Hi, I'm about to install Checkpoint Firewall-1 4.1 under Solaris 7 and would like to do so under the most minimal install. I've read Lance Spitzner's and others' documentation, but I have questions about Solaris / Checkpoint dependencies that I haven't been able to find specific answers to: (1) What minimal Solaris feature-set can I get away with installing? Can I get away with installing the CORE feature-set? (2) What additional packages would I need to install over and above that feature-set, which Checkpoint requires (or which you would otherwise recommend)? Does Checkpoint need FlexLM? SUNWcsu for modload? SUNWter for /bin/ed? Anything else? (3) Does Checkpoint require certain suid/sgid binaries? I'm going to remove suid/sgid from all but a few binaries. By doing so, will I break anything for Checkpoint? Are there any privileged binaries which must remain suid/sgid for Checkpoint's purposes? Would using ACLs with particular binaries interfere with Checkpoint? (4) If (after installation of all software) I mount certain file-systems as read-only (for instance /usr or /opt) or no-suid, will that present a problem for Checkpoint? (5) Are there any inetd-spawned services or RPC services which must remain for Checkpoint (assuming no GUI is installed)? Is IPC required at all? (6) Do you recommend installing the Basic Security Module? (7) Would enabling ip_strict_dst_multihoming interfere with FW-1? (8) Does FW-1 have any other dependencies on the OS which I might inadvertently screw up by hardening the host? And I assume FW-1 4.1 requires Solaris 7 to be installed in 32-bit mode instead of 64-bit, correct? Thanks in advance, -- R. __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
