Wednesday, October 27, 2010
JASS: Enable Veritas Netbackup Services in JASS
In this case if you have installed Veritas Netbackup and your host is hardened with JASS you will experience issues with Netbackup services and its TCP wrappers.
You will need to tell JASS to enable and open all Netbackup services related deamons and ports.
From the SUNWjass folder you will need to edit the following files:
./Files/etc/hosts.allow-server:
./Drivers/server-secure.driver:
./Drivers/finish.init:
./Drivers/server-secure.driver:
./Drivers/finish.init:
Grant access to the following Netbackup services, add the following lines to JASS ./Files/etc/hosts.allow-server file:
bpcd: ALL
vnetd: ALL
vopied: ALL
bpjava-msvc: ALL
vnetd: ALL
vopied: ALL
bpjava-msvc: ALL
Update the Finish script and enable the following Netbackup Services. In the ./Drivers/finish.init file locate the JASS_SVCS_ENABLE section and add the following services string in the if statement.
Before:
if [ -z "${JASS_SVCS_ENABLE}" ]; then
JASS_SVCS_ENABLE=""
fi
export JASS_SVCS_ENABLE/logs/error_log
JASS_SVCS_ENABLE=""
fi
export JASS_SVCS_ENABLE/logs/error_log
After:
if [ -z "${JASS_SVCS_ENABLE}" ]; then
JASS_SVCS_ENABLE="
svc:/network/vnetd/tcp:default
svc:/network/bpjava-msvc/tcp:default
svc:/network/bpcd/tcp:default
svc:/network/vopied/tcp:default"
fi
export JASS_SVCS_ENABLE
Update the secure-driver script and also enable the following Netbackup services. In the ./Drivers/server-secure.driver locate the JASS_SVCS_ENABLE variable and add the Netbackup deamons and services
Before:
JASS_SVCS_ENABLE="${JASS_SVCS_ENABLE} dtspc rstatd 100155
svc:/network/rpc/rstat:default
svc:/network/rpc/smserver:default "
svc:/network/rpc/rstat:default
svc:/network/rpc/smserver:default "
After:
JASS_SVCS_ENABLE="${JASS_SVCS_ENABLE} dtspc rstatd 100155 bpcd bpjava-msvc vnetd vopied
svc:/network/rpc/rstat:default
svc:/network/rpc/smserver:default
svc:/network/vnetd/tcp:default
svc:/network/bpjava-msvc/tcp:default
svc:/network/bpcd/tcp:default
svc:/network/vopied/tcp:default "
Run JASS hardening to complete the configuration changes.JASS_SVCS_ENABLE="${JASS_SVCS_ENABLE} dtspc rstatd 100155 bpcd bpjava-msvc vnetd vopied
svc:/network/rpc/rstat:default
svc:/network/rpc/smserver:default
svc:/network/vnetd/tcp:default
svc:/network/bpjava-msvc/tcp:default
svc:/network/bpcd/tcp:default
svc:/network/vopied/tcp:default "
# /opt/SUNWjass/bin/jass-execute -d server-secure.driver
No comments:
Post a Comment