Your list looks like a good start. I'd bet there are quite a few more though. I would definitely disable all of the GNOME/CDE/WBEM/SMC desktop related cruft.
In general, I'm a big fan of not even installing it if I don't need it. Less to secure, less to patch, less that can go wrong. However, there are some packages (the list seems to grow daily) that require other packages to be installed in order to install/run, even if those other packages are never referenced. There are others that come bundled with services I do need. Those should be the only ones that are installed, but disabled in my view. For Solaris 10, look at the Reduced Networking Core System Support metacluster. You can relatively easily use it as a base and add only those packages you need. If you also use Glenn Brunette's Solaris Package Companion, you can easily resolve any dependency issues you run across. fpsm On Mon, Oct 20, 2008 at 11:43 AM, Christine Tran <[EMAIL PROTECTED]> wrote: > I am building some zones which are apps hosters, they won't have > users; the platform itself is headless and I don't anticipate any > non-text admin work. I ran JASS secure.driver, but some services are > left which I am contemplating switching off as well. They are: > > online Oct_17 svc:/application/stosreg:default > online Oct_17 svc:/application/font/fc-cache:default > online Oct_17 svc:/application/opengl/ogl-select:default > online Oct_17 svc:/application/management/wbem:default > online Oct_17 svc:/application/cde-printinfo:default > online Oct_17 svc:/application/graphical-login/cde-login:default > online Oct_17 svc:/system/webconsole:console > > Thoughts? More to turn off? > > CT > _______________________________________________ > sysadmin-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss > _______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
