Using the (open) solaris service management facility as a building block for system security

This paper presents how the Solaris Service Management Facility (SMF) is used as a fundamental building block to improve system security. The Service Management Facility is a backwards-compatible extension to the traditional way Unix services are managed with the rc (run command) utility command scripts. As an integrated framework for managing services and service instances, the SMF improves service availability through automatic correction of failed services in dependency order. It also serves as a launch pad for unmodified, often third party services to be transparently started under the Solaris privilege process rights management without the need to modify source code. Furthermore, different system profiles can be defined that allow a system to come up with or change at runtime into a predefined set of services. Finally, the SMF and service administration are tightly integrated into the Solaris administrative Role-Based Access Control (RBAC) model, subject to the principle of least privilege with strong audit and full administrator accountability.