Skip Navigation Links | |
Exit Print View | |
Oracle Solaris 11 Security Guidelines Oracle Solaris 11 Information Library |
1. Overview of Oracle Solaris 11 Security
2. Configuring Oracle Solaris 11 Security
Installing the Oracle Solaris OS
Remove Power Management Capability From Users
Place Security Message in Banner Files
Place Security Message on the Desktop Login Screen
Set Stronger Password Constraints
Set Account Locking for Regular Users
Set More Restrictive umask Value for Regular Users
Audit Significant Events in Addition to Login/Logout
Monitor lo Events in Real Time
Remove Unneeded Basic Privileges From Users
Display Security Message to ssh and ftp Users
Disable the Network Routing Daemon
Disable Broadcast Packet Forwarding
Disable Responses to Echo Requests
Set Maximum Number of Incomplete TCP Connections
Set Maximum Number of Pending TCP Connections
Specify a Strong Random Number for Initial TCP Connection
Reset Network Parameters to Secure Values
Protecting File Systems and Files
Protecting and Modifying Files
Creating a BART Snapshot of the System
Adding Multilevel (Labeled) Security
Configuring Trusted Extensions
You can configure Oracle Solaris security features to protect your applications.
Zones are containers that isolate processes. They are useful containers for applications and parts of applications. For example, zones can be used to separate a web site's database from the site's web server.
For information and procedures see the following:
Zones provide a number of tools to manage zone resources.
For information and procedures see the following:
IPsec and IKE protect network transmissions between nodes and networks that are jointly configured with IPsec and IKE.
For information and procedures see the following:
Chapter 14, IP Security Architecture (Overview), in Oracle Solaris Administration: IP Services
Chapter 17, Internet Key Exchange (Overview), in Oracle Solaris Administration: IP Services
Chapter 15, Configuring IPsec (Tasks), in Oracle Solaris Administration: IP Services
Chapter 18, Configuring IKE (Tasks), in Oracle Solaris Administration: IP Services
The IP Filter feature provides a firewall.
For information and procedures see the following:
Chapter 20, IP Filter in Oracle Solaris (Overview), in Oracle Solaris Administration: IP Services
Chapter 21, IP Filter (Tasks), in Oracle Solaris Administration: IP Services
You can protect your network with the Kerberos service. This client-server architecture provides secure transactions over networks. The service offers strong user authentication, as well as integrity and privacy. Using the Kerberos service, you can log in to other systems, execute commands, exchange data, and transfer files securely. Additionally, the service enables administrators to restrict access to services and systems. As a Kerberos user, you can regulate other people's access to your account.
For information and procedures see the following:
Chapter 20, Planning for the Kerberos Service, in Oracle Solaris Administration: Security Services
Selected man pages include kadmin(1M), pam_krb5(5), and kclient(1M).
You can limit application configuration to trusted users or roles by adding the application to the Service Management Facility (SMF) feature of Oracle Solaris.
For information and procedures see the following: