Solaris Security Toolkit 4.1 Reference Manual Table Of ContentsPrevious ChapterNext ChapterBook Index


Sun Logo


Solaris Security Toolkit 4.1 Reference Manual

817-7750-10


Contents

Tables

Code Samples

Preface

1. Framework Functions

Customizing Framework Functions

Using Common Log Functions

logBanner

logDebug

logError

logFailure

logFileContentsExist and logFileContentsNotExist

logFileExists and logFileNotExists

logFileGroupMatch and logFileGroupNoMatch

logFileModeMatch and logFileModeNoMatch

logFileNotFound

logFileOwnerMatch and logFileOwnerNoMatch

logFileTypeMatch and logFileTypeNoMatch

logFinding

logFormattedMessage

logInvalidDisableMode

logInvalidOSRevision

logMessage

logNotice

logPackageExists and logPackageNotExists

logPatchExists and logPatchNotExists

logProcessArgsMatch and logProcessArgsNoMatch

logProcessExists and logProcessNotExists

logProcessNotFound

logServiceConfigExists and logServiceConfigNotExists

logStartScriptExists and logStartScriptNotExists

logStopScriptExists and logStopScriptNotExists

logSuccess

logWarning

Using Common Miscellaneous Functions

isNumeric

invalidVulnVal

checkLogStatus

adjustScore

printPretty

printPrettyPath

extractComments

clean_path

strip_path

Using Driver Functions

add_patch

add_pkg

add_to_manifest

backup_file

check_os_min_version

check_os_revision

checksum

copy_a_dir

copy_a_file

copy_a_symlink

copy_files

create_a_file

create_file_timestamp

disable_conf_file

disable_file

disable_rc_file

is_patch_applied and is_patch_not_applied

mkdir_dashp

move_a_file

rm_pkg

Using Audit Functions

check_fileContentsExist and check_fileContentsNotExist

check_fileExists and check_fileNotExists

check_fileGroupMatch and check_fileGroupNoMatch

check_fileModeMatch and check_fileModeNoMatch

check_fileOwnerMatch and check_fileOwnerNoMatch

check_fileTemplate

check_fileTypeMatch and check_fileTypeNoMatch

check_minimized

check_packageExists and check_packageNotExists

check_patchExists and check_patchNotExists

check_processArgsMatch and check_processArgsNoMatch

check_processExists and check_processNotExists

check_serviceConfigExists and check_serviceConfigNotExists

check_startScriptExists and check_startScriptNotExists

check_stopScriptExists and check_stopScriptNotExists

finish_audit

start_audit

2. File Templates

Customizing File Templates

procedure iconsmall spaceTo Customize a File Template

Understanding Rules for How Files Are Copied

Using Configuration Files

driver.init

finish.init

user.init.SAMPLE

Using File Templates

.cshrc

.profile

etc/default/sendmail

etc/dt/config/Xaccess

etc/hosts.allow and etc/hosts.deny

etc/init.d/klmmod and etc/rc2.d/S77klmmod

etc/init.d/nddconfig

etc/init.d/set-tmp-permissions

etc/init.d/sms_arpconfig

etc/issue and /etc/motd

etc/notrouter

etc/rc2.d/S00set-tmp-permissions and etc/rc2.d/S07set-tmp-permissions

etc/rc2.d/S70nddconfig

etc/rc2.d/S73sms_arpconfig

etc/rc2.d/S77swapadd

etc/security/audit_class, etc/security/audit_control, and etc/security/audit_event

etc/sms_domain_arp and /etc/sms_sc_arp

etc/syslog.conf

3. Drivers

Understanding Driver Functions and Processes

Load Functionality Files

Perform Basic Checks

Load User Functionality Overrides

Mount File Systems to JumpStart Client

Copy or Audit Files

Execute Scripts

Compute Total Score for the Run

Unmount File Systems From JumpStart Client

Customizing Drivers

procedure iconsmall spaceTo Customize a Driver

Using Standard Drivers

config.driver

hardening.driver

secure.driver

undo.driver

Using Product-Specific Drivers

desktop-secure.driver

install-Sun_ONE-WS.driver

jumpstart-secure.driver

suncluster3x-secure.driver

sunfire_mf_msp-secure.driver

starfire_ssp-secure.driver

sunfire_15k_domain-secure.driver

sunfire_15k_sc-secure.driver

4. Finish Scripts

Customizing Finish Scripts

Customize Existing Finish Scripts

procedure iconsmall spaceTo Customize a Finish Script

Prevent kill Scripts From Being Disabled

Create New Finish Scripts

Using Standard Finish Scripts

Disable Finish Scripts

disable-ab2.fin

disable-apache.fin

disable-asppp.fin

disable-autoinst.fin

disable-automount.fin

disable-dhcp.fin

disable-directory.fin

disable-dmi.fin

disable-dtlogin.fin

disable-ipv6.fin

disable-kdc.fin

disable-keyboard-abort.fin

disable-keyserv-uid-nobody.fin

disable-ldap-client.fin

disable-lp.fin

disable-mipagent.fin

disable-named.fin

disable-nfs-client.fin

disable-nfs-server.fin

disable-nscd-caching.fin

disable-picld.fin

disable-power-mgmt.fin

disable-ppp.fin

disable-preserve.fin

disable-remote-root-login.fin

disable-rhosts.fin

disable-rpc.fin

disable-samba.fin

disable-sendmail.fin

disable-slp.fin

disable-sma.fin

disable-snmp.fin

disable-spc.fin

disable-ssh-root-login.fin

disable-syslogd-listen.fin

disable-system-accounts.fin

disable-uucp.fin

disable-vold.fin

disable-wbem.fin

disable-xserver.listen.fin

Enable Finish Scripts

enable-32bit-kernel.fin

enable-bsm.fin

enable-coreadm.fin

enable-ftp-syslog.fin

enable-ftpaccess.fin

enable-inetd-syslog.fin

enable-priv-nfs-ports.fin

enable-process-accounting.fin

enable-rfc1948.fin

enable-stack-protection.fin

enable-tcpwrappers.fin

Install Finish Scripts

install-at-allow.fin

install-fix-modes.fin

install-ftpusers.fin

install-Sun_ONE-WS.fin

install-jass.fin

install-loginlog.fin

install-md5.fin

install-nddconfig.fin

install-newaliases.fin

install-openssh.fin

install-recommended-patches.fin

install-sadmind-options.fin

install-security-mode.fin

install-shells.fin

install-strong-permissions.fin

install-sulog.fin

install-templates.fin

Minimize Finish Script

Print Finish Scripts

print-jass-environment.fin

print-jumpstart-environment.fin

print-rhosts.fin

print-sgid-files.fin

print-suid-files.fin

print-unowned-objects.fin

print-world-writable-objets.fin

Remove Finish Script

Set Finish Scripts

set-banner-dtlogin.fin

set-banner-ftpd.fin

set-banner-telnet.fin

set-banner-sendmail.fin

set-banner-sshd.fin

set-ftpd-umask.fin

set-login-retries.fin

set-power-restrictions.fin

set-rmmount-nosuid.fin

set-root-group.fin

set-root-password.fin

set-sys-suspend-restrictions.fin

set-system-umask.fin

set-term-type.fin

set-tmpfs-limit.fin

set-user-password-reqs.fin

set-user-umask.fin

Update Finish Scripts

update-at-deny.fin

update-cron-allow.fin

update-cron-deny.fin

update-cron-log-size.fin

update-inetd-conf.fin

Using Product-Specific Finish Scripts

suncluster3x-set-nsswitch-conf.fin

s15k-static-arp.fin

s15k-exclude-domains.fin

s15k-install-klmmod-loader.fin

s15k-sms-secure-failover.fin

5. Audit Scripts

Customizing Audit Scripts

Customize Standard Audit Scripts

procedure iconsmall spaceTo Customize An Audit Script

Create New Audit Scripts

Using Standard Audit Scripts

Disable Audit Scripts

disable-ab2.aud

disable-apache.aud

disable-asppp.aud

disable-autoinst.aud

disable-automount.aud

disable-dhcpd.aud

disable-directory.aud

disable-dmi.aud

disable-dtlogin.aud

disable-ipv6.aud

disable-kdc.aud

disable-keyboard-abort.aud

disable-keyserv-uid-nobody.aud

disable-ldap-client.aud

disable-lp.aud

disable-mipagent.aud

disable-named.aud

disable-nfs-client.aud

disable-nfs-server.aud

disable-nscd-caching.aud

disable-picld.aud

disable-power-mgmt.aud

disable-ppp.aud

disable-preserve.aud

disable-remote-root-login.aud

disable-rhosts.aud

disable-rpc.aud

disable-samba.aud

disable-sendmail.aud

disable-slp.aud

disable-sma.aud

disable-snmp.aud

disable-spc.aud

disable-ssh-root-login.aud

disable-syslogd-listen.aud

disable-system-accounts.aud

disable-uucp.aud

disable-vold.aud

disable-wbem.aud

disable-xserver.listen.aud

Enable Audit Scripts

enable-32bit-kernel.aud

enable-bsm.aud

enable-coreadm.aud

enable-ftp-syslog.aud

enable-ftpaccess.aud

enable-inetd-syslog.aud

enable-priv-nfs-ports.aud

enable-process-accounting.aud

enable-rfc1948.aud

enable-stack-protection.aud

enable-tcpwrappers.aud

Install Audit Scripts

install-at-allow.aud

install-fix-modes.aud

install-ftpusers.aud

install-jass.aud

install-loginlog.aud

install-md5.aud

install-nddconfig.aud

install-newaliases.aud

install-openssh.aud

install-recommended-patches.aud

install-sadmind-options.aud

install-security-mode.aud

install-shells.aud

install-strong-permissions.aud

install-sulog.aud

install-Sun_ONE-WS.aud

install-templates.aud

Minimize Audit Script

Print Audit Scripts

print-jass-environment.aud

print-jumpstart-environment.aud

print-rhosts.aud

print-sgid-files.aud

print-suid-files.aud

print-unowned-objects.aud

print-world-writable-objects.aud

Remove Audit Script

Set Audit Scripts

set-banner-dtlogin.aud

set-banner-ftpd.aud

set-banner-sendmail.aud

set-banner-sshd.aud

set-banner-telnet.aud

set-ftpd-umask.aud

set-login-retries.aud

set-power-restrictions.aud

set-rmmount-nosuid.aud

set-root-group.aud

set-root-password.aud

set-sys-suspend-restrictions.aud

set-system-umask.aud

set-term-type.aud

set-tmpfs-limit.aud

set-user-password-reqs.aud

set-user-umask.aud

Update Audit Scripts

update-at-deny.aud

update-cron-allow.aud

update-cron-deny.aud

update-cron-log-size.aud

update-inetd-conf.aud

Using Product-Specific Audit Scripts

suncluster3x-set-nsswitch-conf.aud

s15k-static-arp.aud

s15k-exclude-domains.aud

s15k-install-klmmod-loader.aud

s15k-sms-secure-failover.aud

6. Environment Variables

Customizing and Assigning Variables

Assign Static Variables

Assign Dynamic Variables

Assign Complex Substitution Variables

Assign Global and Profile-Based Variables

Creating Environment Variables

Using Environment Variables

Define Framework Variables

JASS_AUDIT_DIR

JASS_CHECK_MINIMIZED

JASS_CONFIG_DIR

JASS_DISABLE_MODE

JASS_DISPLAY_HOSTNAME

JASS_DISPLAY_SCRIPTNAME

JASS_DISPLAY_TIMESTAMP

JASS_FILES

JASS_FILES_DIR

JASS_FINISH_DIR

JASS_HOME_DIR

JASS_HOSTNAME

JASS_ISA_CAPABILITY

JASS_LOG_BANNER

JASS_LOG_ERROR

JASS_LOG_FAILURE

JASS_LOG_NOTICE

JASS_LOG_SUCCESS

JASS_LOG_WARNING

JASS_MODE

JASS_OS_REVISION

JASS_OS_TYPE

JASS_PACKAGE_DIR

JASS_PATCH_DIR

JASS_PKG

JASS_REPOSITORY

JASS_ROOT_DIR

JASS_RUN_AUDIT_LOG

JASS_RUN_CHECKSUM

JASS_RUN_FINISH_LIST

JASS_RUN_INSTALL_LOG

JASS_RUN_MANIFEST

JASS_RUN_SCRIPT_LIST

JASS_RUN_UNDO_LOG

JASS_RUN_VERSION

JASS_SAVE_BACKUP

JASS_SCRIPTS

JASS_STANDALONE

JASS_SUFFIX

JASS_TIMESTAMP

JASS_UNAME

JASS_USER_DIR

JASS_VERBOSITY

JASS_VERSION

Define Script Behavior Variables

JASS_ACCT_DISABLE

JASS_ACCT_REMOVE

JASS_AGING_MAXWEEKS

JASS_AGING_MINWEEKS

JASS_AGING_WARNWEEKS

JASS_AT_ALLOW

JASS_AT_DENY

JASS_BANNER_DTLOGIN

JASS_BANNER_FTPD

JASS_BANNER_SENDMAIL

JASS_BANNER_SSHD

JASS_BANNER_TELNETD

JASS_CORE_PATTERN

JASS_CPR_MGT_USER

JASS_CRON_ALLOW

JASS_CRON_DENY

JASS_CRON_LOG_SIZE

JASS_FIXMODES_DIR

JASS_FIXMODES_OPTIONS

JASS_FTPD_UMASK

JASS_FTPUSERS

JASS_KILL_SCRIPT_DISABLE

JASS_LOGIN_RETRIES

JASS_MD5_DIR

JASS_NOVICE_USER

JASS_PASS_LENGTH

JASS_PASSWD

JASS_POWER_MGT_USER

JASS_REC_PATCH_OPTIONS

JASS_RHOSTS_FILE

JASS_ROOT_GROUP

JASS_ROOT_PASSWORD

JASS_SADMIND_OPTIONS

JASS_SENDMAIL_MODE

JASS_SGID_FILE

JASS_SHELLS

JASS_SHELL_DISABLE

JASS_SUID_FILE

JASS_SUSPEND_PERMS

JASS_SVCS_DISABLE

JASS_SVCS_ENABLE

JASS_TMPFS_SIZE

JASS_UMASK

JASS_UNOWNED_FILE

JASS_WRITABLE_FILE

Define JumpStart Mode Variables

JASS_PACKAGE_MOUNT

JASS_PATCH_MOUNT

Glossary

Index



  Solaris Security Toolkit 4.1 Reference Manual 817-7750-10 Table Of ContentsPrevious ChapterNext ChapterBook Index


Copyright © 2004, Sun Microsystems, Inc. All Rights Reserved.