The solaris 10 10 08 patch list provides a list of patches preapplied to the solaris 10 10 08 release. Solaris 10 kernel patches looks hard, but it isnt oracle. Enabling rstatd startup warnings during clearcase install on. Theres general information about securing solaris, patches to know about, tools to use. Till solaris 10, below were the steps i followed to create an inetd service which worked fine for me, below are steps. Rshd rsh daemon bsd protocols shell stream tcp nowait root usrsbinin. Sun microsystems solaris jumpstart technology is used to automate the installation of the solaris operating system and other associated software on multiple nodes of a network. X font server xfs security hole in solaris oracle solaris. Increase the level of security by requiring des encryption for your authentication mechanism by adding the s 2 flag to the end of the sadmind line in nf. Solaris 10 1008 operating system patch list solaris 10. Preinstallation checklist the install server or boot server is in the same local network segment as client with network link up.
The services that were previously configured using this file are now configured and. For solaris operating system releases prior to the adoption of smf such as solaris 9, the inetd. These patches were applied when the solaris 10 os was created. The delegated restarter inetd performs some common actions such as port binding on behalf of the services it manages. The symbolic link etcnf exists for bsd compatibility. For many network services such as rlogin, ftp, etc. Solaris 10 1 patchset released and latest solaris 10. Scott lynn put together a very informative blog on solaris 10. Service management facility smf in the solaris 10 operating system february 2006 smf repository at the core of smf is the configuration repository, which stores service configuration information in local memory and local files. The problem is that when the hpux connects to solaris a. The inetd etcnf file inetd, called also the super server, will load a network program based upon a request from the network.
When the inetd daemon receives a network request, it runs the associated command in the inetd. External executables, which are run on request, can be single or. The patches that are listed in this chapter have been applied to the solaris 10 operating system in. As usual, weve released a patchset of all the patches contained in solaris 10 1 update 11. Solaris 10 sparc security technical implementation guide. Jumpstart server configuration solaris 10 the moron. Install the kernel patch of a solaris 10 update release is not the same as do an upgrade to the solaris 10 update release. The etcnf file is the default configuration file for the inetd superserver daemon. We no need to bring down the server to single user mode if you are using live upgrade method during pathing and before choosing live upgrade,make sure you are using zfs as a root filesystem. As noted in the zdnet posting x font server flaw hits sun solaris hard, the recently announced x font server vulnerabilities not only affect solaris, but are exposed to the network by default in some solaris installs what the article fails to mention is that its only older installs that are vulnerable by default solaris versions up through solaris 10 606 run xfs by default from inetd. Dec 29, 2012 jumpstart server configuration solaris 10. The solaris 10 software includes a known and tested level of patches. The nf file tells inetd which ports to listen to and what server to start for each port the first thing to look at as soon as you put your linux system on any network is what services you need to offer.
Disable inetdservices remote admin requires login shell access and file transfer ssh does both securely consider running ssh and turning off inetdcompletely if you must run inetd. Remove unused entries from nf use tcp wrappers on remaining entries use inetdtfor extra. The showrev p command provides a list of all patches that were applied to the installed system, regardless of how they were applied. Using solaris jumpstart with the solaris 10 os for x86x64 platforms. Solaris 10 1106 and later solaris 10 releases ask you at install time if you want your network services to default to being open or closed. Configuring smf services oracle solaris administration.
Scott lynn put together a very informative blog on solaris 10 extended support detailing the benefits that customers can get by. The first thing to look at as soon as you put your linux system on any network is what services you need to. However, patches cannot be backed out of the solaris 10 release. The nf file is on older versions of linux, and nf is on the newer versions. This general overview is meant to show system administrators how to apply various measures in order to improve the security of their hosts as seen from the internet. General service management is controlled via the svcadm command, but a special command called inetadm is provided to manage network services, together with inetconv to assist in adding further inetd style services. To determine the state of the x font server on solaris 8 and solaris 9 systems the etcinetinetd. Solaris 10 1008 operating system patch list solaris 10 10. You can also go through the below interface questions on specific category. For you information,from solaris 11 onward,zfs will be the default root filesystem. Sun microsystems solaris jumpstart technology is used to automate the installation of the solaris operating system and other associated software on multiple nodes of. Therefore, these patches are not located in the varsadm patch directory.
The purpose of the server is important to determine what services are to be commented out in the inetd. Students will have access to both sparc and x86based solaris servers to perform their labs. Linux and solaris and touches on the issue of patching a machine. Filter specific services which are run from the service management facility smf or from the etc inet inetd. So if one of these contains 15040015, use can use that. How to find the oracle solaris critical patch update cpu patchsets, recommended os patchsets for oracle solaris and oracle solaris update patch bundles doc id 1272947. What the article fails to mention is that its only older installs that are vulnerable by default solaris versions up through solaris 10 606 run xfs by default from inetd listening to the network. Login or register for dates, times and to reply thread tools. To determine the state of the x font server on solaris 8 and solaris 9 systems the etcinetnf see nf4 file will contain entry similar to the following. Many inetd services must be mapped to a specific port number. The inetd nf file from securing and optimizing linux by gerhard mourani old red hat inetd configuration is like solaris.
If you dont have a solaris setup to work,just install solaris as guest operating system on vmware workstations and get a hands on experience. We no need to bring down the server to single user mode if you are using live upgrade method during pathing and b efore choosing live upgrade,make sure you are using zfs as a root filesystem. Control ascertain whether the latest patches of the operating system is installed. As shipped, this file describes all currently supported qnx neutrino tcpip daemons and some nonstandard pidin services. The book covers a broad range of solaris system administration topics such as managing user accounts, diskless clients, booting a system, using the service management facility smf, and managing software and patches. Several operating system patches are required for the proper operation of the compilers and tools in the oracle developer studio 12. This is a change from earlier releases of solaris, where inetd set both the real and effective userid to that of the name in the nf file. For a very secure system, replace the standard nf with one that just. Use the service management facility smf to modify the standard internet services or to have additional services started by the inetd daemon use the following smf commands to manage services started by inetd. Newly created inetd service always in maintenance state in solaris 11. Thankfully, we can convert inetd entires into the smf repository with the inetconv command. The x font server can be started manually, but is normally started by the service management facility smf5 or the internet services daemon inetd1m. If you ever want to disable the ftp service, you need to comment out the appropriate line in both etcservices and etcinetd.
If settings in the asetenv file have been modified, then system vulnerabilities may not be detected. Installation of clearcase on solaris 10 results in the following warnings displayed in the installation log about enabling rstatd startup. When the listener program started by inetd inherits the locale from inetd, it is possible that the mqmde is not honored merged and is placed on the queue as message data. The inetd daemon starts up internet standard services when a system boots, and can restart a service while a system is running.
The solaris system automated security enhancement tool aset configurable parameters in the asetenv file must be correct. As long as the internet superdaemon is started up during one of the single or multiple user init states, the ftp service will start. Installation command yum install xinetd 07022008, 03. For each configured service, it listens for requests from connecting clients. Using solaris jumpstart with the solaris 10 os for x86x64. General service management is controlled via the svcadm command, but a special command called inetadm is provided to manage network services, together with inetconv to assist in adding further inetdstyle services. Solaris 10 extended support will run thru january 2021. However, it is a good idea to bring it to single user mode before applying the patch cluster. But the recommendation is always to use the latest solaris 10 recommended patchset. Solaris 10 os patching using liveupgrade unixarena. Solaris init scripts dont recognise restart, you have to do a stop and start if you really want to stopstart inetd without effecting other services do.
Solaris patching documentation center oracle technology. The patches that are listed in this chapter have been applied to the solaris 10 operating system in one of the following ways. Enabling rsh and rexec protocols for cube servers on. Multiple security issues within the x font server xfs1. The solaris 10 1008 patch list provides a list of patches preapplied to the solaris 10 1008 release. Enabling rsh and rexec protocols for cube servers on solaris. Patches released after the solaris 10 1008 release can be found on the my oracle support. These 4 dependents have their own dependents not started.
This converts the entries placed in etcnf to the new solaris 10 smf format. The nf file tells inetd which ports to listen to and what server to start for each port the first thing to look at as soon as you put your linux. Requests are served by spawning a process which runs the appropriate executable, but simple services such as echo are served by inetd itself. This is a short overview of solaris 10 kernel patches. Here is the basic solaris interview questions which are commonly asked in solaris l1 or l2 level 1 or l2 interviews. With solaris 10, we dont use either inetd or xinetd, but smf. Jul 03, 2012 solaris os patching has been moved far away from the traditional methods from solaris 10 onwards. The sun patch page provides all the patches for your specific system configuration. Then add the following line to the end of etcinetnf. If downloaded ascertain if downloaded from a secure site. On other unix and linux systems including solaris 9.
Both sparcbased and x86based versions of solaris are covered in this course. The file etcnf does not contain an entry for the rstatd server. After the patches are installed, reboot the system. Increase the level of security by requiring des encryption for your authentication mechanism by adding the s 2 flag to the end of the sadmind line in inetd. Security issue involving the solaris sadmind1m daemon oracle. Posting updated june 6, 20, with new solaris 10 kernel patchids 150400xx sparc and 150401xx x86. I have found that when inetd starts apps in solaris 10 it sets the effective userid to that of the name in the inetadm entry, but dos not change the real user id, which stays as root. First alternative solaris 10 inetadm and inetconv example. A sample etcservices file, shown below, defines port numbers for most of the commonly used services tcpmux 1tcp echo 7tcp echo 7udp discard 9tcp sink null discard 9udp sink null systat 11tcp users daytime tcp daytime udp netstat 15tcp chargen 19tcp ttytst source chargen 19udp ttytst source ftpdata. Enabling rstatd startup warnings during clearcase install. Im trying to install dns in a solaris 10, but there is some strange and is that the inetd file is so short, and in the rc2. Mar 14, 2008 with solaris 10, we dont use either inetd or xinetd, but smf. Solaris 10, start inetd in a zone not working unix. Oracle solaris 10 1 update 11 patch bundle for sparc systems.
How to apply a solaris recommended patch cluster solaris. This manual page describes nf as it was supported in solaris operating system releases prior to the adoption of service management facility see smf5. On the solaris machines, theres an application that sends a series of ascii character separated by lf over to the the hpux. Solaris os patching has been moved far away from the traditional methods from solaris 10 onwards. Unless you want to add or remove daemon definitions, you dont need to modify this file. May 10, 20 solaris 10 interview questions may 10, 20 by lingeswaran r 8 comments here is the basic solaris interview questions which are commonly asked in solaris l1 or l2 level 1 or l2 interviews. The nf file basically provides enabling and mapping of services the systems administrator would like to have multiplexed through inetd 8, indicating which program should be started for incoming requests on which port.
This book is for anyone who is responsible for administering one or more systems that run the oracle solaris operating system os. See patch identification numbers and descriptions for oracle solaris 10 platforms for more information about the patches. This is a change from earlier releases of solaris, where inetd set both the real and effective userid to that of the name in the inetd. The table show which kernel patch revision is included in the solaris 10 update releases and there patch dependencies.
Server installation manual for solaris siemens global. Patches released after the solaris 10 10 08 release can be found on the my oracle support. Explain the clientserver model and enabledisable server processes. Installing the required oracle solaris 10 patches oracle. The purpose of the server is important to determine what services are to be commented out in the nf file. There were a total of 24 solaris 10 patches, including kernel updates, and 4 patchsets released on mos. Each server entry is composed of a single line of the form. How can i use one or a few command to start inetd and all its dependents and dependents dependents. Then add the following line to the end of etcinet inetd. The following procedure shows how to change the configuration of a service that is not managed by the inetd service. Use the service management facility smf to modify the standard internet services or to have additional services started by the inetd daemon. Mar 22, 20 the solaris 10 cpus critical patch updates on mos are archived copies of the solaris 10 recommended patchsets taken on the cpu date. In solaris 10 release, the old inetdbased facility that is.
1527 920 977 999 1204 1250 13 419 172 998 893 681 785 161 197 168 1490 229 1255 75 175 608 1095 1188 187 968 65 547 720 906