JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11 Security Guidelines     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


1.  Overview of Oracle Solaris 11 Security

2.  Configuring Oracle Solaris 11 Security

Installing the Oracle Solaris OS

Securing the System

Verify Your Packages

Disable Unneeded Services

Remove Power Management Capability From Users

Place Security Message in Banner Files

Place Security Message on the Desktop Login Screen

Securing Users

Set Stronger Password Constraints

Set Account Locking for Regular Users

Set More Restrictive umask Value for Regular Users

Audit Significant Events in Addition to Login/Logout

Monitor lo Events in Real Time

Remove Unneeded Basic Privileges From Users

Securing the Kernel

Configuring the Network

Display Security Message to ssh and ftp Users

Disable the Network Routing Daemon

Disable Broadcast Packet Forwarding

Disable Responses to Echo Requests

Set Strict Multihoming

Set Maximum Number of Incomplete TCP Connections

Set Maximum Number of Pending TCP Connections

Specify a Strong Random Number for Initial TCP Connection

Reset Network Parameters to Secure Values

Protecting File Systems and Files

Protecting and Modifying Files

Securing Applications and Services

Creating Zones to Contain Critical Applications

Managing Resources in Zones

Configuring IPsec and IKE

Configuring IP Filter

Configuring Kerberos

Adding SMF to a Legacy Service

Creating a BART Snapshot of the System

Adding Multilevel (Labeled) Security

Configuring Trusted Extensions

Configuring Labeled IPsec

3.  Monitoring and Maintaining Oracle Solaris 11 Security

A.  Bibliography for Oracle Solaris Security

Protecting and Modifying Files

Only the root role can modify system files.

For Instructions
Configure restrictive file permissions for regular users.
Sets a more restrictive value than 022 for file permissions for regular users.
Prevent the replacement of system files with rogue files.
Finds rogue files through a script or by using BART.