1*7c478bd9Sstevel@tonic-gate# 2*7c478bd9Sstevel@tonic-gate# CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate# 4*7c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate# Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate# (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate# with the License. 8*7c478bd9Sstevel@tonic-gate# 9*7c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate# and limitations under the License. 13*7c478bd9Sstevel@tonic-gate# 14*7c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate# 20*7c478bd9Sstevel@tonic-gate# CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate# 22*7c478bd9Sstevel@tonic-gate# 23*7c478bd9Sstevel@tonic-gate# Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate# Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate# 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate#pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate Notes Regarding Modification of generic_open.xml 30*7c478bd9Sstevel@tonic-gate 31*7c478bd9Sstevel@tonic-gateAny changes made to generic_open.xml will need to be considered for 32*7c478bd9Sstevel@tonic-gateinclusion in generic_limited_net.xml, the "Secure By Default" (see 33*7c478bd9Sstevel@tonic-gatehttp://solsec.eng.sun.com/sbd/) profile. The details are discussed 34*7c478bd9Sstevel@tonic-gatein PSARC/2004/781: 35*7c478bd9Sstevel@tonic-gate 36*7c478bd9Sstevel@tonic-gate ... 37*7c478bd9Sstevel@tonic-gate The generic_limited_net profile explicitly disables all 38*7c478bd9Sstevel@tonic-gate smf(5) converted inetd services that are not required to 39*7c478bd9Sstevel@tonic-gate run the window system, SVM, or vold. It retains ssh and 40*7c478bd9Sstevel@tonic-gate X remote login as the remote login methods available. 41*7c478bd9Sstevel@tonic-gate ... 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gateIn general, _any_ service that allows inbound net access should be 44*7c478bd9Sstevel@tonic-gateadded to generic_limited_net and disabled, unless its activation 45*7c478bd9Sstevel@tonic-gatehas been:approved by SBD. 46