05-09-2002
I don't know exactly how you are set up but here are a few pointers.
(Assuming the cd backup can be brought up to allow compares of files) Compare the checksum (man sum) information for all files. Write a script to check them and output the ones that are different.
Start reading - check out the links provided in earlier messages - The folks responding to your questions are not responsible for your system - you are. You need to get up to speed by doing some research. Search the web for Solaris security, hardening Solaris, check out SunSolve's security, insure the recommended security patches are on.
Once you get an idea of what you need and what you don't, turn off services via /etc/inetd.conf. Get ssh installed on the system so you are getting to the system via a secure connection (well, more secure than telnet). Turn off telnet - you don't need it for Sendmail (assuming this is ALL that this server is suppose to be doing).
If you have a separate /usr partition, mount it read-only, if possible. You and any hacker will not be able to change anything in that partition unless the system /etc/vfstab is changed and the system rebooted.
Run a checksum against all files systems that should not have changes - there used to be a program from SUN but I don't remember the name.
If Solaris 7 does not have Sunscreen Lite as a 'free' product, install Solaris 8 on the new server and use Sunscreen Lite. If you can push buying a firewall product, then do that (you now have the case/documentation of why it's worth it)
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Newbie in the Unix world here....trying to load Solaris 2.8 AGAIN, and trying to secure the box this time. Any suggestions anyone? Any tips? Appreciate your help, gurus!
TIA,
trigeek8888 (2 Replies)
Discussion started by: trigeek8888
2 Replies
2. UNIX for Dummies Questions & Answers
I am trying to connect to a unix server box and start an X session. It has kde and xfree86 installed. However, since it is just a server, sitting somehwere in another state probably on top of and below other servers, it has no mouse,keyboard,or monitor attached to it.
When I try to startx, I... (2 Replies)
Discussion started by: SnakeO
2 Replies
3. Shell Programming and Scripting
Hi there
I am running a script on a central box (boxA) that will send a remote request to boxB to perform a ping test to an ip
note: I am not pinging boxB from boxA but sending a request over ssh to get boxB to perform a ping test !
The thing is, I want the script back at boxA to know... (4 Replies)
Discussion started by: hcclnoodles
4 Replies
4. Shell Programming and Scripting
I need to send out messages to over 100 clients in my sector. I want it to pop up a dialog box letting them know to save work and log out. I have the reboot script created just need the warning please. Thanks (35 Replies)
Discussion started by: deaconf19
35 Replies
5. UNIX for Dummies Questions & Answers
Hi,
I have a directory 'data' which is a symbolic link to /var/opt/store/rawdata/appname on a remote box. I am not able to SFTP some files from my local box to this dir. in the remote box. Also I am not able to copy or move the files in the robot id home dir. in remote box to this data dir... (2 Replies)
Discussion started by: vharsha
2 Replies
6. Linux
Hi all,
I have a couple of questions I've been searching on internet but I didn't find a suitable solution. The aim is that I'd like to access to my home Linux (an 8.04 Ubuntu) from outside. I already achieved with ssh, but I'd like to secure as much as I can. These are questions:
The... (2 Replies)
Discussion started by: AlbertGM
2 Replies
7. Linux
Hi,
How to find remote Linux box login account without login in to that box?
I don't have login account at my remote Linux box. But I need who are all having login account. How do I findout?
Thanks,
--Muthu. (3 Replies)
Discussion started by: Muthuselvan
3 Replies
8. Cybersecurity
Guys, i want to securing AIX after install by scrath. Is anybody can inform about the standard port which used by AIX? (0 Replies)
Discussion started by: michlix
0 Replies
9. Shell Programming and Scripting
Hello Guys ,
I have been working on a script where we are looking to connect a remote Xserver from a Unix box. Once a connection is made , i need to run several commands on remote machine to check various stuffs.
As per my knowledge on unix (which is like a drop in ocean) , i found SSH as a... (7 Replies)
Discussion started by: himanshu sood
7 Replies
10. Shell Programming and Scripting
Team,
Presently I have a script, which i have set up cron on one of my Jump-boxes,and gives me the output on every hourly basis,fetching the data from the remote machine.Basically it gives me the list of all active users logged and its count once we execute the script.Here the count is... (6 Replies)
Discussion started by: whizkidash
6 Replies
LEARN ABOUT FREEBSD
bsmconv
bsmconv(1M) System Administration Commands bsmconv(1M)
NAME
bsmconv, bsmunconv - enable or disable the Basic Security Module (BSM) on Solaris
SYNOPSIS
/etc/security/bsmconv [rootdir...]
/etc/security/bsmunconv [rootdir...]
DESCRIPTION
The bsmconv and bsmunconv scripts are used to enable or disable the BSM features on a Solaris system. The optional argument rootdir is a
list of one or more root directories of diskless clients that have already been configured. See smdiskless(1M).
To enable or disable BSM on a diskless client, a server, or a stand-alone system, logon as super-user to the system being converted and use
the bsmconv or bsmunconv commands without any options.
To enable or disable BSM on a diskless client from that client's server, logon to the server as super-user and use bsmconv, specifying the
root directory of each diskless client you wish to affect. For example, the command:
myhost# bsmconv /export/root/client1 /export/root/client2
enables BSM on the two machines named client1 and client2. While the command:
myhost# bsmconv
enables BSM only on the machine called myhost. It is no longer necessary to enable BSM on both the server and its diskless clients.
After running bsmconv the system can be configured by editing the files in /etc/security. Each diskless client has its own copy of configu-
ration files in its root directory. You might want to edit these files before rebooting each client.
Following the completion of either script, the affected system(s) should be rebooted to allow the auditing subsystem to come up properly
initialized.
FILES
The following files are created by bsmconv:
/etc/security/device_maps Administrative file defining the mapping of device special files to allocatable device names.
/etc/security/device_allocate Administrative file defining parameters for device allocation.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsr |
+-----------------------------+-----------------------------+
SEE ALSO
auditconfig(1M), auditd(1M), audit_startup(1M), audit.log(4), audit_control(4), attributes(5)
NOTES
bsmconv and bsmunconv are not valid in a non-global zone.
SunOS 5.10 26 May 2004 bsmconv(1M)