SlideShare a Scribd company logo

Solaris servers sec

Download as PPT, PDF
R
Raja Waseem Akhtar

This document provides guidance on securing Solaris servers through hardening and configuration best practices. It recommends removing unnecessary software and services, enabling detailed system logging, installing the latest security patches regularly, and configuring services like sendmail securely based on checklists from SANS and CIS. Key steps include a minimal OS installation, removing unneeded packages and services, setting secure permissions and logging levels, and installing tools like Tripwire and SSH.

Technology
1 of 11
Downloaded 16 times
1
2
3
4
5
6
7
8
9
10
11
Securing Solaris Servers Randy Marchany
General Strategy Most Solaris security checklists recommend installing the minimum set of software needed to run the system. Most sysadmins don’t do this. General strategy Remove all privilege and access and grant or enable only what is needed. Enable as much system logging as possible!
Two Strategies Use the SANS Securing Solaris checklist Use the Center for Internet Security Securing Solaris Benchmark Use the CERT Securing Solaris Server checklist. Use the SANS or CIS checklists when the CERT checklist recommends it.
Solaris Installation Disconnect the system from the net? Optional Download patches, other software to another machine if possible. Obtain the following information IP name, IP address, subnet mask, default gateway, DNS server, Domain name, Time Zone
Solaris Installation Boot time configuration SANS Guide steps 1.1.1-1.1.8, Basic OS Installation Step 1.1.5, select ‘other’. Minimal OS installation (optional) SANS Guide steps 1.2.1-1.2.7, select “system accounting”.
Solaris Hardening Remove all packages not needed for the operation of the server. Verify /etc/hostname.<interface name> contains only the machine name. Verify /etc/inet/hosts (aka /etc/hosts) contains the following entries: 127.0.0.1 localhost <IP address> FQDN UQHN loghost <IP address> central syslog server (optional)
Solaris Hardening Verify /etc/nsswitch.conf contains the following entry: hosts: files dns Verify /etc/netmasks contains: <network number> <subnet mask> SANS guide steps 1.3.1 – 1.35, Post Install/networking configuration Pick a secure password for the root account SANS guide steps 1.4.2-1.4.7, Installing Patches
Solaris Hardening Installing patches takes time, about 1 hour. It’s CRITICAL that you install the most current set of patches. Check security patches at least once a month. Use tools like patchdiag or GASP to make installation easier. Install Tripwire. Install SSH
Solaris Hardening SANS Guide step 2.1.1, purging boot directories of Unnecessary Services SANS Guide step 2.1.2-2.1.5, 2.1.7, 2.1.8, 2.1.9, 2.1.10 Set umask to 027 Remove all services from /etc/inet.conf SANS Guide 2.2.1-2.2.5, Cleaning House
Solaris Hardening Install TCP Wrappers SANS Guide 2.3.1-2.3.3, file system configuration Set enhanced syslog logging Set debug level for kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, local0-7 SANS Guide 2.4.3-2.4.4, Additional Logging
Solaris Hardening Sendmail Obtain updated sendmail kit via anonymous ftp. One such site is: ftp.vt.edu/pub/cc/Solaris/sendmail*2.8* SANS guide 2.6.1-2.6.5 SANS guide 2.7.1-2.7.9, Miscellaneous

More Related Content

PDF
Nessus v6 command_line_reference
Craig Cannon
 
PPTX
Cisco umbrella youtube
Dhruv Sharma
 
PPTX
OSSIM Overview
n|u - The Open Security Community
 
PPTX
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
PPTX
ASA Multiple Context Training
Tariq Bader
 
PPTX
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
DOCX
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
PPTX
Network Security Nmap N Nessus
Utkarsh Verma
 
Nessus v6 command_line_reference
Craig Cannon
 
Cisco umbrella youtube
Dhruv Sharma
 
OSSIM Overview
n|u - The Open Security Community
 
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
ASA Multiple Context Training
Tariq Bader
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Network Security Nmap N Nessus
Utkarsh Verma
 

What's hot (20)

PPTX
System hardening - OS and Application
edavid2685
 
PPTX
RuSIEM IT assets
Olesya Shelestova
 
PPTX
Cisco ASA Firepower
Anwesh Dixit
 
PPTX
Whats New in OSSIM v2.2?
AlienVault
 
PDF
Web server security techniques by Khawar Nehal
Khawar Nehal khawar.nehal@atrc.net.pk
 
PPTX
Integrated Tools in OSSIM
AlienVault
 
PPTX
Cisco asa fire power services
Tapan Doshi
 
PPTX
Server Hardening Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
PDF
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
PPTX
OSSIM User Training: Get Improved Security Visibility with OSSIM
AlienVault
 
PPTX
WAF in Scale
Alexey Sintsov
 
ODP
opensuse conference 2015: security processes and technologies for Tumbleweed
Marcus Meissner
 
PPT
Firewall intro
amar_panchal
 
PPTX
Security Onion Conference - 2015
DefensiveDepth
 
PPTX
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
PPTX
CIS Control Solution Guide
Lauren Bell
 
PPT
Anton Chuvakin on Honeypots
Anton Chuvakin
 
PPTX
Mastering checkpoint-1-basic-installation
networkershome
 
PPT
Linux Security
nayakslideshare
 
PDF
Firewallpresentation 100826052003-phpapp02
devidas shinde
 
System hardening - OS and Application
edavid2685
 
RuSIEM IT assets
Olesya Shelestova
 
Cisco ASA Firepower
Anwesh Dixit
 
Whats New in OSSIM v2.2?
AlienVault
 
Web server security techniques by Khawar Nehal
Khawar Nehal khawar.nehal@atrc.net.pk
 
Integrated Tools in OSSIM
AlienVault
 
Cisco asa fire power services
Tapan Doshi
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
OSSIM User Training: Get Improved Security Visibility with OSSIM
AlienVault
 
WAF in Scale
Alexey Sintsov
 
opensuse conference 2015: security processes and technologies for Tumbleweed
Marcus Meissner
 
Firewall intro
amar_panchal
 
Security Onion Conference - 2015
DefensiveDepth
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
CIS Control Solution Guide
Lauren Bell
 
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Mastering checkpoint-1-basic-installation
networkershome
 
Linux Security
nayakslideshare
 
Firewallpresentation 100826052003-phpapp02
devidas shinde
 
Ad

Viewers also liked (8)

PPT
Ch03 system administration
Raja Waseem Akhtar
 
PPT
Pencil
Raja Waseem Akhtar
 
PPT
Ch03
Raja Waseem Akhtar
 
PPT
Ch12
Raja Waseem Akhtar
 
PPT
Beat Anger
Raja Waseem Akhtar
 
PPT
Ch05
Raja Waseem Akhtar
 
PPT
Ch20 system administration
Raja Waseem Akhtar
 
PPT
Ch07
Raja Waseem Akhtar
 
Ch03 system administration
Raja Waseem Akhtar
 
Pencil
Raja Waseem Akhtar
 
Ch03
Raja Waseem Akhtar
 
Ch12
Raja Waseem Akhtar
 
Beat Anger
Raja Waseem Akhtar
 
Ch05
Raja Waseem Akhtar
 
Ch20 system administration
Raja Waseem Akhtar
 
Ch07
Raja Waseem Akhtar
 
Ad

Similar to Solaris servers sec (20)

PDF
Windows server hardening 1
Frank Avila Zapata
 
PDF
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 
PPT
Technology to Stop Hackers
Greater Noida Institute Of Technology
 
PDF
Hardening solaris
Femi Adeyemi
 
PDF
Linux security quick reference guide
Craig Cannon
 
PPT
How to configure esx to pass an audit
Concentrated Technology
 
PDF
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
PPTX
Server hardening
Teja Babu
 
PDF
Red Hat Linux 5 Hardening Tips - National Security Agency
sanchetanparmar
 
PPT
Introduction to JumpStart
Scott McDermott
 
DOC
Taishaun_OwnensCNS-533_Lab
Taishaun Owens
 
PDF
Host Based Security Best Practices
webhostingguy
 
PPT
Network administrationcode Lecture 1.ppt
Wamisho
 
PDF
Architecting Secure Web Systems
InnoTech
 
PDF
How to Use EXAchk Effectively to Manage Exadata Environments
Sandesh Rao
 
PDF
Dru lavigne servers-tutorial
Dru Lavigne
 
DOCX
Project Pt1
Emmanuel McCain
 
PPT
Freeware Security Tools You Need
amiable_indian
 
PPT
Basics to Configure NW Device
Haitham El-Ghareeb
 
PDF
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
Windows server hardening 1
Frank Avila Zapata
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 
Technology to Stop Hackers
Greater Noida Institute Of Technology
 
Hardening solaris
Femi Adeyemi
 
Linux security quick reference guide
Craig Cannon
 
How to configure esx to pass an audit
Concentrated Technology
 
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
Server hardening
Teja Babu
 
Red Hat Linux 5 Hardening Tips - National Security Agency
sanchetanparmar
 
Introduction to JumpStart
Scott McDermott
 
Taishaun_OwnensCNS-533_Lab
Taishaun Owens
 
Host Based Security Best Practices
webhostingguy
 
Network administrationcode Lecture 1.ppt
Wamisho
 
Architecting Secure Web Systems
InnoTech
 
How to Use EXAchk Effectively to Manage Exadata Environments
Sandesh Rao
 
Dru lavigne servers-tutorial
Dru Lavigne
 
Project Pt1
Emmanuel McCain
 
Freeware Security Tools You Need
amiable_indian
 
Basics to Configure NW Device
Haitham El-Ghareeb
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 

More from Raja Waseem Akhtar (20)

PPS
The prophet's wives
Raja Waseem Akhtar
 
PPS
God is Great
Raja Waseem Akhtar
 
PPS
Namaz ka tareeqa
Raja Waseem Akhtar
 
PPS
Aayat ul qursi
Raja Waseem Akhtar
 
PPT
Indiansoldiers
Raja Waseem Akhtar
 
PPS
2ªwwii how did it fought
Raja Waseem Akhtar
 
PPT
Fun with EMC2
Raja Waseem Akhtar
 
PPS
Jerusalm at night.pps
Raja Waseem Akhtar
 
PPS
From the sky
Raja Waseem Akhtar
 
PPS
Discover the discovery
Raja Waseem Akhtar
 
PPT
The OSI - seven layers
Raja Waseem Akhtar
 
PPT
Chapter16 - the internet and its tools
Raja Waseem Akhtar
 
PPT
Chapter15 -- implementing and managing networks
Raja Waseem Akhtar
 
PPT
Chapter14 -- networking security
Raja Waseem Akhtar
 
PPT
Chapter13 -- ensuring integrity and availability
Raja Waseem Akhtar
 
PPT
Chapter12 -- troubleshooting networking problems
Raja Waseem Akhtar
 
PPT
Chapter11 -- networking with tcpip and the internet
Raja Waseem Akhtar
 
PPT
Chapter10 -- netware-based networking
Raja Waseem Akhtar
 
PPT
Chapter09 -- networking with unix and linux
Raja Waseem Akhtar
 
PPT
Chapter08 -- network operating systems and windows server 2003-based networking
Raja Waseem Akhtar
 
The prophet's wives
Raja Waseem Akhtar
 
God is Great
Raja Waseem Akhtar
 
Namaz ka tareeqa
Raja Waseem Akhtar
 
Aayat ul qursi
Raja Waseem Akhtar
 
Indiansoldiers
Raja Waseem Akhtar
 
2ªwwii how did it fought
Raja Waseem Akhtar
 
Fun with EMC2
Raja Waseem Akhtar
 
Jerusalm at night.pps
Raja Waseem Akhtar
 
From the sky
Raja Waseem Akhtar
 
Discover the discovery
Raja Waseem Akhtar
 
The OSI - seven layers
Raja Waseem Akhtar
 
Chapter16 - the internet and its tools
Raja Waseem Akhtar
 
Chapter15 -- implementing and managing networks
Raja Waseem Akhtar
 
Chapter14 -- networking security
Raja Waseem Akhtar
 
Chapter13 -- ensuring integrity and availability
Raja Waseem Akhtar
 
Chapter12 -- troubleshooting networking problems
Raja Waseem Akhtar
 
Chapter11 -- networking with tcpip and the internet
Raja Waseem Akhtar
 
Chapter10 -- netware-based networking
Raja Waseem Akhtar
 
Chapter09 -- networking with unix and linux
Raja Waseem Akhtar
 
Chapter08 -- network operating systems and windows server 2003-based networking
Raja Waseem Akhtar
 

Recently uploaded (20)

PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Approach and Philosophy of On baking technology
30anthuong17
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

Solaris servers sec

  • 1. Securing Solaris Servers Randy Marchany
  • 2. General Strategy Most Solaris security checklists recommend installing the minimum set of software needed to run the system. Most sysadmins don’t do this. General strategy Remove all privilege and access and grant or enable only what is needed. Enable as much system logging as possible!
  • 3. Two Strategies Use the SANS Securing Solaris checklist Use the Center for Internet Security Securing Solaris Benchmark Use the CERT Securing Solaris Server checklist. Use the SANS or CIS checklists when the CERT checklist recommends it.
  • 4. Solaris Installation Disconnect the system from the net? Optional Download patches, other software to another machine if possible. Obtain the following information IP name, IP address, subnet mask, default gateway, DNS server, Domain name, Time Zone
  • 5. Solaris Installation Boot time configuration SANS Guide steps 1.1.1-1.1.8, Basic OS Installation Step 1.1.5, select ‘other’. Minimal OS installation (optional) SANS Guide steps 1.2.1-1.2.7, select “system accounting”.
  • 6. Solaris Hardening Remove all packages not needed for the operation of the server. Verify /etc/hostname.<interface name> contains only the machine name. Verify /etc/inet/hosts (aka /etc/hosts) contains the following entries: 127.0.0.1 localhost <IP address> FQDN UQHN loghost <IP address> central syslog server (optional)
  • 7. Solaris Hardening Verify /etc/nsswitch.conf contains the following entry: hosts: files dns Verify /etc/netmasks contains: <network number> <subnet mask> SANS guide steps 1.3.1 – 1.35, Post Install/networking configuration Pick a secure password for the root account SANS guide steps 1.4.2-1.4.7, Installing Patches
  • 8. Solaris Hardening Installing patches takes time, about 1 hour. It’s CRITICAL that you install the most current set of patches. Check security patches at least once a month. Use tools like patchdiag or GASP to make installation easier. Install Tripwire. Install SSH
  • 9. Solaris Hardening SANS Guide step 2.1.1, purging boot directories of Unnecessary Services SANS Guide step 2.1.2-2.1.5, 2.1.7, 2.1.8, 2.1.9, 2.1.10 Set umask to 027 Remove all services from /etc/inet.conf SANS Guide 2.2.1-2.2.5, Cleaning House
  • 10. Solaris Hardening Install TCP Wrappers SANS Guide 2.3.1-2.3.3, file system configuration Set enhanced syslog logging Set debug level for kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, local0-7 SANS Guide 2.4.3-2.4.4, Additional Logging
  • 11. Solaris Hardening Sendmail Obtain updated sendmail kit via anonymous ftp. One such site is: ftp.vt.edu/pub/cc/Solaris/sendmail*2.8* SANS guide 2.6.1-2.6.5 SANS guide 2.7.1-2.7.9, Miscellaneous