security issue - or not? (remote trigger SMC startup)
Hi,
During installation of a few zones on a Sol10U2 system today, I noticed that simply running annmap scan on a freshly installed and booted zone would cause the SMC to start:
Starting Solaris Management Console server version 2.1.0.
endpoint created: :898
Adding instance of solaris_providerpath
Addingclass Solaris_LocalFileSystem
Addingclass Solaris_Directory
Addingclass Solaris_Mount
Addingclass Solaris_UFS
Addingclass Solaris_HSFS
Addingclass Solaris_UFSMount
Addingclass Solaris_HSFSMount
Addingclass Solaris_LocalFSResidesOnExtent
Compilation succeeded.
Addingclass Solaris_DiskDrive
Addingclass Solaris_DiskPartition
Addingclass Solaris_MediaPresent
Addingclass Solaris_LogicalDisk
Addingclass Solaris_PhysicalMedia
Addingclass Solaris_Disk
Addingclass Solaris_PhysicalPackage
Addingclass Solaris_RealizesExtent
Addingclass Solaris_RealizesDiskPartition
Addingclass Solaris_RealizesDiskDrive
Addingclass Solaris_DiskPartitionBasedOnDisk
Addingclass Solaris_DiskPartitionBasedOnFDisk
Addingclass Solaris_SCSIController
Addingclass Solaris_IDEController
Addingclass Solaris_MPXIOController
Addingclass Solaris_USBSCSIController
Addingclass Solaris_GenericController
Addingclass Solaris_SCSIInterface
Addingclass Solaris_MPXIOInterface
Addingclass Solaris_IDEInterface
Addingclass Solaris_ExtraCapacityGroup
Addingclass Solaris_MPXIOGroup
Addingclass Solaris_ControllerLogicalIdentity
Addingclass Solaris_MPXIOCtrlrLogicalIdentity
Addingclass Solaris_ControllerComponent
Addingclass Solaris_MPXIOComponent
Addingclass Solaris_StorageLibrary
Compilation succeeded.
Addingclass CIM_ManagedElement
Addingclass CIM_SettingData
Addingclass CIM_Share
Addingclass CIM_FileShare
Addingclass CIM_NFSShare
Addingclass CIM_SharedElement
Addingclass CIM_HostedShare
Compilation succeeded.
Addingclass Solaris_NFSShare
Addingclass Solaris_NFSShareSecurity
Addingclass Solaris_NFS
Addingclass Solaris_PersistentShare
Addingclass Solaris_MountSetting
Addingclass Solaris_NFSMountSetting
Addingclass Solaris_ShareSetting
Addingclass Solaris_NFSShareSetting
Addingclass Solaris_ShareService
Addingclass Solaris_MountService
Addingclass Solaris_NFSMount
Addingclass Solaris_NFSShareSecurityModes
Addingclass Solaris_NFSShareDefSecurityMode
Addingclass Solaris_HostedShare
Addingclass Solaris_PersistentShareConfiguration
Addingclass Solaris_PersistentShareForSystem
Addingclass Solaris_NFSShareEntry
Addingclass Solaris_SharedElement
Addingclass Solaris_NFSExport
Addingclass Solaris_SharedFileSystem
Compilation succeeded.
Adding instance of solaris_providerpath
Adding instance of solaris_providerpath
Addingclass Solaris_VMStateDatabase
Addingclass Solaris_VMSoftPartition
Addingclass Solaris_VMExtent
Addingclass Solaris_VMStripe
Addingclass Solaris_VMConcat
Addingclass Solaris_VMMirror
Addingclass Solaris_VMRaid5
Addingclass Solaris_VMTrans
Addingclass Solaris_VMHotSparePool
Addingclass Solaris_VMDiskSet
Addingclass Solaris_VMStorageVolume
Addingclass Solaris_VMConcatComponent
Addingclass Solaris_VMDriveInDiskSet
Addingclass Solaris_VMExtentBasedOn
Addingclass Solaris_VMSoftPartComponent
Addingclass Solaris_VMExtentInDiskSet
Addingclass Solaris_VMHostInDiskSet
Addingclass Solaris_VMHotSpareInUse
Addingclass Solaris_VMHotSpares
Addingclass Solaris_VMMirrorSubmirrors
Addingclass Solaris_VMRaid5Component
Addingclass Solaris_VMStatistics
Addingclass Solaris_VMStripeComponent
Addingclass Solaris_VMTransLog
Addingclass Solaris_VMTransMaster
Addingclass Solaris_VMUsesHotSparePool
Addingclass Solaris_VMVolumeBasedOn
Addingclass Solaris_DiskIOPerformanceMonitor
Compilation succeeded.
Adding instance of solaris_providerpath
Addingclass Solaris_ActiveUser
Addingclass Solaris_ActiveProject
Addingclass Solaris_ProcessStatisticalInformation
Addingclass Solaris_UserProcessAggregateStatisticalInformation
Addingclass Solaris_ProjectProcessAggregateStatisticalInformation
Addingclass Solaris_ProcessStatistics
Addingclass Solaris_ActiveUserProcessAggregateStatistics
Addingclass Solaris_ActiveProjectProcessAggregateStatistics
Compilation succeeded.
Registration setup: 8/8 (Executing SUNWpmgr_reg.sh)
Registering components: 64/64 (Registering PatchMgrCli.jar)er)
Solaris Management Console server is ready.
For interest, the nmap result is:
toby@deepthought ~ $ nmap -v 192.168.1.122
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-08-29 20:39 EDT
DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect() Scan against 192.168.1.122 [1672 ports] at 20:39
...
The Connect() Scan took 44.49s to scan 1672 total ports.
Host 192.168.1.122 appears to be up ... good.
Interesting ports on 192.168.1.122:
(The 1662 ports scanned but not shown below are in state: closed)
PORTSTATE SERVICE
21/tcpopen ftp
22/tcpopen ssh
23/tcpopen telnet
79/tcpopen finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
898/tcp open sun-manageconsole
4045/tcp open lockd
7100/tcp open font-service
Nmap finished: 1 IP address (1 host up) scanned in 44.874 seconds
(port 7100 is actually a non-standard VNC server which was carried over from the global zone)
Of course, this is immediately before running Solaris Security Toolkit (jass) to apply a secure profile.
Does it matter that this SMC startup can be triggered so easily remotely?
