YASSP
Known problems, FAQ
DRAFT: This page *IS*
being written. Any suggestion is welcome!
- Can I install YASSP or SECclean on an existing
server? You can try! :-)
SECclean try to be very careful when it touch some existing
files. SECclean installation will tell you which file were
modified and were the original was saved. You may need to
re-edit some configuration files and re-apply some setting. I
can say a firm yes as I don't want to be responsible
for some disater :-) but in the worst case, de-installing it
should put you back in order.
Note: Yassp or SECclean will change the Solaris
setting. It won't be aware of any additional configuration
files or startup file. It is up to the administrator to
verify any additional software. Any additional startup script
will *not* be controlled by /etc/yassp.conf
- 'boot -r' does not reconfigure the devices
anymore. Edit /etc/yassp.conf and set DEVFSADM to YES,
then reboot
- Will YASSP run on Solaris 2.X, where X != [678].
The tarball will refuse to install. If you try the manual
installation, SECclean will failed to install the right
/etc/init.d/inet[svc|inet] init file as it won't have the one
corresponding to your OS.
Solaris 8 is supported since Beta-final#6.
-
After installing YASSP (or SECclean) I can't log anymore
to the workstation from the network.
- By default, SECclean modify /etc/init.d/inetsvc not
to run inetd at all. Edit /etc/yassp.conf and set
RUNINETD to YES.
- SECclean has commented out all the line of
/etc/inetd.conf. Edit it and un-comment the services you
want to run.
- If you have installed ssh, and if TCP-wrapper is part
of the package installed by yassp (Default choice), you
need to modify /etc/host.allow and/or /etc/host.deny to
allow ssh connection from where you want.
- Netscape products do not work anymore. Some people
reported problems running Netscape server or communicator
after installing YASSP. It looks like Netscape products
need nscd to work properly. Edit /etc/yassp.conf and set
NETSCAPE to 'YES'.
- Some services like DTlogin or NFS do not run
anymore. SECclean turn off most of the services by
default. Edit /etc/yassp.conf and re-enable what you need.
-
Some applications do not run correctly anymore. Hard
to say what is wrong, but here is two good starting points:
- May be the application rely on a network services
which is turn off by YASSP.
- Check your logs to see if their is a stack-smashing
attacks logged. If yes, edit /etc/system an, comment out
the line set noexec_user_stack=1 reboot and
try again. Beware that stack-smashing attacks will be
possible.
Home
$Id: faq.html,v 1.8 2000/07/20 21:23:25 jean Exp
jean $; Jean
Chouanard, Xerox
PARC