1<?xml version='1.0'?> 2<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> 3<!-- 4 Copyright 2005 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License, Version 1.0 only 11 (the "License"). You may not use this file except in compliance 12 with the License. 13 14 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 15 or http://www.opensolaris.org/os/licensing. 16 See the License for the specific language governing permissions 17 and limitations under the License. 18 19 When distributing Covered Code, include this CDDL HEADER in each 20 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 21 If applicable, add the following below this CDDL HEADER, with the 22 fields enclosed by brackets "[]" replaced with your own identifying 23 information: Portions Copyright [yyyy] [name of copyright owner] 24 25 CDDL HEADER END 26 27 ident "%Z%%M% %I% %E% SMI" 28 29 The purpose of the limited_net profile is to provide a set of active 30 services that allow one to connect to the machine via ssh (requires 31 sshd,) to be authenticated (requires rpc,) and to access network 32 filesystems (requires nfs.) The services which are deactivated here 33 are those that are at odds with this goal. Those which are activated 34 are explicit requirements for the goal's satisfaction. 35 36 NOTE: Service profiles delivered by this package are not editable, 37 and their contents will be overwritten by package or patch 38 operations, including operating system upgrade. Make customizations 39 in a distinct file. The path, /var/svc/profile/site.xml, is a 40 distinguished location for a site-specific service profile, treated 41 otherwise equivalently to this file. 42--> 43<service_bundle type='profile' name='generic_limited_net' 44 xmlns:xi='http://www.w3.org/2003/XInclude' > 45 <!-- 46 Include name service profile, as set by system id tools. 47 --> 48 <xi:include href='file:/var/svc/profile/name_service.xml' /> 49 50 <!-- 51 svc.startd(1M) services 52 --> 53 <service name='system/coreadm' version='1' type='service'> 54 <instance name='default' enabled='true'/> 55 </service> 56 <service name='system/cron' version='1' type='service'> 57 <instance name='default' enabled='true'/> 58 </service> 59 <service name='system/cryptosvc' version='1' type='service'> 60 <instance name='default' enabled='true'/> 61 </service> 62 <service name='system/identity' version='1' type='service'> 63 <instance name='domain' enabled='true'/> 64 </service> 65 <service name='system/intrd' version='1' type='service'> 66 <instance name='default' enabled='true'/> 67 </service> 68 <service name='system/keymap' version='1' type='service'> 69 <instance name='default' enabled='true'/> 70 </service> 71 <service name='system/picl' version='1' type='service'> 72 <instance name='default' enabled='true'/> 73 </service> 74 <service name='system/sac' version='1' type='service'> 75 <instance name='default' enabled='true'/> 76 </service> 77 <service name='system/system-log' version='1' type='service'> 78 <instance name='default' enabled='true'/> 79 </service> 80 <service name='system/utmp' version='1' type='service'> 81 <instance name='default' enabled='true'/> 82 </service> 83 <service name='system/zones' version='1' type='service'> 84 <instance name='default' enabled='true'/> 85 </service> 86 <service name='network/rpc/bind' version='1' type='service'> 87 <instance name='default' enabled='true'/> 88 </service> 89 <service name='system/name-service-cache' version='1' type='service'> 90 <instance name='default' enabled='true'/> 91 </service> 92 <service name='network/nfs/status' version='1' type='service'> 93 <instance name='default' enabled='true'/> 94 </service> 95 <service name='network/nfs/nlockmgr' version='1' type='service'> 96 <instance name='default' enabled='true'/> 97 </service> 98 <service name='network/nfs/client' version='1' type='service'> 99 <instance name='default' enabled='true'/> 100 </service> 101 <service name='network/nfs/server' version='1' type='service'> 102 <instance name='default' enabled='true'/> 103 </service> 104 <service name='network/nfs/rquota' version='1' type='service'> 105 <instance name='default' enabled='true'/> 106 </service> 107 <service name='network/ssh' version='1' type='service'> 108 <instance name='default' enabled='true'/> 109 </service> 110 <service name='network/smtp' version='1' type='service'> 111 <instance name='sendmail' enabled='true'/> 112 </service> 113 <service name='network/inetd' version='1' type='restarter'> 114 <instance name='default' enabled='true'/> 115 </service> 116 <service name='system/filesystem/autofs' version='1' type='service'> 117 <instance name='default' enabled='true'/> 118 </service> 119 <service name='system/power' version='1' type='service'> 120 <instance name='default' enabled='true'/> 121 </service> 122 <service name='application/print/cleanup' version='1' type='service'> 123 <instance name='default' enabled='true' /> 124 </service> 125 <service name='network/pfil' version='1' type='service'> 126 <instance name='default' enabled='true' /> 127 </service> 128 129 <!-- 130 non-default svc.startd(1M) services disabled 131 --> 132 <service name='network/dhcp-server' version='1' type='service'> 133 <instance name='default' enabled='false' /> 134 </service> 135 <service name='network/ntp' version='1' type='service'> 136 <instance name='default' enabled='false' /> 137 </service> 138 <service name='network/rarp' version='1' type='service'> 139 <instance name='default' enabled='false' /> 140 </service> 141 <service name='network/slp' version='1' type='service'> 142 <instance name='default' enabled='false' /> 143 </service> 144 <service name='network/security/kadmin' version='1' type='service'> 145 <instance name='default' enabled='false' /> 146 </service> 147 <service name='network/security/krb5_prop' version='1' type='service'> 148 <instance name='default' enabled='false' /> 149 </service> 150 <service name='network/security/krb5kdc' version='1' type='service'> 151 <instance name='default' enabled='false' /> 152 </service> 153 154 <!-- 155 default inetd(1M) services disabled 156 --> 157 <service name='network/finger' version='1' type='service'> 158 <instance name='default' enabled='false'/> 159 </service> 160 <service name='network/ftp' version='1' type='service'> 161 <instance name='default' enabled='false'/> 162 </service> 163 <service name='network/login' version='1' type='service'> 164 <instance name='rlogin' enabled='false'/> 165 <!-- 166 non-default inetd(1M) instances disabled 167 --> 168 <instance name='klogin' enabled='false'/> 169 <instance name='eklogin' enabled='false'/> 170 </service> 171 <service name='network/shell' version='1' type='service'> 172 <instance name='default' enabled='false'/> 173 <!-- 174 non-default inetd(1M) instance disabled 175 --> 176 <instance name='kshell' enabled='false'/> 177 </service> 178 <service name='network/telnet' version='1' type='service'> 179 <instance name='default' enabled='false'/> 180 </service> 181 182 <!-- 183 non-default inetd(1M) services disabled 184 --> 185 <service name='network/tname' version='1' type='service'> 186 <instance name='default' enabled='false'/> 187 </service> 188 <service name='network/uucp' version='1' type='service'> 189 <instance name='default' enabled='false'/> 190 </service> 191 <service name='network/chargen' version='1' type='service'> 192 <instance name='stream' enabled='false'/> 193 <instance name='dgram' enabled='false'/> 194 </service> 195 <service name='network/daytime' version='1' type='service'> 196 <instance name='stream' enabled='false'/> 197 <instance name='dgram' enabled='false'/> 198 </service> 199 <service name='network/discard' version='1' type='service'> 200 <instance name='stream' enabled='false'/> 201 <instance name='dgram' enabled='false'/> 202 </service> 203 <service name='network/echo' version='1' type='service'> 204 <instance name='stream' enabled='false'/> 205 <instance name='dgram' enabled='false'/> 206 </service> 207 <service name='network/time' version='1' type='service'> 208 <instance name='stream' enabled='false'/> 209 <instance name='dgram' enabled='false'/> 210 </service> 211 <service name='network/comsat' version='1' type='service'> 212 <instance name='default' enabled='false'/> 213 </service> 214 <service name='network/rexec' version='1' type='service'> 215 <instance name='default' enabled='false'/> 216 </service> 217 <service name='network/talk' version='1' type='service'> 218 <instance name='default' enabled='false'/> 219 </service> 220 221 <!-- 222 default inetd(1M) RPC services enabled 223 --> 224 <service name='network/rpc/gss' version='1' type='service'> 225 <instance name='default' enabled='true'/> 226 </service> 227 <service name='network/rpc/mdcomm' version='1' type='service'> 228 <instance name='default' enabled='true'/> 229 </service> 230 <service name='network/rpc/meta' version='1' type='service'> 231 <instance name='default' enabled='true'/> 232 </service> 233 <service name='network/rpc/metamed' version='1' type='service'> 234 <instance name='default' enabled='true'/> 235 </service> 236 <service name='network/rpc/metamh' version='1' type='service'> 237 <instance name='default' enabled='true'/> 238 </service> 239 <service name='network/rpc/smserver' version='1' type='service'> 240 <instance name='default' enabled='true'/> 241 </service> 242 <service name='network/security/ktkt_warn' version='1' type='service'> 243 <instance name='default' enabled='true'/> 244 </service> 245 246 <!-- 247 default inetd(1M) RPC services disabled 248 --> 249 <service name='network/rpc/rstat' version='1' type='service'> 250 <instance name='default' enabled='false'/> 251 </service> 252 <service name='network/rpc/rusers' version='1' type='service'> 253 <instance name='default' enabled='false'/> 254 </service> 255 256 <!-- 257 non-default inetd(1M) RPC services disabled 258 --> 259 <service name='network/rpc/ocfserv' version='1' type='service'> 260 <instance name='default' enabled='false'/> 261 </service> 262 <service name='network/rpc/rex' version='1' type='service'> 263 <instance name='default' enabled='false'/> 264 </service> 265 <service name='network/rpc/spray' version='1' type='service'> 266 <instance name='default' enabled='false'/> 267 </service> 268 <service name='network/rpc/wall' version='1' type='service'> 269 <instance name='default' enabled='false'/> 270 </service> 271 272</service_bundle> 273