Security Basics mailing list archives

Re: Hardening Solaris 10

From: "Dr. Death" <drdeath4ever () hotmail com>
Date: Wed, 03 Aug 2005 07:04:35 +0000

hi dude,
try this package from sun, it will auto harden ur system.

http://www.sun.com/download/products.xml?id=42e6becd

Regards,
Dr.Death

From: Robert Escue <roescue () cox net>
To: James McEachern <james.mceachern.qa5a () statefarm com>
CC: security-basics () securityfocus com
Subject: Re: Hardening Solaris 10
Date: Fri, 29 Jul 2005 12:53:27 -0400

James McEachern wrote:
Hello

I am looking to upgrade my Solaris box from 9 to 10. I have yet to find
a comprehensive "Hardening" white paper on the subject. All kinds for 8,
9 but none for comprehensive 10. I have the BigAdmin portal page and the
numerous docs on containers/zones in Solaris 10 and was wondering if
anyone knew of a good document out there to act as a starting point fro
Solaris 10 Hardening. The box is used as an NIDS and a squid proxy that
sits behind a hardware based firewall. Running it on x86 and not sparc
code.

Any suggestions or ideas are most appreciated.

Thanks

James McEachern
State Farm Insurance
Patch Management
309.763.2773
James,
One of the reasons why you haven't found a document on Solaris 10 isbecause of all of the changes Sun has made to Solaris 10. A breakdown ofthe new features would take a small book. As one of the External BetaTesters for Solaris 10 I can give you this advice:
1. Use the SUNWrnet (Reduced Networking) install cluster (this is new toSolaris 10), this cluster installs the minimum footprint necessary to runSolaris in CLI mode with only RPC and syslog ports open. If you have aJumpStart server it will be easier to install Solaris with the support forSSH than it will be to install what is needed on top of the ReducedNetworking cluster.
2. Use Role Based Access control to set up roles for the squid user and ifyou like, make root a role as well.
3. For maximum control you could use Zones along with Projects and ResourceControls to limit resource utilization of the machine.
4. Additionally you might want to consider enabling auditing and having theaudit events sent to a remote syslog server (another new feature of Solaris10).
Hope this helps.


Robert Escue
System Administrator


_________________________________________________________________

Your opinion counts..for your chance to win a Mini Cooper click herehttp://www.qualifiedopinions.com/joinup.php?source=hotmail

Current thread:

Re: Hardening Solaris 10 Robert Escue (Aug 01)
- Re: Hardening Solaris 10 Dr. Death (Aug 03)
- <Possible follow-ups>
- Re: Hardening Solaris 10 Tom Rhodes (Aug 02)
- RE: Hardening Solaris 10 Josh Monson (Aug 02)