Index

Symbols

/usr/bin/ldd command, 1

A

access privileges, protecting, 1

accountability, 1

add_install_client command, 1

add_to_manifest function, 1

add-client script, 1, 2

adding clients, from JumpStart servers, 1

adding JumpStart client, case scenario, 1

application security, 1

application start, messages, 1

applications

determining if using RPC port mapper, 1

identifying, 1

identifying dynamically loaded, 1

inventorying, 1

requirements, 1

verifying, case scenario, 1

applying patches, 1

architecture, Solaris Security Toolkit software, 1

assumptions and limitations, case scenario, 1

audit option, 1

audit scripts

customizing, 1

directory, 1

matching drivers, 1

proprietary, 1

audit strategy, 1

audit, 1, 2

auditing a system, 1

auditing, limitations, 1

audits

automating, 1

back up, caution, 1

banners, 1

case scenario, 1

command, 1

configuring reports, 1

controlling output, 1

customizing, 1

displaying results, 1

email option, 1

host name, script name, and timestamp information, 1

log entries, sample, 1

messages, 1

mini-scan, 1

options, 1

output option, 1

periodic, 1

process, 1

quiet option, 1

reporting only failures, 1

security assessment, 1

sorting output, 1

authentication

services, 1

strong, 1

stronger, 1

automated auditing, 1

B

-b option, undo, 1

backdoor access, binaries, 1

backing up

audits, 1

before installation, 1

requirements before undoing a run, 1

backup files

default action, 1

backup software, inventorying, 1

backup_file helper function, 1

Basic Security Module (BSM), 1

binaries, validating, 1

BSM, 1

bug fixes, patches, 1

C

case scenario, 1

centralized syslog repository, 1

change control policies, 1

changing original files, 1

Check Point Firewall-1 NG, 1

checks

adding, 1

failed, 1

checksums, 1

client does not build, case scenario, 1

clients

adding from JumpStart servers, 1

removing from JumpStart servers, 1

collecting information, running processes, 1

command-line options

audits, 1, 2

audits, help, 1

driver, 1

email notification, 1

help, 1

history, 1

jass-execute command, 1

most recent execute, 1

output file, 1

quiet, 1

root, 1

undo, 1, 2

comment handler, 1

comment mark (#), 1

compilers, limiting, 1

compilers, warning about installing, 1

configuration

assessing, case scenario, 1

audit reporting, 1

auditing, 1

automating, 1

configuring your environment, 1

customizing, case scenario, 1, 2

differences in running vs. stored, 1

guidelines, 1

guidelines for reviewing, 1

information, drivers, 1

JumpStart mode, 1

JumpStart server, 1

JumpStart server, case scenario, 1

monitoring and maintaining, 1

scripts, 1

security assessments, 1

configuration files

determining if in use, 1

inspecting, 1

JumpStart profiles, 1

main, 1

core.profile, 1

corrupted contents, files, 1, 2

cp command, 1

creating security profile, case scenario, 1

cron jobs

audit runs, 1

using quiet output option, 1

custom configuration, case scenario, 1

customizing

guidelines, 1

policies and requirements, 1

security audits, 1

Solaris Security Toolkit, 1

syslog.conf file, 1

D

-d driver option restrictions, 1

daemons, disabling, 1

data integrity, 1

debugging services, 1

default

configurations, FTP and Telnet, 1

security profiles, 1

dependencies

determining, 1

unidentified, 1

deployed systems

installing software, 1

securing, 1

deploying minimized and secured systems, 1

deploying systems, 1

design, Solaris Security Toolkit software, 1

determining OS services to remain enabled, 1

Developer Solaris OE cluster, SUNWCprog, 1

developer.profile, 1

digital fingerprints, 1

directories

audit scripts, 1

drivers, 1

files, 1

finish scripts, 1

JumpStart profiles, 1

list, 1

man, 1

OS, 1

patches, 1

run, 1

software packages, 1

starting, 1

structure, 1

sysidcfg, 1

discrepancies, finding, 1

display help option, 1

display help option, audits, 1

DNS service, 1

documentation directory, 1

documenting results, 1

downloading security software, 1

downtime, 1

driver control flow, 1

driver directory, 1

driver option, 1

driver.init file

overview, 1

drivers

configuration information, 1

directory, 1

naming, 1

drivers directory, 1

drivers, JumpStart servers, 1

dtexec processes, 1

E

email notification option, 1

encryption, 1

encryption software, 1

End User Solaris OE cluster, SUNWCuser, 1

end-user.profile, 1

Entire Distribution Solaris OE cluster, SUNWCall, 1

entire-distribution.profile, 1

environment variables

importing, 1

environment, configuring, 1

errors

corrupted contents, 1, 2

messages or warnings, 1

system corruption, 1, 2

while parsing the sysidcfg file, JumpStart mode, 1

Ethernet interfaces, case scenario, 1

evaluating a system, 1

executing software in stand-alone mode, 1

executing Solaris Security Toolkit, 1

exploited systems, 1

extensions, 1

extracting patches, 1

F

-f option, undo, 1

failed checks, 1

failures, applications, 1

faults, 1

file checksums, 1

file names, 1

file samples, sysidcfg, 1

file system objects

obtaining information, 1

file systems

integrity, 1

files

corrupted contents, 1, 2

determining usage, 1

directory, 1

inconsistent, 1

JumpStart clients, storing, 1

listing and reviewing changes, 1

modifying, 1

naming standards, 1

profiles, 1

reviewing manually changed, 1

files directory, 1

finish directory, 1

finish scripts

creating new, 1

undo feature, 1

finish.init file

driver flow, 1

FixModes

FixModes.tar.Z file, 1

software, downloading, 1

force option, 1

framework, customizing Solaris Security Toolkit, 1

frameworks, services, 1

FTP

default configuration, 1

services, enabled, 1, 2

functionality

adding, 1

patches, 1

problems, 1

testing, 1

H

hardening a system quickly, 1

hardening runs

executing Solaris Security Toolkit, 1

listing for undo, 1

reversing changes, 1

helper functions, 1

history option, 1

host-based access control, 1

I

identifying dynamically loaded applications, 1

inconsistent state, 1

infrastructure, 1

infrastructure components, 1

infrastructure, preparing, case scenario, 1

installation

auditing after, 1

automating, 1, 2

automating patches, 1

automating Solaris OS, 1

backing up, 1

client, case scenario, 1

guidelines, 1

hardening systems, 1

log file, 1

new system, case scenario, 1

patches, 1

planning, 1

preinstallation tasks, 1

software, 1

software, case scenario, 1

standardizing, 1

verification, 1

integrity

binaries, checking, 1

data, 1

executables, verifying, 1

file system, 1

software downloads, 1

integrity management solutions, 1

intrusion detection, 1

J

JASS, 1

JASS_DISPLAY_HOSTNAME variable, 1

JASS_DISPLAY_SCRIPTNAME variable, 1

JASS_DISPLAY_TIMESTAMP variable, 1

JASS_HOME_DIR environment variable, definition, 1

JASS_LOG_BANNER environment variable, 1, 2

JASS_LOG_ERROR environment variable, 1

JASS_LOG_FAILURE environment variable, 1

JASS_LOG_SUCCESS environment variable, 1

JASS_LOG_WARNING environment variable, 1

JASS_REPOSITORY

modifying contents, 1

reviewing contents, 1

undo runs, 1

jass-check-sum command, 1

jass-check-sum program, 1

jass-execute -a command, 1

jass-execute -a command options, 1

jass-execute command options, 1

jass-execute -u command, 1

jass-manifest.txt file, 1

jass-undo-log.txt file, 1

JumpStart Architecture and Security Scripts (JASS), 1

JumpStart architecture, integrating Solaris Security Toolkit, 1

JumpStart client

adding, case scenario, 1

does not build, case scenario, 1

files, storing, 1

installing client, case scenario, 1

JumpStart mode

configuring, 1, 2

errors while parsing the sysidcfg file, 1

installation, sysidcfg directory, 1

modifying sysidcfg, 1

using all scripts, 1

using selected scripts, 1

JumpStart profiles, 1

directory, 1

templates, 1

JumpStart server

configuring and managing, 1

configuring, case scenario, 1

multihomed, 1

JumpStart technology, 1, 2

K

-k option, undo, 1

keep option, 1

Kerberos, 1

key components, 1

key environment variables, 1

kill command, 1

L

LDAP, 1

ldd command, 1

libraries, 1, 2

librpcsvc.so.1 entries, 1

life cycle, maintaining security, 1

limiting compilers, 1

list open files program, 1

log files

installation, 1

reviewing, 1

logging

considering, 1

operations, 1

lsof program, 1

lsof program, obtaining, 1

M

-m option

audits, 1

undo, 1

maintaining security, 1, 2

maintaining version control, 1

maintenance window, 1

make-jass-pkg program, 1

malfunctions, 1

man directory, 1

management protocols, example policy, 1

management software, inventorying, 1

manifest file entries

processing multiple, 1

manifest files, 1

manual changes, keeping during undo, 1

manual reviews, security, 1

MD5 binaries, 1

MD5 software

downloading, 1

md5.tar.Z file, 1

messages, audits, 1

meta-services, 1

methodology, securing systems, 1

minimizing output, 1

minimizing, 1, 2

modes, 1

modifications, tracking, 1

modifications, validating, 1

modifying

code, 1

profile files, 1

monitoring security, 1

monitoring software, inventorying, 1

most recent execute option, 1

moving patch files, 1

multihomed JumpStart server, 1

N

naming files, standards, 1

naming services, 1

naming standards

custom files, 1

installations, 1

Solaris OS, 1

nested or hierarchical security profiles, 1

netstat command, 1

network access, protecting, 1

NFS

applications relying on, 1

NIS, 1

notices, generated during undo, 1

O

-o option, audits, 1

-o option, undo, 1

OEM Solaris OE cluster, SUNWCXall, 1

oem.profile, 1

offline, securing systems, 1

OpenSSH

building and deploying, 1

compiling, 1

software, downloading, 1

operational or management functions, inventorying, 1

options

audit, 1

audits, 1

audits, help, 1

backup, undo, 1

driver, 1

email notification, 1

email, audits, 1

email, undo, 1

help, 1

history, 1

jass-execute command, 1

most recent execute, 1

output file, 1

quiet, 1

quiet, audits, 1

quiet, undo, 1

root, 1

undo command, 1

directory, 1

OS cluster, specifying and installing, case scenario, 1

OS images, 1

output

disabling, 1

minimizing, 1

sample audit run, 1

sorting audit, 1

output option

audits, 1

file, 1

undo, 1

P

package name, case scenario, 1

packages directory, 1

packages, adding packages not in pkg format, 1

passwords

passwd(1) command, 1

policy example, 1

patches, 1

adding those not installed, 1

creating subdirectories, 1

directory, 1

extracting, 1

installing, 1

moving files, 1

naming directories, 1

overwriting configuration files, 1

README files, 1

rehardening system after installing, 1

performance

Solaris OS patches, 1

periodic audits, 1

permissions

objects, defaults, 1

pfiles command, 1

pkgadd command, 1

pkill command, 1

planning and preparing, case scenario, 1

planning phase, 1

planning, installation, 1

platform minimization, 1

pldd command, 1

ports, determining usage, 1

precautions, 1

preinstallation tasks, 1

private management network, 1

privilege management, 1

privileges, protecting, 1

processes

determining which are using files and ports, 1

identifier, 1

profiles

directory, 1

JumpStart, 1, 2

modifying, 1

planning and preparing, 1

proprietary drivers and scripts, 1

ps command, 1

purpose, Solaris Security Toolkit software, 1

Q

-q option, audits, 1

-q option, undo, 1

quality assurance (QA) testing, 1

quiet option, 1

R

rc script, audit runs, 1

reboot, securing systems, 1

Recommended and Security Patch Clusters

downloading, 1

storing, 1

related resources, 1

removing clients, from JumpStart servers, 1

report, email notification, 1

required software, 1

requirements

applications, 1

gathering, 1

security, 1

services, 1

services, determining, 1

undoing hardening runs, 1

restricting services, 1

results, documenting, 1

return value, 1

reverse-jass-manifest.txt file, 1

reversing changes, 1

reviewing log files, 1

reviewing security posture, 1

risks and benefits, considering, 1

rm_install_client command, 1

rm-client script, 1, 2

root

director, 1

option, 1

RPC

port mapper, 1

rpcinfo command, 1, 2

services, 1

rules file

checking, case scenario, 1

JumpStart server, 1, 2

run directory, 1

rusers command, 1

rusers service, validating, 1

S

samples, profile files, 1

SCCS, 1

scenario, 1, 2

scp command, 1

scripts

list, 1

modifying, caution, 1

naming, 1

Secure Shell

building and deploying, 1

commercial versions, compiling, 1

installing, case scenario, 1

product requirements, 1

software, downloading, 1

secure.driver, executing, 1

securing a deployed system, 1

securing systems, methodology, 1

security

requirements, 1

security assessments

configuration, 1

performing, 1

security configuration, assessing, 1

security policies

developing, 1

reviewing, 1

standards, 1

security posture

auditing, 1

reviewing, 1

security profiles

creating, case scenario, 1

default, 1

nested or hierarchical, 1

templates, 1

validating, 1

verifying installation, case scenario, 1

security software, downloading, 1

security, maintaining, 1, 2

security, monitoring, 1

service frameworks, 1

service requirements, determining, 1

services

abort, hang, 1, 2

determining if required, 1

identifying, 1

inventorying, 1

recently used, determining, 1

requirements, 1

restricting, 1

RPC, 1

shared libraries, 1

SI_CONFIG_DIR, installing software in subdirectory, 1

SIGHUP signal, 1

site-specific drivers, matching audit scripts, 1

slow network connections, using quiet output, 1

SNMP, 1

software components, 1

software installation, scripts, 1

software packages

adding packages not in pkg format, 1

directory, 1

software required, 1

Solaris Fingerprint Database, 1

Solaris Fingerprint Database Companion, 1

Solaris Fingerprint Database Sidekick, 1

Solaris OS

cluster, SUNWCreq, 1

fixes, 1

images, 1

naming standards, 1

package format, 1

services, checking, 1

Solaris Security Toolkit

installing for JumpStart mode, 1

software, downloading, 1

Solstice DiskSuite trademark , 1

sorting audit output, 1

Source Code Control System (SCCS), 1

specify and install OS cluster, case scenario, 1

stability, 1

stand-alone mode, 1

executing, 1

using, 1

standardizing system installations, 1

standards, enforcing across platforms, 1

standards, security policies, 1

starting directory, 1

stored state, 1

strong authentication, 1

stronger authentication, 1

structure, software, 1

sun4u, 1

SunSolve OnLine web site, 1

SUNWjass directory, 1

SUNWjass-n.n.pkg, 1

sysidcfg

directory, 1

file samples, 1

file, modifying for JumpStart mode, 1

file, version restrictions, 1

files, 1

syslog

messages, logging, 1

repository, 1

syslog.conf file, customizing, 1

system

binaries, validating, 1

boot, messages, 1

call, 1

configurations, monitoring and maintaining, 1

corruption, 1, 2

requirements, case scenario, 1

stability, verifying, 1

state, 1

vulnerabilities, 1

T

TCP Wrappers, 1

Telnet, enabling, 1

templates, profile files, 1

test and acceptance plan, 1

testing functionality, 1

testing, on nonproduction systems, 1

timing out, programs, 1

tools, 1, 2

tracking changes, 1

trojan, 1, 2

troubleshooting, 1

system modifications, 1

undo runs, 1

truss command, 1, 2

ttsession processes, 1

U

uncompress command, 1

undo

backup option, 1

command-line options, 1

email option, 1

force option, 1

information required for using, 1

interactive runs, 1

keep option, 1

limitations, 1

logging and reversing changes, 1

manually undoing changes, 1

options, 1

output option, 1

quiet option, 1

restrictions, 1

runs, listing, 1

selecting runs, sample output, 1

unavailable, 1

undoing runs, 1

undo-log.txt file, 1

unexpected behavior, 1

usage auditing, 1

user.init file, 1

user.init.SAMPLE, purpose, 1

user.run.SAMPLE, purpose, 1

user-interactive services, disabling, 1

user-interactive sessions, protecting, 1

V

validating security profiles, 1, 2

validation process, 1

verbosity levels, 1

verification, before installation, 1

verifying

application and service functionality, 1

functionality, multiple reboots, 1

security profile installation, 1

system stability, 1

version control, 1

vulnerability

analysis, 1

scanning, 1

strategy, 1

value, 1, 2

W

warm-brick, 1

warning messages

displaying at system boot or application start, 1

executing Solaris Security Toolkit software, 1