Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Verifying SC Hardening

NOTE

We recommend that you disable the failover mechanism before hardening the SCs. Re-enable failover only after you harden and test both SCs.

After performing the procedures in this article to harden the SC, test the configuration and hardening.

For our example configuration, the testing resulted in the following:

  • TCP IPv4 services listed by netstat went from 31 to 6

  • UDP IPv4 services listed by netstat went from 57 to 5

By reducing the number of services available, we reduced exposure points significantly.:

# netstat -a

UDP: IPv4
  Local Address         Remote Address     State
-------------------- -------------------- -------
   *.sunrpc                                Idle
   *.32771                                 Idle
   *.32773                                 Idle
   *.syslog                                Idle
   *.32776                                 Idle
   *.*                                     Unbound

TCP: IPv4
  Local Address         Remote Address    Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -----
   *.sunrpc              *.*                0     0 24576      0 LISTEN
   *.32771               *.*                0     0 24576      0 LISTEN
   *.sun-dr              *.*                0     0 24576      0 LISTEN
   *.32772               *.*                0     0 24576      0 LISTEN
   *.32773               *.*                0     0 24576      0 LISTEN
   *.22                  *.*                0     0 24576      0 LISTEN
   *.*                   *.*                0     0 24576      0 IDLE

To Test the Main SC

  1. Disable the failover mechanism.

  2. Reboot the SC.

  3. Place the hardened SC in the main SC role.

  4. Verify that the SC takes control of the frame.

  5. Verify that the SMS controls the platform and functions properly.

  6. Validate that the number of daemons and services running on the SC are significantly lower than before hardening.

  7. After verifying that the main SC is hardened and functioning properly, perform all of the same procedures in this article (all software installation and hardening processes) on the spare SC.

    The spare SC must not be hardened until the main SC is tested.

  8. Manually define the newly hardened and tested main SC as the default main SC.

To Test the Spare SC

After hardening the main SC, testing it, and manually defining it as the main, harden and test the spare SC.

CAUTION

Do not harden the spare SC until you verify that the hardened main SC functions properly in your environment.

  1. Disable the failover mechanism.

  2. Reboot the SC.

  3. Place the hardened SC in the spare SC role.

  4. Verify that the spare SC takes control of the frame by becoming the main SC, and that the SMS controls the platform and functions properly.

  5. Validate that the number of daemons and services running on the SC are significantly lower than before hardening.

  6. Enable failover only after you harden and test both SCs.

  7. Test failover and verify that each SC can assume the main role when appropriate.

  • + Share This
  • 🔖 Save To Your Account