Security and Network Setup System Guide
4-8 Common Controller
Solaris file permissions secured
The fix-modes utility (from the Solaris Security Toolkit) adjusts
group and world write permissions. It is run with the '-s' option to
secure file permissions for Solaris files that were created at
install time only. Customer-generated files will not be affected.
NOTE: When this command is run, a file called /var/sadm/
install/content.mods is left. Do not delete this file. It contains
valuable information needed by fix modes to revert the changes
to the system file permissions if the security setting is changed
back to medium.
Network and name service changes
Disabling secure name service databases
The following databases are disabled when Security is invoked:
• passwd(4)
• group(4)
• exec_attr(4)
• prof_attr(4)
• user_attr(4)
Multicast routing disabled
Multicast is used to send data to many systems at the same
timewhile using one address.
OS and host information hidden
The ftp, telnet and sendmail banners are set to null so that users
in cannot see the hostname and OS level. (Note that all of
these services are prohibited with a 'high' security setting, but if
they are re-enabled manually the hostname information will
remain hidden.)
Sendmail daemon secured
Sendmail is forced to perform only outgoing mail. No incoming
mail will be accepted.