Information Technology Reference
In-Depth Information
The Container can make outbound requests only to a specific set of IP ad-
dresses and port numbers associated with trusted NTP servers.
■
The Container can set the system's time clock.
■
The Container has minimal abilities beside the ones it needs to perform its
task.
■
A Solaris Container can be configured to meet that list of needs.
A Container has its own Service Management Facility (SMF). Most of the
services managed by SMF may be disabled if you are limiting the abilities of a
Container. The Container that will manage the time clock can be configured so
that it does not respond to any inbound network connection requests by disabling
all network services. Also, Configurable Privileges enables you to remove unnec-
essary privileges from the Container, and to add the one nondefault privilege it
needs. That privilege is
sys_time
, which is required to use the
stime
(2) system
call. That system call is the only method that a program can use to modify the
system time clock.
Figure 8.17 shows the Container named
timelord
, the NIC it uses, and the
system's time clock, which will be modified by the Container. It also shows a dif-
ferent internal network, plus the Container for the application. The application
Container will share the NIC labeled as
bge0
with the global zone.
Container
“timelord”
Internet
bge1
Application
Container
Internal
Network
Global
Zone
bge0
Figure 8.17
A Secure Network Service
This outline shows the steps to accomplish the goals described earlier in this sec-
tion. It can be generalized to harden any service, not just an NTP client.
1. Configure a sparse-root Container with a
zonepath
and
zonename
, but
without any network access yet. This step prevents network attacks while
you harden the Container.
2. Install the Container.
3. Add an appropriate
/etc/sysidcfg
file to the Container.
4. Boot the Container. This automatically configures SMF with default services.
Search WWH ::
Custom Search