The Solaris Security FAQ

By Peter Baer Galvin, Unix Insider | Development Add a new comment

March 16, 2001, 2:11 PM — The following is a list of questions that are frequently asked about
Solaris 2.x Security.

Changes to this document will be indicated in
the index by a "+" for new entries and a "*" for changed entries.

1. GENERAL

1.1) How secure is solaris 2?
1.2) What version of Solaris should I run?
1.3) Can I just install a machine and ignore it?
+ 1.4) What is the single most important step I can
take to secure a Solaris machine?

2. How can I configure Solaris to make it more secure?

2.1) What file permissions should I change?
2.2) How should I change root user configuration?
2.3) How should I change startup files?
2.4) How can I disable network root logins?
2.5) How do I disable rlogin/rsh access?
* 2.6) What accounts are unnecessary?
2.7) How do I protect devices?
2.8) What permissions should I change in /etc?
2.9) Why do Solaris machines act as routers?
2.10) How do I disable automounter?
2.11) How to I disable NFS service?
2.12) Do I need to worry about cron
jobs?
2.13) Are there any risks to using dynamic routes?
2.14) When and how should I use static ARP?
2.15) Is it unsecure to run rpcbind?
2.16) What permission bits should be set on /etc/utmp?
2.17) What programs can be un-suid'ed?
2.18) What system facilities can I disable?
2.19) Should I run in.fingerd?
2.20) Can syslog be made to be more effective?
2.21) How can the EEPROM make a system more secure?
2.22) Is my machine being "promiscuous"?
2.23) If I need to use NFS, how can I make it more secure?
* 2.24) How can I secure sendmail
2.25) Is NIS secure, and how can it be made more secure?
2.26) What is needed for secure anonymous ftp service?
2.27) How can X be made more secure?
2.28) How do I turn on SUN-DES-1 authentication?
2.29) What patches should I install?
2.30) How can I prevent code from executing in the stack?
+ 2.31) How can I change the greeting banners?
+ 2.32) How can I prevent TCP sequence prediction
attacks?

3. What programs should I replace or add?

3.1) inetd?
* 3.2) ifstatus?
3.3) xntp
* 3.4) sendmail?
3.5) rpcbind?
3.6) Password checking programs?
3.7) crack?
* 3.8) ftp?
3.9) fix_modes?
3.10) noshell?
3.11) bind?
3.12) netcat?

4. What other useful resources should I know about?

4.1) Sun mailing-lists?
4.2) Sun patches?
4.3) Other Solaris FAQs?
4.4) Useful newsgroups?
4.5) Useful mailing-lists?
4.6) Useful columns?
* 4.7) Useful web sites?

5. How can I make my Solaris web server more secure?

Add a comment

Will Do Not Track kill the 'free' Internet?

7 comments
How to avoid being tagged as a terrorist: Don't pay cash for coffee

3 comments
How to kill Web trackers dead

3 comments
MegaUpload takedown didn't slow pirate downloads, just moved them offshore

3 comments
Even after rewrites, Google Wallet retains gaping security holes, mainly due to Android

3 comments

Older
|
Newer

ITworld LIVE

AppDevGuy asks How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
CorinaGraham has just joined ITworld
jimlynch answers What mobile apps are the worst offenders to user privacy?
jimlynch answers What are the main advantages/disadvantages of a hybrid cloud model vs. the public cloud?
jimlynch answers How do you bill for independent sales reps in a company IT contract?
jimlynch answers What would it take for you to allow a company to REALLY track all of your web use?
jimlynch answers Friday fun: What's your guilty pleasure?
jimlynch answers Where can I find tech services providers that focus on really small businesses?
DudleyThomas_YahQ7W75Q commented on How to avoid being tagged as a terrorist: Don't pay cash for coffee
DudleyThomas_YahQ7W75Q has just joined ITworld
jimlynch answers What are the chances that the cloud will kill off the PC?
jimlynch answers Which is better for password security, length or complexity?
jimlynch answers Why do VoIP calls over WiFi still get counted as "minutes used" by mobile providers?
ernard asks What type of enterprise user is going to use Ubuntu Business Desktop Remix?
dantynan commented on Will Do Not Track kill the 'free' Internet?
ernard answers What mobile apps are the worst offenders to user privacy?
alex.campbell commented on Why don't the Republican presidential candidates have mobile apps?
badgirlblues_tw138808597 commented on Robot hockey player: it shoots, it scores!
badgirlblues_tw138808597 has just joined ITworld
WaterstoneManagementGroup answers Where can I find tech services providers that focus on really small businesses?
User ire4444 is following Eric Bloom
User afinch is following _WebFooL_
dblacharski answers Why do VoIP calls over WiFi still get counted as "minutes used" by mobile providers?
chetanmts has just joined ITworld
ablake asks What can be done to control noise levels in data centers?
User jnaze is following KenedyMark_Yah52T6CK
weissa has just joined ITworld
Yoshihiro Satoh shared Eight features Windows 8 borrowed from Linux on Twitter

DevelopmentWhite Papers & Webcasts

White Paper

HP NonStop SQL Fundamentals whitepaper

This whitepaper offers a detailed look into the fundamentals of HP NonStop SQL solutions. See how this system delivers unprecedented levels of application availability with fail-safe data integrity and meets the needs of enterprises with large-scale business critical applications.

White Paper