and they’re called “containers” too.
even if you have your Global zone secured “to the max” if you created a new Zone under Solaris 10 11/06 and before, the Zone/Container will be enabled with all the services switched on. Those pesky services like telnet, ftp and co.
Your Security Department will audit your servers and freak out. So all you need to run inside the Zone/Container is the netservices script:
netservices: usage: netservices [ open | limited ]
and in our case you run: netservices limited
And what this effectively does is issue a svcadm disable command to the services identified by the command.
Easy. Although SSH is enabled. Some security Nazis don’t like that running in a zone/container. It’s up to your local security policy as to whether or not you have sshd running.