Join/Renew Benefits Sage Programs SysAdmin Resources Jobs Board SAGE Home
The USENIX Special Interest Group for Sysadmins

Solaris Service Configuration

CONFIGURING SERVICES

Disabling Unneeded System Services

 When the system is booted the init process uses entries in the /etc/inittab to bring the system to the desired state. It does this by executing the scripts (S for start and K for kill) in the appropriate /etc/rc*.d directories. The rc* directories are organized by run level, and many of the entries in these directories are links to files in the directory /etc/init.d.

Disabling system services requires that the service's startup script be removed from the appropriate rc directory.

Specific Procedures
  • Remove all files EXCEPT the following from /etc/rcS.d:
    S30rootusr.sh S40standardmounts.sh S50drvconfig
    S60devlinks S70buildmnttabs
    (.sh in Solaris 2.6)    		  
  • Remove all files EXCEPT the following from /etc/rc2.d:
    S01MOUNTFSYS S05RMTMPFILES S20sysetup S69inet
    S72inetsvc S74syslog S75cron S88utmpd

    If you are using a cluster that includes a graphical user interface, leave the following additional files:

    S71rpc S99dtlogin    
  • Remove all files EXCEPT the following from /etc/init.d:
    MOUNTFSYS RMTMPFILES inetsvc standardmounts
    buildmnttab rootusr sysetup devlinks
    cron drvconfig syslog inetinit
    utmpd      

    If you are using a cluster that includes a graphical user interface, leave the following additional files:

    rpc dtlogin    
  • Remove ALL files, except those for services remaining in the directories above from /etc/rc0.d and /etc/rc1.d

  • Remove ALL files from /etc/rc3.d.

[ Back to checklist ]

Disabling Unneeded Network Services

 Remove all entries EXCEPT the following (if they are needed) from /etc/inetd.conf: 
   telnet	stream tcp nowait  root  /usr/sbin/in.telnetd	in.telnetd
   ftp		stream tcp nowait  root  /usr/sbin/in.ftpd	in.ftpd


Remove all entries EXCEPT the following (if they are needed) from/etc/services: 
   ftp		21/tcp
   telnet	23/tcp
   listen	2766/tcp

[ Back to checklist ]

Disabling all cron jobs EXCEPT root
  • Make sure the entry CRONLOG=YES exists in the file /etc/default/cron
  • Remove all files except root from /var/spool/cron/crontabs

[ Back to checklist ]

Disabling NFS file system sharing
  • Remove the file /etc/dfs/dfstab to disable NFS exports
  • Make sure the file /etc/rc3.d/S15nfs.server has been removed to prevent the host from acting as an NFS server
  • Make sure the file /etc/rc2.d/S73nfs.client has been removed to prevent the host from acting as an NFS client