Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Verifying SC Hardening

NOTE

We recommend that you disable the failover mechanism before hardening the SCs. Re-enable failover only after you harden and test both SCs.

After performing the procedures in this article to harden the SCs, test the configuration and hardening.

For our example configuration, the testing resulted in the following:

  • TCP IPv4 services listed by netstat went from 31 to 6

  • UDP IPv4 services listed by netstat went from 57 to 5

By reducing the number of services available, we reduced exposure points significantly.:

# netstat -a

UDP: IPv4
  Local Address     Remote Address   State
-------------------- -------------------- -------
   *.sunrpc               Idle
   *.32771                Idle
   *.32773                Idle
   *.syslog               Idle
   *.32776                Idle
   *.*                  Unbound

TCP: IPv4
  Local Address    Remote Address  Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -----
   *.sunrpc      *.*        0   0 24576   0 LISTEN
   *.32771      *.*        0   0 24576   0 LISTEN
   *.sun-dr      *.*        0   0 24576   0 LISTEN
   *.32772      *.*        0   0 24576   0 LISTEN
   *.32773      *.*        0   0 24576   0 LISTEN
   *.22        *.*        0   0 24576   0 LISTEN
   *.*        *.*        0   0 24576   0 IDLE

__ To Test the Main SC

  1. Disable the failover mechanism.

  2. Reboot the SC.

  3. Place the hardened SC in the main SC role.

  4. Verify that the SC takes control of the frame.

  5. Verify that the SMS controls the platform and functions properly.

  6. Validate that the number of daemons and services running on the SC are significantly lower than before hardening.

  7. After verifying that the main SC is hardened and functioning properly, perform all of the same procedures in this article (all software installation and hardening processes) on the spare SC.

  8. The spare SC must not be hardened until the main SC is tested.

  9. Manually define the newly hardened and tested main SC as the default main SC.

To Test the Spare SC

After hardening the main SC, testing it, and manually defining it as the main, harden and test the spare SC.

CAUTION

Do not harden the spare SC until you verify that the hardened main SC functions properly in your environment.

  1. Disable the failover mechanism.

  2. Reboot the SC.

  3. Place the hardened SC in the spare SC role.

  4. Verify that the spare SC takes control of the frame by becoming the main SC, and that the SMS controls the platform and functions properly.

  5. Validate that the number of daemons and services running on the SC are significantly lower than before hardening.

  6. Enable failover only after you harden and test both SCs.

  7. Test failover and verify that each SC can assume the main role when appropriate.

  • + Share This
  • 🔖 Save To Your Account