JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11 Security Guidelines     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Overview of Oracle Solaris Security

2.  Configuring Oracle Solaris Security

Installing the Oracle Solaris OS

Securing the System

How to Verify Your Packages

How to Disable Unneeded Services

How to Remove Power Management Capability From Users

How to Place a Security Message in Banner Files

How to Place a Security Message on the Desktop Login Screen

Securing Users

How to Set Stronger Password Constraints

How to Set Account Locking for Regular Users

How to Set More Restrictive umask Value for Regular Users

How to Audit Significant Events in Addition to Login/Logout

How to Monitor lo Events in Real Time

How to Remove Unneeded Basic Privileges From Users

Securing the Kernel

Configuring the Network

How to Display a Security Message to ssh Users

How to Use TCP Wrappers

Protecting File Systems and Files

How to Limit the Size of the tmpfs File System

Protecting and Modifying Files

Securing Applications and Services

Creating Zones to Contain Critical Applications

Managing Resources in Zones

Configuring IPsec and IKE

Configuring IP Filter

Configuring Kerberos

Adding SMF to a Legacy Service

Creating a BART Snapshot of the System

Adding Multilevel (Labeled) Security

Configuring Trusted Extensions

Configuring Labeled IPsec

3.  Monitoring and Maintaining Oracle Solaris Security

A.  Bibliography for Oracle Solaris Security

Securing the Kernel

At this point, you might have created users who can assume roles, and have created the roles. Only the root role can modify system files.

Task
Description
For Instructions
Prevent programs from exploiting an executable stack.
Sets a system variable that prevents the exploitation of buffer overflows that exploit the executable stack.
Protect core files that might contain sensitive information.
Creates a directory with limited access that is dedicated to core files.