go to the center for internet security and download the solaris benchmark http://cisecurity.org/en-us/?route=downloads.benchmarks
the solaris benchmark explains briefly the purpose of each service and why it should be disabled. also, on solaris 10, look the man page of netservices ----------------------------- Shen Yang Be Happy Be Nice "Dombrowski, Neil" <[email protected]> Sent by: [email protected] 04/19/2010 02:48 PM Please respond to Solaris-Users mailing list <[email protected]> To Solaris-Users mailing list <[email protected]> cc Subject [Solaris-Users] FW: soft hardening > -----Original Message----- > From: [email protected] [mailto:solaris-users- > [email protected]] On Behalf Of Dombrowski, Neil > Sent: Monday, April 19, 2010 1:43 PM > To: Solaris-Users mailing list > Subject: [Solaris-Users] soft hardening > > I'd like to do a minimal amount of hardening on some internal-only > servers. I came up with a list of services that I plan on disabling, > and wanted to get feedback on whether any of these are considered > necessary or a safety hole. FWIW, I'm not planning on any telnet/ftp, > don't really care if I have a GUI login, and don't plan on using NFS > mounting in my environment at all. Oracle, jboss/tomcat, ssh are my > main concerns. > > Thanks, > Neil > > svc:/network/cde-spc:default > svc:/network/rpc/cde-ttdbserver:tcp > svc:/network/rpc/rstat:default > svc:/network/shell:default > svc:/application/print/ppd-cache-update:default > svc:/network/finger:default > svc:/network/ftp:default > svc:/network/iscsi/initiator:default > svc:/network/login:rlogin > svc:/network/nfs/cbd:default > svc:/network/nfs/client:default > svc:/network/nfs/mapid:default > svc:/network/nfs/nlockmgr:default > svc:/network/nfs/rquota:default > svc:/network/nfs/status:default > svc:/network/rpc/cde-calendar-manager:default > svc:/network/rpc/rusers:default > svc:/network/telnet:default > svc:/system/identity:domain > _______________________________________________ > Solaris-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/solaris-users I should have added; if there's a page that lists what services are commonly enabled/disabled, please let me know. Most sites I've looked at so far talk about "disable unnecessary services", but fail to specify what each service is used for, or the ramifications of disabling them. Thanks, Neil _______________________________________________ Solaris-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/solaris-users This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message. _______________________________________________ Solaris-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/solaris-users
