xref: /titanic_44/usr/src/cmd/svc/profile/generic_limited_net.xml (revision 4bc0a2ef2b7ba50a7a717e7ddbf31472ad28e358)
1<?xml version='1.0'?>
2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
3<!--
4 Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
5 Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License, Version 1.0 only
11 (the "License").  You may not use this file except in compliance
12 with the License.
13
14 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
15 or http://www.opensolaris.org/os/licensing.
16 See the License for the specific language governing permissions
17 and limitations under the License.
18
19 When distributing Covered Code, include this CDDL HEADER in each
20 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
21 If applicable, add the following below this CDDL HEADER, with the
22 fields enclosed by brackets "[]" replaced with your own identifying
23 information: Portions Copyright [yyyy] [name of copyright owner]
24
25 CDDL HEADER END
26
27    ident	"%Z%%M%	%I%	%E% SMI"
28
29    The purpose of the limited_net profile is to provide a set of active
30    services that allow one to connect to the machine via ssh (requires
31    sshd,) to be authenticated (requires rpc,) and to access network
32    filesystems (requires nfs.)  The services which are deactivated here
33    are those that are at odds with this goal.  Those which are activated
34    are explicit requirements for the goal's satisfaction.
35
36    NOTE:  Service profiles delivered by this package are not editable,
37    and their contents will be overwritten by package or patch
38    operations, including operating system upgrade.  Make customizations
39    in a distinct file.  The path, /var/svc/profile/site.xml, is a
40    distinguished location for a site-specific service profile, treated
41    otherwise equivalently to this file.
42-->
43<service_bundle type='profile' name='generic_limited_net'
44	 xmlns:xi='http://www.w3.org/2003/XInclude' >
45  <!--
46      Include name service profile, as set by system id tools.
47  -->
48  <xi:include href='file:/var/svc/profile/name_service.xml' />
49
50  <!--
51      svc.startd(1M) services
52  -->
53  <service name='system/coreadm' version='1' type='service'>
54    <instance name='default' enabled='true'/>
55  </service>
56  <service name='system/cron' version='1' type='service'>
57    <instance name='default' enabled='true'/>
58  </service>
59  <service name='system/cryptosvc' version='1' type='service'>
60    <instance name='default' enabled='true'/>
61  </service>
62  <service name='system/identity' version='1' type='service'>
63    <instance name='domain' enabled='true'/>
64  </service>
65  <service name='system/intrd' version='1' type='service'>
66    <instance name='default' enabled='true'/>
67  </service>
68  <service name='system/keymap' version='1' type='service'>
69    <instance name='default' enabled='true'/>
70  </service>
71  <service name='system/picl' version='1' type='service'>
72    <instance name='default' enabled='true'/>
73  </service>
74  <service name='system/sac' version='1' type='service'>
75    <instance name='default' enabled='true'/>
76  </service>
77  <service name='system/system-log' version='1' type='service'>
78    <instance name='default' enabled='true'/>
79  </service>
80  <service name='system/utmp' version='1' type='service'>
81    <instance name='default' enabled='true'/>
82  </service>
83  <service name='system/zones' version='1' type='service'>
84    <instance name='default' enabled='true'/>
85  </service>
86  <service name='network/rpc/bind' version='1' type='service'>
87    <instance name='default' enabled='true'/>
88  </service>
89  <service name='system/name-service-cache' version='1' type='service'>
90    <instance name='default' enabled='true'/>
91  </service>
92  <service name='network/nfs/status' version='1' type='service'>
93    <instance name='default' enabled='true'/>
94  </service>
95  <service name='network/nfs/nlockmgr' version='1' type='service'>
96    <instance name='default' enabled='true'/>
97  </service>
98  <service name='network/nfs/client' version='1' type='service'>
99    <instance name='default' enabled='true'/>
100  </service>
101  <service name='network/nfs/server' version='1' type='service'>
102    <instance name='default' enabled='true'/>
103  </service>
104  <service name='network/nfs/rquota' version='1' type='service'>
105    <instance name='default' enabled='true'/>
106  </service>
107  <service name='network/ssh' version='1' type='service'>
108    <instance name='default' enabled='true'/>
109  </service>
110  <service name='network/smtp' version='1' type='service'>
111    <instance name='sendmail' enabled='true'/>
112  </service>
113  <service name='network/inetd' version='1' type='restarter'>
114    <instance name='default' enabled='true'/>
115  </service>
116  <service name='system/filesystem/autofs' version='1' type='service'>
117    <instance name='default' enabled='true'/>
118  </service>
119  <service name='system/filesystem/volfs' version='1' type='service'>
120    <instance name='default' enabled='true'/>
121  </service>
122  <service name='system/power' version='1' type='service'>
123    <instance name='default' enabled='true'/>
124  </service>
125  <service name='application/print/cleanup' version='1' type='service'>
126    <instance name='default' enabled='true' />
127  </service>
128  <service name='network/pfil' version='1' type='service'>
129    <instance name='default' enabled='true' />
130  </service>
131
132  <!--
133      non-default svc.startd(1M) services disabled
134  -->
135  <service name='network/dhcp-server' version='1' type='service'>
136    <instance name='default' enabled='false' />
137  </service>
138  <service name='network/ntp' version='1' type='service'>
139    <instance name='default' enabled='false' />
140  </service>
141  <service name='network/rarp' version='1' type='service'>
142    <instance name='default' enabled='false' />
143  </service>
144  <service name='network/slp' version='1' type='service'>
145    <instance name='default' enabled='false' />
146  </service>
147  <service name='network/security/kadmin' version='1' type='service'>
148    <instance name='default' enabled='false' />
149  </service>
150  <service name='network/security/krb5_prop' version='1' type='service'>
151    <instance name='default' enabled='false' />
152  </service>
153  <service name='network/security/krb5kdc' version='1' type='service'>
154    <instance name='default' enabled='false' />
155  </service>
156
157  <!--
158	default inetd(1M) services disabled
159  -->
160  <service name='network/finger' version='1' type='service'>
161    <instance name='default' enabled='false'/>
162  </service>
163  <service name='network/ftp' version='1' type='service'>
164    <instance name='default' enabled='false'/>
165  </service>
166  <service name='network/login' version='1' type='service'>
167    <instance name='rlogin' enabled='false'/>
168    <!--
169	non-default inetd(1M) instances disabled
170    -->
171    <instance name='klogin' enabled='false'/>
172    <instance name='eklogin' enabled='false'/>
173  </service>
174  <service name='network/shell' version='1' type='service'>
175    <instance name='default' enabled='false'/>
176    <!--
177	non-default inetd(1M) instance disabled
178    -->
179    <instance name='kshell' enabled='false'/>
180  </service>
181  <service name='network/telnet' version='1' type='service'>
182    <instance name='default' enabled='false'/>
183  </service>
184
185  <!--
186	non-default inetd(1M) services disabled
187  -->
188  <service name='network/tname' version='1' type='service'>
189    <instance name='default' enabled='false'/>
190  </service>
191  <service name='network/uucp' version='1' type='service'>
192    <instance name='default' enabled='false'/>
193  </service>
194  <service name='network/chargen' version='1' type='service'>
195    <instance name='stream' enabled='false'/>
196    <instance name='dgram' enabled='false'/>
197  </service>
198  <service name='network/daytime' version='1' type='service'>
199    <instance name='stream' enabled='false'/>
200    <instance name='dgram' enabled='false'/>
201  </service>
202  <service name='network/discard' version='1' type='service'>
203    <instance name='stream' enabled='false'/>
204    <instance name='dgram' enabled='false'/>
205  </service>
206  <service name='network/echo' version='1' type='service'>
207    <instance name='stream' enabled='false'/>
208    <instance name='dgram' enabled='false'/>
209  </service>
210  <service name='network/time' version='1' type='service'>
211    <instance name='stream' enabled='false'/>
212    <instance name='dgram' enabled='false'/>
213  </service>
214  <service name='network/comsat' version='1' type='service'>
215    <instance name='default' enabled='false'/>
216  </service>
217  <service name='network/rexec' version='1' type='service'>
218    <instance name='default' enabled='false'/>
219  </service>
220  <service name='network/talk' version='1' type='service'>
221    <instance name='default' enabled='false'/>
222  </service>
223
224  <!--
225	default inetd(1M) RPC services enabled
226  -->
227  <service name='network/rpc/gss' version='1' type='service'>
228    <instance name='default' enabled='true'/>
229  </service>
230  <service name='network/rpc/mdcomm' version='1' type='service'>
231    <instance name='default' enabled='true'/>
232  </service>
233  <service name='network/rpc/meta' version='1' type='service'>
234    <instance name='default' enabled='true'/>
235  </service>
236  <service name='network/rpc/metamed' version='1' type='service'>
237    <instance name='default' enabled='true'/>
238  </service>
239  <service name='network/rpc/metamh' version='1' type='service'>
240    <instance name='default' enabled='true'/>
241  </service>
242  <service name='network/rpc/smserver' version='1' type='service'>
243    <instance name='default' enabled='true'/>
244  </service>
245  <service name='network/security/ktkt_warn' version='1' type='service'>
246    <instance name='default' enabled='true'/>
247  </service>
248
249  <!--
250	default inetd(1M) RPC services disabled
251  -->
252  <service name='network/rpc/rstat' version='1' type='service'>
253    <instance name='default' enabled='false'/>
254  </service>
255  <service name='network/rpc/rusers' version='1' type='service'>
256    <instance name='default' enabled='false'/>
257  </service>
258
259  <!--
260	non-default inetd(1M) RPC services disabled
261  -->
262  <service name='network/rpc/ocfserv' version='1' type='service'>
263    <instance name='default' enabled='false'/>
264  </service>
265  <service name='network/rpc/rex' version='1' type='service'>
266    <instance name='default' enabled='false'/>
267  </service>
268  <service name='network/rpc/spray' version='1' type='service'>
269    <instance name='default' enabled='false'/>
270  </service>
271  <service name='network/rpc/wall' version='1' type='service'>
272    <instance name='default' enabled='false'/>
273  </service>
274
275</service_bundle>
276