17c478bd9Sstevel@tonic-gate# 27c478bd9Sstevel@tonic-gate# CDDL HEADER START 37c478bd9Sstevel@tonic-gate# 47c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate# Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate# (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate# with the License. 87c478bd9Sstevel@tonic-gate# 97c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate# and limitations under the License. 137c478bd9Sstevel@tonic-gate# 147c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate# 207c478bd9Sstevel@tonic-gate# CDDL HEADER END 217c478bd9Sstevel@tonic-gate# 227c478bd9Sstevel@tonic-gate# 237c478bd9Sstevel@tonic-gate# Copyright 2004 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate# Use is subject to license terms. 257c478bd9Sstevel@tonic-gate# 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate Notes Regarding Modification of generic_open.xml 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gateAny changes made to generic_open.xml will need to be considered for 307c478bd9Sstevel@tonic-gateinclusion in generic_limited_net.xml, the "Secure By Default" (see 317c478bd9Sstevel@tonic-gatehttp://solsec.eng.sun.com/sbd/) profile. The details are discussed 327c478bd9Sstevel@tonic-gatein PSARC/2004/781: 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate ... 357c478bd9Sstevel@tonic-gate The generic_limited_net profile explicitly disables all 36*bbf21555SRichard Lowe smf(7) converted inetd services that are not required to 377c478bd9Sstevel@tonic-gate run the window system, SVM, or vold. It retains ssh and 387c478bd9Sstevel@tonic-gate X remote login as the remote login methods available. 397c478bd9Sstevel@tonic-gate ... 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gateIn general, _any_ service that allows inbound net access should be 427c478bd9Sstevel@tonic-gateadded to generic_limited_net and disabled, unless its activation 437c478bd9Sstevel@tonic-gatehas been:approved by SBD. 44