Some services in solaris 10 operate based on local and global properties.
For example, in rpcbind configuration if the value for local_only is set to true, all rpc services are accessible from inside the machine but an outside machine cannot access these services.
bash-3.00# svccfg -s rpc/bind listprop config/local_only
config/local_only boolean false
bash-3.00#
bash-3.00# svccfg -s rpc/bind setprop config/local_only=true
bash-3.00#
bash-3.00# svcadm refresh rpc/bind
bash-3.00#
bash-3.00# svccfg -s rpc/bind listprop config/local_only
config/local_only boolean true
bash-3.00#
bash-3.00# svccfg -s rpc/bind setprop config/local_only=false
bash-3.00#
bash-3.00# svcadm refresh rpc/bind
bash-3.00# svcadm refresh rpc/bind
bash-3.00#
bash-3.00# svccfg -s rpc/bind listprop config/local_only
config/local_only boolean false
This in my opinion is a significant security enhancement, especially in some cases where you want a particular service to be accessible from localhost but disabled for outside machines. Many solaris services have this kind of configurability.
No comments:
Post a Comment