advice for a solaris n00b - Solaris

This is a discussion on advice for a solaris n00b - Solaris ; Hiya all, Just installed Solaris 10, x86, I plan to use the machine purely as a desktop machine. When I have done this with BSD and linux machines in the past, there are usually services running in the background that ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: advice for a solaris n00b

  1. advice for a solaris n00b

    Hiya all,

    Just installed Solaris 10, x86, I plan to use the machine purely as a
    desktop machine. When I have done this with BSD and linux machines in
    the past, there are usually services running in the background that I
    dont need, so I turn them off.

    I decided to hop onto my server (OpenBSD) and portscan the solaris box.

    # nmap -p 1-32767 -vvv -sS 192.168.100.105

    Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-09-19 16:08 EST
    Initiating ARP Ping Scan against 192.168.100.105 [1 port] at 16:08
    The ARP Ping Scan took 0.00s to scan 1 total hosts.
    DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 1, OK: 0, NX: 1, DR:
    0, SF: 0, TR: 1, CN: 0]
    Initiating SYN Stealth Scan against 192.168.100.105 [32767 ports] at 16:08
    Discovered open port 23/tcp on 192.168.100.105
    Discovered open port 21/tcp on 192.168.100.105
    Discovered open port 25/tcp on 192.168.100.105
    Discovered open port 22/tcp on 192.168.100.105
    SYN Stealth Scan Timing: About 3.73% done; ETC: 16:22 (0:12:53 remaining)
    Discovered open port 6000/tcp on 192.168.100.105
    Discovered open port 514/tcp on 192.168.100.105
    Discovered open port 7100/tcp on 192.168.100.105
    Discovered open port 5987/tcp on 192.168.100.105
    Discovered open port 513/tcp on 192.168.100.105
    Discovered open port 898/tcp on 192.168.100.105
    Discovered open port 5988/tcp on 192.168.100.105
    Discovered open port 4045/tcp on 192.168.100.105
    Discovered open port 6788/tcp on 192.168.100.105
    Discovered open port 6789/tcp on 192.168.100.105
    Discovered open port 111/tcp on 192.168.100.105
    Discovered open port 587/tcp on 192.168.100.105
    Discovered open port 79/tcp on 192.168.100.105

    Interesting ports on 192.168.100.105:
    (The 32750 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    25/tcp open smtp
    79/tcp open finger
    111/tcp open rpcbind
    513/tcp open login
    514/tcp open shell
    587/tcp open submission
    898/tcp open sun-manageconsole
    4045/tcp open lockd
    5987/tcp open unknown
    5988/tcp open unknown
    6000/tcp open X11
    6788/tcp open unknown
    6789/tcp open unknown
    7100/tcp open font-service

    And god knows how many more it will find if I had let it do
    the whole range.... Theres things I dont want
    running like telnet!, sshd, ftpd etc on the solaris machine. How do I
    get a list of services that are running, and which ones can I turn off
    without breaking the whole system? is there a guide on this, tweaking
    the system (that applies to solaris 10)?

    I only need the bare minimum on the machine to support desktop usage
    (web browsing, irc, email etc).

    It scares me theres probably 100 or so services running in the
    background that I dont know what they do or even if they are safe.


    Any suggestions appreciated.

    Alex

  2. Re: advice for a solaris n00b

    hi,

    most of the services can and should be disables.

    in solaris 10 run:

    svcs -a

    to see which services are enabled and under der controll manager.

    the other services can be disabled in the /etc/inetd.conf oder by changing
    the /etc/rc2.d and /etc/rc3.d startup-scripts.

    Which services you need depends on which services you want to run.

    for example: nfs requires rpcbind, X11 requires the font-service...

    mike



  3. Re: advice for a solaris n00b

    Michael Schreiber wrote:
    > hi,
    >
    > most of the services can and should be disables.
    >
    > in solaris 10 run:
    >
    > svcs -a


    As a starting point you could apply the profile:

    svccfg apply /var/svc/profile/generic_limited_net.xml

    This should disable most network services.

    --
    Daniel

  4. Re: advice for a solaris n00b

    On Tue, 19 Sep 2006, Alex wrote:

    > I only need the bare minimum on the machine to support desktop usage (web
    > browsing, irc, email etc).
    >
    > It scares me theres probably 100 or so services running in the background that
    > I dont know what they do or even if they are safe.
    >
    > Any suggestions appreciated.


    One suggestion: download and install the latest Solaris Express, as
    I believe it now includes "secure by default". Many, if not all,
    of the services you want to disable will be disabled.

    HTH,

    --
    Rich Teer, SCNA, SCSA, OpenSolaris CAB member

    President,
    Rite Online Inc.

    Voice: +1 (250) 979-1638
    URL: http://www.rite-group.com/rich

  5. Re: advice for a solaris n00b

    Rich Teer wrote:
    > On Tue, 19 Sep 2006, Alex wrote:
    > One suggestion: download and install the latest Solaris Express, as
    > I believe it now includes "secure by default". Many, if not all,
    > of the services you want to disable will be disabled.
    >
    > HTH,


    Hi,

    What is Solaris Express?

    From the site:

    Download Now! Solaris Express 8/06, CD 1, Multi-language
    sol-nv-b44-x86-v1-iso.zip 303.20 MB
    Download Now! Solaris Express 8/06, CD 2, Multi-language
    sol-nv-b44-x86-v2-iso.zip 426.34 MB
    Download Now! Solaris Express 8/06, CD 3, Multi-language
    sol-nv-b44-x86-v3-iso.zip 271.02 MB
    Download Now! Solaris Express 8/06, CD 4, Multi-language
    sol-nv-b44-x86-v4-iso.zip 598.35 MB
    Download Now! Solaris Express 8/06, CD 5, Multi-language
    sol-nv-b44-x86-v5-iso.zip 495.47 M

    Downloading the operating system again? Would this still be
    Solaris 10?

  6. Re: advice for a solaris n00b

    On 2006-09-20 15:22:30 +0100, Alex said:

    > Rich Teer wrote:
    >> On Tue, 19 Sep 2006, Alex wrote:
    >> One suggestion: download and install the latest Solaris Express, as
    >> I believe it now includes "secure by default". Many, if not all,
    >> of the services you want to disable will be disabled.
    >>
    >> HTH,

    >
    > Hi,
    >
    > What is Solaris Express?


    It is Sun's binary release of OpenSolaris + some bits that aren't open
    source yet. Sun don't sell support for it, whereas they do sell support
    for Solaris 10.

    This FAQ is worth a read:



    > Downloading the operating system again? Would this still be
    > Solaris 10?


    Yes, but with lots of updates that aren't yet part of a supported release.

    Cheers,

    Chris


+ Reply to Thread