I've installed Solaris 10 (05-08) on a SPARC platform
During the installation I was prompted with the question below. I selected yes to enable remote services.
Does anyone know what services this option enables?
Enabling remote services ----------------------------------------
Would you like to enable network services for use by remote clients?
Selecting "No" provides a more secure configuration in
which Secure Shell is the only network service provided to
remote clients. Selecting "Yes" enables a larger set of
services as in previous Solaris releases. If in doubt, it is
safe to select "No" as any services can be individually enabled
after installation.
Note: This choice only affects initial installs. It doesn't affect upgrades.
Remote services enabled
-----------------------
[X] Yes
[ ] No
-------------------------------------------------------------------
F2_Continue F6_Help
have a look with:
# svcs -a | grep -i network
for all enabled services.
Chains
October 31, 2008, 12:31pm
3
I believe this will enable services such as rlogin & telnet etc.
pressy
October 31, 2008, 12:39pm
4
looking into the script /usr/sbin/netservices (1M) it is:
svc:/system/system-log
svc:/network/rpc/cde-calendar-manager
svc:/network/rpc/bind
svc:/application/x11/x11-server
svc:/network/smtp:sendmail
svc:/application/print/server
svc:/application/print/rfc1179
svc:/application/print/ipp-listener
svc:/network/rpc/cde-ttdbserver
svc:/application/graphical-login/cde-login
svc:/system/webconsole
svc:/application/management/wbem
and for the inetd and services you could have a look into:
/var/svc/profile/generic_open.xml
/var/svc/profile/generic_limited_net.xml
regards
You can find the specs and presentation here:
Secure By Default at OpenSolaris.org
# svcs -a | grep -i network
The following services are "online"
online Nov_05 svc:/network/pfil:default
online Nov_05 svc:/network/tnctl:default
online Nov_05 svc:/network/loopback:default
online Nov_05 svc:/network/physical:default
online Nov_05 svc:/milestone/network:default
online Nov_05 svc:/network/initial:default
online Nov_05 svc:/network/service:default
online Nov_05 svc:/network/ntp:default
online Nov_05 svc:/network/routing-setup:default
online Nov_05 svc:/network/rpc/bind:default
online Nov_05 svc:/network/nfs/mapid:default
online Nov_05 svc:/network/nfs/cbd:default
online Nov_05 svc:/network/nfs/status:default
online Nov_05 svc:/network/nfs/nlockmgr:default
online Nov_05 svc:/network/inetd:default
online Nov_05 svc:/network/rpc/gss:default
online Nov_05 svc:/network/rpc/meta:default
online Nov_05 svc:/network/nfs/client:default
online Nov_05 svc:/network/rpc/rstat:default
online Nov_05 svc:/network/rpc/cde-calendar-manager:default
online Nov_05 svc:/network/rpc/cde-ttdbserver:tcp
online Nov_05 svc:/network/rpc/mdcomm:default
online Nov_05 svc:/network/rpc/metamed:default
online Nov_05 svc:/network/rpc/metamh:default
online Nov_05 svc:/network/rpc/smserver:default
online Nov_05 svc:/network/rpc/rusers:default
online Nov_05 svc:/network/cde-spc:default
online Nov_05 svc:/network/security/ktkt_warn:default
online Nov_05 svc:/network/telnet:default
online Nov_05 svc:/network/nfs/rquota:default
online Nov_05 svc:/network/ftp:default
online Nov_05 svc:/network/finger:default
online Nov_05 svc:/network/login:rlogin
online Nov_05 svc:/network/shell:default
online Nov_05 svc:/network/stdiscover:default
online Nov_05 svc:/network/stlisten:default
online Nov_05 svc:/network/rpc-100235_1/rpc_ticotsord:default
online Nov_05 svc:/network/nfs/server:default
online Nov_05 svc:/network/smtp:sendmail
online Nov_05 svc:/network/ssh:default
Which of these would be a good idea to disable in order to tighten security?
netservices will disable most of them. Why not relying on it ?