuration.
Auditing – Oracle Solaris Cluster auditing is enabled by default, as it is in the Oracle Solaris operating system. Auditing stores all executed commands in the /var/cluster/logs/commandlog file.
This file is only readable and writable by the root role. If aspects of cluster administration are delegated to non-root roles that are assigned Oracle Solaris Cluster Management rights profiles, you might wish to give those users the ability to read these protected cluster log files. This can be done by adding an Access Control List (ACL) for the user to the commandlog file.
For more information about viewing the commandlog file, see How to View the Contents of Oracle Solaris Cluster Command Logs in Administering an Oracle Solaris Cluster 4.4 Configuration. For information about the Oracle Solaris ACL mode, see the chmod(1) man page and Chapter 2, Using ACLs and Attributes to Protect Oracle Solaris ZFS Files in Securing Files and Verifying File Integrity in Oracle Solaris 11.4.
Oracle Solaris Operating System Hardening – Oracle Solaris Cluster software uses security hardening techniques to reconfigure the Oracle Solaris operating system into a hardened state. Additionally, it can activate the Oracle Solaris system audit.