author | David.Comay@Sun.COM |
Thu, 22 May 2008 17:41:33 -0700 | |
changeset 377 | 90c02a011a3a |
parent 300 | src/util/distro-import/86/generic_limited_net.xml@08f9d3673631 |
permissions | -rw-r--r-- |
300 | 1 |
<?xml version='1.0'?> |
2 |
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> |
|
3 |
<!-- |
|
4 |
CDDL HEADER START |
|
5 |
||
6 |
The contents of this file are subject to the terms of the |
|
7 |
Common Development and Distribution License (the "License"). |
|
8 |
You may not use this file except in compliance with the License. |
|
9 |
||
10 |
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
11 |
or http://www.opensolaris.org/os/licensing. |
|
12 |
See the License for the specific language governing permissions |
|
13 |
and limitations under the License. |
|
14 |
||
15 |
When distributing Covered Code, include this CDDL HEADER in each |
|
16 |
file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
17 |
If applicable, add the following below this CDDL HEADER, with the |
|
18 |
fields enclosed by brackets "[]" replaced with your own identifying |
|
19 |
information: Portions Copyright [yyyy] [name of copyright owner] |
|
20 |
||
21 |
CDDL HEADER END |
|
22 |
||
23 |
Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
|
24 |
Use is subject to license terms. |
|
25 |
||
377
90c02a011a3a
1740 beadm needs to be in an RBAC profile
David.Comay@Sun.COM
parents:
300
diff
changeset
|
26 |
ident "@(#)generic_limited_net.xml 1.16 08/03/14 SMI" |
300 | 27 |
|
28 |
The purpose of the limited_net profile is to provide a set of |
|
29 |
active services that allow one to connect to the machine via ssh |
|
30 |
(requires sshd). The services which are deactivated here are those |
|
31 |
that are at odds with this goal. Those which are activated are |
|
32 |
explicit requirements for the goal's satisfaction. |
|
33 |
||
34 |
NOTE: Service profiles delivered by this package are not editable, |
|
35 |
and their contents will be overwritten by package or patch |
|
36 |
operations, including operating system upgrade. Make customizations |
|
37 |
in a distinct file. The path, /var/svc/profile/site.xml, is a |
|
38 |
distinguished location for a site-specific service profile, treated |
|
39 |
otherwise equivalently to this file. |
|
40 |
--> |
|
41 |
<service_bundle type='profile' name='generic_limited_net' |
|
42 |
xmlns:xi='http://www.w3.org/2003/XInclude' > |
|
43 |
<!-- |
|
44 |
Include name service profile, as set by system id tools. |
|
45 |
--> |
|
46 |
<xi:include href='file:/var/svc/profile/name_service.xml' /> |
|
47 |
||
48 |
<!-- |
|
49 |
svc.startd(1M) services |
|
50 |
--> |
|
51 |
<service name='system/coreadm' version='1' type='service'> |
|
52 |
<instance name='default' enabled='true'/> |
|
53 |
</service> |
|
54 |
<service name='system/cron' version='1' type='service'> |
|
55 |
<instance name='default' enabled='true'/> |
|
56 |
</service> |
|
57 |
<service name='system/cryptosvc' version='1' type='service'> |
|
58 |
<instance name='default' enabled='true'/> |
|
59 |
</service> |
|
60 |
<service name='system/dbus' version='1' type='service'> |
|
61 |
<instance name='default' enabled='true'/> |
|
62 |
</service> |
|
63 |
<service name='system/hal' version='1' type='service'> |
|
64 |
<instance name='default' enabled='true'/> |
|
65 |
</service> |
|
66 |
<service name='system/identity' version='1' type='service'> |
|
67 |
<instance name='domain' enabled='true'/> |
|
68 |
</service> |
|
69 |
<service name='system/intrd' version='1' type='service'> |
|
70 |
<instance name='default' enabled='true'/> |
|
71 |
</service> |
|
72 |
<service name='system/keymap' version='1' type='service'> |
|
73 |
<instance name='default' enabled='true'/> |
|
74 |
</service> |
|
75 |
<service name='system/picl' version='1' type='service'> |
|
76 |
<instance name='default' enabled='true'/> |
|
77 |
</service> |
|
78 |
<service name='system/sac' version='1' type='service'> |
|
79 |
<instance name='default' enabled='true'/> |
|
80 |
</service> |
|
81 |
<service name='system/scheduler' version='1' type='service'> |
|
82 |
<instance name='default' enabled='true'/> |
|
83 |
</service> |
|
84 |
<service name='system/system-log' version='1' type='service'> |
|
85 |
<instance name='default' enabled='true'/> |
|
86 |
</service> |
|
87 |
<service name='system/utmp' version='1' type='service'> |
|
88 |
<instance name='default' enabled='true'/> |
|
89 |
</service> |
|
90 |
<service name='system/zones' version='1' type='service'> |
|
91 |
<instance name='default' enabled='true'/> |
|
92 |
</service> |
|
93 |
<service name='network/rpc/bind' version='1' type='service'> |
|
94 |
<instance name='default' enabled='true'/> |
|
95 |
</service> |
|
96 |
<service name='system/name-service-cache' version='1' type='service'> |
|
97 |
<instance name='default' enabled='true'/> |
|
98 |
</service> |
|
99 |
<service name='network/nfs/status' version='1' type='service'> |
|
100 |
<instance name='default' enabled='false'/> |
|
101 |
</service> |
|
102 |
<service name='network/nfs/nlockmgr' version='1' type='service'> |
|
103 |
<instance name='default' enabled='false'/> |
|
104 |
</service> |
|
105 |
<service name='network/nfs/client' version='1' type='service'> |
|
106 |
<instance name='default' enabled='false'/> |
|
107 |
</service> |
|
108 |
<service name='network/nfs/server' version='1' type='service'> |
|
109 |
<instance name='default' enabled='false'/> |
|
110 |
</service> |
|
111 |
<service name='network/nfs/rquota' version='1' type='service'> |
|
112 |
<instance name='default' enabled='false'/> |
|
113 |
</service> |
|
114 |
<service name='network/nfs/cbd' version='1' type='service'> |
|
115 |
<instance name='default' enabled='false'/> |
|
116 |
</service> |
|
117 |
<service name='network/nfs/mapid' version='1' type='service'> |
|
118 |
<instance name='default' enabled='false'/> |
|
119 |
</service> |
|
120 |
<service name='network/smb/client' version='1' type='service'> |
|
121 |
<instance name='default' enabled='false'/> |
|
122 |
</service> |
|
123 |
||
124 |
<service name='network/ssh' version='1' type='service'> |
|
125 |
<instance name='default' enabled='true'/> |
|
126 |
</service> |
|
127 |
<service name='network/smtp' version='1' type='service'> |
|
128 |
<instance name='sendmail' enabled='true'/> |
|
129 |
</service> |
|
130 |
<service name='network/inetd' version='1' type='restarter'> |
|
131 |
<instance name='default' enabled='true'/> |
|
132 |
</service> |
|
133 |
<service name='system/filesystem/autofs' version='1' type='service'> |
|
134 |
<instance name='default' enabled='true'/> |
|
135 |
</service> |
|
136 |
<service name='system/filesystem/rmvolmgr' version='1' type='service'> |
|
137 |
<instance name='default' enabled='true'/> |
|
138 |
</service> |
|
139 |
<service name='system/power' version='1' type='service'> |
|
140 |
<instance name='default' enabled='true'/> |
|
141 |
</service> |
|
142 |
||
143 |
<service name='network/dhcp-server' version='1' type='service'> |
|
144 |
<instance name='default' enabled='false' /> |
|
145 |
</service> |
|
146 |
<service name='network/ntp' version='1' type='service'> |
|
147 |
<instance name='default' enabled='false' /> |
|
148 |
</service> |
|
149 |
<service name='network/rarp' version='1' type='service'> |
|
150 |
<instance name='default' enabled='false' /> |
|
151 |
</service> |
|
152 |
<service name='network/slp' version='1' type='service'> |
|
153 |
<instance name='default' enabled='false' /> |
|
154 |
</service> |
|
155 |
<service name='network/security/kadmin' version='1' type='service'> |
|
156 |
<instance name='default' enabled='false' /> |
|
157 |
</service> |
|
158 |
<service name='network/security/krb5_prop' version='1' type='service'> |
|
159 |
<instance name='default' enabled='false' /> |
|
160 |
</service> |
|
161 |
<service name='network/security/krb5kdc' version='1' type='service'> |
|
162 |
<instance name='default' enabled='false' /> |
|
163 |
</service> |
|
164 |
||
165 |
<service name='application/management/sma' version='1' type='service'> |
|
166 |
<instance name='default' enabled='false' /> |
|
167 |
</service> |
|
168 |
<service name='application/management/seaport' version='1' type='service'> |
|
169 |
<instance name='default' enabled='false' /> |
|
170 |
</service> |
|
171 |
<service name='application/management/snmpdx' version='1' type='service'> |
|
172 |
<instance name='default' enabled='false' /> |
|
173 |
</service> |
|
174 |
<service name='application/management/wbem' version='1' type='service'> |
|
175 |
<instance name='default' enabled='true' /> |
|
176 |
</service> |
|
177 |
<service name='application/print/ipp-listener' version='1' type='service'> |
|
178 |
<instance name='default' enabled='false' /> |
|
179 |
</service> |
|
180 |
<service name='application/print/ppd-cache-update' version='1' type='service'> |
|
181 |
<instance name='default' enabled='true' /> |
|
182 |
</service> |
|
183 |
<service name='application/print/rfc1179' version='1' type='service'> |
|
184 |
<instance name='default' enabled='false' /> |
|
185 |
</service> |
|
377
90c02a011a3a
1740 beadm needs to be in an RBAC profile
David.Comay@Sun.COM
parents:
300
diff
changeset
|
186 |
<service name='application/cups/in-lpd' version='1' type='service'> |
90c02a011a3a
1740 beadm needs to be in an RBAC profile
David.Comay@Sun.COM
parents:
300
diff
changeset
|
187 |
<instance name='default' enabled='false' /> |
90c02a011a3a
1740 beadm needs to be in an RBAC profile
David.Comay@Sun.COM
parents:
300
diff
changeset
|
188 |
</service> |
300 | 189 |
<service name='application/stosreg' version='1' type='service'> |
190 |
<instance name='default' enabled='true' /> |
|
191 |
</service> |
|
192 |
||
193 |
<!-- |
|
194 |
default inetd(1M) services |
|
195 |
--> |
|
196 |
<service name='network/finger' version='1' type='service'> |
|
197 |
<instance name='default' enabled='false'/> |
|
198 |
</service> |
|
199 |
<service name='network/ftp' version='1' type='service'> |
|
200 |
<instance name='default' enabled='false'/> |
|
201 |
</service> |
|
202 |
<service name='network/login' version='1' type='service'> |
|
203 |
<instance name='rlogin' enabled='false'/> |
|
204 |
<instance name='klogin' enabled='false'/> |
|
205 |
<instance name='eklogin' enabled='false'/> |
|
206 |
</service> |
|
207 |
<service name='network/shell' version='1' type='service'> |
|
208 |
<instance name='default' enabled='false'/> |
|
209 |
<instance name='kshell' enabled='false'/> |
|
210 |
</service> |
|
211 |
<service name='network/telnet' version='1' type='service'> |
|
212 |
<instance name='default' enabled='false'/> |
|
213 |
</service> |
|
214 |
||
215 |
<!-- |
|
216 |
non-default inetd(1M) services |
|
217 |
--> |
|
218 |
<service name='network/uucp' version='1' type='service'> |
|
219 |
<instance name='default' enabled='false'/> |
|
220 |
</service> |
|
221 |
<service name='network/chargen' version='1' type='service'> |
|
222 |
<instance name='stream' enabled='false'/> |
|
223 |
<instance name='dgram' enabled='false'/> |
|
224 |
</service> |
|
225 |
<service name='network/daytime' version='1' type='service'> |
|
226 |
<instance name='stream' enabled='false'/> |
|
227 |
<instance name='dgram' enabled='false'/> |
|
228 |
</service> |
|
229 |
<service name='network/discard' version='1' type='service'> |
|
230 |
<instance name='stream' enabled='false'/> |
|
231 |
<instance name='dgram' enabled='false'/> |
|
232 |
</service> |
|
233 |
<service name='network/echo' version='1' type='service'> |
|
234 |
<instance name='stream' enabled='false'/> |
|
235 |
<instance name='dgram' enabled='false'/> |
|
236 |
</service> |
|
237 |
<service name='network/time' version='1' type='service'> |
|
238 |
<instance name='stream' enabled='false'/> |
|
239 |
<instance name='dgram' enabled='false'/> |
|
240 |
</service> |
|
241 |
<service name='network/comsat' version='1' type='service'> |
|
242 |
<instance name='default' enabled='false'/> |
|
243 |
</service> |
|
244 |
<service name='network/rexec' version='1' type='service'> |
|
245 |
<instance name='default' enabled='false'/> |
|
246 |
</service> |
|
247 |
<service name='network/talk' version='1' type='service'> |
|
248 |
<instance name='default' enabled='false'/> |
|
249 |
</service> |
|
250 |
<service name='network/stdiscover' version='1' type='service'> |
|
251 |
<instance name='default' enabled='false'/> |
|
252 |
</service> |
|
253 |
<service name='network/stlisten' version='1' type='service'> |
|
254 |
<instance name='default' enabled='false'/> |
|
255 |
</service> |
|
256 |
||
257 |
<!-- |
|
258 |
default inetd(1M) RPC services enabled |
|
259 |
--> |
|
260 |
<service name='network/rpc/gss' version='1' type='service'> |
|
261 |
<instance name='default' enabled='true'/> |
|
262 |
</service> |
|
263 |
<service name='network/rpc/mdcomm' version='1' type='service'> |
|
264 |
<instance name='default' enabled='false'/> |
|
265 |
</service> |
|
266 |
<service name='network/rpc/smserver' version='1' type='service'> |
|
267 |
<instance name='default' enabled='true'/> |
|
268 |
</service> |
|
269 |
<service name='network/security/ktkt_warn' version='1' type='service'> |
|
270 |
<instance name='default' enabled='true'/> |
|
271 |
</service> |
|
272 |
||
273 |
<!-- |
|
274 |
default inetd(1M) RPC services disabled |
|
275 |
--> |
|
276 |
<service name='network/rpc/rstat' version='1' type='service'> |
|
277 |
<instance name='default' enabled='false'/> |
|
278 |
</service> |
|
279 |
<service name='network/rpc/rusers' version='1' type='service'> |
|
280 |
<instance name='default' enabled='false'/> |
|
281 |
</service> |
|
282 |
<service name='network/rpc/meta' version='1' type='service'> |
|
283 |
<instance name='default' enabled='false'/> |
|
284 |
</service> |
|
285 |
<service name='network/rpc/metamed' version='1' type='service'> |
|
286 |
<instance name='default' enabled='false'/> |
|
287 |
</service> |
|
288 |
<service name='network/rpc/metamh' version='1' type='service'> |
|
289 |
<instance name='default' enabled='false'/> |
|
290 |
</service> |
|
291 |
||
292 |
<!-- |
|
293 |
non-default inetd(1M) RPC services disabled |
|
294 |
--> |
|
295 |
<service name='network/rpc/ocfserv' version='1' type='service'> |
|
296 |
<instance name='default' enabled='false'/> |
|
297 |
</service> |
|
298 |
<service name='network/rpc/rex' version='1' type='service'> |
|
299 |
<instance name='default' enabled='false'/> |
|
300 |
</service> |
|
301 |
<service name='network/rpc/spray' version='1' type='service'> |
|
302 |
<instance name='default' enabled='false'/> |
|
303 |
</service> |
|
304 |
<service name='network/rpc/wall' version='1' type='service'> |
|
305 |
<instance name='default' enabled='false'/> |
|
306 |
</service> |
|
307 |
||
308 |
<!-- |
|
309 |
Enable GDM |
|
310 |
--> |
|
311 |
<service name='application/graphical-login/gdm' version='1' |
|
312 |
type='service'> |
|
313 |
<instance name='default' enabled='true' /> |
|
314 |
</service> |
|
315 |
||
316 |
<!-- |
|
317 |
Disabled X11 services |
|
318 |
--> |
|
319 |
<service name='application/x11/xfs' version='1' type='service'> |
|
320 |
<instance name='default' enabled='false'/> |
|
321 |
</service> |
|
322 |
||
323 |
</service_bundle> |