As usual, weve released a patchset of all the patches contained in solaris 10 1 update 11. To determine the state of the x font server on solaris 8 and solaris 9 systems the etcinetnf see nf4 file will contain entry similar to the following. If settings in the asetenv file have been modified, then system vulnerabilities may not be detected. The delegated restarter inetd performs some common actions such as port binding on behalf of the services it manages. The patches that are listed in this chapter have been applied to the solaris 10 operating system in one of the following ways. The services that were previously configured using this file are now configured and. The patches that are listed in this chapter have been applied to the solaris 10 operating system in. The etcnf file is the default configuration file for the inetd superserver daemon. Remove unused entries from nf use tcp wrappers on remaining entries use inetdtfor extra. Installing the required oracle solaris 10 patches oracle.
Service management facility smf in the solaris 10 operating system february 2006 smf repository at the core of smf is the configuration repository, which stores service configuration information in local memory and local files. This is a short overview of solaris 10 kernel patches. The x font server can be started manually, but is normally started by the service management facility smf5 or the internet services daemon inetd1m. The inetd daemon starts up internet standard services when a system boots, and can restart a service while a system is running.
We no need to bring down the server to single user mode if you are using live upgrade method during pathing and before choosing live upgrade,make sure you are using zfs as a root filesystem. Solaris os patching has been moved far away from the traditional methods from solaris 10 onwards. The purpose of the server is important to determine what services are to be commented out in the inetd. For each configured service, it listens for requests from connecting clients. Installation of clearcase on solaris 10 results in the following warnings displayed in the installation log about enabling rstatd startup. The solaris 10 software includes a known and tested level of patches. Use the service management facility smf to modify the standard internet services or to have additional services started by the inetd daemon use the following smf commands to manage services started by inetd.
The nf file is on older versions of linux, and nf is on the newer versions. Oracle solaris 10 1 update 11 patch bundle for sparc systems. Solaris patching documentation center oracle technology. Then add the following line to the end of etcinet inetd.
You can also go through the below interface questions on specific category. I have found that when inetd starts apps in solaris 10 it sets the effective userid to that of the name in the inetadm entry, but dos not change the real user id, which stays as root. Scott lynn put together a very informative blog on solaris 10 extended support detailing the benefits that customers can get by. Using solaris jumpstart with the solaris 10 os for x86x64 platforms. We no need to bring down the server to single user mode if you are using live upgrade method during pathing and b efore choosing live upgrade,make sure you are using zfs as a root filesystem. Rshd rsh daemon bsd protocols shell stream tcp nowait root usrsbinin. Scott lynn put together a very informative blog on solaris 10. Then add the following line to the end of etcinetnf. Students will have access to both sparc and x86based solaris servers to perform their labs. This is a change from earlier releases of solaris, where inetd set both the real and effective userid to that of the name in the inetd. The inetd etcnf file inetd, called also the super server, will load a network program based upon a request from the network. Till solaris 10, below were the steps i followed to create an inetd service which worked fine for me, below are steps. Solaris 10 extended support will run thru january 2021.
Filter specific services which are run from the service management facility smf or from the etc inet inetd. This is a change from earlier releases of solaris, where inetd set both the real and effective userid to that of the name in the nf file. Disable inetdservices remote admin requires login shell access and file transfer ssh does both securely consider running ssh and turning off inetdcompletely if you must run inetd. The nf file basically provides enabling and mapping of services the systems administrator would like to have multiplexed through inetd 8, indicating which program should be started for incoming requests on which port. The nf file tells inetd which ports to listen to and what server to start for each port the first thing to look at as soon as you put your linux. For many network services such as rlogin, ftp, etc.
As shipped, this file describes all currently supported qnx neutrino tcpip daemons and some nonstandard pidin services. What the article fails to mention is that its only older installs that are vulnerable by default solaris versions up through solaris 10 606 run xfs by default from inetd listening to the network. When the inetd daemon receives a network request, it runs the associated command in the inetd. Theres general information about securing solaris, patches to know about, tools to use. External executables, which are run on request, can be single or. If you dont have a solaris setup to work,just install solaris as guest operating system on vmware workstations and get a hands on experience. Multiple security issues within the x font server xfs1. When the listener program started by inetd inherits the locale from inetd, it is possible that the mqmde is not honored merged and is placed on the queue as message data. Patches released after the solaris 10 10 08 release can be found on the my oracle support. If you ever want to disable the ftp service, you need to comment out the appropriate line in both etcservices and etcinetd. Solaris init scripts dont recognise restart, you have to do a stop and start if you really want to stopstart inetd without effecting other services do.
Enabling rstatd startup warnings during clearcase install on. Install the kernel patch of a solaris 10 update release is not the same as do an upgrade to the solaris 10 update release. Both sparcbased and x86based versions of solaris are covered in this course. To determine the state of the x font server on solaris 8 and solaris 9 systems the etcinetinetd. For solaris operating system releases prior to the adoption of smf such as solaris 9, the inetd.
These patches were applied when the solaris 10 os was created. Solaris 10 1 patchset released and latest solaris 10. The solaris 10 10 08 patch list provides a list of patches preapplied to the solaris 10 10 08 release. Patches released after the solaris 10 1008 release can be found on the my oracle support.
The showrev p command provides a list of all patches that were applied to the installed system, regardless of how they were applied. Jul 03, 2012 solaris os patching has been moved far away from the traditional methods from solaris 10 onwards. Therefore, these patches are not located in the varsadm patch directory. Sun microsystems solaris jumpstart technology is used to automate the installation of the solaris operating system and other associated software on multiple nodes of a network.
But the recommendation is always to use the latest solaris 10 recommended patchset. The inetd nf file from securing and optimizing linux by gerhard mourani old red hat inetd configuration is like solaris. Jumpstart server configuration solaris 10 the moron. Increase the level of security by requiring des encryption for your authentication mechanism by adding the s 2 flag to the end of the sadmind line in nf. The file etcnf does not contain an entry for the rstatd server. The solaris system automated security enhancement tool aset configurable parameters in the asetenv file must be correct. Login or register for dates, times and to reply thread tools. Enabling rsh and rexec protocols for cube servers on.
X font server xfs security hole in solaris oracle solaris. Preinstallation checklist the install server or boot server is in the same local network segment as client with network link up. Mar 14, 2008 with solaris 10, we dont use either inetd or xinetd, but smf. Sun microsystems solaris jumpstart technology is used to automate the installation of the solaris operating system and other associated software on multiple nodes of. Solaris 10 kernel patches looks hard, but it isnt oracle. How to find the oracle solaris critical patch update cpu patchsets, recommended os patchsets for oracle solaris and oracle solaris update patch bundles doc id 1272947. Installation command yum install xinetd 07022008, 03. Requests are served by spawning a process which runs the appropriate executable, but simple services such as echo are served by inetd itself. Newly created inetd service always in maintenance state in solaris 11. The operating system will be oracle solaris 10 sunos 5.
Each server entry is composed of a single line of the form. On other unix and linux systems including solaris 9. Configuring smf services oracle solaris administration. Thankfully, we can convert inetd entires into the smf repository with the inetconv command. The first thing to look at as soon as you put your linux system on any network is what services you need to. This converts the entries placed in etcnf to the new solaris 10 smf format. For a very secure system, replace the standard nf with one that just. A sample etcservices file, shown below, defines port numbers for most of the commonly used services tcpmux 1tcp echo 7tcp echo 7udp discard 9tcp sink null discard 9udp sink null systat 11tcp users daytime tcp daytime udp netstat 15tcp chargen 19tcp ttytst source chargen 19udp ttytst source ftpdata. As noted in the zdnet posting x font server flaw hits sun solaris hard, the recently announced x font server vulnerabilities not only affect solaris, but are exposed to the network by default in some solaris installs what the article fails to mention is that its only older installs that are vulnerable by default solaris versions up through solaris 10 606 run xfs by default from inetd. Solaris 10, start inetd in a zone not working unix. The solaris 10 1008 patch list provides a list of patches preapplied to the solaris 10 1008 release. If downloaded ascertain if downloaded from a secure site.
However, patches cannot be backed out of the solaris 10 release. Use the service management facility smf to modify the standard internet services or to have additional services started by the inetd daemon. This book is for anyone who is responsible for administering one or more systems that run the oracle solaris operating system os. Im trying to install dns in a solaris 10, but there is some strange and is that the inetd file is so short, and in the rc2. This manual page describes nf as it was supported in solaris operating system releases prior to the adoption of service management facility see smf5. General service management is controlled via the svcadm command, but a special command called inetadm is provided to manage network services, together with inetconv to assist in adding further inetdstyle services. Increase the level of security by requiring des encryption for your authentication mechanism by adding the s 2 flag to the end of the sadmind line in inetd. These 4 dependents have their own dependents not started. Enabling rstatd startup warnings during clearcase install.
Dec 29, 2012 jumpstart server configuration solaris 10. The following procedure shows how to change the configuration of a service that is not managed by the inetd service. General service management is controlled via the svcadm command, but a special command called inetadm is provided to manage network services, together with inetconv to assist in adding further inetd style services. The purpose of the server is important to determine what services are to be commented out in the nf file. As long as the internet superdaemon is started up during one of the single or multiple user init states, the ftp service will start. Enabling rsh and rexec protocols for cube servers on solaris. However, it is a good idea to bring it to single user mode before applying the patch cluster. The sun patch page provides all the patches for your specific system configuration. The problem is that when the hpux connects to solaris a.
Linux and solaris and touches on the issue of patching a machine. Security issue involving the solaris sadmind1m daemon oracle. Several operating system patches are required for the proper operation of the compilers and tools in the oracle developer studio 12. Unless you want to add or remove daemon definitions, you dont need to modify this file. In previous releases of solaris, the inetd network daemon was responsible for running network services on demand and was configured by editing the file, etcnf. Posting updated june 6, 20, with new solaris 10 kernel patchids 150400xx sparc and 150401xx x86. After the patches are installed, reboot the system. First alternative solaris 10 inetadm and inetconv example. For you information,from solaris 11 onward,zfs will be the default root filesystem.
Solaris 10 1008 operating system patch list solaris 10 10. Using solaris jumpstart with the solaris 10 os for x86x64. There were a total of 24 solaris 10 patches, including kernel updates, and 4 patchsets released on mos. Here is the basic solaris interview questions which are commonly asked in solaris l1 or l2 level 1 or l2 interviews. Solaris 10 1008 operating system patch list solaris 10. How to apply a solaris recommended patch cluster solaris. The table show which kernel patch revision is included in the solaris 10 update releases and there patch dependencies. The nf file tells inetd which ports to listen to and what server to start for each port the first thing to look at as soon as you put your linux system on any network is what services you need to offer. The symbolic link etcnf exists for bsd compatibility. In solaris 10 release, the old inetdbased facility that is. This general overview is meant to show system administrators how to apply various measures in order to improve the security of their hosts as seen from the internet. Solaris 10 sparc security technical implementation guide. See patch identification numbers and descriptions for oracle solaris 10 platforms for more information about the patches. Server installation manual for solaris siemens global.
Control ascertain whether the latest patches of the operating system is installed. The book covers a broad range of solaris system administration topics such as managing user accounts, diskless clients, booting a system, using the service management facility smf, and managing software and patches. With solaris 10, we dont use either inetd or xinetd, but smf. On the solaris machines, theres an application that sends a series of ascii character separated by lf over to the the hpux. Many inetd services must be mapped to a specific port number. May 10, 20 solaris 10 interview questions may 10, 20 by lingeswaran r 8 comments here is the basic solaris interview questions which are commonly asked in solaris l1 or l2 level 1 or l2 interviews. Explain the clientserver model and enabledisable server processes. So if one of these contains 15040015, use can use that. Solaris 10 1106 and later solaris 10 releases ask you at install time if you want your network services to default to being open or closed. How can i use one or a few command to start inetd and all its dependents and dependents dependents.
81 420 571 1277 1035 569 1624 1324 601 1078 159 322 864 835 1233 310 1611 963 365 218 15 502 840 350 1175 99 1050 56 314 311 1151 172 912 1019 1129 263 1165 1364 1224 170 1142 1208 558