Security Basics: Re: Hardening Solaris 10

[Robert Escue <roescue () cox net>]

James McEachern wrote:

> Hello
>
> I am looking to upgrade my Solaris box from 9 to 10. I have yet to find
> a comprehensive "Hardening" white paper on the subject. All kinds for 8,
> 9 but none for comprehensive 10. I have the BigAdmin portal page and the
> numerous docs on containers/zones in Solaris 10 and was wondering if
> anyone knew of a good document out there to act as a starting point fro
> Solaris 10 Hardening. The box is used as an NIDS and a squid proxy that
> sits behind a hardware based firewall. Running it on x86 and not sparc
> code.
>
> Any suggestions or ideas are most appreciated.
>
> Thanks
>
> James McEachern
> State Farm Insurance
> Patch Management
> 309.763.2773
>
>
>  
James,

One of the reasons why you haven't found a document on Solaris 10 is 
because of all of the changes Sun has made to Solaris 10. A breakdown of 
the new features would take a small book. As one of the External Beta 
Testers for Solaris 10 I can give you this advice:
1. Use the SUNWrnet (Reduced Networking) install cluster (this is new to 
Solaris 10), this cluster installs the minimum footprint necessary to 
run Solaris in CLI mode with only RPC and syslog ports open. If you have 
a JumpStart server it will be easier to install Solaris with the support 
for SSH than it will be to install what is needed on top of the Reduced 
Networking cluster.
2. Use Role Based Access control to set up roles for the squid user and 
if you like, make root a role as well.
3. For maximum control you could use Zones along with Projects and 
Resource Controls to limit resource utilization of the machine.
4. Additionally you might want to consider enabling auditing and having 
the audit events sent to a remote syslog server (another new feature of 
Solaris 10).
Hope this helps.


Robert Escue
System Administrator