|
|
Sponsored Content
Operating Systems
Solaris
Hardening Solaris
Post 302218434 by rcmrulzz on Friday 25th of July 2008 05:46:28 AM
07-25-2008
I hope this does not do anything to the oracle and webshpere installations...Any idea what this actually does? This tool kit? it should be a script which we run and it installs and configures something...What happens at the back?
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi!
I am trying to get info/best practices/how-to harden unix,
especially solaris!
Appreciate any leads please..................... (3 Replies)
Discussion started by: sdharmap
3 Replies
2. Solaris
So I've just done my first install of Solaris. I installed it on an x86 system and am now in the processing of figuring out what I need to do to 'harden' it. I've got the Security kit downloaded (jass) but I am not sure what to do with the .tar file.
I can't seem to find any easy steps to... (6 Replies)
Discussion started by: flood
6 Replies
3. UNIX for Dummies Questions & Answers
As per Hardening guide for the server.
ICMP Broadcast Response: The kernel parameter icmp_echo_ignore_broadcasts must match to 1
However when i check the value of icmp_echo_ignore_broadcasts it thrown an error as unkonwn key.
# sysctl icmp_echo_ignore_broadcasts
error:... (2 Replies)
Discussion started by: pinga123
2 Replies
4. Solaris
Hi guys,
Is there any script or program which i can use to verify that my hardening setting is all correct ? Recently i am given a task to make sure my Sun servers are all harden properly though sunjass was already introduced. I need to generate a report to convince my manager that the settings... (0 Replies)
Discussion started by: ahlude
0 Replies
5. SuSE
Currently we are hardening our Solaris server using the Sun provided Jass Security tool kit.
How Can I implement the same security level on SUSE11 SP1?
Are there any tools similar/equivalent to Jass for SUSE11 SP1?
Tanks and Regards (1 Reply)
Discussion started by: vcfko
1 Replies
6. UNIX for Advanced & Expert Users
We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2
Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside?
I am thinking of disabling the firewall and... (3 Replies)
Discussion started by: hedkandi
3 Replies
7. Solaris
Hi,
Where I could find information about "Jass hardening" for Solaris10?
Because, I change the /opt/SUNWjass/Files/etc/syslog.conf file. But yet I don't know if I must restart the jass (and how?) or I must to copy /opt/SUNWjass/Files/etc/syslog.conf to /etc/syslog.conf?
Thanks for your... (2 Replies)
Discussion started by: hiddenshadow
2 Replies
8. Cybersecurity
Does anyone have any experience hardening the c-icap.conf file? Here is the default config file, it has a lot of options; sorry about how long it is. I have removed some entries that were not needed as well, but it is still so long :D. Any help is much appreciated as I have never dealt with ICAP.
... (0 Replies)
Discussion started by: savigabi
0 Replies
9. Linux
Hi
We have a requirement to vary the minimum password criteria by the group to which a user belongs.
For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies
10. HP-UX
Hi,
The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell.
Will there be any impact if we change these user's shell to /bin/false?
Like processes get interrupted, files cannot be generated, etc.
Regards (3 Replies)
Discussion started by: anaigini45
3 Replies
LEARN ABOUT DEBIAN
bbhostgrep
BBHOSTGREP(1) General Commands Manual BBHOSTGREP(1) NAME
bbhostgrep - pick out lines in bb-hosts SYNOPSIS
bbhostgrep --help bbhostgrep --version bbhostgrep [--noextras] [--test-untagged] [--bbdisp] [--bbnet] TAG [TAG...] DESCRIPTION
bbhostgrep(1) is for use by extension scripts that need to pick out the entries in a bb-hosts file that are relevant to the script. The utility accepts test names as parameters, and will then parse the bb-hosts file and print out the host entries that have at least one of the wanted tests specified. Tags may be given with a trailing asterisk '*', e.g. "bbhostgrep http*" is needed to find all http and https tags. The bbhostgrep utility supports the use of "include" directives inside the bb-hosts file, and will find matching tags in all included files. If the DOWNTIME or SLA tags are used in the bb-hosts(5) file, these are interpreted relative to the current time. bbhostgrep then outputs a "INSIDESLA" or "OUTSIDESLA" tag for easier use by scripts that want to check if the current time is inside or outside the expected uptime window. OPTIONS
--noextras Remove the "testip", "dialup", "INSIDESLA" and "OUTSIDESLA" tags from the output. --test-untagged When using the BBLOCATION environment variable to test only hosts on a particular network segment, bbtest-net will ignore hosts that do not have any "NET:x" tag. So only hosts that have a NET:$BBLOCATION tag will be tested. With this option, hosts with no NET: tag are included in the test, so that all hosts that either have a matching NET: tag, or no NET: tag at all are tested. --no-down[=TESTNAME] bbhostgrep will query the Xymon server for the current status of the "conn" test, and if TESTNAME is specified also for the current state of the specified test. If the status of the "conn" test for a host is non-green, or the status of the TESTNAME test is dis- abled, then this host is ignored and will not be included in the output. This can be used to ignore hosts that are down, or hosts where the custom test is disabled. --bbdisp Search the bb-hosts file following include statements as a BBDISPLAY server would. --bbnet Search the bb-hosts file following include statements as a BBNET server would. EXAMPLE
If your bb-hosts file looks like this 192.168.1.1 www.test.com # ftp telnet !oracle 192.168.1.2 db1.test.com # oracle 192.168.1.3 mail.test.com # smtp and you have a custom Xymon extension script that performs the "oracle" test, then running "bbhostgrep oracle" would yield 192.168.1.1 www.test.com # !oracle 192.168.1.2 db1.test.com # oracle so the script can quickly find the hosts that are of interest. Note that the reverse-test modifier - "!oracle" - is included in the output; this also applies to the other test modifiers defined by Xymon (the dialup and always-true modifiers). If your extension scripts use more than one tag, just list all of the interesting tags on the command line. bbhostgrep also supports the "NET:location" tag used by bbtest-net, so if your script performs network checks then it will see only the hosts that are relevant for the test location that the script currently executes on. USE IN EXTENSION SCRIPTS
To integrate bbhostgrep into an existing script, look for the line in the script that grep's in the $BBHOSTS file. Typically it will look somewhat like this: $GREP -i "^[0-9].*#.*TESTNAME" $BBHOSTS | ... code to handle test Instead of the grep, we will use bbhostgrep. It then becomes $BBHOME/bin/bbhostgrep TESTNAME | ... code to handle test which is simpler, less error-prone and more efficient. ENVIRONMENT VARIABLES
BBLOCATION If set, bbhostgrep outputs only lines from bb-hosts that have a matching NET:$BBLOCATION setting. BBHOSTS Filename for the Xymon bb-hosts(5) file. FILES
$BBHOSTS The Xymon bb-hosts file SEE ALSO
bb-hosts(5), hobbitserver.cfg(5) Xymon Version 4.2.3: 4 Feb 2009 BBHOSTGREP(1)