Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Hardening Solaris 10
Operating Systems Solaris Hardening Solaris 10 Post 302203727 by flood on Monday 9th of June 2008 04:45:51 PM
Old 06-09-2008
That worked thanks!

I am just messing around with this system for now so I ran the hardening.driver. Would that cover all the basics? I plan on putting the system behind just a linksys router that has a firewall.

The description for the hardening.driver says its to implement the Solaris OS hardening recommendations that are docuemented in the Sun BluePrints Onlline articles. So I figured that would be enough to get me started?

I just don't want to have an open to the world system. There isn't anything really important going on this box. Any suggestions would be appreicated.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Any leads to hardening UNIX

Hi! I am trying to get info/best practices/how-to harden unix, especially solaris! Appreciate any leads please..................... (3 Replies)
Discussion started by: sdharmap
3 Replies

2. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

3. UNIX for Dummies Questions & Answers

sysctl help needed.(Server Hardening).

As per Hardening guide for the server. ICMP Broadcast Response: The kernel parameter icmp_echo_ignore_broadcasts must match to 1 However when i check the value of icmp_echo_ignore_broadcasts it thrown an error as unkonwn key. # sysctl icmp_echo_ignore_broadcasts error:... (2 Replies)
Discussion started by: pinga123
2 Replies

4. Solaris

Solaris Hardening - SunJass

Hi guys, Is there any script or program which i can use to verify that my hardening setting is all correct ? Recently i am given a task to make sure my Sun servers are all harden properly though sunjass was already introduced. I need to generate a report to convince my manager that the settings... (0 Replies)
Discussion started by: ahlude
0 Replies

5. SuSE

Hardening Suse11 sp1

Currently we are hardening our Solaris server using the Sun provided Jass Security tool kit. How Can I implement the same security level on SUSE11 SP1? Are there any tools similar/equivalent to Jass for SUSE11 SP1? Tanks and Regards (1 Reply)
Discussion started by: vcfko
1 Replies

6. UNIX for Advanced & Expert Users

SuSe Linux Hardening

We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2 Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside? I am thinking of disabling the firewall and... (3 Replies)
Discussion started by: hedkandi
3 Replies

7. Solaris

Need jass hardening documentation

Hi, Where I could find information about "Jass hardening" for Solaris10? Because, I change the /opt/SUNWjass/Files/etc/syslog.conf file. But yet I don't know if I must restart the jass (and how?) or I must to copy /opt/SUNWjass/Files/etc/syslog.conf to /etc/syslog.conf? Thanks for your... (2 Replies)
Discussion started by: hiddenshadow
2 Replies

8. Cybersecurity

C-ICAP Hardening

Does anyone have any experience hardening the c-icap.conf file? Here is the default config file, it has a lot of options; sorry about how long it is. I have removed some entries that were not needed as well, but it is still so long :D. Any help is much appreciated as I have never dealt with ICAP. ... (0 Replies)
Discussion started by: savigabi
0 Replies

9. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

10. HP-UX

Security hardening for standard HP-UX users

Hi, The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell. Will there be any impact if we change these user's shell to /bin/false? Like processes get interrupted, files cannot be generated, etc. Regards (3 Replies)
Discussion started by: anaigini45
3 Replies

LEARN ABOUT DEBIAN

hardened-ld

HARDENED-LD(1)							 Debian GNU/Linux						    HARDENED-LD(1)

NAME

       hardened-ld - linker wrapper to enforce hardening toolchain improvements

SYNOPSIS

       export DEB_BUILD_HARDENING=1

       ld ...

DESCRIPTION

       The  hardened-ld  wrapper  is  normally	used  by  calling  ld  as usual with DEB_BUILD_HARDENING set to 1. It will configure the necessary
       toolchain hardening features. By default, all features are enabled. If a given feature does not work correctly and needs  to  be  disabled,
       the corresponding environment variables mentioned below can be set to 0.

ENVIRONMENT

       DEB_BUILD_HARDENING=1
	      Enable hardening features.

       DEB_BUILD_HARDENING_DEBUG=1
	      Print the full resulting gcc command line to STDERR before calling gcc.

       DEB_BUILD_HARDENING_RELRO=0
	      Don't mark ELF sections read-only after start. See README.Debian for details.

       DEB_BUILD_HARDENING_BINDNOW=0
	      Don't mark ELF loader for start-up dynamic resolution. See README.Debian for details.

NOTES

       System-wide settings can be added to /etc/hardening-wrapper.conf, one per line.

       The  real  ld is renamed ld.real, and a diversion is registered with dpkg-divert(1).  Thus hardened-ld's idea of the default ld is dictated
       by whatever package installed /usr/bin/ld.

SEE ALSO

       hardened-cc(1) ld(1)

Debian Project							    2008-01-08							    HARDENED-LD(1)
All times are GMT -4. The time now is 09:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy