Archive for the ‘Solaris’ Category

Securing Solaris 10 Zones

Friday, September 21st, 2007

and they’re called “containers” too.

even if you have your Global zone secured “to the max” if you created a new Zone under Solaris 10 11/06 and before, the Zone/Container will be enabled with all the services switched on. Those pesky services like telnet, ftp and co.

Your Security Department will audit your servers and freak out. So all you need to run inside the Zone/Container is the netservices script:

netservices: usage: netservices [ open | limited ]

and in our case you run: netservices limited

And what this effectively does is issue a svcadm disable command to the services identified by the command.

Easy. Although SSH is enabled. Some security Nazis don’t like that running in a zone/container. It’s up to your local security policy as to whether or not you have sshd running.

cheers

peter

Posted in Solaris | No Comments »

Weird Routing Issues in Solaris 10 Zones

Monday, September 10th, 2007

We’ve had some weirdness happening on 2 of the 6 servers and only in some new containers/zones. Traffic is being routed out two interfaces instead of one. Network sniffers confirm it and issuing curls of the URL sometimes works, sometimes not.

(more…)

Posted in Solaris | 13 Comments »

Recovering a ZFS zpool after a UFS root failure.

Wednesday, September 5th, 2007

I had a Sun T2000 CPU panic while i was moving some files from a UFS filesystem to a ZFS filesystem. The UFS filesystem had reported some issues during the day.

This lead to a corrupt root UFS filesystem on both its disks and the server was unrecoverable.

EDIT: What is posted below is what i did. It is in NO WAY guaranteed to help you. Use the steps below without any warranty, recompense or guarantee.

(more…)

Posted in Solaris | 12 Comments »