[SUMMARY] Solaris software install levels?

From: Mark Butscher <mark.butscher_at_clarent.com>
Date: Tue Feb 12 2002 - 16:40:53 EST
I received 4-5 responses to my original question, which is attached
below. Thanks again for all of the help. I got some good info, but the
true answer came from Sun.

What I was looking for was how to find out what the different Solaris
install levels are and what the mean as far as security. Naturally, less
installed is better in this case. I was also looking to find out what
level a system that had been jumpstarted was at, without being able to
look at the jumpstart server. There is one handy file that lets you know
what level any machine is at:  /var/sadm/system/admin/CLUSTER

The different install levels and the associated cluster name are as
follows:
SUNWCXall - Full Distribution + OEM Support
SUNWCall - Full Distribution
SUNWCprog - Developer
SUNWCuser - End User
SUNWCreq - Core

To find out what software level a jumpstart server is imaging to
clients, you will need to look in your rules.ok file, for the config
file it calls that will setup the disk partitioning (sorry I don't know
the official name for this config file) for each client. We have several
of these files that are used depending on the size of the disk in the
client. In that config file, you will find a "cluster" entry that will
correspond with the above list to let you know what level the clients
are being installed with. Or simply grep "cluster" out of that config
directory.

Other suggestions:
1) Links to whitepapers and blueprints:
http://www.enteract.com/~lspitz/armoring2.html
http://www.sun.com/blueprints/1100/minimize-updt1.pdf   **this is a good
one

2) look at jass on the sun site.  it will point you to not
just jass, but tons of security stuff including software
installs.  sun is as helpless as all the other *nix's
when it comes to some security concerns in the os because
they all inherit from the same unix & application tree,
but sun does have quite good security assistance if you
check it out.

3)Somewhere on the installation CDs you will find a text file (I believe
its
name is .cluster_toc; it's probably in the Product/ subdirectory) that
lists
the individual packages that are part of each of the standard
installation
clusters (SUNWCreq, SUNWCuser, SUNWCprog, etc.) You probably want to
start either with SUNWCreq or with SUNWCuser.
There is a Sun Blueprint document on minimizing your Solaris
installation
for security. Go to http://www.sun.com/blueprints/ and look around.
(Other
documents may be of interest to you, as well as tools such as JASS.)

4)Core:  Just the funstionality without CDE or man pages
Developer:OS with CDE and man pages
Entire distribution: the full OS
Entire distribution 0with OEM :for sparc comps

5)Can not tell you the runlevels, but this is my MINIMAL server pkglist.

system      SMEvplr        SME platform links
system      SMEvplu        SME usr/platform links
system      SUNWadmr       System & Network Administration Root
system      SUNWcar        Core Architecture, (Root)
system      SUNWcg6        GX (cg6) Device Driver
system      SUNWcsd        Core Solaris Devices
system      SUNWcsl        Core Solaris, (Shared Libs)
system      SUNWcsr        Core Solaris, (Root)
system      SUNWcsu        Core Solaris, (Usr)
system      SUNWdfb        Dumb Frame Buffer Device Drivers
system      SUNWdtcor      Solaris Desktop /usr/dt filesystem anchor
system      SUNWesu        Extended System Utilities
system      SUNWglmr       Symbios 875/876 SCSI device driver, (Root)
system      SUNWhmd        SunSwift SBus Adapter Drivers
system      SUNWidecr      IDE device drivers
system      SUNWider       IDE Device Driver, (Root)
system      SUNWkey        Keyboard configuration tables
system      SUNWkmp2r      PS/2 Keyboard and Mouse Device Drivers,
(Root,
32-bit)
system      SUNWkvm        Core Architecture, (Kvm)
system      SUNWlibms      Sun WorkShop Bundled shared libm
system      SUNWloc        System Localization
system      SUNWluxop      Sun Enterprise Network Array firmware and
utilities
system      SUNWpd         PCI Drivers
system      SUNWpl5u       Perl 5.005_03
system      SUNWqfed       Sun Quad FastEthernet Adapter Driver
system      SUNWrmodu      Realmode Modules, (Usr)
system      SUNWscpu       Source Compatibility, (Usr)
system      SUNWscpux      Source Compatibility (Usr) (64-bit)
system      SUNWses        SCSI Enclosure Services Device Driver
system      SUNWsolnm      Solaris Naming Enabler
system      SUNWswmt       Install and Patch Utilities
system      SUNWudf        Universal Disk Format 1.50, (Usr)
system      SUNWudfr       Universal Disk Format 1.50
system      SUNWxwdv       X Windows System Window Drivers
system      SUNWxwkey      X Windows software, PC keytables
system      SUNWxwmod      OpenWindows kernel modules



> For security reasons we are looking to minimize the level of software
> that is installed during our new Solaris 8 (4/01) installs via
> jumpstart. I'm looking for information as to what software is or is
not
> installed at each level from full OEM to the most basic/minimal
install. I'm
> also looking to find out how to tell what level a client was installed
with.
> The application that is running on this machine does need network
> connectivity to communicate with clients via some TCP and UDP ports,
but
> little else. I definitely want to omit many of the development tools,
> java, apache
> and possibly even CDE. Does anyone have information that would help me

> choose the correct level based on security concerns?
>
> Thanks in advance,
>
> Mark
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Feb 12 15:42:18 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:34 EST