Login or Register to Ask a Question and Join Our Community


Solaris

Remote services during Solaris installation

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Remote services during Solaris installation
# 1  
Old 10-31-2008
Remote services during Solaris installation
I've installed Solaris 10 (05-08) on a SPARC platform

During the installation I was prompted with the question below. I selected yes to enable remote services.

Does anyone know what services this option enables?

- Enabling remote services ----------------------------------------
Would you like to enable network services for use by remote clients?
Selecting "No" provides a more secure configuration in
which Secure Shell is the only network service provided to
remote clients. Selecting "Yes" enables a larger set of
services as in previous Solaris releases. If in doubt, it is
safe to select "No" as any services can be individually enabled
after installation.
Note: This choice only affects initial installs. It doesn't affect upgrades.
Remote services enabled
-----------------------
[X] Yes
[ ] No
-------------------------------------------------------------------
F2_Continue F6_Help
# 2  
Old 10-31-2008
have a look with:

Code:
# svcs -a | grep -i network

for all enabled services.
# 3  
Old 10-31-2008
I believe this will enable services such as rlogin & telnet etc.
# 4  
Old 10-31-2008
looking into the script /usr/sbin/netservices (1M) it is:

svc:/system/system-log
svc:/network/rpc/cde-calendar-manager
svc:/network/rpc/bind
svc:/application/x11/x11-server
svc:/network/smtp:sendmail
svc:/application/print/server
svc:/application/print/rfc1179
svc:/application/print/ipp-listener
svc:/network/rpc/cde-ttdbserver
svc:/application/graphical-login/cde-login
svc:/system/webconsole
svc:/application/management/wbem

and for the inetd and services you could have a look into:

/var/svc/profile/generic_open.xml
/var/svc/profile/generic_limited_net.xml

regards
- PRESSY
# 5  
Old 10-31-2008
You can find the specs and presentation here:
Secure By Default at OpenSolaris.org
# 6  
Old 11-10-2008
# svcs -a | grep -i network

The following services are "online"

online Nov_05 svc:/network/pfil:default
online Nov_05 svc:/network/tnctl:default
online Nov_05 svc:/network/loopback:default
online Nov_05 svc:/network/physical:default
online Nov_05 svc:/milestone/network:default
online Nov_05 svc:/network/initial:default
online Nov_05 svc:/network/service:default
online Nov_05 svc:/network/ntp:default
online Nov_05 svc:/network/routing-setup:default
online Nov_05 svc:/network/rpc/bind:default
online Nov_05 svc:/network/nfs/mapid:default
online Nov_05 svc:/network/nfs/cbd:default
online Nov_05 svc:/network/nfs/status:default
online Nov_05 svc:/network/nfs/nlockmgr:default
online Nov_05 svc:/network/inetd:default
online Nov_05 svc:/network/rpc/gss:default
online Nov_05 svc:/network/rpc/meta:default
online Nov_05 svc:/network/nfs/client:default
online Nov_05 svc:/network/rpc/rstat:default
online Nov_05 svc:/network/rpc/cde-calendar-manager:default
online Nov_05 svc:/network/rpc/cde-ttdbserver:tcp
online Nov_05 svc:/network/rpc/mdcomm:default
online Nov_05 svc:/network/rpc/metamed:default
online Nov_05 svc:/network/rpc/metamh:default
online Nov_05 svc:/network/rpc/smserver:default
online Nov_05 svc:/network/rpc/rusers:default
online Nov_05 svc:/network/cde-spc:default
online Nov_05 svc:/network/security/ktkt_warn:default
online Nov_05 svc:/network/telnet:default
online Nov_05 svc:/network/nfs/rquota:default
online Nov_05 svc:/network/ftp:default
online Nov_05 svc:/network/finger:default
online Nov_05 svc:/network/login:rlogin
online Nov_05 svc:/network/shell:default
online Nov_05 svc:/network/stdiscover:default
online Nov_05 svc:/network/stlisten:default
online Nov_05 svc:/network/rpc-100235_1/rpc_ticotsord:default
online Nov_05 svc:/network/nfs/server:default
online Nov_05 svc:/network/smtp:sendmail
online Nov_05 svc:/network/ssh:default

Which of these would be a good idea to disable in order to tighten security?
# 7  
Old 11-10-2008
netservices will disable most of them. Why not relying on it ?
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Solaris

Solaris 10 flash installation - fatal error. Solaris installation program exited.

Not very helpful to say the least. Seems to read the flar file and go through the upgrade and then come up with this error. Any ideas? (1 Reply)
Discussion started by: psychocandy
1 Replies

2. UNIX for Advanced & Expert Users

Autosys remote agent installation issue

We require Autosys remote agent to be installed in Unix (AIX) server to invoke a Unix script from Autosys. But the issue is there is already a Jobtrac scheduler present in this server, and the support team who do Autosys installation say that these 2 schedulers cannot exist in the same server.... (0 Replies)
Discussion started by: hidnana
0 Replies

3. Solaris

Remote installation of solaris 9

Hi All, We have an ungent requirement of remote installation of a Sun server as we can't attach cd/dvd rom with the server. Is there any way like NFS installation in linux to complete it? We need any possible way except Jumpstart as it has a long procedure to set. Thanks, Deepak (5 Replies)
Discussion started by: naw_deepak
5 Replies

4. Red Hat

remote redhat installation

Hi guys! I have fedora6 on server and i want redhell5 to be on it. The problem is that the server is located from me several hundred kilometers away. So the only access i have is ssh. On my notebook i have iso-image with redhell5. How can install redhell5 on it and deinstall fedora6? Thanks in... (8 Replies)
Discussion started by: smallman
8 Replies

5. Solaris

installation entirely remote - Solaris

Friends, Is there any way to do a installation of Solaris entirely remote? Jumpstart is almost what I want but is not entirely remote because it requires to access the openboot to execute command "boot net - install. Can i to do a upgrade entirely remote too? Thanks, Marcelo... (2 Replies)
Discussion started by: marcmc
2 Replies

6. UNIX for Advanced & Expert Users

installation entirely remote - Solaris

moved to Solaris... https://www.unix.com/sun-solaris/84558-installation-entirely-remote-solaris.html (0 Replies)
Discussion started by: vbe
0 Replies

7. Solaris

installation of Solaris: installation bypasses network config.

hello solaris friends, I've tried installing Sun Solaris 10.0, but everytime it seems to bypass the network config. screen that looks similar to this...here's the url: http://www.hup.hu/old/images/hup/Solaris/Sol10beta7/9.png I'm able to install it all the way through but I get no... (2 Replies)
Discussion started by: cadmiumgreen
2 Replies

8. Shell Programming and Scripting

shange user's pass for all services on a remote host

here is the picture: a website on server1 & a "username" logged in that site. The same username has a shell(nologin)/ftp/samba/mail(qmail) acount on server2. i have s form on server1 that can pass the username & its NEW password to a sript that should change all passwords on server2. the... (5 Replies)
Discussion started by: veskonedev
5 Replies
Login or Register to Ask a Question