| Solaris Security Toolkit 4.1 Release Notes |     |
| Solaris Security Toolkit 4.1 Release Notes | |
|
Solaris  Security Toolkit 4.1 Release Notes
|
This guide contains release notes for the Solaris Security Toolkit 4.1 (also known as JASS) software and contains the following topics:
Solaris Security Toolkit 4.1 Limitations
General Notes and Issues
Solaris Security Toolkit 4.1 Documentation Part Numbers
This section contains known limitations for the Solaris Security Toolkit 4.1 software:
While the Solaris Security Toolkit 4.1 software maintains its functionality for disabling system accounts (see the finish script disable-system-accounts.fin), it no longer modifies the system to record login attempts to those disabled accounts.
This section contains general notes and issues that involve the Solaris Security Toolkit 4.1 software.
Supported SMS upgrade and downgrade are referenced in the SMS high-end system product documentation. When performing SMS upgrade/downgrade operations on System Controllers hardened by the Solaris Security Toolkit, run in audit mode after the upgrade/downgrade is complete. Running in audit mode verifies that the System Controller is in the proper configuration. If any vulnerabilities are identified, rerun hardening.
Performing a CTRL-C during Solaris Security Toolkit hardening and undo operations could result in an inconsistent system state. Hardening operations should be allowed to complete and then a subsequent undo operation performed instead of interrupting the hardening operation. Do not use CTRL-C for error handling or to interrupt a Toolkit run. Wait until the operation has finished and then re-perform hardening or undo operations.
When executing fix-modes during package installation secure-modes warnings are displayed. These warnings are the result of a file formatting problem in Solaris software and can, safely, be ignored.
In order to better understand the needs and requirements of the users of the Solaris Security Toolkit, a questionnaire has been placed in the Documentation directory ($JASS_HOME/Documentation/QUESTIONNAIRE). The purpose of this survey is allow us to better focus future development efforts. Your participation would be greatly appreciated.
Please submit completed surveys to sst-questionnaire@sun.com.
Software documentation for this release is provided at:
http://ww.sun.com/products-n-solutions/hardware/docs/ Software/enterprise_computing/systems_management/sst/index.html
Files are named by part number which corresponds to these document titles:
817-7424-10.pdf - Solaris Security Toolkit 4.1 Administrator Guide
817-7750-10.pdf - Solaris Security Toolkit 4.1 Reference Manual
819-0111-10.pdf - Solaris Security Toolkit 4.1 Man Page Guide
817-0783-10.pdf - Solaris Security Toolkit 4.1 Release Notes
This section summarizes the most important bugs and RFEs in the Solaris Security Toolkit 4.1 software.
If, after hardening the system with the update-cron-log-size.fin and enable-process-accounting.fin scripts, the system is rebooted and an undo of the hardening run performed, the undo reports that /etc/logadm.conf has changed and prompts with the usual Backup, Force or Keep options.
Since the user has not performed any manual editing of /etc/logadm.conf the undo should apply cleanly and not require user action.
Workaround: In this instance, choose the Force option.
If the /etc/logadm.conf has been edited, use the Backup or Keep options.
s15k-static-arp.fin hard codes the platform name. If you change the platform name using smsconfig -m this script will no longer work.
Workaround: You must edit the s15k-static-arp.fin and replace sun15- with the new platform name.
The/etc/ftpd/banner.msg file is missing from the file list of the set-banner-ftpd.fin section in Chapter 4 of the Solaris Security Toolkit 4.1Reference Manual.
Workaround: None. This is a documentation bug only. This file is present in the software.
The environment variable JASS_SHELL_DISABLE is no longer used and has been removed from the Solaris Security Toolkit 4.1 software. Mention of it still appears in the Solaris Security Toolkit 4.1 Reference Manual and should be removed.
Workaround: Do not attempt to use this variable. It will no longer work.
This section contains all important, other-software bugs that affect the Solaris Security Toolkit 4.1 software.
There are no known bugs that affect the Solaris Security Toolkit 4.1 software at the time of this release.
| Solaris Security Toolkit 4.1 Release Notes | 819-0783-10 | |
Copyright © 2004, Sun Microsystems, Inc. All Rights Reserved.