Todos after the first Solaris boot

Give root a separate home

# mkdir /root

Change home-dir in /etc/passwd for root to /root

Use a better password algorithm

More than eight characters for password and better hash

Change CRYPT_DEFAULT=__unix__ to CRYPT_DEFAULT=2a in /etc/security/policy.conf.

Update your Software

Install pca and run

./pca -d --dltries=5 --user=<sunaccount> --passwd=<password>
./pca -i --dltries=5 --user=<sunaccount> --passwd=<password>

Reduce open ports

If you forget to disable "enable network services" during installtion, you can fix this with

netservices limited

creates the windex database (man -k)

catman -w

Disable all unnecessary services

http://opensolaris.org/os/community/security/projects/sbd/sbd_design/

online         23:33:56 svc:/application/cde-printinfo:default
online         23:33:57 svc:/network/rpc/cde-calendar-manager:default
online         23:33:57 svc:/network/rpc/cde-ttdbserver:tcp
online         23:34:00 svc:/application/graphical-login/cde-login:default
online         23:02:17 svc:/network/rpc/bind:default
online         23:02:41 svc:/network/rpc/gss:default
online         23:02:41 svc:/network/rpc/smserver:default
online         23:02:44 svc:/network/rpc-100235_1/rpc_ticotsord:default

Routing zwischen zonen verhindern

ndd /dev/ip get ?

ndd /dev/ip set ip_restrict_interzone_loopback=1

ipadm dladm zfs atime cache

script

AfterbootSolarisScript

Edit | Attach | More topic actions