SUN has done a equally good things with Solaris 10 as they have done bad with the same. Sometimes I wonder how or why no one takes care of small issues with Solaris 10. It has become very popular since it went open source, but still there are some annoyances which a day to day system admin can do without.
Few weeks ago I built 4 Solaris 10 server and even though our Flar image had most of the services turned off, some of them came up when the system was built. But turning off services in Solaris 10 is very easy. Here is what I did:
1. Identify what each port is mapped to within /etc/services:
egrep “22|111|6112|8891|8892|32773” /etc/services
ssh 22/tcp # Secure Shell
sunrpc 111/udp rpcbind
sunrpc 111/tcp rpcbind
dtspc 6112/tcp # CDE subprocess control
seosload 8892/tcp
2. Using SVCS determine which services are online under RPC:
svcs | grep rpc
online Jun_04 svc:/network/rpc/bind:default
online Jun_04 svc:/network/rpc/bootparams:default
online Jun_04 svc:/network/rpc/meta:default
online Jun_04 svc:/network/rpc/smserver:default
3. Since RPC service is up, use it to determine what is running on port 32773:
rpcinfo -p | grep 32773
100026 1 udp 32773 bootparam
100229 1 tcp 32773 metad
100229 2 tcp 32773 metad
4. Find out what each service means:
svcs -xv /network/rpc/smserver
svc:/network/rpc/smserver:default (removable media management)
State: online since Mon Jun 04 06:43:02 2007
See: man -M /usr/share/man -s 1M rpc.smserverd
Impact: None.
svcs -xv /network/rpc/meta
svc:/network/rpc/meta:default (SVM remote metaset services)
State: online since Mon Jun 04 06:43:02 2007
See: man -M /usr/share/man -s 1M rpc.metad
Impact: None.
svcs -xv /network/rpc/bind
svc:/network/rpc/bind:default (RPC bindings)
State: online since Mon Jun 04 06:43:00 2007
See: man -M /usr/share/man -s 1M rpcbind
See: /var/svc/log/network-rpc-bind:default.log
Impact: None.
5. Disable each service:
svcadm -v disable /network/rpc/bind
svc:/network/rpc/bind:default disabled.
svcadm -v disable /network/rpc/bootparams
svc:/network/rpc/bootparams:default disabled.
svcadm -v disable /network/rpc/meta
svc:/network/rpc/meta:default disabled.
svcadm -v disable /network/rpc/smserver
svc:/network/rpc/smserver:default disabled.
6. Verify RPC is not running:
rpcinfo -p | more
rpcinfo: can’t contact portmapper: RPC: Rpcbind failure – RPC: Failed (unspecified error)
Recent Comments