1<?xml version='1.0'?> 2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> 3<!-- 4 Copyright 2005 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License, Version 1.0 only 11 (the "License"). You may not use this file except in compliance 12 with the License. 13 14 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 15 or http://www.opensolaris.org/os/licensing. 16 See the License for the specific language governing permissions 17 and limitations under the License. 18 19 When distributing Covered Code, include this CDDL HEADER in each 20 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 21 If applicable, add the following below this CDDL HEADER, with the 22 fields enclosed by brackets "[]" replaced with your own identifying 23 information: Portions Copyright [yyyy] [name of copyright owner] 24 25 CDDL HEADER END 26 27 ident "%Z%%M% %I% %E% SMI" 28 29 The purpose of the limited_net profile is to provide a set of active 30 services that allow one to connect to the machine via ssh (requires 31 sshd,) to be authenticated (requires rpc,) and to access network 32 filesystems (requires nfs.) The services which are deactivated here 33 are those that are at odds with this goal. Those which are activated 34 are explicit requirements for the goal's satisfaction. 35 36 NOTE: Service profiles delivered by this package are not editable, 37 and their contents will be overwritten by package or patch 38 operations, including operating system upgrade. Make customizations 39 in a distinct file. The path, /var/svc/profile/site.xml, is a 40 distinguished location for a site-specific service profile, treated 41 otherwise equivalently to this file. 42--> 43<service_bundle type='profile' name='generic_limited_net' 44 xmlns:xi='http://www.w3.org/2003/XInclude' > 45 <!-- 46 Include name service profile, as set by system id tools. 47 --> 48 <xi:include href='file:/var/svc/profile/name_service.xml' /> 49 50 <!-- 51 svc.startd(1M) services 52 --> 53 <service name='system/coreadm' version='1' type='service'> 54 <instance name='default' enabled='true'/> 55 </service> 56 <service name='system/cron' version='1' type='service'> 57 <instance name='default' enabled='true'/> 58 </service> 59 <service name='system/cryptosvc' version='1' type='service'> 60 <instance name='default' enabled='true'/> 61 </service> 62 <service name='system/identity' version='1' type='service'> 63 <instance name='domain' enabled='true'/> 64 </service> 65 <service name='system/keymap' version='1' type='service'> 66 <instance name='default' enabled='true'/> 67 </service> 68 <service name='system/picl' version='1' type='service'> 69 <instance name='default' enabled='true'/> 70 </service> 71 <service name='system/sac' version='1' type='service'> 72 <instance name='default' enabled='true'/> 73 </service> 74 <service name='system/system-log' version='1' type='service'> 75 <instance name='default' enabled='true'/> 76 </service> 77 <service name='system/utmp' version='1' type='service'> 78 <instance name='default' enabled='true'/> 79 </service> 80 <service name='system/zones' version='1' type='service'> 81 <instance name='default' enabled='true'/> 82 </service> 83 <service name='network/rpc/bind' version='1' type='service'> 84 <instance name='default' enabled='true'/> 85 </service> 86 <service name='system/name-service-cache' version='1' type='service'> 87 <instance name='default' enabled='true'/> 88 </service> 89 <service name='network/nfs/status' version='1' type='service'> 90 <instance name='default' enabled='true'/> 91 </service> 92 <service name='network/nfs/nlockmgr' version='1' type='service'> 93 <instance name='default' enabled='true'/> 94 </service> 95 <service name='network/nfs/client' version='1' type='service'> 96 <instance name='default' enabled='true'/> 97 </service> 98 <service name='network/nfs/server' version='1' type='service'> 99 <instance name='default' enabled='true'/> 100 </service> 101 <service name='network/nfs/rquota' version='1' type='service'> 102 <instance name='default' enabled='true'/> 103 </service> 104 <service name='network/ssh' version='1' type='service'> 105 <instance name='default' enabled='true'/> 106 </service> 107 <service name='network/smtp' version='1' type='service'> 108 <instance name='sendmail' enabled='true'/> 109 </service> 110 <service name='network/inetd' version='1' type='restarter'> 111 <instance name='default' enabled='true'/> 112 </service> 113 <service name='system/filesystem/autofs' version='1' type='service'> 114 <instance name='default' enabled='true'/> 115 </service> 116 <service name='system/power' version='1' type='service'> 117 <instance name='default' enabled='true'/> 118 </service> 119 <service name='application/print/cleanup' version='1' type='service'> 120 <instance name='default' enabled='true' /> 121 </service> 122 <service name='network/pfil' version='1' type='service'> 123 <instance name='default' enabled='true' /> 124 </service> 125 126 <!-- 127 non-default svc.startd(1M) services disabled 128 --> 129 <service name='network/dhcp-server' version='1' type='service'> 130 <instance name='default' enabled='false' /> 131 </service> 132 <service name='network/ntp' version='1' type='service'> 133 <instance name='default' enabled='false' /> 134 </service> 135 <service name='network/rarp' version='1' type='service'> 136 <instance name='default' enabled='false' /> 137 </service> 138 <service name='network/slp' version='1' type='service'> 139 <instance name='default' enabled='false' /> 140 </service> 141 <service name='network/security/kadmin' version='1' type='service'> 142 <instance name='default' enabled='false' /> 143 </service> 144 <service name='network/security/krb5_prop' version='1' type='service'> 145 <instance name='default' enabled='false' /> 146 </service> 147 <service name='network/security/krb5kdc' version='1' type='service'> 148 <instance name='default' enabled='false' /> 149 </service> 150 151 <!-- 152 default inetd(1M) services disabled 153 --> 154 <service name='network/finger' version='1' type='service'> 155 <instance name='default' enabled='false'/> 156 </service> 157 <service name='network/ftp' version='1' type='service'> 158 <instance name='default' enabled='false'/> 159 </service> 160 <service name='network/login' version='1' type='service'> 161 <instance name='rlogin' enabled='false'/> 162 <!-- 163 non-default inetd(1M) instances disabled 164 --> 165 <instance name='klogin' enabled='false'/> 166 <instance name='eklogin' enabled='false'/> 167 </service> 168 <service name='network/shell' version='1' type='service'> 169 <instance name='default' enabled='false'/> 170 <!-- 171 non-default inetd(1M) instance disabled 172 --> 173 <instance name='kshell' enabled='false'/> 174 </service> 175 <service name='network/telnet' version='1' type='service'> 176 <instance name='default' enabled='false'/> 177 </service> 178 179 <!-- 180 non-default inetd(1M) services disabled 181 --> 182 <service name='network/tname' version='1' type='service'> 183 <instance name='default' enabled='false'/> 184 </service> 185 <service name='network/uucp' version='1' type='service'> 186 <instance name='default' enabled='false'/> 187 </service> 188 <service name='network/chargen' version='1' type='service'> 189 <instance name='stream' enabled='false'/> 190 <instance name='dgram' enabled='false'/> 191 </service> 192 <service name='network/daytime' version='1' type='service'> 193 <instance name='stream' enabled='false'/> 194 <instance name='dgram' enabled='false'/> 195 </service> 196 <service name='network/discard' version='1' type='service'> 197 <instance name='stream' enabled='false'/> 198 <instance name='dgram' enabled='false'/> 199 </service> 200 <service name='network/echo' version='1' type='service'> 201 <instance name='stream' enabled='false'/> 202 <instance name='dgram' enabled='false'/> 203 </service> 204 <service name='network/time' version='1' type='service'> 205 <instance name='stream' enabled='false'/> 206 <instance name='dgram' enabled='false'/> 207 </service> 208 <service name='network/comsat' version='1' type='service'> 209 <instance name='default' enabled='false'/> 210 </service> 211 <service name='network/rexec' version='1' type='service'> 212 <instance name='default' enabled='false'/> 213 </service> 214 <service name='network/talk' version='1' type='service'> 215 <instance name='default' enabled='false'/> 216 </service> 217 218 <!-- 219 default inetd(1M) RPC services enabled 220 --> 221 <service name='network/rpc/gss' version='1' type='service'> 222 <instance name='default' enabled='true'/> 223 </service> 224 <service name='network/rpc/mdcomm' version='1' type='service'> 225 <instance name='default' enabled='true'/> 226 </service> 227 <service name='network/rpc/meta' version='1' type='service'> 228 <instance name='default' enabled='true'/> 229 </service> 230 <service name='network/rpc/metamed' version='1' type='service'> 231 <instance name='default' enabled='true'/> 232 </service> 233 <service name='network/rpc/metamh' version='1' type='service'> 234 <instance name='default' enabled='true'/> 235 </service> 236 <service name='network/rpc/smserver' version='1' type='service'> 237 <instance name='default' enabled='true'/> 238 </service> 239 <service name='network/security/ktkt_warn' version='1' type='service'> 240 <instance name='default' enabled='true'/> 241 </service> 242 243 <!-- 244 default inetd(1M) RPC services disabled 245 --> 246 <service name='network/rpc/rstat' version='1' type='service'> 247 <instance name='default' enabled='false'/> 248 </service> 249 <service name='network/rpc/rusers' version='1' type='service'> 250 <instance name='default' enabled='false'/> 251 </service> 252 253 <!-- 254 non-default inetd(1M) RPC services disabled 255 --> 256 <service name='network/rpc/ocfserv' version='1' type='service'> 257 <instance name='default' enabled='false'/> 258 </service> 259 <service name='network/rpc/rex' version='1' type='service'> 260 <instance name='default' enabled='false'/> 261 </service> 262 <service name='network/rpc/spray' version='1' type='service'> 263 <instance name='default' enabled='false'/> 264 </service> 265 <service name='network/rpc/wall' version='1' type='service'> 266 <instance name='default' enabled='false'/> 267 </service> 268 269</service_bundle> 270