Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: securing a remote box
Special Forums Cybersecurity securing a remote box Post 21036 by thehoghunter on Thursday 9th of May 2002 09:59:05 AM
Old 05-09-2002
I don't know exactly how you are set up but here are a few pointers.

(Assuming the cd backup can be brought up to allow compares of files) Compare the checksum (man sum) information for all files. Write a script to check them and output the ones that are different.

Start reading - check out the links provided in earlier messages - The folks responding to your questions are not responsible for your system - you are. You need to get up to speed by doing some research. Search the web for Solaris security, hardening Solaris, check out SunSolve's security, insure the recommended security patches are on.

Once you get an idea of what you need and what you don't, turn off services via /etc/inetd.conf. Get ssh installed on the system so you are getting to the system via a secure connection (well, more secure than telnet). Turn off telnet - you don't need it for Sendmail (assuming this is ALL that this server is suppose to be doing).

If you have a separate /usr partition, mount it read-only, if possible. You and any hacker will not be able to change anything in that partition unless the system /etc/vfstab is changed and the system rebooted.

Run a checksum against all files systems that should not have changes - there used to be a program from SUN but I don't remember the name.

If Solaris 7 does not have Sunscreen Lite as a 'free' product, install Solaris 8 on the new server and use Sunscreen Lite. If you can push buying a firewall product, then do that (you now have the case/documentation of why it's worth it)
thehoghunter
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Beginner: Securing a Unix box

Newbie in the Unix world here....trying to load Solaris 2.8 AGAIN, and trying to secure the box this time. Any suggestions anyone? Any tips? Appreciate your help, gurus! TIA, trigeek8888 (2 Replies)
Discussion started by: trigeek8888
2 Replies

2. UNIX for Dummies Questions & Answers

remote x session to a server box w/no IO

I am trying to connect to a unix server box and start an X session. It has kde and xfree86 installed. However, since it is just a server, sitting somehwere in another state probably on top of and below other servers, it has no mouse,keyboard,or monitor attached to it. When I try to startx, I... (2 Replies)
Discussion started by: SnakeO
2 Replies

3. Shell Programming and Scripting

issue a ping on a remote box

Hi there I am running a script on a central box (boxA) that will send a remote request to boxB to perform a ping test to an ip note: I am not pinging boxB from boxA but sending a request over ssh to get boxB to perform a ping test ! The thing is, I want the script back at boxA to know... (4 Replies)
Discussion started by: hcclnoodles
4 Replies

4. Shell Programming and Scripting

Pop up dialog box on remote computers

I need to send out messages to over 100 clients in my sector. I want it to pop up a dialog box letting them know to save work and log out. I have the reboot script created just need the warning please. Thanks (35 Replies)
Discussion started by: deaconf19
35 Replies

5. UNIX for Dummies Questions & Answers

Transferring files Permission issues in remote box

Hi, I have a directory 'data' which is a symbolic link to /var/opt/store/rawdata/appname on a remote box. I am not able to SFTP some files from my local box to this dir. in the remote box. Also I am not able to copy or move the files in the robot id home dir. in remote box to this data dir... (2 Replies)
Discussion started by: vharsha
2 Replies

6. Linux

Securing remote connections

Hi all, I have a couple of questions I've been searching on internet but I didn't find a suitable solution. The aim is that I'd like to access to my home Linux (an 8.04 Ubuntu) from outside. I already achieved with ssh, but I'd like to secure as much as I can. These are questions: The... (2 Replies)
Discussion started by: AlbertGM
2 Replies

7. Linux

How to find remote Linux box login account without login in to that box?

Hi, How to find remote Linux box login account without login in to that box? I don't have login account at my remote Linux box. But I need who are all having login account. How do I findout? Thanks, --Muthu. (3 Replies)
Discussion started by: Muthuselvan
3 Replies

8. Cybersecurity

securing AIX box

Guys, i want to securing AIX after install by scrath. Is anybody can inform about the standard port which used by AIX? (0 Replies)
Discussion started by: michlix
0 Replies

9. Shell Programming and Scripting

Establishing remote connection to a Xserver from a UNIX Box

Hello Guys , I have been working on a script where we are looking to connect a remote Xserver from a Unix box. Once a connection is made , i need to run several commands on remote machine to check various stuffs. As per my knowledge on unix (which is like a drop in ocean) , i found SSH as a... (7 Replies)
Discussion started by: himanshu sood
7 Replies

10. Shell Programming and Scripting

Notify when the script run(hourly)on my jump-box only when there is a failure on my remote-box

Team, Presently I have a script, which i have set up cron on one of my Jump-boxes,and gives me the output on every hourly basis,fetching the data from the remote machine.Basically it gives me the list of all active users logged and its count once we execute the script.Here the count is... (6 Replies)
Discussion started by: whizkidash
6 Replies

LEARN ABOUT SUNOS

pfinstall

pfinstall(1M)						  System Administration Commands					     pfinstall(1M)

NAME

       pfinstall - tests installation profiles

SYNOPSIS

       /usr/sbin/install.d/pfinstall -D | -d disk_config [ -c CDpath] profile

DESCRIPTION

       After  you  create  a  profile,	you  can use the pfinstall command to test the profile and see if it does what you want before using it to
       install or upgrade a system. pfinstall enables you to test a profile against:

	 o  The system's disk configuration where pfinstall is being run.

	 o  Other disks by using a disk configuration file that represents a structure of a disk. See NOTES on how to create a disk  configuration
	    file.

       To  successfully  and accurately test a profile for a particular Solaris release, you must test a profile within the Solaris environment of
       the same release. For example, if you want to test a profile for Solaris 2.6, you have to run the pfinstall command  on	a  system  running
       Solaris 2.6.

       So,  on	a  system  running Solaris 2.6, you can test Solaris 2.6 initial installation profiles. However, if you want to test a Solaris 2.6
       upgrade profile on a system running a previous version of Solaris, or if you don't have a Solaris 2.6 system installed yet to test  Solaris
       2.6 initial installation profiles, you have to boot a system from a Solaris 2.6 CD image and temporarily create a Solaris 2.6 install envi-
       ronment. Then, you can run pfinstall in the Solaris 2.6 install environment to test your profiles.

       To create a temporary Solaris 2.6 install environment, boot a system from a Solaris 2.6 CD image (just as you would to install), answer any
       system  identification  questions, choose the Solaris Interactive Installation program, and exit out of the first screen that is presented.
       Then, from the shell, you can execute the pfinstall command.

OPTIONS

       The following options are supported:

       -c CDpath       The path to the Solaris 2 installation image. This is required if the image is not mounted on  /cdrom.  (For  example,  use
		       this option if you copied the installation image to disk or mounted the CD-ROM on a directory other than /cdrom.)

       -d disk_config  pfinstall uses a disk configuration file, disk_config, to test the profile. See NOTES on how to create a disk configuration
		       file. You must specify either this option or the -D option to test the profile (see WARNINGS). This option cannot  be  used
		       with  an upgrade profile (install_type upgrade). You must always test an upgrade profile against a system's disk configura-
		       tion ( -D option).

       -D	       pfinstall uses the system's disk configuration to test the profile. You must specify either this option or the -d option to
		       test the profile (see WARNINGS).

OPERANDS

       The following operands are supported:

       profile	       The file name of the profile to test. If profile is not in the directory where pfinstall is being run, you must specify the
		       path.

EXAMPLES

       Example 1: Testing an Upgrade Profile

       The following example tests an upgrade profile, upgrade.prof, on a system with a previous version of the Solaris software installed.

       1.  Boot the system to be upgraded from the Solaris image chosen for the upgrade, just as you would to install. The image can be located in
	   the system's local CD-ROM or on an install server.

       2.  Answer the system configuration questions, if prompted.

       3.  If you are presented with a choice of installation options, choose the Solaris Interactive Installation program.

       4.  Exit from the first screen of the Solaris Interactive Installation program.

	   After the Solaris Interactive Installation program exits, a shell prompt is displayed.

       5.  Create a temporary mount point:

	   example# mkdir /tmp/mnt

       6.  Mount the directory that contains the profile(s) you want to test.

	   If you want to mount a remote NFS file system (for systems on the network), enter:

	   mount -F nfs server_name:path /tmp/mnt

	   If you want to mount a UFS-formatted diskette, enter:

	   mount -F ufs /dev/diskette /tmp/mnt

	   If you want to mount a PCFS-formatted diskette, enter:

	   mount -F pcfs /dev/diskette /tmp/mnt

       7.  Change directory to /tmp/mnt where the profile resides:

	   example# cd /tmp/mnt

       8.  Test the upgrade.prof profile:

	   /usr/sbin/install.d/pfinstall -D upgrade.prof

       Example 2: Testing the basic.prof Profile

       The following example tests the basic.prof profile against the disk configuration on a Solaris 2.6 system where pfinstall is being run. The
       path to the Solaris CD image is specified because Volume Management is being used.

       example# /usr/sbin/install.d/pfinstall -D -c /cdrom/cdrom0/s0 basic.prof

       Example 3: Testing the basic.prof Profile

       The following example tests the basic.prof profile against the 535_test disk configuration file. This  example  uses  a	Solaris  CD  image
       located in the /export/install directory, and pfinstall is being run on a Solaris 2.6 system.

       example# /usr/sbin/install.d/pfinstall -d 535_test 
	    -c /export/install basic.prof

EXIT STATUS

       0	Successful (system rebooted).

       1	Successful (system not rebooted).

       2	An error occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWinst			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       fdisk(1M), prtvtoc(1M), attributes(5)

       Solaris 10 Installation Guide: Basic Installations

WARNINGS

       If the -d or -D option is not specified, pfinstall may perform an actual installation on the system by using the specified profile, and the
       data on the system may be overwritten.

NOTES

       You have to test a profile on a system with the same platform type for which the profile was created.

   SPARC
       To create a disk configuration file (-d option) for a SPARC based system:

       1.  Locate a SPARC based system with a disk that you want to test.

       2.  Create a disk configuration file by redirecting the output of the prtvtoc(1M) command to a file.

	   example# prtvtoc /dev/rdsk/c0t3d0s2 > 535_disk

       3.  (Optional.)	Concatenate disk configuration files into a single file to test a profile against multiple disks. The  target  numbers	in
	   the disk device names must be unique.

	   example# cat 535_disk 1G_disk > mult_disks

   x86
       To create a disk configuration file (-d option) for an x86 based system:

       1.  Locate an x86 based system with a disk that you want to test.

       2.
	   Create part of the disk configuration file by saving the output of the fdisk(1M) command to a file:

	   example# fdisk -R -W 535_disk /dev/rdsk/c0t3d0p0

       3.  Append the output of the prtvtoc(1M) command to the disk configuration file.

	   example# prtvtoc /dev/rdsk/c0t3d0s2 >> 535_disk

       4.  (Optional.)	 Concatenate  disk  configuration files into a single file to test a profile against multiple disks. The target numbers in
	   the disk device names must be unique.

	   example# cat 535_disk 1G_disk > mult_disks

       To test a profile with a specific system memory size, set SYS_MEMSIZE to the specific memory size (in Mbytes) before running pfinstall:

	      example# SYS_MEMSIZE=memory_size
	      example# export SYS_MEMSIZE

SunOS 5.10							    28 Jan 2003 						     pfinstall(1M)
All times are GMT -4. The time now is 11:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy