Securing the Sun Fire™15K System Controller
Securing the System Controller (SC) is the first priority in configuring a Sun Fire15K system to be resistant to unauthorized access and able to function properly in hostile environments. The first step in securing a system is understanding what services and daemons are running on that system. This article describes the software, services, and daemons specific to the Sun Fire 15K SC. This SC-specific functionality is described at a high-level with references to the appropriate Sun documentation for more detailed information. The goal is to provide administrators with a baseline for what functionality is required for the SC to perform properly.
This article is the first of several articles providing recommendations on how to enhance the security of a Sun Fire 15K system. The next article will focus on Sun Fire 15K domain security and be titled:
Sun Fire 15K Domain Security
All of these articles, and the entire library of Sun BluePrints OnLine security articles are available electronically from Sun BluePrints OnLine at:
The recommendations made in this article include specific references of how the Solaris Operating Environment (Solaris OE) image that runs on the SC should be configured for secured environments, and what additional software should be installed. In addition, this article describes the SC functions and what an SC really is.
Overview
The Sun Fire 15K SC is a multi-function system board within the Sun Fire frame. This system is dedicated to running the System Management Services (SMS) software. The SMS software is used to define what boards are associated with what domains, provide console access to each of the domains, control whether a domain is powered on or off, and to provide a variety of other functions critical to the operation and monitoring of the Sun Fire 15K system. There may be up to two SCs within a Sun Fire 15K frame. The security recommendations are the same for both SCs.
The focus of this article is on SC functionality not included in the Solaris 8 OE running on the SC. When discussing security functionality bundled with the Solaris OE, the reader is referred to the Sun BluePrints OnLine articles which address the security functions in more detail. Some SC-specific configurations are in addition to what is recommended by the other Sun BluePrints OnLine security articles and are explained in the following sections. The Sun BluePrints OnLine articles referenced in this article are in the Bibliography and include:
Building and Deploying OpenSSH in the Solaris Operating Environment
Building Secure N-Tier Environments
Solaris Operating Environment Minimization for Security: Updated for the Solaris 8 Operating Environment
Solaris Operating Environment Security: Updated for the Solaris 8 Operating Environment
The Solaris Security Toolkit - Quick Start: Updated for version 0.3
The recommendations made in this article are based on Solaris 8 10/01 (Update 6) OE and version 1.1 of the System Management Services (SMS) software running on the Sun Fire 15K System Controller. These are the Solaris OE and SMS versions on which the Sun Fire 15K product is first being made available.