How to Reduce the Security Risk in Solaris _ - Generic OS Hardening Steps - UnixArena_ENERO_5

7/25/2019 How to Reduce the Security Risk in Solaris _ - Generic OS Hardening Steps - UnixArena_ENERO_5

1/4

1/5/2016 How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena

http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html 1/4

H o w t o r e d u c e t h e S e c u r i t y r i s k i n S o l a r i s ? G e n e r i c O S H a r d e n i n g s t e p s

June 7, 2013 Security, Solaris 10 506 Views

Is your Solaris environment is secure enough ? How can we tighten the system security ? Here wewill see some basic Hardening steps for Solaris OS.Every organization should maintain hardening

checklists of each operating systems which they are using it.Before server is bringing to

operation/production, hardening check list needs to be verified by support team who supports

the server.

Actually OS hardening part is begins before system built.Because you need tochoose the customized OS

image according to your environment.By reducing the OS image size,the possibility of risk(security and reliability) is very

less and less size OS image speeds up the boot process and consumes less disk space.

1.Apply Recommended Patch Cluster bundle regularly . It has very important bug fixes and security fix patches. Visit

https://support.oracle.comto check latest additional security patches and install it if applicable to your environment.

2.Disable all the services which are not being used anymore.There are many services which will make you system in high-

risk.Disable services like RPC based services,NFS,NIS, Sendmail,Apache,SNMP,printer services and internet based services if

no longer used in server.

3.Disable inetd services and use ssh for remote login and file-transfer.

Its better not to use telnet,ftp,rlogin services.
http://2.bp.blogspot.com/-srvnnoTAKak/Ubgi-KUgzqI/AAAAAAAAA5w/f8c5R66o0QY/s1600/solaris-security.jpghttp://2.bp.blogspot.com/-srvnnoTAKak/Ubgi-KUgzqI/AAAAAAAAA5w/f8c5R66o0QY/s1600/solaris-security.jpghttps://support.oracle.com/http://www.unixarena.com/category/solaris-10http://www.unixarena.com/category/securityhttp://2.bp.blogspot.com/-srvnnoTAKak/Ubgi-KUgzqI/AAAAAAAAA5w/f8c5R66o0QY/s1600/solaris-security.jpg


2/4



4.There are many parameters in the Solaris kernel which can be tuned to increase the system security.Network parameters

can be tuned using ndd command.Other kernel parameters can modified using /etc/system file.

Network tweaks:

Disable IP forwarding on OS

Protect against SYN floods attacks

Reduce ARP timeouts

5.Restrict root to login only via console and remove un-used users from the system.

Restrict cron access to normal users and disable .rhosts.

6.Set warning banners in /etc/motd & /etc/issue.

7.Increase the level of logging in system accounting,process accounting,kernel level auditing.

8.Create /etc/ftpd/ftpusers to restrict ftp to all users.

9.Remove the group writable from all files in /etc.

# chmod -R g-w /etc

10.Validate the OS start up scripts in all the run levels.Remove the start-up scrips which no longer needed.(/etc/rc2.d &

/etc/rc3.d)

11.Turns on stack protection which will help to protect your system from many buffer overflow attacks.Add the below


3/4



lines in /etc/system to turn on this feature.

set noexec_user_stack = 1

set noexec_user_stack_log = 1

12.Protect File Systems which are mounted on the system by setting nosuid or ro and set logging option for root file

system in vfstab.

13.Enable Packet Filtering is necessary to increase system security.

14.Restrict access to TCP based network services by using TCP wrappers.

15.Disable un-used SMF service using svcadm command.

16.Use Solaris Security Toolkit (JASS)

17.Be cautious with removable media devices.Stop vold if possible.

To know More security information

Thank you for reading this article. If leave a comment if you would like to add more information here.

Image source:www.oralce.com
http://www.nsa.gov/ia/_files/os/sunsol_10/s10-cis-appendix-v1.1.pdf


4/4



How to Reduce the Security Risk in Solaris _ - Generic OS Hardening Steps - UnixArena_ENERO_5

Documents

Transcript of How to Reduce the Security Risk in Solaris _ - Generic OS Hardening Steps - UnixArena_ENERO_5