OK, say that tomorrow you've got to install Solaris 8 (SunOS 5.8) on a SparcServer 20 (no laughing!) with 384 MB, OpenBoot v2.25, 2 internal drives (2GB, 8GB) and an external Exabyte 8mm DAT tape drive. Its got a GX card and a Sun monitor and is going to be hooked to a simple Ethernet network and a public IP address (behind a firewall, natch). Its going to be a jack-of-all-trades box - shuffle some E-Mail (sendmail v8.12), host a few web pages (Apache 2), hold a couple of shell accounts, a little FTPing here and there, mebbe have a DNS zone or two as a slave (BIND 8). Nothing exceptionally strenuous, but a lot of different things. It'll have the usual GNU and other software added to it - gcc, perl, yadda, yadda....
So you slap on v8, then.....?
1a) Do you put on Maintenance Update #7 first, and then the Recommended Patch Cluster, or is the Cluster first? Or do you need both?
1b) The Maintenance Update is about twice the size of the Cluster. What does the Recommended Cluster omit that the Maintenance Update has? Or do they cover completely different ground?
2) Are there any specific patches not found in the Update or Cluster that you would put on?
3) Any pitfalls between a fully patched v8 install and latest versions of major programs/utilities (for example "Don't run gcc v3.3.2 with Patch 12345-01!!!")
4) A pointer/link to Solaris hardening references that specifically cover v8 would be appreciated.
This doesn't strike me as a very hard Question, but I do need the info soon. Replies that manage not to laugh at the pizza box get extra points. :-)