This section provides procedures for hardening and unhardening the system. Using Sun OTP 2.0, you can harden and unharden the Sun OTP host. Hardening is the process of modifying the SolarisTM operating system configuration to improve the network security of a system. By using the hardening process, you can close the ports and disable the services that might present a security risk to the system. You can unharden, that is, reopen the ports and enable the services that were closed by the hardening process. Hardening and unhardening must be done on both global and non-global zones.
Solaris Security Toolkit (SST) driver must be installed on both global and non-global zones.
Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.
Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.
Type the user name and password.
The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.
Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.
Click Install Driver and click run.
Click run.
The InstallSST plan run screen appears.
Type the media directory in the Media Directory field.
Type the host name on which to install the driver in the target host field.
Click run plan (includes preflight).
Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.
Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.
Type the user name and password.
The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.
Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.
Click Uninstall Driver and click run.
The UninstallSST plan run screen appears.
Type the host name on which to uninstall the driver in the target host field.
Click run plan (includes preflight).
Hardening is the process of modifying the Solaris OS configuration to improve a system's security. By using the hardening process, you can close the ports and disable the services that might present a security risk to the system.
Install the Sun OTP SST Driver
Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.
Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.
Type the user name and password.
The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.
Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.
Click Harden and click run.
The Harden plan run screen appears.
Type the host name that you want to harden in the target host field.
Click run plan (includes preflight).
The plan does not close the ports and disable the services that are required by the Sun OTP components.
Once the plan completes, reboot the Sun OTP host for hardening to take effect.
Using unhardening, you can reopen the ports and enable the services that were closed by the hardening process.
Hardening is defined in certain configuration files. If you have changed certain configuration files, you can choose one of the following options during unhardening:
Roll back only the unchanged configuration files to its default state. The changed files can be retained in its current state.
Roll back all the configuration files, including the changed files, to its default state.
Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.
Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.
Type the user name and password.
The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.
Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.
Choose the state of the configuration files.
Click run.
Type the host name that you want to unharden in the target host field.
Click run plan (includes preflight).