Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Solaris auditing/hardening

From: "Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA" <lists () infostruct net>
Date: Sun, 30 Jan 2005 14:58:08 -0500
I just sent an e-mail to a gent I met at a UNIX auditing course. Thought it might be of interest...



To take a quick Solaris security audit, use the CIS Solaris bench marking tool 
(http://www.cisecurity.org/bench_solaris.html). It produces a vulnerability assessment report. There is a corresponding 
Solaris hardening standard on the same page.

My Solaris hardening recommendations can be found at: 
http://www.sun.com/bigadmin/content/submitted/Solaris_build_document.pdf

Additional Solaris hardening resources can be found at:

http://www.sun.com/blueprints/browsesubject.html#security
http://www.nsa.gov/snac/downloads_sunsol.cfm?MenuID=scg10.3.1.1

The usual hardening disclaimers apply here. Test in a non production environment and conduct thorough functionality 
testing...

You may also want to take a look at my INFOSEC site (http://www.ussecurityawareness.org). It has auditing resources you 
may find of interest.

Contact me if you have any questions or comments.

Kind regards,

Gideon

Gideon T. Rasmussen
CISSP, CISA, CISM, CFSO, SCSA
Boca Raton, FL
gideon () infostruct net
Previous By Date Next
Previous By Thread Next

Current thread: