Preface

This manual contains reference information for understanding and using Solaris Security Toolkit software. This manual is primarily intended for persons who use the Solaris Security Toolkit software to secure Solaris Operating System (OS) versions 8 through 9, such as administrators, consultants, and others, who are deploying new Sun systems or securing deployed systems. The instructions apply to using the software in either its JumpStart trademark mode or standalone mode.

Before You Read This Book

You should be a Sun Certified System Administrator for Solaris trademark or Sun Certified Network Administrator for Solaris Operating System. You should also have an understanding of standard network protocols and topologies.

Because this book is designed to be useful to people with varying degrees of experience or knowledge of security, your experience and knowledge determine how you use this book.

How This Book Is Organized

This manual serves as a user guide. Its chapters contain information, instructions, and guidelines for using the software to secure systems. This book is structured as follows:

Chapter 1 describes the design and purpose of the Solaris Security Toolkit software. It covers the key components, features, benefits, and supported platforms.

Chapter 2 provides a methodology for securing systems. It provides a process that you can apply before securing your systems using the Solaris Security Toolkit software.

Chapter 3 provides instructions for downloading, installing, and running the Solaris Security Toolkit software and other security-related software.

Chapter 4 provides information and procedures for reversing (undoing) the changes made by the Solaris Security Toolkit software during hardening runs.

Chapter 5 provides information for configuring and managing JumpStart servers to use the Solaris Security Toolkit software.

Chapter 6 describes how to audit (validate) a system's security using the Solaris Security Toolkit software. Use the information and procedures in this chapter for maintaining an established security profile after hardening.

Chapter 7 describes how to apply the information and expertise provided in earlier chapters to a realistic scenario for installing and securing a new system.

Using UNIX^® Commands

This document might not contain information on basic UNIX^® commands and procedures such as shutting down the system, booting the system, and configuring devices. Refer to the following for this information:

Software documentation that you received with your system

Solaris Operating System documentation, which is at

http://docs.sun.com

Shell Prompts

Shell	Prompt
C shell	machine-name`%`
C shell superuser	machine-name`#`
Bourne shell and Korn shell	`$`
Bourne shell and Korn shell superuser	`#`

Typographic Conventions

Typeface`^[1]`	Meaning	Examples
`AaBbCc123`	The names of commands, files, and directories; on-screen computer output	Edit your`.login` file. Use `ls` `-a` to list all files. `% You have mail`.
`AaBbCc123`	What you type, when contrasted with on-screen computer output	`%` `su` `Password:`
AaBbCc123	Book titles, new words or terms, words to be emphasized. Replace command-line variables with real names or values.	Read Chapter 6 in the User's Guide. These are called class options. You must be superuser to do this. To delete a file, type `rm` filename.

Typeface^[1]

Meaning

Examples

AaBbCc123

The names of commands, files, and directories; on-screen computer output

Edit your.login file.

Use ls -a to list all files.

% You have mail.

AaBbCc123

What you type, when contrasted with on-screen computer output

% su

Password:

AaBbCc123

Book titles, new words or terms, words to be emphasized. Replace command-line variables with real names or values.

Read Chapter 6 in the User's Guide.

These are called class options.

You must be superuser to do this.

To delete a file, type rm filename.

Accessing Sun Documentation

You can view, print, or purchase a broad selection of Sun documentation, including localized versions, at:

http://www.sun.com/documentation

Third-Party Web Sites

Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

Related Resources

Related publications and web sites are listed in this section.

Publications

Andert, Donna, Wakefield, Robin, and Weise, Joel. "Trust Modeling for Security Architecture Development," Sun BluePrints OnLine, December 2002, http://www.sun.com/blueprints/1202/817-0775.pdf.

Dasan, Vasanthan, Noordergraaf, Alex, and Ordica, Lou. "The Solaris Fingerprint Database - A Security Tool for Solaris Software and Files," Sun BluePrints OnLine, May 2001, http://www.sun.com/blueprints/0501/Fingerprint.pdf.

Englund, Martin, "Securing Systems with Host-Based Firewalls - Implemented With SunScreen Lite 3.1 Software," Sun BluePrints OnLine, September 2001,
http://sun.com/blueprints/0901/sunscreenlite.pdf.

Garfinkel, Simon, and Spafford, Gene. Practical UNIX and Internet Security, 2nd Edition, O'Reilly & Associates, April 1996.

Howard, John S., and Noordergraaf, Alex. JumpStart Technology: Effective Use in the Solaris Operating Environment, The Official Sun Microsystems Resource Series, Prentice Hall, October 2001.

Moffat, Darren J., FOCUS on SUN: Solaris BSM Auditing, http://www.securityfocus.com/infocus/1362

Noordergraaf, Alex. "Solaris Operating Environment Minimization for Security: A Simple, Reproducible and Secure Application Installation Methodology Updated for Solaris 8 Operating Environment," Sun BluePrints OnLine, November 2000, http://sun.com/blueprints/1100/minimize-updt1.pdf.

Noordergraaf, Alex. "Minimizing the Solaris Operating Environment for Security: Updated for Solaris 9 Operating Environment," Sun BluePrints OnLine, November 2002,http://sun.com/blueprints/1102/816-5241.pdf.

Noordergraaf, Alex. "Securing the Sun Cluster 3.x Software," Sun BluePrints OnLine article, February 2003, http://www.sun.com/solutions/blueprints/0203/817-1079.pdf.

Noordergraaf, Alex, "Securing the Sun Enterprise 10000 System Service Processors," Sun BluePrints OnLine article, March 2002, http://www.sun.com/blueprints/0302/securingenter.pdf

Noordergraaf, Alex, et. al. Enterprise Security: Solaris Operating Environment Security Journal, Solaris Operating Environment Versions 2.5.1, 2.6, 7, and 8, Sun Microsystems, Prentice Hall Press, ISBN 0-13-100092-6, June 2002.

Noordergraaf, Alex and Nimeh, Dina. "Securing the Sun Fire 12K and 15K Domains," Sun BluePrints OnLine article, February 2003, http://www.sun.com/blueprints/0203/817-1357.pdf.

Noordergraaf, Alex and Nimeh, Dina. "Securing the Sun Fire 12K and 15K System Controllers," Sun BluePrints OnLine article, February 2003, http://www.sun.com/blueprints/0203/817-1358.pdf.

Noordergraaf, Alex and Watson, Keith. "Solaris Operating Environment Security: Updated for the Solaris 9 Operating Environment," Sun BluePrints OnLine, December 2002, http://www.sun.com/blueprints/1202/816-5242.pdf.

O'Donnell, Nicholas and Noordergraaf, Alex. "Minimizing Domains for Sun Fire V1280, 6800, 12K, and 15K Systems," Sun BluePrints OnLine articles, September 2003, http://www.sun.com/blueprints/0903/817-3340.pdf [Part I] and http://www.sun.com/blueprints/0903/817-3628.pdf [Part II]

Osser, William and Noordergraaf, Alex. "Auditing in the Solaris 8 Operating Environment," Sun BluePrints OnLine, February 2001
http://www.sun.com/blueprints/0201/audit_config.pdf.

Reid, Jason M. and Watson, Keith. "Building and Deploying OpenSSH in the Solaris Operating Environment," Sun BluePrints OnLine, July 2001,
http://sun.com/blueprints/0701/openSSH.pdf.

Reid, Jason M. "Configuring OpenSSH for the Solaris Operating Environment," Sun BluePrints OnLine article, January 2002, http://www.sun.com/blueprints/0102/configssh.pdf.

Reid, Jason. Secure Shell in the Enterprise, The Official Sun Microsystems Resource Series, Prentice Hall, June 2003

Solaris Advanced Installation Guide, Sun Microsystems, http://docs.sun.com.

SunSHIELD Basic Security Module Guide, Sun Microsystems, Inc.,
http://docs.sun.com.

Watson, Keith and Noordergraaf, Alex. "Solaris Operating Environment Network Settings for Security: Updated for Solaris 9 Operating Environment," Sun BluePrints OnLine, June 2003, http://www.sun.com/solutions/blueprints/0603/816-5240.pdf.

Weise, Joel, and Martin, Charles R. "Developing a Security Policy," Sun BluePrints OnLine article, December 2001, http://www.sun.com/solutions/blueprints/1201/secpolicy.pdf.

Web Sites

AUSCERT, UNIX Security Checklist,
http://www.auscert.org.au/render.html?it=1935&cid=1920

CERT/CC at http://www.cert.org is a federally funded research and development center working with computer security issues.

Chkrootkit, http://www.chkrootkit.org

Galvin, Peter Baer, The Solaris Security FAQ,
http://www.itworld.com/Comp/2377/security-faq/

HoneyNet Project, "Know Your Enemy: Motives"
http://project.honeynet.org/papers/motives/

List open files software,
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/

Nmap Port Scanner, http://www.insecure.org

OpenSSH tool, http://www.openssh.com/

Pomeranz, Hal, Solaris Security Step by Step, http://www.sans.org/

Rhoads, Jason, Solaris Security Guide,
http://www.sabernet.net/papers/Solaris.html

Security Focus at http://www.securityfocus.org is a web site dedicated to discussing pertinent security topics.

Sendmail Consortium, sendmail configuration information,
http://www.sendmail.org/

Spitzner, Lance, Armoring Solaris,
http://secinf.net/unix_security/Armoring_Solaris.html

SSH Communications Security, Secure Shell (SSH) tool, http://www.ssh.com/

Sun BluePrints OnLine, http://sun.com/blueprints

Sun BluePrints OnLine Tools for FixModes software and MD5 scripts, http://jsecom15k.sun.com/ECom/EComActionServlet?StoreId=8&PartDetailId=817-0074-10&TransactionId=try&LMLoadBalanced=

Sun Enterprise Authentication Mechanism information,
http://www.sun.com/software/solaris/ds/ds-seam

SunSolveSM - http://sunsolve.sun.com

Contacting Sun Technical Support

If you have technical questions about this product that are not answered in this document, go to:

http://www.sun.com/service/contacting

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. You can submit your comments by going to:

http://www.sun.com/hwdocs/feedback

Please include the title and part number of your document with your feedback:

Solaris Security Toolkit 4.1 Administration Guide, part number 817-7424-10

^{1 (TableFootnote) The settings on your browser might differ from these settings.}