Security Considerations
The Solaris Security Toolkit software, informally known as the JumpStartTM Architecture and Security Scripts (JASS) toolkit, provides an automated, extensible, and scalable mechanism to build and maintain secure Solaris OS systems. The Solaris Security Toolkit provides security for devices critical to the management of your server, including the control domain in the Logical Domains Manager.
The Solaris Security Toolkit 4.2 software package, SUNWjass, provides the means to secure the Solaris Operating System on your control domain through the use of the install-ldm script by:
-
Letting the Solaris Security Toolkit automatically harden your control domain by using the Logical Domains Manager install script (install-ldm) and the control driver specific to the Logical Domains Manager (ldm_control-secure.driver).
-
Selecting an alternative driver when using the install script.
-
Selecting no driver when using the install script and applying your own Solaris hardening.
The SUNWjass package is located with the Logical Domains (LDoms) Manager 1.2 software package, SUNWldm, at Sun's software download web site. You have the option to download and install the Solaris Security Toolkit 4.2 software package at the same time you download and install the Logical Domains Manager 1.2 software. The Solaris Security Toolkit 4.2 software package includes the required patches to enable the Solaris Security Toolkit software to work with the Logical Domains Manager. Once the software is installed, you can harden your system with Solaris Security Toolkit 4.2 software. Chapter 3, Installing and Enabling Software tells you how to install and configure the Solaris Security Toolkit, and harden your control domain.
Following are the security functions available to users of the Logical Domains Manager provided by the Solaris Security Toolkit:
-
Hardening – Modifying Solaris OS configurations to improve a system's security using the Solaris Security Toolkit 4.2 software with required patches to enable the Solaris Security Toolkit to work with the Logical Domains Manager.
-
Minimizing – Installing the minimum number of core Solaris OS packages necessary for LDoms and LDoms Management Information Base (MIB) support.
-
Authorization – Setting up authorization using the Solaris OS Role-Based Access Control (RBAC) adapted for the Logical Domains Manager.
-
Auditing – Using the Solaris OS Basic Security module (BSM) adapted for the Logical Domains Manager to identify the source of security changes to the system to determine what was done, when it was done, by whom, and what was affected.
-
Compliance – Determining if a system's configuration is in compliance with a predefined security profile using the Solaris Security Toolkit's auditing feature.
- © 2010, Oracle Corporation and/or its affiliates