Security Basics mailing list archives
Solaris auditing/hardening
From: "Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA" <lists () infostruct net>
Date: Sun, 30 Jan 2005 14:58:08 -0500
I just sent an e-mail to a gent I met at a UNIX auditing course. Thought it might be of interest... To take a quick Solaris security audit, use the CIS Solaris bench marking tool (http://www.cisecurity.org/bench_solaris.html). It produces a vulnerability assessment report. There is a corresponding Solaris hardening standard on the same page. My Solaris hardening recommendations can be found at: http://www.sun.com/bigadmin/content/submitted/Solaris_build_document.pdf Additional Solaris hardening resources can be found at: http://www.sun.com/blueprints/browsesubject.html#security http://www.nsa.gov/snac/downloads_sunsol.cfm?MenuID=scg10.3.1.1 The usual hardening disclaimers apply here. Test in a non production environment and conduct thorough functionality testing... You may also want to take a look at my INFOSEC site (http://www.ussecurityawareness.org). It has auditing resources you may find of interest. Contact me if you have any questions or comments. Kind regards, Gideon Gideon T. Rasmussen CISSP, CISA, CISM, CFSO, SCSA Boca Raton, FL gideon () infostruct net
Current thread:
- Solaris auditing/hardening Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA (Jan 31)