Solaris secure by default initiative!

While perusing the latest Nevada build notes, I came across the following PSARC case:

PSARC case 2004/368 : Secure By Default
BUG/RFE:4875624 *syslogd* turn off UDP listener by default
BUG/RFE:5004374 Ship with remote services disabled by default
BUG/RFE:5016956 By default rpcbind should not listen for remote requests
BUG/RFE:5016975 By default snmpd/dx should not be enabled.
BUG/RFE:5016998 By default inetd should not listen for remote connections.
BUG/RFE:5017041 By default sendmail should not listen for remote connections
BUG/RFE:5046450 Create a greenline profile for Secure by Default installation
BUG/RFE:6267741 RFE: One-touch knob for outbound-only sendmail
BUG/RFE:6414308 syslogd could use some lint soap

I have been bitching about the number of services that come enabled by default for the past ten years, and am SUPER excited to see that Sun finally fixed this annoyance! Nice!

3 thoughts on “Solaris secure by default initiative!”

  1. I’ll believe it when I see it. :)

    Now having read the forums for a couple months, I’ve grown tired of the Solaris development mindset. Someone proposes a feature or package (usually found in linux or another unix), one sun engineer says they worked on this 7 years ago, another proposes a completely rewritten new (superior!) system, some other guy says linux is a toy, on and on, nothing gets done, and here we are. Still miserable package “management”, still loads of ports open by default, still a weak syslog, etc.. It amazes me that ZFS and DTrace actually made it out alive. It doesn’t surprise me that SMF did, though…that steaming pile of XML and bloat looks just like other committee-driven projects (Pontiac Aztek, anyone?)

  2. Hi Frank,

    I hear your pains, but the community has only been around for 1-year, and I imagine there are NUMEROUS technical and political pains converting a closed source shop to a completely opensource one. Since some of the communities are rather tight lipped about what they are working on, I am not sure how a community approach will pan out. My biggest frustration is the lack of information on the Solaris technical roadmap, and what people inside and outside of Sun are working on. Hopefully they will address this over the course of the next year, but I won’t hold my breath.

    – Ryan

  3. Frank, I thought I was the only one who felt that way about SMF. I’ve said before, it’s a solution looking for a problem. Thank you for the reassurance.

Leave a Reply

Your email address will not be published. Required fields are marked *