Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Hardening Solaris
Operating Systems Solaris Hardening Solaris Post 302218414 by rcmrulzz on Friday 25th of July 2008 04:46:07 AM
Old 07-25-2008
Hardening Solaris
What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanksSmilie
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Any leads to hardening UNIX

Hi! I am trying to get info/best practices/how-to harden unix, especially solaris! Appreciate any leads please..................... (3 Replies)
Discussion started by: sdharmap
3 Replies

2. Solaris

Hardening Solaris 10

So I've just done my first install of Solaris. I installed it on an x86 system and am now in the processing of figuring out what I need to do to 'harden' it. I've got the Security kit downloaded (jass) but I am not sure what to do with the .tar file. I can't seem to find any easy steps to... (6 Replies)
Discussion started by: flood
6 Replies

3. UNIX for Dummies Questions & Answers

sysctl help needed.(Server Hardening).

As per Hardening guide for the server. ICMP Broadcast Response: The kernel parameter icmp_echo_ignore_broadcasts must match to 1 However when i check the value of icmp_echo_ignore_broadcasts it thrown an error as unkonwn key. # sysctl icmp_echo_ignore_broadcasts error:... (2 Replies)
Discussion started by: pinga123
2 Replies

4. Solaris

Solaris Hardening - SunJass

Hi guys, Is there any script or program which i can use to verify that my hardening setting is all correct ? Recently i am given a task to make sure my Sun servers are all harden properly though sunjass was already introduced. I need to generate a report to convince my manager that the settings... (0 Replies)
Discussion started by: ahlude
0 Replies

5. SuSE

Hardening Suse11 sp1

Currently we are hardening our Solaris server using the Sun provided Jass Security tool kit. How Can I implement the same security level on SUSE11 SP1? Are there any tools similar/equivalent to Jass for SUSE11 SP1? Tanks and Regards (1 Reply)
Discussion started by: vcfko
1 Replies

6. UNIX for Advanced & Expert Users

SuSe Linux Hardening

We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2 Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside? I am thinking of disabling the firewall and... (3 Replies)
Discussion started by: hedkandi
3 Replies

7. Solaris

Need jass hardening documentation

Hi, Where I could find information about "Jass hardening" for Solaris10? Because, I change the /opt/SUNWjass/Files/etc/syslog.conf file. But yet I don't know if I must restart the jass (and how?) or I must to copy /opt/SUNWjass/Files/etc/syslog.conf to /etc/syslog.conf? Thanks for your... (2 Replies)
Discussion started by: hiddenshadow
2 Replies

8. Cybersecurity

C-ICAP Hardening

Does anyone have any experience hardening the c-icap.conf file? Here is the default config file, it has a lot of options; sorry about how long it is. I have removed some entries that were not needed as well, but it is still so long :D. Any help is much appreciated as I have never dealt with ICAP. ... (0 Replies)
Discussion started by: savigabi
0 Replies

9. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

10. HP-UX

Security hardening for standard HP-UX users

Hi, The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell. Will there be any impact if we change these user's shell to /bin/false? Like processes get interrupted, files cannot be generated, etc. Regards (3 Replies)
Discussion started by: anaigini45
3 Replies

LEARN ABOUT OSF1

iptos

iptos(4)						     Kernel Interfaces Manual							  iptos(4)

NAME

       iptos - Defines the IP Type Of Service (TOS) for FTP and Telnet

SYNOPSIS

       /etc/iptos

DESCRIPTION

       The /etc/iptos file configures the Type Of Service (TOS) of the Internet Protocol (IP) used by FTP and Telnet.

       The TOS field in the Internet datagram is to specify how the datagram should be handled.  It is a mechanism to allow control information to
       have precedence over data.

       Generally, protocols that are involved in direct interaction with a human should select low delay, while data transfers that involve  large
       blocks of data need high throughput.  Finally, high reliability is most important for datagram-based Internet management functions.

       In  the	Tru64 UNIX operating system, the ftp and telnet applications and the ftpd and telnetd daemons allow the configuring of TOS values.
       These applications check to see if the /etc/iptos file exists; if the file exists, the applications obtain the TOS value from the file  and
       use  that  value  to set the TOS field.	If the /etc/iptos file does not exist, the applications default to the following TOS values recom-
       mended by RFC1060: Low delay High throughput Low delay

       Users who want to configure their own TOS values for the TOS field should provide the /etc/iptos file.

									  Note
	    Most IP routers do not differentiate based on TOS, and therefore providing values other than the default would have  no  affect.   You
	    should not change the default values for FTP and Telnet.

       Each entry should consist of a single line of the form:

       Application  Proto  TOS-bits  aliases

       The  entry fields contain the following information: The name of an application TOS entry.  The protocol name for which the entry is appro-
       priate.	The TOS value to be set for the entry.	A list of aliases that exist for the entry.

       Items on an entry line are separated by any number of blanks, tabs, or combination of blanks and tabs.  A number sign  (#)  indicates  that
       the rest of the line is a comment and is not interpreted by routines that search the file.  Blank lines in the file are ignored.

       Valid TOS entry names are ftp-control and ftp-data for FTP and telnet for Telnet.

       The  TOS  value for the entry should be one of the following hexadecimal numbers, corresponding to TOS bits: Low delay High throughput High
       reliability

       If you need to disable the use of TOS bits, because you are having troubling communicating with a TCP/IP host that doe not conform entirely
       with the IP specification, you can disable the TOS bits by using the the following settings in the /etc/iptos file:

       # # Format of this file: # Application	Proto  TOS-bits       aliases #

       ftp-control     tcp    0x0 ftp-data	   tcp	  0x0 telnet		 tcp	0x0

EXAMPLES

       The following example shows typical entries in the /etc/iptos file:

       # # Format of this file: # Application	Proto  TOS-bits       aliases #

       ftp-control     tcp    0x10 ftp-data	    tcp    0x08 telnet		   tcp	  0x10

RELATED INFORMATION

       RFC1060, ftp(1), telnet(1), ftpd(8), telnetd(8) delim off

																	  iptos(4)
All times are GMT -4. The time now is 01:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy