test

Sun Open Telecommunications Platform 2.0 Administration Guide

Hardening and Unhardening the Sun OTP Host

This section provides procedures for hardening and unhardening the system. Using Sun OTP 2.0, you can harden and unharden the Sun OTP host. Hardening is the process of modifying the SolarisTM operating system configuration to improve the network security of a system. By using the hardening process, you can close the ports and disable the services that might present a security risk to the system. You can unharden, that is, reopen the ports and enable the services that were closed by the hardening process. Hardening and unhardening must be done on both global and non-global zones.

ProcedureTo Install the Sun OTP SST Driver

Solaris Security Toolkit (SST) driver must be installed on both global and non-global zones.

  1. Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.

    Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.

  2. Type the user name and password.

    The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.

  3. Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.

  4. Click Install Driver and click run.

  5. Click run.

    The InstallSST plan run screen appears.

  6. Type the media directory in the Media Directory field.

  7. Type the host name on which to install the driver in the target host field.

  8. Click run plan (includes preflight).

ProcedureTo Uninstall the Sun OTP SST Driver

  1. Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.

    Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.

  2. Type the user name and password.

    The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.

  3. Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.

  4. Click Uninstall Driver and click run.

    The UninstallSST plan run screen appears.

  5. Type the host name on which to uninstall the driver in the target host field.

  6. Click run plan (includes preflight).

ProcedureTo Harden the Sun OTP Host

Hardening is the process of modifying the Solaris OS configuration to improve a system's security. By using the hardening process, you can close the ports and disable the services that might present a security risk to the system.

Before You Begin

Install the Sun OTP SST Driver

  1. Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.

    Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.

  2. Type the user name and password.

    The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.

  3. Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.

  4. Click Harden and click run.

    The Harden plan run screen appears.

  5. Type the host name that you want to harden in the target host field.

  6. Click run plan (includes preflight).

    Note –

    The plan does not close the ports and disable the services that are required by the Sun OTP components.

  7. Once the plan completes, reboot the Sun OTP host for hardening to take effect.

ProcedureTo Unharden the Sun OTP Host

Using unhardening, you can reopen the ports and enable the services that were closed by the hardening process.

Hardening is defined in certain configuration files. If you have changed certain configuration files, you can choose one of the following options during unhardening:

  1. Open a browser and log in to the Sun OTP application provisioning service on the Sun OTP provisioning server.

    Go to the https://install server:9090 where install server is the IP address or the fully qualified name of the Sun OTP provisioning server.

  2. Type the user name and password.

    The user name is otpadmin. The password is the password provided in the password file while setting up the Sun OTP provisioning server.

  3. Click OTP Setup to display the Sun Open Telecommunications Platform utility tasks page.

  4. Choose the state of the configuration files.

    • To roll back only the unchanged configuration files to its default state, click UnHarden & Keep.

    • To roll back all the configuration files, including the changed files, to its default state, click UnHarden & Revert.

  5. Click run.

  6. Type the host name that you want to unharden in the target host field.

  7. Click run plan (includes preflight).