Securing Solaris Servers: A Checklist Approach

Paul D. J. Vandenberg and Susan D. Wyess

This material is excerpted from an internal U.S. Government document on Web security, which the authors played leading roles in preparing. This material has been officially reviewed, and the authors have been granted permission to use this material in a non-official publication.

Introduction

• Server Security Checklist Overview
• Acknowledgments
• About the Authors
• Background
• Goal
• Using the Checklists
• References

Solaris Installation and Configuration

• Solaris 2.x Installation
• User Accounts
• Network Access Controls
• System Auditing
• System Services
• File Permissions
• Probing for Security Holes
• Continuing Maintenance
• What's New  November 27, 1998

The guides provided in this Web page cluster are intended to help system administrators improve the security of Solaris 2.x hosts. The top-level links anove take you to a checklist with hyperlinks into pages containing more details on each step. When printed and annotated with any deviations, these checklists can serve as part of your site documentation.

Because it's very difficult, if not impossible, to provide reasonably terse procedures covering all of the possible Solaris 2.x configurations, we tried to focus on the most important issues. The guides were developed for Solaris 2.5.1 and have been tested on Solaris 2.4, 2.5, and 2.6. We tried to make these procedures easy to follow and modular enough that you can pick and choose the procedures applicable to your requirements. We based these guides on an ideal installation using only the Core cluster, but the procedures have been tested with the End User cluster on Solaris 2.6. Use with other clusters may require some modifications.

Keep your host secure—check audit logs regularly, keep up with the latest threat information, and install patches from vendors as they become available. See the Continuing Maintenance hyperlink for more guidance.

• Installing
• Configuring
• Maintenance

Netscape

• Installing
• Configuring
• Using SSL
• Maintenance

The hyperlinks above take you to sections in a checklist developed to help you apply best practices during the installation and configuration of your Web server on a Solaris 2.x host. Many checklist items are hyperlinks to pages containing more details on the specific item.

You may want to print the checklist pages and include the completed checklist, with deviations noted, in your site documentation.

Keep your server secure: check audit logs regularly, keep up with the latest threat information, and install patches from vendors as they become available.

Our Publications

• Overview
• Short Topics Booklets
• Deploying VMware
• LCFG for System Config
• Using Cfengine
• Internet Postmaster
• System Configuration
• Guide to Oracle
• Logging
• Documentation Writing
• Budgeting
• Backups
• Job Descriptions
• Higher Reliability
• Auditing
• Hiring Sysadmins
• Educating & Training Sysadmins
• System Security
• Developing Policy Documents
• Request for Proposals
• White Papers
• Book Reviews
• ;login: Articles
• LISA Proceedings
• Other Proceedings
• Explore SAGE Web
• About SAGE
• Recommended Reading
• Code of Ethics
• About the Field
• Jobs Board
• Mailing Lists
• Local User Groups
• Our Publications
• Salary Survey
• Speakers Bureau
• Sysadmin Toolbox