Book Image

Oracle Solaris 11: First Look

By : Philip P. Brown
Book Image

Oracle Solaris 11: First Look

By: Philip P. Brown

Overview of this book

Oracle Solaris provides innovative, built-in features that deliver breakthrough high availability, advanced security, efficiency, and industry-leading scalability and performance to help businesses grow. "Oracle Solaris 11: First Look" covers the new features and functionality of Oracle Solaris 11 and how these new features and improvements will make it easier to deploy services to the enterprise while improving performance and reducing total cost of ownership.This book starts with coverage of Image Packaging System and the new installation methods. It then moves swiftly to network configuration. The book also includes some security features and improvements.  

Related Content you might be interested in

Current Title:

Small book image
Oracle Solaris 11: First Look
Philip P. Brown
Jan, 2013 | 168 pages
No titles found
Table of Contents (19 chapters)
Oracle Solaris 11: First Look
Oracle Solaris 11: First Look
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
IPS – The Image Packaging System
IPS – The Image Packaging System
The brave new world of IPS
Repositories/repos
Package naming schemes
Overview of package and patch installation
Practical examples of pkg command usage
Dealing with repositories
Package updates and patching
Summary
2
Solaris 11 Installation Methods
Solaris 11 Installation Methods
It's the Oracle of install systems!
Default passwords
Installation from CD-ROM
Overview of how AI install works
Network bootstrap process details
Setting up a local install server with installadm
Common traps and pitfalls
Solaris 11 release version versus support version
Summary
3
Sysadmin Configuration Differences
Sysadmin Configuration Differences
Welcome to the new normal
Host identity: the sysconfig command
Driver configuration: /etc/driver/drv
Network address configuration: ipadm and dladm
Wireless configuration: Stick to the GUI if you can
Miscellaneous differences in system-level configuration
Summary
4
Networking Nuts and Bolts
Networking Nuts and Bolts
Networking re-architected
Orientation to new Solaris 11 networking
Interface naming and IP labels
NWAM – NetWork AutoMagic
IPMP – IP multipathing
Link aggregation
VNIC – Virtual NIC
VLAN tagging
IP tunneling
Bridging
Network resource management
Other changes
Summary
5
NWAM – Networking Auto-reconfiguration
NWAM – Networking Auto-reconfiguration
What is NWAM and how you can use it
Summary
6
ZFS – Now You Can't Ignore It!
ZFS – Now You Can't Ignore It!
ZFS – your future, today
ZFS root – no more UFS
ZFS booting and beadm
ZFS, beadm, and zones
Deduplication now possible
ZFS encryption
ZFS diff between snapshots
Miscellaneous changes and improvements
Summary
7
Zones in Solaris 11
Zones in Solaris 11
Taking things to the next zone
New zone utilities
New zone capabilities
Fast zone creation via clone
Automatic Network Interfaces – the anet resource
Preconfiguring zones
Immutable zones
Summary
8
Security Improvements
Security Improvements
Keeping the horse in the barn
Mandatory auditing
Immutable zones
ProFTPd is the new FTP server
Sudo privileged access tool
Direct root use now blocked by default
Fine-grained RBAC privileges
On-disk encryption
Summary
9
Miscellaneous
Miscellaneous
What's in this chapter anyway?
Virtual consoles, also known as virtual terminals, are back
Fast reboot
CUPS printing
Power management
Notifications triggered by SMF state transitions
Trusted Solaris extras
COMSTAR and iSCSI
Summary
IPS Package Reference
IPS Package Reference
New ACL Permissions and Abbreviations
New ACL Permissions and Abbreviations
Solaris 10 Available Enhancements
Solaris 10 Available Enhancements
ZFS backported enhancements
Other enhancements
Index
Index

Immutable zones

Full configuration details for immutable zones are covered in Chapter 7, Zones in Solaris 11, but it is worth mentioning the rationale for them here.

To have an almost hack-proof system, it is very effective to take away write access from it as much as possible. If you are willing to run your services in a zone, it is possible to configure that zone as an immutable zone. This allows you to render filesystems and even service configurations as immutable (that is, non-writable).

Most remote attacks succeed by eventually writing corrupted data to the filesystem, and then taking more control from there. If they cannot write to the filesystem, many avenues of attack are closed. Furthermore, if they cannot deface the site, or store their own files, the incentive for taking over the system may also have been removed.

There are varying levels of immutability possible. If your services will not run in a fully read-only zone, it is possible to allow access to /var, and a few other filesystems...

Previous Section
End of Section 4
Next Section