Navigation

Configuring and Managing JumpStart Servers

This entry was posted in Solaris Administration and tagged , , , on June 17, 2012, by

This chapter provides information for configuring and managing JumpStart servers to use the Solaris Security Toolkit software. JumpStart technology, which is Sun’s network-based Solaris OS installation mechanism, can run Solaris Security Toolkit software during the installation process.

The Solaris Security Toolkit’s JumpStart mode is based on JumpStart technology, available for the Solaris OS product since version 2.1. JumpStart technology helps you manage complexity by fully automating the Solaris OS and system software installation, facilitating the correctness and standardization of systems. It provides a way to meet the requirements of rapidly installing and deploying systems.

The advantages of using JumpStart technology are apparent in the area of system security. By using JumpStart technology with the Solaris Security Toolkit software, you can secure systems during automated Solaris OS installations. This practice helps ensure that system security is standardized and addressed at the time of system installation. To obtain the JumpStart Enterprise Toolkit (JET), which facilitates JumpStart-based installations and includes modules to support hardening with the Solaris Security Toolkit, go to the Sun Software Download site at:

http://www.sun.com/download/

For more information about JumpStart technology, refer to the Sun BluePrints book JumpStart Technology: Effective Use in the Solaris Operating Environment.

This chapter contains the following topics:

Configuring JumpStart Servers and Environments

For use in a JumpStart environment, install the Solaris Security Toolkit source in /opt/SUNWjass (for pkg downloads) into the base directory of the JumpStart server. The default directory is /jumpstart on a JumpStart server. After this task is done, JASS_HOME_DIR becomes the base directory of the JumpStart server.

This section assumes that the reader is familiar with JumpStart technology and has an existing JumpStart environment available.

Only a few steps are required to integrate the Solaris Security Toolkit software into a JumpStart architecture.

 

procedure icon  To Configure for JumpStart Mode

1. Install the Solaris Security Toolkit source into the root directory of the JumpStart server.

The Solaris Security Toolkit could be installed into JASS_REPOSITORY, which is /jumpstart in this case, as shown in the following example:

 

# pwd
/opt/SUNWjass
# pkgadd -R /jumpstart -d . SUNWjass

Typically, the Solaris Security Toolkit software is installed in the SI_CONFIG_DIR of the JumpStart server, which would normally also be JASS_HOME_DIR.

2. If you make any modifications to the Solaris 2.5.1 OS sysidcfg file, make them to the one in the JASS_HOME_DIR/Sysidcfg/Solaris_2.5.1 directory.

If you are using Solaris 2.5.1 OS, the sysidcfg file in JASS_HOME_DIR/Sysidcfg/Solaris_2.5.1 cannot be used directly because this version of Solaris only supports sysidcfg files in SI_CONFIG_DIR and not in separate subdirectories. To address this limitation on Solaris 2.5.1 OS, the Solaris Security Toolkit software has SI_CONFIG_DIR/sysidcfg, which is linked to the JASS_HOME_DIR/Sysidcfg/Solaris_2.5.1/sysidcfg file.

3. Copy the JASS_HOME_DIR/Drivers/user.init.SAMPLE to JASS_HOME_DIR/Drivers/user.init with the following command:

 

# pwd
/jumpstart/opt/SUNWjass/Drivers
# cp user.init.SAMPLE user.init

4. If you want to install the Solaris Security Toolkit package onto the target system during a JumpStart install, you must place the package in the JASS_PACKAGE_MOUNT directory defined in your user.init file. For example:

 

# cp /path/to/SUNWjass.pkg JASS_HOME_DIR/Packages

5. If you experience problems with a multihomed JumpStart server, modify the two entries for JASS_PACKAGE_MOUNT and JASS_PATCH_MOUNT to the correct path to the JASS_HOME_DIR/Patches and JASS_HOME_DIR/Packages directories.

6. If you want to install the Solaris Security Toolkit software under a subdirectory of SI_CONFIG_DIR, such as SI_CONFIG_DIR/path/to/JASS, then add the following to the user.init file:

 

if [ -z "${JASS_HOME_DIR}" ]; then
        if [ "${JASS_STANDALONE}" = 0 ]; then
                        JASS_HOME_DIR="${SI_CONFIG_DIR}/path/to/JASS"
        fi
fi
export JASS_HOME_DIR

7. Select or create a Solaris Security Toolkit driver (for example, the default secure.driver).

  • If all the scripts listed in the hardening.driver and config.driver are to be used, then add the Drivers/secure.driver path to the rules file.

     

  • If only selected scripts are to be used, make copies of those files, then modify the copies. Refer to “Customizing Drivers” in Chapter 4 of the Solaris Security Toolkit 4.2 Reference Manual for instructions about copying and modifying drivers

Leave a Reply

Your email address will not be published. Required fields are marked *

Login




Recent Posts

Tags

Containers DHCP ESX FAQ Jass Jumpstart LVM NFS NIC NIS Oracle Predictive QLx40xx QLx40xx FCode RAID RAID-Z redhat Runlevels Samba SAN boot Sar Scenarios Securing Systems Security Toolkit software Self-Healing Services SMF Software Companents Solaris Solaris + Emulex HBA Solaris 10 solaris 10 boot from SAN Solaris 10 OS Solaris zone Solaris Zones Sun Sun Microsystems SVM swap VCS Volume Manager VXVM ZFS Zone Zones

Quick Links

Copyright 2017 ©Aceadmins. All rights reserved.