Securing Solaris 10
|
View:
New views
11 Messages
—
Rating Filter:
Alert me
|
 |
Securing Solaris 10
by jeffnjillian
::
Rate this Message:
All,
Has anyone out there found a good checklist or tool for securing Solaris 10? I found the CISecurity benchmark, but I didn't know if there was anything else out there? I'm not very well versed on Solaris, but I have the task of double checking the admins to ensure it was locked down. I haven't seen very many checklists posted for this version of Solaris yet. Any suggestions? Thanks in Advance, Jeff |
|
|
|
|
|
Re: Securing Solaris 10
by Jonathan Katz-2
::
Rate this Message:
We use CIS at work as a good benchmark; we run monthly reports and
review them. Take a look at BART, too. It depends in what you're doing. We're hard-core about minimization and there should eventually be an udpated blueprint doc on minimizing Solaris 10. On 18 Oct 2006 16:10:30 -0000, jeffnjillian@... <jeffnjillian@...> wrote: > All, > > Has anyone out there found a good checklist or tool for securing Solaris 10? I found the CISecurity benchmark, but I didn't know if there was anything else out there? I'm not very well versed on Solaris, but I have the task of double checking the admins to ensure it was locked down. I haven't seen very many checklists posted for this version of Solaris yet. > > Any suggestions? > > Thanks in Advance, > Jeff |
|
|
|
|
|
|
|
|
Re: Securing Solaris 10
by Glenn Brunette
::
Rate this Message:
Jeff, Sun has been working with the Center for Internet Security for nearly four years on their Solaris guides to align them with Sun's recommended practices and to ensure that the settings recommended could be supported by Sun. In fact, we are working with CIS right now to update the Solaris 10 guide to account for the changes made in the upcoming Solaris 10 11/06 release. The only other guide which does cover some aspects of Solaris 10 is the current version of the DISA UNIX STIG. Of course to automate the implementation and/or assessment of the changes, you can use the Solaris Security Toolkit which is tool developed and supported by Sun. It can be found at: http://www.sun.com/security/jass/ I believe that there are a few settings recommended by CIS that are not accounted for today in the Solaris Security Toolkit, but the vast majority are. All of the other documents and/or checklists of which I am aware have not been updated for Solaris 10. Glenn jeffnjillian@... wrote: > All, > > Has anyone out there found a good checklist or tool for securing Solaris 10? I found the CISecurity benchmark, but I didn't know if there was anything else out there? I'm not very well versed on Solaris, but I have the task of double checking the admins to ensure it was locked down. I haven't seen very many checklists posted for this version of Solaris yet. > > Any suggestions? > > Thanks in Advance, > Jeff > -- Glenn Brunette Distinguished Engineer Director, GSS Security Office Sun Microsystems, Inc. |
|
|
Re: Securing Solaris 10
by Paul Roberts-5
::
Rate this Message:
Hi Jeff,
On Wed, Oct 18, 2006 at 04:10:30PM +0000, jeffnjillian@......... wrote: > Has anyone out there found a good checklist or tool for securing > Solaris 10? Sun publishes the Solaris Security Toolkit, which is available as a free download from: <http://www......../software/security/jass/> It is a tool for hardening Solaris according to best practices, and is closely related to the Sun BluePrints articles which you can find here: <http://www......../software/security/blueprints/index.html> Hope this helps, - Paul --- Paul Roberts, Sun Microsystems Security Coordination Team http://sunsolve......../security |
|
|
RE: Securing Solaris 10
by Ogle Ron
::
Rate this Message:
I just finished using JASS 4.2 from Sun on 4 Solaris 10 installs. In
the past, I used Titan, but JASS is better integrated. JASS has an audit (like Titan) capability that doesn't change the system, but it will tell you how well your system is locked down based on your policy that you created. I'm in the process right now of comparing the CIS Solaris Benchmark v2.1.1 against the standard JASS lock down/ audit script called secure.driver. From a cursory view, it looks like the CIS benchmark is covered, but there may be some missing parts. The only part that disappointed me about JASS was the lack of additional user support. I thought that there should have been some additional sites with info on JASS and some additional scripts, but I didn't find anything interesting. I personally added 8 additional scripts to do things like fully qualify the host in /etc/inet/hosts and /etc/inet/ipnodes, install additional packages, update the aliases file, ensure that a default route was defined, set nosuid on certain partitions in /etc/vfstab, and set the PS1, PATH, and EDITOR variables in /etc/profile. Ron Ogle -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of jeffnjillian@... Sent: Wednesday, October 18, 2006 12:11 PM To: focus-sun@... Subject: Securing Solaris 10 All, Has anyone out there found a good checklist or tool for securing Solaris 10? I found the CISecurity benchmark, but I didn't know if there was anything else out there? I'm not very well versed on Solaris, but I have the task of double checking the admins to ensure it was locked down. I haven't seen very many checklists posted for this version of Solaris yet. Any suggestions? Thanks in Advance, Jeff |
|
|
Re: Securing Solaris 10
by Alex Noordergraaf
::
Rate this Message:
Young, Randy wrote: > To start with the CISecurity Benchmark and testing tool are excellent. > We have a lot of input from various communities helping to design that, > and we do have Sun Systems Engineers on the team as well. > > Sun also has some excellent Blueprints books on this, and they do have > their own securing utility, JASS, that you may want to take a look at. Information on JASS (whose formal name is Solaris Security Toolkit (SST)) is available at: http://www.sun.com/security/jass My team is working on an update for Solaris 10 update coming out later this year right now. HTH, Alex > > Randy > > >>-----Original Message----- >>From: listbounce@... >>[mailto:listbounce@...] On Behalf Of >>jeffnjillian@... >>Sent: Wednesday, October 18, 2006 9:11 AM >>To: focus-sun@... >>Subject: Securing Solaris 10 >> >>All, >> >>Has anyone out there found a good checklist or tool for >>securing Solaris 10? I found the CISecurity benchmark, but I >>didn't know if there was anything else out there? I'm not >>very well versed on Solaris, but I have the task of double >>checking the admins to ensure it was locked down. I haven't >>seen very many checklists posted for this version of Solaris yet. >> >>Any suggestions? >> >>Thanks in Advance, >>Jeff >> >> |
|
|
Re: Securing Solaris 10
by Glenn Brunette
::
Rate this Message:
Jonathan Katz wrote: > > It depends in what you're doing. We're hard-core about minimization > and there should eventually be an udpated blueprint doc on minimizing > Solaris 10. On that topic, we have also published a small InfoDoc recently that helps to clarify the support position on minimized systems. It is InfoDoc #86177 (available from SunSolve). I hope to sanitize a more detailed version of this material so that it can be published as well. g > On 18 Oct 2006 16:10:30 -0000, jeffnjillian@... > <jeffnjillian@...> wrote: >> All, >> >> Has anyone out there found a good checklist or tool for securing >> Solaris 10? I found the CISecurity benchmark, but I didn't know if >> there was anything else out there? I'm not very well versed on >> Solaris, but I have the task of double checking the admins to ensure >> it was locked down. I haven't seen very many checklists posted for >> this version of Solaris yet. >> >> Any suggestions? >> >> Thanks in Advance, >> Jeff -- Glenn Brunette Distinguished Engineer Director, GSS Security Office Sun Microsystems, Inc. |
|
|
|
| Free embeddable forum powered by Nabble | Forum Help |
