Hey Thanks So Much for your replies! Clearly from what you say in your responses, in spite of my ignorance of the newer developements, OpenSolaris is at least as robust as Solaris of past days (my last experiences with Solaris were at Veritas Software supporting NetBackup on Solaris 7 and a lot of other unices).
I feel pretty comfortable with the limitations you've mentioned; everything I need is already in place, and what isn't I'm pretty sure I can build (I used to maintain build environments for TI, among other things). I look forward to getting started with it pretty soon now (the coming week should see me pretty busy with it). (Sunday is for parenthesis apparrently LoL). Thanks Guys, I look forward to corresponding with you again soon. Best Regards, James On 8/20/05, Al Hopper <[EMAIL PROTECTED]> wrote: > On Sat, 20 Aug 2005, Alan Coopersmith wrote: > > > James G. Stallings II wrote: > > > All that aside, I'm preparing to evaluate opensolaris on an intel box, > > > and have a few goofy questions that I haven't been able to gather from > > > the faq or from searching this list: > > > > One important point is that OpenSolaris is just a set of source code at > > this point. There are two distros built on top of that source code - > > Solaris Express from Sun, and Schillix from Joerg Schilling and his helpers. > > Solaris Express includes the software from OpenSolaris, plus a lot more that > > hasn't been open sourced yet. So far OpenSolaris only has the base kernel > > and core OS libraries and utilities. Other portions of the Solaris source > > are coming in the future - see the roadmap on the OpenSolaris site for when > > those are expected to be released. > > > > > 1. Where's the application/utility software repository? I'd like to > > > browse whats working, with an eye toward replacing my existing freebsd > > > installation with opensolaris. This means I'd need a minimal desktop, > > > apache, tcl/tk, ruby, perl, php, sendmail, mysql, ssh, vnc suite, and > > > samba at minimum; is this an unrealistic expectation at present? > > > > There isn't one specific to OpenSolaris yet, but www.blastwave.org > > and www.sunfreeware.com have large collections available for Solaris, > > which should all work on Solaris Express. > > > > Many of those applications are included directly in Solaris Express > > as well - perl, php, samba, the Java Desktop System (based on GNOME 2.6), > > ssh, apache, sendmail and mysql. > > > > > 2. How much of the intallable application base is in common with gnome? > > > essentially, are all gnome apps available on the gnome desktop under > > > opensolaris? if not, what are the porting hurdles in very general terms? > > > > The Java Desktop System included in Solaris Express is based on > > GNOME 2.6, though work is in progress to update it to GNOME 2.10 > > or 2.12 soon. > > > > If you're sticking to pure OpenSolaris, then no desktop is included > > yet, but you can build Xorg & GNOME on your own without much problem. > > We're working to have the sources for both included in OpenSolaris in > > the near future. > > > > > 3. Aside from the machine partitioning, how's security? Assuming its all > > > working, I'll need the sendmail, ssh and apache services to face the web > > > -- am I gonna leave my hindparts exposed to the breeze by doing something > > > like this? > > > > Solaris security is as strong or as weak as you want it to be. > > It's very configurable, and includes ipfilter firewall, IPsec > > options, a service manager to control which services are running, > > etc. > > Building on Alan Cs advice I'll add the following: One of the real > strengths of (Open)Solaris is security IMHO. Sun has a serious presence in > almost every conceivable security related technology sector and tends to > lead, rather than follow many security related (software) initiatives. > There are a couple of flies on the oinment however: > > a) While patches to fix a Mozilla security advisory appear in other > environments within days of a Cert advisorary - Sun has a track record of > taking months to release patches for the same advisory. Additionally, all > patches originate from sunsolve.sun.com and their track record, in terms of > availability, reliability, accountability (to the user community) and > accuracy, is dismal. > > b) Recently sunsolve was effectively "broken" for more than 3 business days > (straight) - but you could not tell that by accessing the site. > Apparently, putting up a "Sorry - we've broken" on the main page was beyond > their collective ability. Over the last several weeks the performance of > the various tools on the site has been spotty (various degrees of > brokenness being readily apparent) - which has been broadly explained by > them going through a tool upgrade/release cycle. > > c) Every week there seems to be some crisis on Sunsolve. This week it was > a withdrawn patch being available that was not supposed to be available > (hence the term "withdrawn"). And continued degrees of broken-ness being > displayed by the patching tools or the patching data that is driving their > behavior. > > d) for more information on this topic, examine the archives for the Solaris > on Intel list at [EMAIL PROTECTED] - but only if you've got a > bunch of time on your hands. BTW: that mailing list is a great source of > help for (Open)Solaris on x86 newbies. > > So, in terms of you keeping a web facing system secure, do not rely on > sunsolve to provide the necessary information or the required fixes. Rely > on other sources for advisories and fixes - in addition to what you can > retrieve and load (successfully) from sunsolve. If you see some behavior > you don't understand on sunsolve, wait two (??) days and try it again. > > After you load your (Open)Solaris box, please examine the following script > and see if it meets your security requirements before running it. This is > my *generic* receipe for an (Open)Solaris box after it's been booted the > first time. Search on docs.sun.com (by keyword) for anything you're not > familiar with. > > #!/usr/bin/ksh > > svccfg apply /var/svc/profile/generic_limited_net.xml > > svcadm disable svc:/network/nfs/status:default > svcadm disable svc:/network/nfs/nlockmgr:default > svcadm disable svc:/network/telnet:default > svcadm disable svc:/network/nfs/client:default > svcadm disable svc:/network/nfs/rquota:default > svcadm disable svc:/network/ftp:default > svcadm disable svc:/network/finger:default > svcadm disable svc:/network/login:rlogin > svcadm disable svc:/network/shell:default > > > cd /etc/rc3.d > > S50apache stop > mv S50apache s50apache > S76snmpdx stop > mv S76snmpdx s76snmpdx > S77dmi stop > mv S77dmi s77dmi > S82initsma stop > mv S82initsma s82initsma > S90samba stop > mv S90samba s90samba > > cd ../rc2.d > S47pppd stop > mv S47pppd s47pppd > S95IIim stop > mv S95IIim s95IIim > > ---- > > One more tip for a (Open)Solaris newbie. If you're going to use > www.blastwave.org for packages, which I would highly recommend, then make > /opt a separate mount point. This will allow you to (very easily) build a > zone and customize that zone with a different set of blastwave packages > which get installed, by default, in /opt/csw. > > Regards, > > Al Hopper Logical Approach Inc, Plano, TX. [EMAIL PROTECTED] > Voice: 972.379.2133 Fax: 972.379.2134 > OpenSolaris Community Advisory Board (CAB) Member - Apr 2005 > -- =================================== Woulds't thou so blame the fragrant blos'ms wilting as never to've had her bloom? _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
