2.3 Establish a Secure Baseline - Make sure that /network/smtp:sendmail only allows local connections (netservices limited)

Information

Starting with Solaris 10 11/06, Oracle has provided an option for new installations to install the system as 'Secure By Default (SBD).'

Use of this installation option provides a secure system base in which the only network service that is enabled for remote access is Secure Shell (ssh). Some services, such as sendmail(1M) and syslogd(1M), are enabled for local connections only.

Users who are upgrading to this release or who wish to establish a secure baseline may invoke the SBD settings by running the netservices(1M) command. SBD settings will not be reversed by applying patches.

Solution

To establish a hardened OS baseline as recommended by Oracle, run the netservices (1M) command as follows-
netservices limited

Note - At present, there is a known bug that prevents webconsole from refreshing after 'netservices limited' is run-
6555726 svc:/system/webconsole SMF service doesn't have a refresh method
Until a patch is available, this bug requires that an extra step be performed to restart the webconsole as follows-
svcadm restart svc:/system/webconsole:console

See Also

https://workbench.cisecurity.org/files/614