The 5 Minute Guide to Securing Solaris
Posted by Sam
Disclaimer
This is a super quick guide to securing a Solaris server. It's not in depth and I highly recommend taking a deeper look at the technologies that are used.
Install Solaris Security Toolkit (formerly called JASS)
- Download Solaris Security Toolkit
- install and run
# pkgadd -d . SUNWjass
# /opt/SUNWjass/bin
# ./jass-execute secure.driver
A ton of stuff will scroll by. If you need remote access be sure to edit the tcp wrappers allow file otherwise you'll be locked out of the box. Also, if you remotely log in to SSH as root you'll need to allow root access and restart SSH. I always double check that I can remotely log in before closing the current console.
Links for Solaris Security Toolkit
Activate BSM Auditing
Auditing will let you watch as little or as much as you want on your box. It's also zone aware so you can see exactly what's going on in a specific zone. Here's a quick run through on how to turn it on and what I'm monitoring on my boxes. Keep in mind if you have a busy box these settings can produce some very large logs and slow down your system. Take a look at the links to learn exactly what these settings do and then decide how much logging you need.
- Edit /etc/security/audit_control so that it looks like this:
dir:/var/audit
flags:lo,ex,ad,pc,fm,fw,-fc,-fd,-fr
minfree:10
naflags:lo,ex,ad - Edit /etc/security/audit_startup so it looks like this:
/usr/bin/echo "Starting BSM services."
/usr/sbin/auditconfig -setpolicy +cnt
/usr/sbin/auditconfig -setpolicy +argv,arge
/usr/sbin/auditconfig -setpolicy +zonename
/usr/sbin/auditconfig -conf
/usr/sbin/auditconfig -aconf
- Run the bsmconv script
/etc/security/bsmconf - Add the following line to the crontab
0 0 * * * /usr/sbin/audit -n - Reboot and check out your newly created logs in /var/audit