Security Basics mailing list archives

RE: Hardening Solaris 10

From: "Josh Monson" <jmonson () kintera com>
Date: Mon, 1 Aug 2005 13:31:42 -0700

Not a good idea to keep your company name in the postings for technical
questions :)....just being cautious. Yes I reply sometimes to this list
from my email domain of work, but never ask tech questions from the same
handle....use caution :) 

-----Original Message-----
From: Robert Escue [mailto:roescue () cox net] 
Sent: Friday, July 29, 2005 9:53 AM
To: James McEachern
Cc: security-basics () securityfocus com
Subject: Re: Hardening Solaris 10

James McEachern wrote:

Hello

I am looking to upgrade my Solaris box from 9 to 10. I have yet to find

a comprehensive "Hardening" white paper on the subject. All kinds for 
8,
9 but none for comprehensive 10. I have the BigAdmin portal page and 
the numerous docs on containers/zones in Solaris 10 and was wondering 
if anyone knew of a good document out there to act as a starting point 
fro Solaris 10 Hardening. The box is used as an NIDS and a squid proxy 
that sits behind a hardware based firewall. Running it on x86 and not 
sparc code.

Any suggestions or ideas are most appreciated.

Thanks

James McEachern
State Farm Insurance
Patch Management
309.763.2773

James,

One of the reasons why you haven't found a document on Solaris 10 is
because of all of the changes Sun has made to Solaris 10. A breakdown of
the new features would take a small book. As one of the External Beta
Testers for Solaris 10 I can give you this advice:

1. Use the SUNWrnet (Reduced Networking) install cluster (this is new to
Solaris 10), this cluster installs the minimum footprint necessary to
run Solaris in CLI mode with only RPC and syslog ports open. If you have
a JumpStart server it will be easier to install Solaris with the support
for SSH than it will be to install what is needed on top of the Reduced
Networking cluster.

2. Use Role Based Access control to set up roles for the squid user and
if you like, make root a role as well.

3. For maximum control you could use Zones along with Projects and
Resource Controls to limit resource utilization of the machine.

4. Additionally you might want to consider enabling auditing and having
the audit events sent to a remote syslog server (another new feature of
Solaris 10).

Hope this helps.


Robert Escue
System Administrator

Current thread:

Re: Hardening Solaris 10 Robert Escue (Aug 01)
- Re: Hardening Solaris 10 Dr. Death (Aug 03)
- <Possible follow-ups>
- Re: Hardening Solaris 10 Tom Rhodes (Aug 02)
- RE: Hardening Solaris 10 Josh Monson (Aug 02)