The Solaris Security FAQ
The following is a list of questions that are frequently asked about
Solaris 2.x Security.
Changes to this document will be indicated in
the index by a "+" for new entries and a "*" for changed entries.
- 1.1) How secure is solaris 2?
- 1.2) What version of Solaris should I run?
- 1.3) Can I just install a machine and ignore it?
- + 1.4) What is the single most important step I can
take to secure a Solaris machine?
2. How can I configure Solaris to make it more secure?
- 2.1) What file permissions should I change?
- 2.2) How should I change root user configuration?
- 2.3) How should I change startup files?
- 2.4) How can I disable network root logins?
- 2.5) How do I disable
rlogin/rshaccess?
- * 2.6) What accounts are unnecessary?
- 2.7) How do I protect devices?
- 2.8) What permissions should I change in /etc?
- 2.9) Why do Solaris machines act as routers?
- 2.10) How do I disable automounter?
- 2.11) How to I disable NFS service?
- 2.12) Do I need to worry about
cron
jobs?
- 2.13) Are there any risks to using dynamic routes?
- 2.14) When and how should I use static ARP?
- 2.15) Is it unsecure to run
rpcbind?
- 2.16) What permission bits should be set on /etc/utmp?
- 2.17) What programs can be un-suid'ed?
- 2.18) What system facilities can I disable?
- 2.19) Should I run
in.fingerd?
- 2.20) Can
syslogbe made to be more effective?
- 2.21) How can the EEPROM make a system more secure?
- 2.22) Is my machine being "promiscuous"?
- 2.23) If I need to use NFS, how can I make it more secure?
- * 2.24) How can I secure
sendmail
- 2.25) Is NIS secure, and how can it be made more secure?
- 2.26) What is needed for secure anonymous ftp service?
- 2.27) How can X be made more secure?
- 2.28) How do I turn on SUN-DES-1 authentication?
- 2.29) What patches should I install?
- 2.30) How can I prevent code from executing in the stack?
- + 2.31) How can I change the greeting banners?
- + 2.32) How can I prevent TCP sequence prediction
attacks?
3. What programs should I replace or add?
- 3.1)
inetd?
- * 3.2)
ifstatus?
- 3.3)
xntp
- * 3.4)
sendmail?
- 3.5)
rpcbind?
- 3.6) Password checking programs?
- 3.7)
crack?
- * 3.8)
ftp?
- 3.9)
fix_modes?
- 3.10)
noshell?
- 3.11)
bind?
- 3.12)
netcat?
pasmith
Kindle news: pricing, business models and ... source code?
mulderjoe
Cell phone gaming: In search of good mobile games
jfruh
The guts of the iPhone 3GS
Enter your caption for this week's cartoon! The winner will receive a $25 Amazon gift card. Go now!
Essential JavaFX
Get started building rich Web apps quickly with an introduction to the power of JavaFX key features -- scene node graphs, nodes as components, the coordinate system, layout options, colors and gradients, custom classes with inheritance, animation, binding, and event handlers.Enter now!
The Nomadic Developer
Consulting can be hugely rewarding, but it's easy to fail if you are unprepared. To succeed, you need a mentor who knows the lay of the land. Aaron Erickson is your mentor, and this is your guidebook. Enter now!
