Hardening Solaris 10


 
Thread Tools Search this Thread
Operating Systems Solaris Hardening Solaris 10
# 1  
Old 06-09-2008
Hardening Solaris 10

So I've just done my first install of Solaris. I installed it on an x86 system and am now in the processing of figuring out what I need to do to 'harden' it. I've got the Security kit downloaded (jass) but I am not sure what to do with the .tar file.

I can't seem to find any easy steps to follow in order to use the thing. I am a total beginner. So do I un-tar the files or is there an easy install?
# 2  
Old 06-09-2008
Untar the file, there should be a package inside. Then as root:

Code:
pkgadd -d . SUNWjass

# 3  
Old 06-09-2008
That worked thanks!

I am just messing around with this system for now so I ran the hardening.driver. Would that cover all the basics? I plan on putting the system behind just a linksys router that has a firewall.

The description for the hardening.driver says its to implement the Solaris OS hardening recommendations that are docuemented in the Sun BluePrints Onlline articles. So I figured that would be enough to get me started?

I just don't want to have an open to the world system. There isn't anything really important going on this box. Any suggestions would be appreicated.
# 4  
Old 06-09-2008
Probably not, but maybe.

You need to open the driver and comment in/out the aspects of hardening that you want to enable. Also you probably want to look at the settings in the .init script in the Drivers directory. There may well be things that you want to use that get disabled.
# 5  
Old 06-09-2008
I'll check into commenting in / out. The problem with being new at this is I have no idea what I want or don't want. Learning curve.

Basically as long as I can connect to a local printer, use email and web surfing....That'll be good enough for me to get started.

Thanks for your help!
# 6  
Old 06-09-2008
Grab the docs the developer guide (I think ) has the full list of scripts and their effects.
# 7  
Old 06-10-2008
Hardening Solaris 10

This is new info guys...thanks a lot...SmilieSmilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. HP-UX

Security hardening for standard HP-UX users

Hi, The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell. Will there be any impact if we change these user's shell to /bin/false? Like processes get interrupted, files cannot be generated, etc. Regards (3 Replies)
Discussion started by: anaigini45
3 Replies

2. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

3. Cybersecurity

C-ICAP Hardening

Does anyone have any experience hardening the c-icap.conf file? Here is the default config file, it has a lot of options; sorry about how long it is. I have removed some entries that were not needed as well, but it is still so long :D. Any help is much appreciated as I have never dealt with ICAP. ... (0 Replies)
Discussion started by: savigabi
0 Replies

4. Solaris

Need jass hardening documentation

Hi, Where I could find information about "Jass hardening" for Solaris10? Because, I change the /opt/SUNWjass/Files/etc/syslog.conf file. But yet I don't know if I must restart the jass (and how?) or I must to copy /opt/SUNWjass/Files/etc/syslog.conf to /etc/syslog.conf? Thanks for your... (2 Replies)
Discussion started by: hiddenshadow
2 Replies

5. UNIX for Advanced & Expert Users

SuSe Linux Hardening

We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2 Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside? I am thinking of disabling the firewall and... (3 Replies)
Discussion started by: hedkandi
3 Replies

6. SuSE

Hardening Suse11 sp1

Currently we are hardening our Solaris server using the Sun provided Jass Security tool kit. How Can I implement the same security level on SUSE11 SP1? Are there any tools similar/equivalent to Jass for SUSE11 SP1? Tanks and Regards (1 Reply)
Discussion started by: vcfko
1 Replies

7. Solaris

Solaris Hardening - SunJass

Hi guys, Is there any script or program which i can use to verify that my hardening setting is all correct ? Recently i am given a task to make sure my Sun servers are all harden properly though sunjass was already introduced. I need to generate a report to convince my manager that the settings... (0 Replies)
Discussion started by: ahlude
0 Replies

8. UNIX for Dummies Questions & Answers

sysctl help needed.(Server Hardening).

As per Hardening guide for the server. ICMP Broadcast Response: The kernel parameter icmp_echo_ignore_broadcasts must match to 1 However when i check the value of icmp_echo_ignore_broadcasts it thrown an error as unkonwn key. # sysctl icmp_echo_ignore_broadcasts error:... (2 Replies)
Discussion started by: pinga123
2 Replies

9. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

10. UNIX for Dummies Questions & Answers

Any leads to hardening UNIX

Hi! I am trying to get info/best practices/how-to harden unix, especially solaris! Appreciate any leads please..................... (3 Replies)
Discussion started by: sdharmap
3 Replies
Login or Register to Ask a Question