JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11 Security Guidelines     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


1.  Overview of Oracle Solaris 11 Security

2.  Configuring Oracle Solaris 11 Security

Installing the Oracle Solaris OS

Securing the System

Verify Your Packages

Disable Unneeded Services

Remove Power Management Capability From Users

Place Security Message in Banner Files

Place Security Message on the Desktop Login Screen

Securing Users

Set Stronger Password Constraints

Set Account Locking for Regular Users

Set More Restrictive umask Value for Regular Users

Audit Significant Events in Addition to Login/Logout

Monitor lo Events in Real Time

Remove Unneeded Basic Privileges From Users

Securing the Kernel

Configuring the Network

Display Security Message to ssh and ftp Users

Disable the Network Routing Daemon

Disable Broadcast Packet Forwarding

Disable Responses to Echo Requests

Set Strict Multihoming

Set Maximum Number of Incomplete TCP Connections

Set Maximum Number of Pending TCP Connections

Specify a Strong Random Number for Initial TCP Connection

Reset Network Parameters to Secure Values

Protecting File Systems and Files

Protecting and Modifying Files

Securing Applications and Services

Creating Zones to Contain Critical Applications

Managing Resources in Zones

Configuring IPsec and IKE

Configuring IP Filter

Configuring Kerberos

Adding SMF to a Legacy Service

Creating a BART Snapshot of the System

Adding Multilevel (Labeled) Security

Configuring Trusted Extensions

Configuring Labeled IPsec

3.  Monitoring and Maintaining Oracle Solaris 11 Security

A.  Bibliography for Oracle Solaris Security

Protecting File Systems and Files

ZFS file systems are lightweight and can be encrypted, compressed, and configured with reserved space and disk space limits.

The following tasks provide a glimpse of the protections that are available in ZFS, the default file system of Oracle Solaris. For additional information, see Setting ZFS Quotas and Reservations in Oracle Solaris Administration: ZFS File Systems and the zfs(1M) man page.

For Instructions
Prevent DOS attacks by managing and reserving disk space.
Specifies the use of disk space by file system, by user or group, or by project.
Guarantee a minimum amount of disk space to a dataset and its descendants.
Guarantees disk space by file system, by user or group, or by project.
Encrypt data on a file system.
Protects a dataset with encryption and a passphrase to access the dataset at dataset creation.
Specify ACLs to protect files at a finer granularity than regular UNIX file permissions.
Extended security attributes can be useful in protecting files.

For a caution about using ACLs, see Hiding Within the Trees.