Dennis Clarke wrote:
The generic_limited_net.xml service profile says the following :
The purpose of the limited_net profile is to provide a set of
active services that allow one to connect to the machine via ssh
(requires sshd). The services which are deactivated here are those
that are at odds with this goal. Those which are activated are
explicit requirements for the goal's satisfaction.
If one uses svccfg to apply that profile then I would think that the system
would no longer be listening on many many network ports.
If you want to minimize network ports, use "netservices limited", which should
shut down everything but ssh from listening on the network (most will still be
running - just only accessible locally). For more info, see the Secure By
Default project at:
http://www.opensolaris.org/os/community/security/projects/sbd/
--
-Alan Coopersmith- [EMAIL PROTECTED]
Sun Microsystems, Inc. - X Window System Engineering
_______________________________________________
opensolaris-discuss mailing list
[email protected]
