Problems with activating Sunscreen policy

From: Vinay Sequeira (vinay.sequeira@maine.edu)
Date: Wed Feb 16 2005 - 15:56:59 EST

• Next message: Tim Chipman: "Can't install Required Patch for Oracle10g client install prep - Sol8Sparc e450 box."
• Previous message: Bousquet Francois: "setuid on a sh script file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

I am attempting to install Sunscreen 3.2 REV=45 on Solaris 9 9/04 on
Sun-Fire-V440 machine. The Sunscreen was meant to be a local, command
line administered, host based firewall.

I have installed the SUNWeuluf SUNWeulux SUNWeu8os SUNWeu8ox
SUNWsfwauSUNWsfwr SUNWsfwu SUNWsfwf SUNWsfwm packages.

bash-2.05# uname -a
SunOS ginger 5.9 Generic_117171-07 sun4u sparc SUNW,Sun-Fire-V440

On boot up :
SunScreen: No active configuration.
starting rpc services: rpcbind done.

# ssadm policy -l
Initial
Cerb

bash-2.05# ssadm activate Cerb (get same response when trying to
activate Initial)
Can't load module: No such device or address

console messages:
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: /dev/screen_ipsec open failed
ss_ipsecd: error plumbing one or more modules
please check the IPsec algorithms file /etc/sunscreen/ipsec.algorithms

Feb 16 15:14:56 ginger genunix: WARNING: mod_installdrv: no major number
for screen

bash-2.05# cat /etc/sunscreen/ipsec.algorithms
# This file maps each IPsec algorithm into the name of the STREAMS
# module that implements it. In case of duplicates, the last entry
# is used.
auth 2 authmd5h
auth 3 authsha1
encr 2 encrdes
encr 3 encr3des
encr 7 encrbfsh
encr 12 encraes
bash-2.05#

I have installed the patch 112613-05

Running ps -efl,
root 389 1 0 15:14:55 pts/2 0:00 /usr/lib/sunscreen/lib/ss_ipsecd

I just migrated an Oracle database to this new machine and need to
connect it to the public network as soon as possible. will summarize

Thanks in advance for your help, Vinay
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Tim Chipman: "Can't install Required Patch for Oracle10g client install prep - Sol8Sparc e450 box."
• Previous message: Bousquet Francois: "setuid on a sh script file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:11 EDT