Beeing a security enthusiast, with quite some experience in the field, I always try to harden the systems before letting them go in production. Typically, I have always been using YASSP then JASS (which became SST) to harden Solaris systems. These toolkits perform a configurable set of configuration changes to the system, in order to make it more secure.
When creating a zone with OpenSolaris, you can harden it with the same procedure as for a server. This is a first, standard step, but it is possible to go further in the hardening process by customizing the zone to restrict filesystem access rights and the privilege set available from within the zone. In this post, we will use the example of a zone implementing an SSH login gateway, and lock it down as much as possible.
Mediatomb is a nice, open-source media server which works pretty well with a PS3; if you add ffmpeg, you will also be able to transcode files on-the-fly. Unfortunately, it seems there is no packaged version of these pieces software for OpenSolaris, so that they have to be built from source, which is far from beeing trivial on that platform. Take a look at my notes if you consider doing this yourself.
Mac OS X is a very interesting operating system; not only it has one of the most user-friendly interfaces for a desktop, but is is also UNIX-based. However, as far as networking is concerned, a lot of specific protocols must be used, which are quite different from what you find in a more traditional Windows environment. In this post we explore what has to be set up on a NAS to provide seamless integration for the Mac OS X users.
Configuring disk standby is of no use if your disks keep getting accesses. It seems that a lot of disk accesses can be happening during a single day, for no (apparent) usefull reason. Here are a few steps I followed to minimize disk activity on my OpenSolaris server.
BrandZ are a nice feature of OpenSolaris which enable you to run a Linux operating system in a zone; there are a number of limitations, but it might help you run Linux applications without having to recompile them for OpenSolaris. However, setup of such zones is far from being trivial; in this post we will see how to install such a zone to run Debian 5.
SSH introduces a very nice feature to users, which is X11 forwarding. With the use of a simple switch when connecting to the remote server, the X11 connection is automatically set up; no need for xhost and export DISPLAY commands anymore. However, if you use su or sudo to start a command or shell as another user, you will loose this X11 connection, and will have to set it up manually again. In this post I will show you a tool which will enable you to keep your X11 connection when using sudo.
The T-Balancer Fan Controler is a very good piece of hardware, and I am using this product in every PC I have. The controler has to be programmed and can then be monitored using an USB connection. Without much surprise there is no support for OpenSolaris, but the protocol is documented and existing open source software can be found.
Power management is not the strongest point of OpenSolaris, and documentation is quite poor. In this article, we'll see how to implement basic power management for disks using the ATA driver
Learn how to export directories under OpenSolaris, for use with a client PC running Windows.