First of all, a big happy birthday to OpenSolaris! And then on to a new cool thing which soon will appear in Nevada: secure by default!
A couple of days ago PSARC case 2004/368 integrated into Nevada. Unfortunately the ARC case isn't available on the OpenSolaris site yet, but you can take a look in the putback log and see what files it affected.
The whole thing is about making Solaris install in a mode that is secure out of the box. This should be a no brainer, but since Solaris always strive to be backward compatible it is not easy doing a change like this.
All services which have external interfaces, except those required to boot and login locally, are disabled by default at initial installation time. This includes ensuring that networking services are started in a mode where they will only respond to local connections.
The only exception is Secure Shell (/usr/lib/ssh/sshd) which
allows for secure remote access to the newly installed
machine. This enables the administrator to securely access the
machine to complete the configuration of the systems.
This is just phase one of the Secure by Default project, in later phases all Sun Microsystems' bundled and unbundled software will install in a secure mode.
As build 42 isn't even available internally yet, I haven't been able to try it out, but in a few day I expect to have had time to play with it...
[Technorati Tags: Solaris OpenSolaris ]
Posted by Al Hopper on June 14, 2006 at 08:02 PM PDT #
build 42 is out, so no more excuses.. ;-)
BTW, the putback link seems to have moved to http://dlc.sun.com/osol/on/downloads/20060605/on-changelog-20060605.html
Regards, Joep
Posted by Joep Vesseur on June 15, 2006 at 12:56 AM PDT #