On 11/25/06, Alan Coopersmith <[EMAIL PROTECTED]> wrote:
Dennis Clarke wrote:
> The generic_limited_net.xml service profile says the following :
>
> The purpose of the limited_net profile is to provide a set of
> active services that allow one to connect to the machine via ssh
> (requires sshd). The services which are deactivated here are those
> that are at odds with this goal. Those which are activated are
> explicit requirements for the goal's satisfaction.
>
> If one uses svccfg to apply that profile then I would think that the system
> would no longer be listening on many many network ports.
If you want to minimize network ports, use "netservices limited", which should
shut down everything but ssh from listening on the network (most will still be
running - just only accessible locally). For more info, see the Secure By
Default project at:
http://www.opensolaris.org/os/community/security/projects/sbd/
From netservices(1M)
Note that the netservices command has an interface stability
of Obsolete.
Surprising a bit, considering it appeared only in Solaris Express recently.
--
Regards,
Cyril
_______________________________________________
opensolaris-discuss mailing list
[email protected]
