JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11 Security Guidelines     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Overview of Oracle Solaris Security

Oracle Solaris Security Protections

Oracle Solaris Security Technologies

Address Space Layout Randomization

Audit Service

BART File Verification

Cryptographic Services

File Permissions and Access Control Entries

Packet Filtering

IP Filter

TCP Wrappers

Passwords and Password Constraints

Pluggable Authentication Module

Privileges in Oracle Solaris

Remote Access

IPsec and IKE

Secure Shell

Kerberos Service

Role-Based Access Control

Service Management Facility

Oracle Solaris ZFS File System

Oracle Solaris Zones

Trusted Extensions

Oracle Solaris 11 Security Defaults

System Access Is Limited and Monitored

Kernel, File, and Desktop Protections Are in Place

Additional Security Features Are in Place

Oracle Solaris 11 Security Evaluation

Site Security Policy and Practice

2.  Configuring Oracle Solaris Security

3.  Monitoring and Maintaining Oracle Solaris Security

A.  Bibliography for Oracle Solaris Security

Oracle Solaris Security Technologies

The security features of Oracle Solaris can be configured to implement your site's security policy.

The following sections provide a short introduction to the security features of Oracle Solaris. The descriptions include references to more detailed explanations and to procedures in this guide and other Oracle Solaris system administration guides that demonstrate these features.

Address Space Layout Randomization

Address space layout randomization (ASLR) randomizes the addresses that are used by a given binary. ASLR can prevent certain types of attacks that are based on knowing the exact location of certain memory ranges, and can detect the attempt when it likely stops the executable. For more information, see Address Space Layout Randomization in Oracle Solaris 11.1 Administration: Security Services.

Audit Service

Auditing is the collecting of data about the use of system resources. The audit data provides a record of security-related system events. This data can then be used to assign responsibility for actions that take place on a system.

Auditing is a basic requirement for security evaluation, validation, and certification bodies. Auditing can also provide a deterrent to potential intruders.

For more information, see the following:

BART File Verification

The BART feature of Oracle Solaris enables you to comprehensively validate systems by performing file-level checks of a system over time. By creating BART manifests, you can easily and reliably gather information about the components of the software stack that is installed on deployed systems.

BART is a useful tool for integrity management on one system or on a network of systems.

For more information, see the following:

Cryptographic Services

The Cryptographic Framework feature of Oracle Solaris and the Key Management Framework (KMF) feature of Oracle Solaris provide central repositories for cryptographic services and key management. Hardware, software, and end users have seamless access to optimized algorithms. The different storage mechanisms, administrative utilities, and programming interfaces for various public key infrastructures (PKIs) can use a unified interface when they adopt KMF interfaces.

The Cryptographic Framework provides cryptographic services to users and applications through individual commands, a user-level programming interface, a kernel programming interface, and user-level and kernel-level frameworks. The Cryptographic Framework provides these cryptographic services to applications and kernel modules in a manner seamless to the end user. It also brings direct cryptographic services, like encryption and decryption for files, to the end user.

KMF provides tools and programming interfaces for centrally managing public key objects, such as X.509 certificates and public/private key pairs. The formats for storing these objects can vary. KMF also provides a tool for managing policies that define the use of X.509 certificates by applications. KMF supports third-party plugins.

For more information, see the following:

File Permissions and Access Control Entries

The first line of defense for protecting objects in a file system are the default UNIX permissions that are assigned to every file system object. UNIX permissions support assigning unique access rights to the owner of the object, to a group assigned to the object, as well as to anyone else. Additionally, ZFS supports access control lists (ACLs), also called access control entries (ACEs), which more finely control access to individual or groups of file system objects.

For more information, see the following:

Packet Filtering

Packet filtering provides basic protection against network-based attacks. Oracle Solaris includes the IP Filter feature and TCP wrappers.

IP Filter

The IP Filter feature of Oracle Solaris creates a firewall to ward off network-based attacks.

Specifically, IP Filter provides stateful packet filtering capabilities and can filter packets by IP address or network, port, protocol, network interface, and traffic direction. It also includes stateless packet filtering and the capability to create and manage address pools. In addition, IP Filter also has the capability to perform network address translation (NAT) and port address translation (PAT).

For more information, see the following:

TCP Wrappers

TCP wrappers provide a way of implementing access controls by checking the address of a host requesting a particular network service against an ACL. Requests are granted or denied accordingly. TCP wrappers also log host requests for network services, which is a useful monitoring function. The Secure Shell and sendmail features of Oracle Solaris are configured to use TCP wrappers. Network services that might be placed under access control include proftpd and rpcbind.

TCP wrappers support a rich configuration policy language that enables organizations to specify security policy not only globally but on a per-service basis. Further access to services can be permitted or restricted based upon host name, IPv4 or IPv6 address, netgroup name, network, and even DNS domain.

For more information, see the following:

Passwords and Password Constraints

Strong user passwords help defend against attacks involving brute force guessing.

Oracle Solaris has a number of features that can be used to promote strong user passwords. Password length, content, frequency of change, and modification requirements can be set, and a password history can be kept. A password dictionary of passwords to be avoided is provided. Several possible password algorithms are available.

For more information, see the following:

Pluggable Authentication Module

The Pluggable Authentication Module (PAM) framework enables you to coordinate and configure user authentication requirements for accounts, credentials, sessions, and passwords.

The PAM framework enables organizations to customize the user authentication experience as well as account, session, and password management functionality. System entry services such as login and ftp use the PAM framework to ensure that all entry points for the system have been secured. This architecture enables the replacement or modification of authentication modules in the field to secure the system against any newly found weaknesses without requiring changes to any system services that use the PAM framework.

For more information, see the following:

Privileges in Oracle Solaris

Privileges are fine-grained, discrete rights on processes that are enforced in the kernel. Oracle Solaris defines over 80 privileges, ranging from basic privileges like file_read to more specialized privileges like proc_clock_highres. Privileges can be granted to a command, a user, a role, or a system. Many Oracle Solaris commands and daemons run with only those privileges that are required to perform their task. The use of privileges is also called process rights management.

Privilege-aware programs can prevent intruders from gaining more privileges than the program itself uses. Additionally, privileges enable organizations to limit which privileges are granted to services and processes that run on their systems.

For more information, see the following:

Remote Access

Remote access attacks can damage a system and a network. Securing network access is necessary in today's Internet environment, and is useful even in WAN and LAN environments.

IPsec and IKE

IP security (IPsec) protects IP packets by authenticating the packets, by encrypting the packets, or by doing both. Oracle Solaris supports IPsec for both IPv4 and IPv6. Because IPsec is implemented well below the application layer, Internet applications can take advantage of IPsec without requiring modifications to their code.

IPsec and its key exchange protocol, IKE, use algorithms from the Cryptographic Framework. Additionally, the Cryptographic Framework provides a softtoken keystore for applications that use the metaslot. When IKE is configured to use the metaslot, organizations have the option of storing the keys on disk, on an attached hardware keystore, or in the softtoken keystore.

When properly administered, IPsec is an effective tool in securing network traffic.

For more information, see the following:

Secure Shell

The Secure Shell feature of Oracle Solaris enables users or services to access or transfer files between remote systems over an encrypted communications channel. In Secure Shell, all network traffic is encrypted. Secure Shell can also be used as an on-demand virtual private network (VPN) that can forward X Window system traffic or can connect individual port numbers between a local system and remote systems over an authenticated and encrypted network link.

Thus, Secure Shell prevents a would-be intruder from being able to read an intercepted communication and prevents an adversary from spoofing the system. By default, Secure Shell is the only active remote access mechanism on a newly installed system.

For more information, see the following:

Kerberos Service

The Kerberos feature of the Oracle Solaris enables single sign-on and secure transactions, even over heterogeneous networks that run the Kerberos service.

Kerberos is based on the Kerberos V5 network authentication protocol that was developed at the Massachusetts Institute of Technology (MIT). The Kerberos service is a client-server architecture that provides secure transactions over networks. The service offers strong user authentication, as well as integrity and privacy. Using the Kerberos service, you can log in once and access other systems, execute commands, exchange data, and transfer files securely. Additionally, the service enables administrators to restrict access to services and systems.

For more information, see the following:

Role-Based Access Control

RBAC applies the security principle of least privilege by enabling organizations to selectively grant administrative rights to users or roles according to their unique needs and requirements.

The role-based access control (RBAC) feature of Oracle Solaris controls user access to tasks that would normally be restricted to the root role. By applying security attributes to processes and to users, RBAC can distribute administrative rights among several administrators. RBAC is also called user rights management.

For more information, see the following:

Service Management Facility

The Service Management Facility (SMF) feature of the Oracle Solaris is used to add, remove, configure, and manage services. SMF uses RBAC to control access to service management functions on the system. In particular, SMF uses authorizations to determine who can manage a service and what functions that person can perform.

SMF enables organizations to control access to services, as well as to control how those services are started, stopped, and refreshed.

For more information, see the following:

Oracle Solaris ZFS File System

ZFS is the default file system for Oracle Solaris 11. The ZFS file system fundamentally changes the way Oracle Solaris file systems are administered. ZFS is robust, scalable, and easy to administer. Because file system creation in ZFS is lightweight, you can easily establish quotas and reserved space. UNIX permissions and ACE protect files, and you can encrypt the entire dataset at creation. RBAC supports the delegated administration of ZFS datasets.

For more information, see the following:

Oracle Solaris Zones

The Oracle Solaris Zones software partitioning technology enables you to maintain the one-application-per-server deployment model while simultaneously sharing hardware resources.

Zones are virtualized operating environments that enable multiple applications to run in isolation from each other on the same physical hardware. This isolation prevents processes that run within a zone from monitoring or affecting processes that run in other zones, viewing each other's data, or manipulating the underlying hardware. Zones also provide an abstraction layer that separates applications from physical attributes of the system on which they are deployed, such as physical device paths and network interface names. In Oracle Solaris 11, you can configure a read-only zone root.

For more information, see the following:

Trusted Extensions

The Trusted Extensions feature of Oracle Solaris is an optionally enabled layer of secure labeling technology that enables data security policies to be separated from data ownership. Trusted Extensions supports both traditional discretionary access control (DAC) policies based on ownership, as well as label-based mandatory access control (MAC) policies. Unless the Trusted Extensions layer is enabled, all labels are equal so the kernel is not configured to enforce the MAC policies. When the label-based MAC policies are enabled, all data flows are restricted based on a comparison of the labels associated with the processes (subjects) requesting access and the objects containing the data. Unlike most other multilevel operating systems, Trusted Extensions includes a multilevel desktop.

Trusted Extensions meets the requirements of the Common Criteria Labeled Security Protection Profile (LSPP), the Role-Based Access Protection Profile (RBACPP) and the Controlled Access Protection Profile (CAPP). However, the Trusted Extensions implementation is unique in its ability to provide high assurance, while maximizing compatibility and minimizing overhead.

For more information, see the following: