I received 4-5 responses to my original question, which is attached below. Thanks again for all of the help. I got some good info, but the true answer came from Sun. What I was looking for was how to find out what the different Solaris install levels are and what the mean as far as security. Naturally, less installed is better in this case. I was also looking to find out what level a system that had been jumpstarted was at, without being able to look at the jumpstart server. There is one handy file that lets you know what level any machine is at: /var/sadm/system/admin/CLUSTER The different install levels and the associated cluster name are as follows: SUNWCXall - Full Distribution + OEM Support SUNWCall - Full Distribution SUNWCprog - Developer SUNWCuser - End User SUNWCreq - Core To find out what software level a jumpstart server is imaging to clients, you will need to look in your rules.ok file, for the config file it calls that will setup the disk partitioning (sorry I don't know the official name for this config file) for each client. We have several of these files that are used depending on the size of the disk in the client. In that config file, you will find a "cluster" entry that will correspond with the above list to let you know what level the clients are being installed with. Or simply grep "cluster" out of that config directory. Other suggestions: 1) Links to whitepapers and blueprints: http://www.enteract.com/~lspitz/armoring2.html http://www.sun.com/blueprints/1100/minimize-updt1.pdf **this is a good one 2) look at jass on the sun site. it will point you to not just jass, but tons of security stuff including software installs. sun is as helpless as all the other *nix's when it comes to some security concerns in the os because they all inherit from the same unix & application tree, but sun does have quite good security assistance if you check it out. 3)Somewhere on the installation CDs you will find a text file (I believe its name is .cluster_toc; it's probably in the Product/ subdirectory) that lists the individual packages that are part of each of the standard installation clusters (SUNWCreq, SUNWCuser, SUNWCprog, etc.) You probably want to start either with SUNWCreq or with SUNWCuser. There is a Sun Blueprint document on minimizing your Solaris installation for security. Go to http://www.sun.com/blueprints/ and look around. (Other documents may be of interest to you, as well as tools such as JASS.) 4)Core: Just the funstionality without CDE or man pages Developer:OS with CDE and man pages Entire distribution: the full OS Entire distribution 0with OEM :for sparc comps 5)Can not tell you the runlevels, but this is my MINIMAL server pkglist. system SMEvplr SME platform links system SMEvplu SME usr/platform links system SUNWadmr System & Network Administration Root system SUNWcar Core Architecture, (Root) system SUNWcg6 GX (cg6) Device Driver system SUNWcsd Core Solaris Devices system SUNWcsl Core Solaris, (Shared Libs) system SUNWcsr Core Solaris, (Root) system SUNWcsu Core Solaris, (Usr) system SUNWdfb Dumb Frame Buffer Device Drivers system SUNWdtcor Solaris Desktop /usr/dt filesystem anchor system SUNWesu Extended System Utilities system SUNWglmr Symbios 875/876 SCSI device driver, (Root) system SUNWhmd SunSwift SBus Adapter Drivers system SUNWidecr IDE device drivers system SUNWider IDE Device Driver, (Root) system SUNWkey Keyboard configuration tables system SUNWkmp2r PS/2 Keyboard and Mouse Device Drivers, (Root, 32-bit) system SUNWkvm Core Architecture, (Kvm) system SUNWlibms Sun WorkShop Bundled shared libm system SUNWloc System Localization system SUNWluxop Sun Enterprise Network Array firmware and utilities system SUNWpd PCI Drivers system SUNWpl5u Perl 5.005_03 system SUNWqfed Sun Quad FastEthernet Adapter Driver system SUNWrmodu Realmode Modules, (Usr) system SUNWscpu Source Compatibility, (Usr) system SUNWscpux Source Compatibility (Usr) (64-bit) system SUNWses SCSI Enclosure Services Device Driver system SUNWsolnm Solaris Naming Enabler system SUNWswmt Install and Patch Utilities system SUNWudf Universal Disk Format 1.50, (Usr) system SUNWudfr Universal Disk Format 1.50 system SUNWxwdv X Windows System Window Drivers system SUNWxwkey X Windows software, PC keytables system SUNWxwmod OpenWindows kernel modules > For security reasons we are looking to minimize the level of software > that is installed during our new Solaris 8 (4/01) installs via > jumpstart. I'm looking for information as to what software is or is not > installed at each level from full OEM to the most basic/minimal install. I'm > also looking to find out how to tell what level a client was installed with. > The application that is running on this machine does need network > connectivity to communicate with clients via some TCP and UDP ports, but > little else. I definitely want to omit many of the development tools, > java, apache > and possibly even CDE. Does anyone have information that would help me > choose the correct level based on security concerns? > > Thanks in advance, > > Mark _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Feb 12 15:42:18 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:34 EST