harden non-global zones using Solaris Security Toolkit not pkgrm.
harden the global zone using Solaris Security Toolkit so that any
subsequent non-global zones created,will automatically be hardened.
pkgrm is the underlying mechanism to remove software packages from Solaris.
If a package is zone-aware, you would use pkgrm to remove it from the zones.
Depending on what the customer's definition of "hardening" may be, it could be possible to satisfy this requirement without using pkgrm.
Basically, hardening the system should not cause issues.
That is as long as you don't remove basic zones functionality, I'm assuming you'll pkgrm some packages etc.
I'd suggest just trying it on a test system first.
The minumum cluster that zones functionality is deliverd in is SUNWCuser.
But it should be possible to start lower, i.e. SUNWCreq and build up, the following e-mail threads have some further discussion on this very topic.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment