1<?xml version='1.0'?> 2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> 3<!-- 4 Copyright 2005 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License, Version 1.0 only 11 (the "License"). You may not use this file except in compliance 12 with the License. 13 14 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 15 or http://www.opensolaris.org/os/licensing. 16 See the License for the specific language governing permissions 17 and limitations under the License. 18 19 When distributing Covered Code, include this CDDL HEADER in each 20 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 21 If applicable, add the following below this CDDL HEADER, with the 22 fields enclosed by brackets "[]" replaced with your own identifying 23 information: Portions Copyright [yyyy] [name of copyright owner] 24 25 CDDL HEADER END 26 27 ident "%Z%%M% %I% %E% SMI" 28 29 The purpose of the limited_net profile is to provide a set of active 30 services that allow one to connect to the machine via ssh (requires 31 sshd,) to be authenticated (requires rpc,) and to access network 32 filesystems (requires nfs.) The services which are deactivated here 33 are those that are at odds with this goal. Those which are activated 34 are explicit requirements for the goal's satisfaction. 35 36 NOTE: Service profiles delivered by this package are not editable, 37 and their contents will be overwritten by package or patch 38 operations, including operating system upgrade. Make customizations 39 in a distinct file. The path, /var/svc/profile/site.xml, is a 40 distinguished location for a site-specific service profile, treated 41 otherwise equivalently to this file. 42--> 43<service_bundle type='profile' name='generic_limited_net' 44 xmlns:xi='http://www.w3.org/2003/XInclude' > 45 <!-- 46 Include name service profile, as set by system id tools. 47 --> 48 <xi:include href='file:/var/svc/profile/name_service.xml' /> 49 50 <!-- 51 svc.startd(1M) services 52 --> 53 <service name='system/coreadm' version='1' type='service'> 54 <instance name='default' enabled='true'/> 55 </service> 56 <service name='system/cron' version='1' type='service'> 57 <instance name='default' enabled='true'/> 58 </service> 59 <service name='system/cryptosvc' version='1' type='service'> 60 <instance name='default' enabled='true'/> 61 </service> 62 <service name='system/identity' version='1' type='service'> 63 <instance name='domain' enabled='true'/> 64 </service> 65 <service name='system/intrd' version='1' type='service'> 66 <instance name='default' enabled='true'/> 67 </service> 68 <service name='system/keymap' version='1' type='service'> 69 <instance name='default' enabled='true'/> 70 </service> 71 <service name='system/picl' version='1' type='service'> 72 <instance name='default' enabled='true'/> 73 </service> 74 <service name='system/sac' version='1' type='service'> 75 <instance name='default' enabled='true'/> 76 </service> 77 <service name='system/system-log' version='1' type='service'> 78 <instance name='default' enabled='true'/> 79 </service> 80 <service name='system/utmp' version='1' type='service'> 81 <instance name='default' enabled='true'/> 82 </service> 83 <service name='system/zones' version='1' type='service'> 84 <instance name='default' enabled='true'/> 85 </service> 86 <service name='network/rpc/bind' version='1' type='service'> 87 <instance name='default' enabled='true'/> 88 </service> 89 <service name='system/name-service-cache' version='1' type='service'> 90 <instance name='default' enabled='true'/> 91 </service> 92 <service name='network/nfs/status' version='1' type='service'> 93 <instance name='default' enabled='true'/> 94 </service> 95 <service name='network/nfs/nlockmgr' version='1' type='service'> 96 <instance name='default' enabled='true'/> 97 </service> 98 <service name='network/nfs/client' version='1' type='service'> 99 <instance name='default' enabled='true'/> 100 </service> 101 <service name='network/nfs/server' version='1' type='service'> 102 <instance name='default' enabled='true'/> 103 </service> 104 <service name='network/nfs/rquota' version='1' type='service'> 105 <instance name='default' enabled='true'/> 106 </service> 107 <service name='network/ssh' version='1' type='service'> 108 <instance name='default' enabled='true'/> 109 </service> 110 <service name='network/smtp' version='1' type='service'> 111 <instance name='sendmail' enabled='true'/> 112 </service> 113 <service name='network/inetd' version='1' type='restarter'> 114 <instance name='default' enabled='true'/> 115 </service> 116 <service name='system/filesystem/autofs' version='1' type='service'> 117 <instance name='default' enabled='true'/> 118 </service> 119 <service name='system/filesystem/volfs' version='1' type='service'> 120 <instance name='default' enabled='true'/> 121 </service> 122 <service name='system/power' version='1' type='service'> 123 <instance name='default' enabled='true'/> 124 </service> 125 <service name='application/print/cleanup' version='1' type='service'> 126 <instance name='default' enabled='true' /> 127 </service> 128 <service name='network/pfil' version='1' type='service'> 129 <instance name='default' enabled='true' /> 130 </service> 131 132 <!-- 133 non-default svc.startd(1M) services disabled 134 --> 135 <service name='network/dhcp-server' version='1' type='service'> 136 <instance name='default' enabled='false' /> 137 </service> 138 <service name='network/ntp' version='1' type='service'> 139 <instance name='default' enabled='false' /> 140 </service> 141 <service name='network/rarp' version='1' type='service'> 142 <instance name='default' enabled='false' /> 143 </service> 144 <service name='network/slp' version='1' type='service'> 145 <instance name='default' enabled='false' /> 146 </service> 147 <service name='network/security/kadmin' version='1' type='service'> 148 <instance name='default' enabled='false' /> 149 </service> 150 <service name='network/security/krb5_prop' version='1' type='service'> 151 <instance name='default' enabled='false' /> 152 </service> 153 <service name='network/security/krb5kdc' version='1' type='service'> 154 <instance name='default' enabled='false' /> 155 </service> 156 157 <!-- 158 default inetd(1M) services disabled 159 --> 160 <service name='network/finger' version='1' type='service'> 161 <instance name='default' enabled='false'/> 162 </service> 163 <service name='network/ftp' version='1' type='service'> 164 <instance name='default' enabled='false'/> 165 </service> 166 <service name='network/login' version='1' type='service'> 167 <instance name='rlogin' enabled='false'/> 168 <!-- 169 non-default inetd(1M) instances disabled 170 --> 171 <instance name='klogin' enabled='false'/> 172 <instance name='eklogin' enabled='false'/> 173 </service> 174 <service name='network/shell' version='1' type='service'> 175 <instance name='default' enabled='false'/> 176 <!-- 177 non-default inetd(1M) instance disabled 178 --> 179 <instance name='kshell' enabled='false'/> 180 </service> 181 <service name='network/telnet' version='1' type='service'> 182 <instance name='default' enabled='false'/> 183 </service> 184 185 <!-- 186 non-default inetd(1M) services disabled 187 --> 188 <service name='network/tname' version='1' type='service'> 189 <instance name='default' enabled='false'/> 190 </service> 191 <service name='network/uucp' version='1' type='service'> 192 <instance name='default' enabled='false'/> 193 </service> 194 <service name='network/chargen' version='1' type='service'> 195 <instance name='stream' enabled='false'/> 196 <instance name='dgram' enabled='false'/> 197 </service> 198 <service name='network/daytime' version='1' type='service'> 199 <instance name='stream' enabled='false'/> 200 <instance name='dgram' enabled='false'/> 201 </service> 202 <service name='network/discard' version='1' type='service'> 203 <instance name='stream' enabled='false'/> 204 <instance name='dgram' enabled='false'/> 205 </service> 206 <service name='network/echo' version='1' type='service'> 207 <instance name='stream' enabled='false'/> 208 <instance name='dgram' enabled='false'/> 209 </service> 210 <service name='network/time' version='1' type='service'> 211 <instance name='stream' enabled='false'/> 212 <instance name='dgram' enabled='false'/> 213 </service> 214 <service name='network/comsat' version='1' type='service'> 215 <instance name='default' enabled='false'/> 216 </service> 217 <service name='network/rexec' version='1' type='service'> 218 <instance name='default' enabled='false'/> 219 </service> 220 <service name='network/talk' version='1' type='service'> 221 <instance name='default' enabled='false'/> 222 </service> 223 224 <!-- 225 default inetd(1M) RPC services enabled 226 --> 227 <service name='network/rpc/gss' version='1' type='service'> 228 <instance name='default' enabled='true'/> 229 </service> 230 <service name='network/rpc/mdcomm' version='1' type='service'> 231 <instance name='default' enabled='true'/> 232 </service> 233 <service name='network/rpc/meta' version='1' type='service'> 234 <instance name='default' enabled='true'/> 235 </service> 236 <service name='network/rpc/metamed' version='1' type='service'> 237 <instance name='default' enabled='true'/> 238 </service> 239 <service name='network/rpc/metamh' version='1' type='service'> 240 <instance name='default' enabled='true'/> 241 </service> 242 <service name='network/rpc/smserver' version='1' type='service'> 243 <instance name='default' enabled='true'/> 244 </service> 245 <service name='network/security/ktkt_warn' version='1' type='service'> 246 <instance name='default' enabled='true'/> 247 </service> 248 249 <!-- 250 default inetd(1M) RPC services disabled 251 --> 252 <service name='network/rpc/rstat' version='1' type='service'> 253 <instance name='default' enabled='false'/> 254 </service> 255 <service name='network/rpc/rusers' version='1' type='service'> 256 <instance name='default' enabled='false'/> 257 </service> 258 259 <!-- 260 non-default inetd(1M) RPC services disabled 261 --> 262 <service name='network/rpc/ocfserv' version='1' type='service'> 263 <instance name='default' enabled='false'/> 264 </service> 265 <service name='network/rpc/rex' version='1' type='service'> 266 <instance name='default' enabled='false'/> 267 </service> 268 <service name='network/rpc/spray' version='1' type='service'> 269 <instance name='default' enabled='false'/> 270 </service> 271 <service name='network/rpc/wall' version='1' type='service'> 272 <instance name='default' enabled='false'/> 273 </service> 274 275</service_bundle> 276