Re: Hardening a Solaris system.

From: Casper H.S. Dik (Casper.Dik_at_Sun.COM)
Date: 11/17/03 

Date: 17 Nov 2003 10:02:15 GMT

see_my_signature_for_my_real_address@hotmail.com (Dr. David Kirkby) writes:

>I've reduced /etc/initd.conf to just the CacheFS Daemon. That I admit
>I don't know anything about, but I guess from its name that it might
>impact performance if its not running. That said, given anyone can
>download from the web server at a maximum of 256 kbit, the system is
>going to be limited by the ADSL connection and I doubt it makes one
>ounce of difference the peformance of the Sun. Curretly it has dual
>125 MHz CPUs, but I think I might put them to better use and use a
>slower CPU - not that I find the HyperSPARC that good anyway.

The cachefs daemon is only useful if you're using cachefs; if not,
it serves no purpose.

>I've not installed tcp_wrappers. I can't help but feel that is a bit
>surplorous, with ipfilter in place, but perhaps I'm wrong. In any case
>there is a hardware firewall too, which does block outgoing traffic in
>addition to that coming in.

Tcp wrappers are integrated in S9 inetd; so you can easily enable theml
but if you don't use inetd, there's really no point in tcp wrappers.

Casper 

-- 
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.