| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Cluster Security Guide Oracle Solaris Cluster 4.0 |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris Cluster Security Guide Oracle Solaris Cluster 4.0 |
1. Introduction to Oracle Solaris Cluster Security
Overview of Oracle Solaris Cluster and Security
Secure Installation and Configuration
This section contains information about specific security mechanisms offered by Oracle Solaris Cluster.
A secure installation uses the following critical security features:
Role-Based Access Control (RBAC) – If you are not a superuser, use the RBAC roles of solaris.cluster.modify, solaris.cluster.admin, and solaris.cluster.read to access the cluster. For more information, see Oracle Solaris Cluster RBAC Rights Profiles in Oracle Solaris Cluster System Administration Guide.
New Nodes – Use the claccess command or clsetup utility with superuser privileges to add a node to a cluster. For more information, see Chapter 8, Adding and Removing a Node, in Oracle Solaris Cluster System Administration Guide.
Zone Clusters – A zone cluster is a cluster of non-global Oracle Solaris Container zones. All nodes of a zone cluster are configured as non-global zones of the solaris brand that are set with the cluster attribute. No other brand type is permitted in a zone cluster. You can run supported services on the zone cluster similar to a global cluster, with the isolation that is provided by Oracle Solaris zones. For more information, see Configuring a Zone Cluster in Oracle Solaris Cluster Software Installation Guide and Working With a Zone Cluster in Oracle Solaris Cluster System Administration Guide.
Secure Connections to Cluster Consoles – You must establish secure shell connections to the consoles of the cluster nodes. For more information on the pconsole utility, see How to Connect Securely to Cluster Consoles in Oracle Solaris Cluster System Administration Guide.
Common Agent Container – Oracle Solaris Cluster Manager uses strong encryption techniques to ensure secure communication between the Oracle Solaris Cluster Manager web server and each cluster node.
Logging – Oracle Solaris Cluster uses the syslogd(1M) command to record error and status messages. Ensure that you set up the /etc/syslog.conf file to control where the messages are stored. You should also securely protect the log files, such as the /var/adm/messages file. For more information, see Beginning to Administer the Cluster in Oracle Solaris Cluster System Administration Guide.
Auditing – Oracle Solaris Cluster stores all executed commands in the /var/cluster/logs/commandlog file, and you should set the protections on the file as appropriate. For more information, see How to View the Contents of Oracle Solaris Cluster Command Logs in Oracle Solaris Cluster System Administration Guide.
Oracle Solaris Operating System (OS) Hardening – Oracle Solaris Cluster uses security hardening techniques to reconfigure the Solaris OS into a hardened state. Additionally, it can activate the Oracle Solaris system audit. Oracle's Solaris Security Toolkit, formerly known as the JumpStart Architecture and Security Scripts (JASS) Toolkit, can be used to secure SPARC-based and x86/x64-based systems. For more information, see the Solaris Security Toolkit.
|