- Sun Cluster 3.0 12/01 Security with the Apache and iPlanet Web and Messaging Agents
- Supportability
- Assumptions and Limitations
- Solaris OE Service Restriction
- Sun Cluster 3.0 Daemons
- Terminal Server Usage
- Node Authentication
- Securing Sun Cluster 3.0 12/01 Software
- Verifying Node Hardening
- Maintaining a Secure System
- Solaris Security Toolkit Software Backout Capabilities
- Conclusion
- Bibliography
Sun Cluster 3.0 Daemons
The Sun Cluster 3.0 12/01 software adds several additional daemons to a system. These include both daemons running on the system, as well as additional RPC services. The following daemons run on a default Sun Cluster 3.0 12/01 software installation:
# ps -ef | grep cluster root 4 0 0 Oct 25 ? 0:03 cluster root 416 1 0 Oct 25 ? 0:00 /usr/cluster/lib/sc/rpc.pmfd root 82 1 0 Oct 25 ? 0:00 /usr/cluster/lib/sc/clexecd root 83 82 0 Oct 25 ? 0:00 /usr/cluster/lib/sc/clexecd root 453 1 0 Oct 25 ? 0:01 /usr/cluster/lib/sc/rgmd root 426 1 0 Oct 25 ? 0:00 /usr/cluster/lib/sc/rpc.fed root 439 1 0 Oct 25 ? 0:00 /usr/cluster/bin/pnmd |
A Sun Cluster 3.0 12/01 software installation also installs the following RPC services in the /etc/inetd.conf file:
# Start of lines added by SUNWscu 100145/1 tli rpc/circuit_v wait root /usr/cluster/lib/sc/rpc.scadmd rpc.scadmd 100151/1 tli rpc/circuit_v wait root /usr/cluster/lib/sc/rpc.sccheckd rpc.sccheckd -S # End of lines added by SUNWscu |
The following RPC services are required by the Sun Cluster 3.0 12/01 software and must be present in the /etc/inetd.conf file:
# rpc.metad 100229/1 tli rpc/tcp wait root /usr/sbin/rpc.metad rpc.metad # rpc.metamhd 100230/1 tli rpc/tcp wait root /usr/sbin/rpc.metamhd rpc.metamhd |
The reviewed configuration uses Solstice DiskSuite_ software which requires the following RPC services in the /etc/inetd.conf file:
# rpc.metamedd - DiskSuite mediator 100242/1 tli rpc/tcp wait root /usr/sbin/rpc.metamedd rpc.metamedd # rpc.metacld - DiskSuite cluster control 100281/1 tli rpc/tcp wait root /usr/sbin/rpc.metacld rpc.metacld |
If you use Veritas Volume Manager software instead of Solstice DiskSuite software, leave the appropriate Veritas RPC entries in the /etc/inetd.conf file enabled.