Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1002268.1
Update Date:2011-07-13
Keywords:
Solution Type  Technical Instruction Sure

Solution  1002268.1 :   Sun Fire[TM] 12K/15K/E25K/E20K Servers: nfs.server and tftpboot services may be open on a System Controller that has Solaris[TM] Security Toolkit software installed or System Management Services 1.5 with Secure by Default.  

Related Items 
    

  • Sun Fire E25K Server
    •  
  • Sun Fire E20K Server
    •  
  • Sun Fire 12K Server
    •  
  • Sun Fire 15K Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: SF-Exxk
    •  
  • .Old GCS Categories>Sun Microsystems>Servers>High-End Servers
    •  

PreviouslyPublishedAs
203193 




Applies to: 
 
Sun Fire 12K Server
Sun Fire 15K Server
Sun Fire E20K Server
Sun Fire E25K Server
All Platforms



Goal

This document addresses nfs.server and tftpboot services may be open on a System Controller that has Solaris[TM] Security Toolkit software installed or System Management Services 1.5 with Secure by Default.


After following the documentt: "Securing the Sun Fire[TM] 12K and 15K System Controllers" at


 http://download.oracle.com/docs/cd/E19957-01/816-6694-10/816-6694-10.pdf,


and using the "Solaris[TM] Security Toolkit"


 http://download.oracle.com/docs/cd/E19056-01/sec.tk42/


your System Controller can still be used as your domain's Operating System installation server, but will leave open tftp and nfs.server until all clients have been removed.




Solution

Since the Starcat platform has an internal network to each of its domains, the System Controller is the perfect place to create a Solaris JumpStart[TM] software server.
If your platform is secure, you will have no problems using your System Controller as a boot server, but after you run "add_install_client" for the first time, this will turn on nfs.server, and tftp.  After you are finished with installing Solaris[TM] Operating System(OS), you can stop these services by running the rm_client script for each client.  This script will remove the
/tftpboot files for this domain and remove the entry from the /etc/bootparams file.

If this domain is the last machine-client the system has, it will also unshare the installation directory, remove the entry from the dfstab file for nfs.server, remove the /etc/bootparams file, and remove the /tftpboot directory.  


If you do not remove the clients, the System Controller will still run these services until either this script is run, or the changes are made manually. Even after system reboots with "Solaris Security Toolkit" installed, these services will be restarted.

Product
Sun Fire E25K Server

Sun Fire E20K Server

Sun Fire 15K Server

Sun Fire 12K Server


Internal Section


System Management Services(SMS) 1.5 and above will be "Secure by Default", so the Solaris Security Toolkit will be already configured out of the box. Most installations do use the System Controller(SC) as a jumpstart server, so this will effect all installations that have SMS 1.5 installed.


Keywords: starcat, jass, security, jumpstart, secure by default


Previously Published As 79971


Product_uuid

d842dd03-059b-11d8-84cb-080020a9ed93|Sun Fire E25K Server

1404a2d3-059a-11d8-84cb-080020a9ed93|Sun Fire E20K Server

29e4659c-0a18-11d6-9fa1-e67bbc033df8|Sun Fire 15K Server

077fd4c5-df8f-4320-ad69-7d01603a674d|Sun Fire 12K Server





Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback