SmartOS is designed to be secure by default. The global zone meets or exceeds several hardening guides I've seen for Solaris (even though that's not a direct analogy, it's pretty close), although, don't rest on my word :-). Make sure that you check the things that are important to you and your organization. As far as the global zone and platform image go, the general advice is that latest is best. Our security advisories are posted here: https://help.joyent.com/hc/en-us/categories/203850608-Triton-Security-Advisories <https://help.joyent.com/hc/en-us/categories/203850608-Triton-Security-Advisories> That includes both advisories for both SmartOS platform images and Triton.
For non-global zones, the base images only have the SSH service enabled, and usually complies with the modern "best practice" at the time of image creation. E.g., or options in /etc/security. On top of that, base images also include pkgsrc and some default installed packages. You can use pkg_admin fetch-pkg-vulnerabilities and pkg_admin audit commands to find installed software with known vulnerabilities. This doesn't necessarily always mean there's a fix ready to be installed, but you can file a bug with us, and optionally open a pull request or compile your own until the update is available in our repo. These are the things that are particular to SmartOS. Naturally other security best practices need to be adhered to as well. -- Brian Bennett Systems Engineer, Cloud Operations Joyent, Inc. | www.joyent.com <http://www.joyent.com/> > On Jan 25, 2018, at 12:22 PM, Jeremy <[email protected]> wrote: > > Hello, > > Looking for some pointers on general security with smartos base images. Been > using OpenBSD for web & db servers for years, but now exploring smartos as an > alternative for both. > > Thanks. > smartos-discuss | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/26986985-d0246faa> | > Modify <https://www.listbox.com/member/?&;> Your Subscription > <http://www.listbox.com/>
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
