Set enabled / disabled services during a package deployment

Version 2

    > Curious if anyone happens to have a best practice for defining a
    > set of enabled Solaris services/daemons that can be used for both
    > provisioning and auditing?  Essentially, the customer wants to be
    > able to say here’s a bunch of services that should be enabled or
    > disabled, so provision the server this way.  And, he wants to be
    > able to set exceptions, and audit against that baseline with the exceptions.

    If you don't need to install the software, how about this: create a
    server property called "ENABLED_DAEMONS" as a text field.

    During provisioning, set the server property to the list of services
    to enable as a space separated list (I'm making this list up; I don't
    know what they actually are):

       ENABLED_DAEMONS="network/smtp:sendmail network/sshd:default network/nscd:default"

    Create a blp that contains the following external command:

       for svc in ??TARGET.ENABLED_DAEMONS??
         # use /etc/init.d as needed...
         svcadm enable $svc

    Use this blp in post-provisioning to set the machine.

    Now, create an extended object that uses the same list to query the

       for svc in ??TARGET.ENABLED_DAEMONS??
         # something like this..
         state=`svcs -p $svc | grep online`
         echo "$svc = ${state:-offline}"

    Use this in a compliance rule where the part must not contain
    "offline". Use the blp from above for remediation. At this point, the
    regular compliance exceptions can be used.

    To fancy this up a bit, you can create a custom class called "service
    collections" with an ENABLED_DAEMONS property, and a DEFAULT_DAEMONS
    property. Set DEFAULT_DAEMONS to "sshd crond ..." or whatever should
    be running on all machines.

    Now create a "database" instance that sets ENABLED_DAEMONS to
    "??DEFAULT_DAEMONS?? oracle smtp" or whatever should be running on an
    oracle machine. Extend this to a "websphere" instance that sets E_D to
    "??DEFAULT_DAEMONS?? apache2 tomcat ...", etc. Now create a server
    property that uses these instances, and change the commands above to