Solaris security tweaks

Right now, a very important chunk of security information can by summed up by going to my firewall building page. You should read it, even if you are not planning to set up a "firewall".

Other good things:

ASET: Automated Security Enhancement Tool

Sun's own automated tool that ships with Solaris. It doesnt tighten up as much as some people would like, but it's better than just going with the defaults.

'aset' is in package "SUNWast".

However, these days, sun is recommending the "JASS" security toolkit, which is at http://www.sun.com/security/jass

JASS is used to "minimize, harden, and secure Solaris"[ and technically starts for "Jumpstart Architecture and Security Scripts"]

NOTE If you are NOT building a routing firewall, then you want to put at minimum the following in a script in /etc/rc2.d/S01something:

 ndd -set /dev/ip ip_forwarding  0
 ndd -set /dev/ip ip_strict_dst_multihoming  1
 ndd -set /dev/ip ip_forward_src_routed  0
 ndd -set /dev/ip ip_forward_directed_broadcasts  0

 (and the same for ip6_xxxx, if on solaris 8)

There are additional settings you might consider adding, in tihs third-party page on "Tuning solaris for checkpoint"

The Solaris Security FAQ

can be found at http://www.itworld.com/Comp/2377/security-faq/

Written by: Philip Brown
Solaris Top