Jeff, I typically also disable: autofs disable name-service-cache cron might be possible to disable, but I would'nt do that
If you really want to minimize you also could disable inetd rpc/bind ssh But then you are only able to login into your zone with zlogin. But that might be enough for a router. Detlef Kais Belgaied schrieb am 16.10.09 05:28: > On 10/15/09 15:25, Jeff Victor wrote: >> I would like to set up a zone to be a router - and nothing else - in a >> virtual network that is using crossbow on OpenSolaris 2009.06. I am >> trying to create a list of all of the necessary commands. >> >> Assume that: >> * the zone will have two VNICs: one going to the outside world via a >> NIC, and one going to an internal switch to which other zones are >> connected >> * the zone and its VNICs have been created >> * I want to disable all unnecessary services to harden the router-zone >> >> What commands do I need in the zone to persistently enable routing? So >> far I have: >> >> router-zone# svcadm enable svc:/network/ipv4-forwarding >> >> Also, what services can I disable? > > try netservices limited inside the zone to disable all network services, > except sshd. > > Kais >> >> TIA, >> --JeffV >> >> _______________________________________________ >> crossbow-discuss mailing list >> crossbow-discuss at opensolaris.org >> http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss >> > > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss -- Sent from my OpenSolaris Laptop --- Detlef Drewanz Senior Systems Engineer Sun Microsystems GmbH Phone: (+49 30) 747096 856 Komturstrasse 18a mailto:detlef.drewanz at sun.com D-12099 Berlin http://blogs.sun.com/solarium --- Sitz der Gesellschaft: Sonnenallee 1, D-85551 Kirchheim-Heimstetten Amtsgericht Muenchen: HRB 161028 Geschaeftsfuehrer: Thomas Schroeder,Wolfgang Engels,Wolf Frenkel Vorsitzender des Aufsichtsrates: Martin Haering
