xref: /titanic_44/usr/src/cmd/svc/profile/generic_limited_net.xml (revision 7c478bd95313f5f23a4c958a745db2134aa03244)
1<?xml version='1.0'?>
2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
3<!--
4 Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
5 Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License, Version 1.0 only
11 (the "License").  You may not use this file except in compliance
12 with the License.
13
14 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
15 or http://www.opensolaris.org/os/licensing.
16 See the License for the specific language governing permissions
17 and limitations under the License.
18
19 When distributing Covered Code, include this CDDL HEADER in each
20 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
21 If applicable, add the following below this CDDL HEADER, with the
22 fields enclosed by brackets "[]" replaced with your own identifying
23 information: Portions Copyright [yyyy] [name of copyright owner]
24
25 CDDL HEADER END
26
27    ident	"%Z%%M%	%I%	%E% SMI"
28
29    The purpose of the limited_net profile is to provide a set of active
30    services that allow one to connect to the machine via ssh (requires
31    sshd,) to be authenticated (requires rpc,) and to access network
32    filesystems (requires nfs.)  The services which are deactivated here
33    are those that are at odds with this goal.  Those which are activated
34    are explicit requirements for the goal's satisfaction.
35
36    NOTE:  Service profiles delivered by this package are not editable,
37    and their contents will be overwritten by package or patch
38    operations, including operating system upgrade.  Make customizations
39    in a distinct file.  The path, /var/svc/profile/site.xml, is a
40    distinguished location for a site-specific service profile, treated
41    otherwise equivalently to this file.
42-->
43<service_bundle type='profile' name='generic_limited_net'
44	 xmlns:xi='http://www.w3.org/2003/XInclude' >
45  <!--
46      Include name service profile, as set by system id tools.
47  -->
48  <xi:include href='file:/var/svc/profile/name_service.xml' />
49
50  <!--
51      svc.startd(1M) services
52  -->
53  <service name='system/coreadm' version='1' type='service'>
54    <instance name='default' enabled='true'/>
55  </service>
56  <service name='system/cron' version='1' type='service'>
57    <instance name='default' enabled='true'/>
58  </service>
59  <service name='system/cryptosvc' version='1' type='service'>
60    <instance name='default' enabled='true'/>
61  </service>
62  <service name='system/identity' version='1' type='service'>
63    <instance name='domain' enabled='true'/>
64  </service>
65  <service name='system/keymap' version='1' type='service'>
66    <instance name='default' enabled='true'/>
67  </service>
68  <service name='system/picl' version='1' type='service'>
69    <instance name='default' enabled='true'/>
70  </service>
71  <service name='system/sac' version='1' type='service'>
72    <instance name='default' enabled='true'/>
73  </service>
74  <service name='system/system-log' version='1' type='service'>
75    <instance name='default' enabled='true'/>
76  </service>
77  <service name='system/utmp' version='1' type='service'>
78    <instance name='default' enabled='true'/>
79  </service>
80  <service name='system/zones' version='1' type='service'>
81    <instance name='default' enabled='true'/>
82  </service>
83  <service name='network/rpc/bind' version='1' type='service'>
84    <instance name='default' enabled='true'/>
85  </service>
86  <service name='system/name-service-cache' version='1' type='service'>
87    <instance name='default' enabled='true'/>
88  </service>
89  <service name='network/nfs/status' version='1' type='service'>
90    <instance name='default' enabled='true'/>
91  </service>
92  <service name='network/nfs/nlockmgr' version='1' type='service'>
93    <instance name='default' enabled='true'/>
94  </service>
95  <service name='network/nfs/client' version='1' type='service'>
96    <instance name='default' enabled='true'/>
97  </service>
98  <service name='network/nfs/server' version='1' type='service'>
99    <instance name='default' enabled='true'/>
100  </service>
101  <service name='network/nfs/rquota' version='1' type='service'>
102    <instance name='default' enabled='true'/>
103  </service>
104  <service name='network/ssh' version='1' type='service'>
105    <instance name='default' enabled='true'/>
106  </service>
107  <service name='network/smtp' version='1' type='service'>
108    <instance name='sendmail' enabled='true'/>
109  </service>
110  <service name='network/inetd' version='1' type='restarter'>
111    <instance name='default' enabled='true'/>
112  </service>
113  <service name='system/filesystem/autofs' version='1' type='service'>
114    <instance name='default' enabled='true'/>
115  </service>
116  <service name='system/power' version='1' type='service'>
117    <instance name='default' enabled='true'/>
118  </service>
119  <service name='application/print/cleanup' version='1' type='service'>
120    <instance name='default' enabled='true' />
121  </service>
122  <service name='network/pfil' version='1' type='service'>
123    <instance name='default' enabled='true' />
124  </service>
125
126  <!--
127      non-default svc.startd(1M) services disabled
128  -->
129  <service name='network/dhcp-server' version='1' type='service'>
130    <instance name='default' enabled='false' />
131  </service>
132  <service name='network/ntp' version='1' type='service'>
133    <instance name='default' enabled='false' />
134  </service>
135  <service name='network/rarp' version='1' type='service'>
136    <instance name='default' enabled='false' />
137  </service>
138  <service name='network/slp' version='1' type='service'>
139    <instance name='default' enabled='false' />
140  </service>
141  <service name='network/security/kadmin' version='1' type='service'>
142    <instance name='default' enabled='false' />
143  </service>
144  <service name='network/security/krb5_prop' version='1' type='service'>
145    <instance name='default' enabled='false' />
146  </service>
147  <service name='network/security/krb5kdc' version='1' type='service'>
148    <instance name='default' enabled='false' />
149  </service>
150
151  <!--
152	default inetd(1M) services disabled
153  -->
154  <service name='network/finger' version='1' type='service'>
155    <instance name='default' enabled='false'/>
156  </service>
157  <service name='network/ftp' version='1' type='service'>
158    <instance name='default' enabled='false'/>
159  </service>
160  <service name='network/login' version='1' type='service'>
161    <instance name='rlogin' enabled='false'/>
162    <!--
163	non-default inetd(1M) instances disabled
164    -->
165    <instance name='klogin' enabled='false'/>
166    <instance name='eklogin' enabled='false'/>
167  </service>
168  <service name='network/shell' version='1' type='service'>
169    <instance name='default' enabled='false'/>
170    <!--
171	non-default inetd(1M) instance disabled
172    -->
173    <instance name='kshell' enabled='false'/>
174  </service>
175  <service name='network/telnet' version='1' type='service'>
176    <instance name='default' enabled='false'/>
177  </service>
178
179  <!--
180	non-default inetd(1M) services disabled
181  -->
182  <service name='network/tname' version='1' type='service'>
183    <instance name='default' enabled='false'/>
184  </service>
185  <service name='network/uucp' version='1' type='service'>
186    <instance name='default' enabled='false'/>
187  </service>
188  <service name='network/chargen' version='1' type='service'>
189    <instance name='stream' enabled='false'/>
190    <instance name='dgram' enabled='false'/>
191  </service>
192  <service name='network/daytime' version='1' type='service'>
193    <instance name='stream' enabled='false'/>
194    <instance name='dgram' enabled='false'/>
195  </service>
196  <service name='network/discard' version='1' type='service'>
197    <instance name='stream' enabled='false'/>
198    <instance name='dgram' enabled='false'/>
199  </service>
200  <service name='network/echo' version='1' type='service'>
201    <instance name='stream' enabled='false'/>
202    <instance name='dgram' enabled='false'/>
203  </service>
204  <service name='network/time' version='1' type='service'>
205    <instance name='stream' enabled='false'/>
206    <instance name='dgram' enabled='false'/>
207  </service>
208  <service name='network/comsat' version='1' type='service'>
209    <instance name='default' enabled='false'/>
210  </service>
211  <service name='network/rexec' version='1' type='service'>
212    <instance name='default' enabled='false'/>
213  </service>
214  <service name='network/talk' version='1' type='service'>
215    <instance name='default' enabled='false'/>
216  </service>
217
218  <!--
219	default inetd(1M) RPC services enabled
220  -->
221  <service name='network/rpc/gss' version='1' type='service'>
222    <instance name='default' enabled='true'/>
223  </service>
224  <service name='network/rpc/mdcomm' version='1' type='service'>
225    <instance name='default' enabled='true'/>
226  </service>
227  <service name='network/rpc/meta' version='1' type='service'>
228    <instance name='default' enabled='true'/>
229  </service>
230  <service name='network/rpc/metamed' version='1' type='service'>
231    <instance name='default' enabled='true'/>
232  </service>
233  <service name='network/rpc/metamh' version='1' type='service'>
234    <instance name='default' enabled='true'/>
235  </service>
236  <service name='network/rpc/smserver' version='1' type='service'>
237    <instance name='default' enabled='true'/>
238  </service>
239  <service name='network/security/ktkt_warn' version='1' type='service'>
240    <instance name='default' enabled='true'/>
241  </service>
242
243  <!--
244	default inetd(1M) RPC services disabled
245  -->
246  <service name='network/rpc/rstat' version='1' type='service'>
247    <instance name='default' enabled='false'/>
248  </service>
249  <service name='network/rpc/rusers' version='1' type='service'>
250    <instance name='default' enabled='false'/>
251  </service>
252
253  <!--
254	non-default inetd(1M) RPC services disabled
255  -->
256  <service name='network/rpc/ocfserv' version='1' type='service'>
257    <instance name='default' enabled='false'/>
258  </service>
259  <service name='network/rpc/rex' version='1' type='service'>
260    <instance name='default' enabled='false'/>
261  </service>
262  <service name='network/rpc/spray' version='1' type='service'>
263    <instance name='default' enabled='false'/>
264  </service>
265  <service name='network/rpc/wall' version='1' type='service'>
266    <instance name='default' enabled='false'/>
267  </service>
268
269</service_bundle>
270