![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||
Solution Type Technical Instruction Sure Solution 1002268.1 : Sun Fire[TM] 12K/15K/E25K/E20K Servers: nfs.server and tftpboot services may be open on a System Controller that has Solaris[TM] Security Toolkit software installed or System Management Services 1.5 with Secure by Default.
PreviouslyPublishedAs 203193
Applies to:Sun Fire 12K ServerSun Fire 15K Server Sun Fire E20K Server Sun Fire E25K Server All Platforms GoalThis document addresses nfs.server and tftpboot services may be open on a System Controller that has Solaris[TM] Security Toolkit software installed or System Management Services 1.5 with Secure by Default.After following the documentt: "Securing the Sun Fire[TM] 12K and 15K System Controllers" at http://download.oracle.com/docs/cd/E19957-01/816-6694-10/816-6694-10.pdf, and using the "Solaris[TM] Security Toolkit" http://download.oracle.com/docs/cd/E19056-01/sec.tk42/ your System Controller can still be used as your domain's Operating System installation server, but will leave open tftp and nfs.server until all clients have been removed. SolutionSince the Starcat platform has an internal network to each of its domains, the System Controller is the perfect place to create a Solaris JumpStart[TM] software server.If your platform is secure, you will have no problems using your System Controller as a boot server, but after you run "add_install_client" for the first time, this will turn on nfs.server, and tftp. After you are finished with installing Solaris[TM] Operating System(OS), you can stop these services by running the rm_client script for each client. This script will remove the /tftpboot files for this domain and remove the entry from the /etc/bootparams file. If this domain is the last machine-client the system has, it will also unshare the installation directory, remove the entry from the dfstab file for nfs.server, remove the /etc/bootparams file, and remove the /tftpboot directory. If you do not remove the clients, the System Controller will still run these services until either this script is run, or the changes are made manually. Even after system reboots with "Solaris Security Toolkit" installed, these services will be restarted. Product Sun Fire E25K Server Sun Fire E20K Server Sun Fire 15K Server Sun Fire 12K Server Internal Section System Management Services(SMS) 1.5 and above will be "Secure by Default", so the Solaris Security Toolkit will be already configured out of the box. Most installations do use the System Controller(SC) as a jumpstart server, so this will effect all installations that have SMS 1.5 installed. Keywords: starcat, jass, security, jumpstart, secure by default Previously Published As 79971 Product_uuid d842dd03-059b-11d8-84cb-080020a9ed93|Sun Fire E25K Server 1404a2d3-059a-11d8-84cb-080020a9ed93|Sun Fire E20K Server 29e4659c-0a18-11d6-9fa1-e67bbc033df8|Sun Fire 15K Server 077fd4c5-df8f-4320-ad69-7d01603a674d|Sun Fire 12K Server Attachments This solution has no attachment |
||||||||||||
|