JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Security Services
search filter icon
search icon

Document Information


Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

Enhancements to Machine Security in the Solaris 10 Release

Controlling Access to a Computer System

Maintaining Physical Security

Maintaining Login Control

Managing Password Information

Password Encryption

Special System Logins

Remote Logins

Dial-Up Logins

Controlling Access to Devices

Device Policy (Overview)

Device Allocation (Overview)

Controlling Access to Machine Resources

Limiting and Monitoring Superuser

Configuring Role-Based Access Control to Replace Superuser

Preventing Unintentional Misuse of Machine Resources

Setting the PATH Variable

Assigning a Restricted Shell to Users

Restricting Access to Data in Files

Restricting setuid Executable Files

Using the Automated Security Enhancement Tool

Using the Solaris Security Toolkit

Using the Secure by Default Configuration

Using Oracle Solaris Resource Management Features

Using Oracle Solaris Zones

Monitoring Use of Machine Resources

Monitoring File Integrity

Controlling Access to Files

Protecting Files With Encryption

Using Access Control Lists

Sharing Files Across Machines

Restricting root Access to Shared Files

Controlling Network Access

Network Security Mechanisms

Authentication and Authorization for Remote Access

Firewall Systems

Encryption and Firewall Systems

Reporting Security Problems

3.  Controlling Access to Systems (Tasks)

4.  Controlling Access to Devices (Tasks)

5.  Using the Basic Audit Reporting Tool (Tasks)

6.  Controlling Access to Files (Tasks)

7.  Using the Automated Security Enhancement Tool (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Role-Based Access Control (Reference)

11.  Privileges (Tasks)

12.  Privileges (Reference)

Part IV Oracle Solaris Cryptographic Services

13.  Oracle Solaris Cryptographic Framework (Overview)

14.  Oracle Solaris Cryptographic Framework (Tasks)

15.  Oracle Solaris Key Management Framework

Part V Authentication Services and Secure Communication

16.  Using Authentication Services (Tasks)

17.  Using PAM

18.  Using SASL

19.  Using Solaris Secure Shell (Tasks)

20.  Solaris Secure Shell (Reference)

Part VI Kerberos Service

21.  Introduction to the Kerberos Service

22.  Planning for the Kerberos Service

23.  Configuring the Kerberos Service (Tasks)

24.  Kerberos Error Messages and Troubleshooting

25.  Administering Kerberos Principals and Policies (Tasks)

26.  Using Kerberos Applications (Tasks)

27.  The Kerberos Service (Reference)

Part VII Oracle Solaris Auditing

28.  Oracle Solaris Auditing (Overview)

29.  Planning for Oracle Solaris Auditing

30.  Managing Solaris Auditing (Tasks)

31.  Solaris Auditing (Reference)



Controlling Access to Machine Resources

As system administrator, you can control and monitor system activity. You can set limits on who can use what resources. You can log resource use, and you can monitor who is using the resources. You can also set up your systems to minimize improper use of resources.

Limiting and Monitoring Superuser

Your system requires a root password for superuser access. In the default configuration, a user cannot remotely log in to a system as root. When logging in remotely, a user must log in with the user's user name and then use the su command to become root. You can monitor who has been using the su command, especially those users who are trying to gain superuser access. For procedures that monitor superuser and limit access to superuser, see Monitoring and Restricting Superuser (Task Map).

Configuring Role-Based Access Control to Replace Superuser

Role-based access control, or RBAC, is designed to limit the capabilities of superuser. Superuser, the root user, has access to every resource in the system. With RBAC, you can replace root with a set of roles with discrete powers. For example, you can set up one role to handle user account creation, and another role to handle system file modification. When you have established a role to handle a function or set of functions, you can remove those functions from root's capabilities.

Each role requires that a known user log in with their user name and password. After logging in, the user then assumes the role with a specific role password. As a consequence, someone who learns the root password has limited ability to damage your system. For more on RBAC, see Role-Based Access Control (Overview).

Preventing Unintentional Misuse of Machine Resources

You can prevent you and your users from making unintentional errors in the following ways:

Setting the PATH Variable

You should take care to correctly set the PATH variable. Otherwise, you can accidentally run a program that was introduced by someone else. The intruding program can corrupt your data or harm your system. This kind of program, which creates a security hazard, is referred to as a Trojan horse. For example, a substitute su program could be placed in a public directory where you, as system administrator, might run the substitute program. Such a script would look just like the regular su command. Because the script removes itself after execution, you would have little evidence to show that you have actually run a Trojan horse.

The PATH variable is automatically set at login time. The path is set through the startup files: .login, .profile, and .cshrc. When you set up the user search path so that the current directory (.) comes last, you are protected from running this type of Trojan horse. The PATH variable for superuser should not include the current directory at all.

The Automated Security Enhancement Tool (ASET) examines the startup files to ensure that the PATH variable is set up correctly. ASET also ensures that the PATH variable does not contain a dot (.) entry.

Assigning a Restricted Shell to Users

The standard shell allows a user to open files, execute commands, and so on. The restricted shell limits the ability of a user to change directories and to execute commands. The restricted shell is invoked with the /usr/lib/rsh command. Note that the restricted shell is not the remote shell, which is /usr/sbin/rsh.

The restricted shell differs from a standard shell in the following ways:

The restricted shell enables you to limit a user's ability to stray into system files. The shell creates a limited environment for a user who needs to perform specific tasks. The restricted shell is not completely secure, however, and is only intended to keep unskilled users from inadvertently doing damage.

For information about the restricted shell, use the man -s1m rsh command to see the rsh(1M) man page.

Restricting Access to Data in Files

Because the Oracle Solaris OS is a multiuser environment, file system security is the most basic security risk on a system. You can use traditional UNIX file protections to protect your files. You can also use the more secure access control lists (ACLs).

You might want to allow some users to read some files, and give other users permission to change or delete some files. You might have some data that you do not want anyone else to see. Chapter 6, Controlling Access to Files (Tasks) discusses how to set file permissions.

Restricting setuid Executable Files

Executable files can be security risks. Many executable programs have to be run as root, that is, as superuser, to work properly. These setuid programs run with the user ID set to 0. Anyone who is running these programs runs the programs with the root ID. A program that runs with the root ID creates a potential security problem if the program was not written with security in mind.

Except for the executables that Oracle ships with the setuid bit set to root, you should disallow the use of setuid programs. If you cannot disallow the use of setuid programs, then you must restrict their use. Secure administration requires few setuid programs.

For more information, see Preventing Executable Files From Compromising Security. For procedures, see Protecting Against Programs With Security Risk (Task Map).

Using the Automated Security Enhancement Tool

The ASET security package provides automated administration tools that enable you to control and monitor your system's security. ASET provides three security levels: low, medium, and high. You specify an ASET security level. At each higher level, ASET's file-control functions increase to reduce file access and tighten your system's security. For more information, see Chapter 7, Using the Automated Security Enhancement Tool (Tasks).

Using the Solaris Security Toolkit

While ASET can be used to make a small number of security changes to a system, the Solaris Security Toolkit provides a flexible and extensible mechanism to minimize, harden, and secure a Solaris system. The Solaris Security Toolkit, informally known as the JASS toolkit, is a tool that enables the user to perform security modifications to a system. The tool can provide a report on the security status of an Oracle Solaris system. The tool also has the ability to undo previous runs of the tool. The JASS toolkit can be downloaded from the Sun web site, The web site contains pointers to online documentation.

The toolkit is described in detail in Securing Systems with the Solaris Security Toolkit, by Alex Noordergraaf and Glenn Brunette, ISBN 0-13-141071-7, June 2003. The book is part of the Sun BluePrints Series, which is published by Sun Microsystems Press.

Using the Secure by Default Configuration

By default, when the Solaris 10 release is installed, a large set of network services are enabled. To limit a system's network connectivity, you run the netservices limited command. This command activates a “Secure by Default” (SBD) configuration. With SBD, the only network service that accepts network requests is the sshd daemon. All other network services are disabled or handle local requests only. To enable individual network services, such as ftp, you use the Solaris Service Management Facility (SMF). For more information, see the netservices(1M) and smf(5) man pages.

Using Oracle Solaris Resource Management Features

Oracle Solaris software provides sophisticated resource management features. Using these features, you can allocate, schedule, monitor, and cap resource use by applications in a server consolidation environment. The resource controls framework enables you to set constraints on system resources that are consumed by processes. Such constraints help to prevent denial-of-service attacks by a script that attempts to flood a system's resources.

With Oracle Solaris resource management features, you can designate resources for particular projects. You can also dynamically adjust the resources that are available. For more information, see Part I, Resource Management, in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.

Using Oracle Solaris Zones

Oracle Solaris zones provide an application execution environment in which processes are isolated from the rest of the system within a single instance of the Oracle Solaris OS. This isolation prevents processes that are running in one zone from monitoring or affecting processes that are running in other zones. Even a process running with superuser capabilities cannot view or affect activity in other zones.

Oracle Solaris zones are ideal for environments that place several applications on a single server. For more information, see Part II, Zones, in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.

Monitoring Use of Machine Resources

As a system administrator, you need to monitor system activity. You need to be aware of all aspects of your machines, including the following:

With this kind of knowledge, you can use the available tools to audit system use and monitor the activities of individual users. Monitoring is very useful when a breach in security is suspected. For more information on the audit service, see Chapter 28, Oracle Solaris Auditing (Overview).

Monitoring File Integrity

As a system administrator, you need assurance that the files that were installed on the systems that you administer have not changed in unexpected ways. In large installations, a comparison and reporting tool about the software stack on each of your systems enables you to track your systems. The Basic Audit Reporting Tool (BART) enables you to comprehensively validate systems by performing file-level checks of one or more systems over time. Changes in a BART manifest across systems, or for one system over time, can validate the integrity of your systems. BART provides manifest creation, manifest comparison, and rules for scripting reports. For more information, see Chapter 5, Using the Basic Audit Reporting Tool (Tasks).