Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

solaris...

  • 06-04-2001 07:55AM
    #1
    spod
    Registered Users, Registered Users 2 Posts: 332 ✭✭


    Should be getting a whopping great sun box next week so..

    Any good pointers for solaris info.

    It will be a multi user box, possible internet connected, haven't decided yet.

    So, I guess, assuming it's an out of the box solaris install, what should I do next?

    Lock down. Audit. Policies. Etc.

    Any good/required docs I should stick on palm?
    Any good sites that are solaris specific.
    Any solaris hardening projects worth looking at?

    About to dig up lspitz's solaris hardening docs, and I believe solar designer is involved in some sort of solaris lock down script which I'm gonna look into..

    I'm used to mainly open/freeBsd and linux systems, haven't used solaris except as a workstation in quite a while so I'm rusty.

    cheers



Comments

  • #2
    deRanged
    Registered Users, Registered Users 2 Posts: 3,744 ✭✭✭deRanged


    good security faq here:
    http://packetstorm.securify.com/docs/infosec/solaris.security.faq.html

    and for solaris binaries and packages:
    http://www.sunfreeware.com


  • #3
    ecksor
    Registered Users, Registered Users 2 Posts: 10,501 ✭✭✭✭ecksor


    Some links I dredged up ...
    The Solaris Security FAQ
    Solaris hardening and Security
    Install/configure Solaris
    Armoring Solaris

    [This message has been edited by X_OR (edited 08-04-2001).]


  • #4
    spod
    Registered Users, Registered Users 2 Posts: 332 ✭✭spod


    cheers for the links.

    All good reading material, now just to find time to read it.

    Another interesting project I came accross was:

    http://www.yassp.org/
    <font face="Verdana, Arial" size="2">
    YASSP is "Yet Another Solaris Security package" and this is a short "how to" article for those responsible for host security on Solaris 2.6, 2.7 and Solaris 8, intel or sparc architecture. The goal is to help you install a version of Solaris with good host security without having you spend a great deal of time hardening the sytem by hand -- the manual steps which you should perform have been automated.
    </font>

    Also discovered trusted solaris which looks v. interesting.

    Might also look into argus pitball.

    Thanks again.


  • #5
    spod
    Registered Users, Registered Users 2 Posts: 332 ✭✭spod


    Just reading through the YASSP stuff atm.

    Came across this very comprehensive solaris hardening list:

    http://www.yassp.org/after.html#[2]

    much to read.


  • #6
    ecksor
    Registered Users, Registered Users 2 Posts: 10,501 ✭✭✭✭ecksor


    Eeek!!! I doubt that lpd will be installed on that box.

    There are all sorts of packages that can/should be removed, even from the core install.

    I remember hardening a complete install a while back, 700+ packages or something. Ended up writing a script that would force package deletion based on keywords (CDE, OpenLook etc.)


  • Advertisement
  • #7
    ecksor
    Registered Users, Registered Users 2 Posts: 10,501 ✭✭✭✭ecksor


    Pity he's not running Linux ...


  • #8
    spod
    Registered Users, Registered Users 2 Posts: 332 ✭✭spod


    Won't be running lpd either wink.gif


Advertisement
Advertisement