- Sun Cluster 3.0 12/01 Security with the Apache and iPlanet Web and Messaging Agents
- Assumptions and Limitations
- Solaris OE Service Restriction
- Sun Cluster 3.0 Daemons
- Terminal Server Usage
- Node Authentication
- Securing Sun Cluster 3.0 12/01 Software
- Verifying Node Hardening
- Maintaining a Secure System
- Solaris Security Toolkit Software Backout Capabilities
Verifying Node Hardening
Once the hardening process has been completed and a node has been hardened, reboot the node and verify its configuration by having it assume the appropriate Sun Cluster 3.0 software role. This must be done before you harden any other nodes in the cluster.
Do not harden other Sun Cluster nodes before verifying that the hardened configuration of each node functions properly in your environment.
Once the hardened node has taken control of the cluster, and you have verified its functionality, you can individually harden the other nodes. Do not harden all nodes simultaneously. After verifying each node, perform the entire software installation and the hardening process described above on each of the other nodes, in turn.
We recommend that you disable the failover before hardening any of the nodes, and you should re-enable failover only after each node has been hardened, rebooted, and tested. This is to avoid having the cluster software fail over to a hardened node before it has been fully hardened and before the hardened configuration has been validated.
After the preceding hardening steps are completed, the number of daemons and services running on each of the nodes is significantly less.
On the node where these recommendations were tested, the number of Solaris TCP services listed by netstat decreased from 31, prior to running the toolkit, to 7. Similarly, the number of UDP IPv4 services listed by netstat went from 57 to 6. By reducing the number of services available, the exposure points of this system are significantly reduced and the security of the entire cluster is dramatically improved.