I really like the way Solaris Express is configured... Most network services are disabled or listening only on localhost. The only tcp services listening on all interfaces are rpcinfo and sshd. It is nice change from the old solaris boxes with every insecure services (telnet, cmsd, dtspcd, etc...) open by default. However xVm has its legacy HTTP server listening on port 8000 on all interface by default. It is the entry point for Xend remote access. I believe the default should be set to false or should only listen on localhost (and people can use ssh -L PORT:localhost:8000 dom0 to tunnel). Anyway in the meantime, I tried: svccfg -s xvm/xend setprop config/xend-unix-server = false svcadm refresh xvm/xend svcadm restart xvm/xend and it doesn''t work xend is still listening for port 8000 on all interface. Is there anyway to tell it to listen only on localhost? This message posted from opensolaris.org
I found the solution, to disable the xend http server, we have to add a new property called ''xend-http-server''. # svccfg -s xvm/xend setprop config/xend-http-server = boolean: false # svcadm refresh xvm/xend # svcadm restart xvm/xend This message posted from opensolaris.org
On Sun, Oct 28, 2007 at 03:09:49PM -0700, Kugutsumen wrote:> It is nice change from the old solaris boxes with every insecure services > (telnet, cmsd, dtspcd, etc...) open by default. > > However xVm has its legacy HTTP server listening on port 8000 on all > interface by default. It is the entry point for Xend remote access.This appears to be an error, we should not have this enabled. We''ll get this fixed soon regards john