Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: security in sun solaris

From: salgak () speakeasy net
Date: Tue, 26 Aug 2003 16:56:55 +0000
-----Original Message-----
From: Christian [mailto:christian () dnet net id]
Sent: Tuesday, August 26, 2003 02:17 AM
To: security-basics () securityfocus com
Subject: security in sun solaris

hi, i'm new at solaris, and i want to secure my solaris boxes, i
recently run nmap on one of my solaris box runing named service under
SunOS 5.6
Port       State       Service
23/tcp     open        telnet
25/tcp     open        smtp
53/tcp     open        domain
111/tcp    open        sunrpc
256/tcp    open        rap
257/tcp    filtered    set
258/tcp    open        yak-chat
264/tcp    open        bgmp
265/tcp    open        unknown
540/tcp    open        uucp
4045/tcp   open        lockd
6112/tcp   open        dtspc
32771/tcp  open        sometimes-rpc5
32773/tcp  open        sometimes-rpc9
32774/tcp  open        sometimes-rpc11
32775/tcp  open        sometimes-rpc13
32776/tcp  open        sometimes-rpc15



anyone know what this services for? and how turned these off? well,
except for telnet,smtp and domain of course, and how what program runs 
what service in Solaris? like netstat -a -p in linux...
thanks for the help!



Well, first, read a good page on Solaris Security:

http://security.vt.edu/lockitdown/  has guides for Solaris, Windows, and others. . .

Most services in Solaris are controlled via /etc/inetd.conf  Start there, commenting out every service you don't plan 
on using.

Move from there to /etc/rc2.d: disable startup scripts for services you don't want by changing the starting capital "S" 
to a lowercase one, and prefixing it with "disabled".  (I do the former myself).

If you're not running databases, RPC can be disabled.  In fact, the SAFEST rule is this: if you don't know what it is, 
disable it, you can ALWAYS re-enable it later.

I'd also look at your /etc/shadow file, and also ensure the PHYSICAL security of the box: anyone with physical access 
can Stop-A and boot from CD, and then mount your hard drives and edit /etc/shadow. . .



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: