Oracle Solaris provides the following features to maintain the security of a system:
Verified boot – Secures the boot process. Verified boot is disabled by default.
Repository verification – Verifies that your local IPS repository files are valid.
Package verification – Verifies that the installed packages are valid.
Audit service – Audits access and use of the system. Auditing is enabled by default.
File integrity verification – BART manifests can list every file on the system, and comparisons of manifests are used to verify that file integrity is maintained.
Compliance reports – Oracle Solaris provides several security benchmarks against which to assess your system. These assessments produce reports that help you evaluate the security posture of the system.
Log files – SMF provides log files for every service. To locate the log file for a service, run the svcs -L service command. The syslog utility provides a central file for naming and configuring logs for system services and can optionally notify administrators of critical events. Other features, such as auditing, also create their own logs. For example, you can display package summary information with the pkg history command.
Verified boot is an Oracle Solaris feature that secures a system's boot process and protects the system from threats such as the installation of unauthorized kernel modules and trojan applications. By default, verified boot is disabled.
For more information, see Using Verified Boot in Securing Systems and Attached Devices in Oracle Solaris 11.3 and Using Verified Boot to Secure an Oracle Solaris Kernel Zone in Creating and Using Oracle Solaris Kernel Zones.
You can verify package integrity before and after installation. If you are using a local IPS repository, you can run the pkgrepo verify command to verify that the repository is not corrupted. With any signature policy other than ignore, the command verifies that signed packages are correctly signed.
After installing or updating packages, you can run the pkg verify command to ensure that the packages on your system did not install files with incorrect ownership or hashes, for example. With any signature policy other than ignore, the command verifies that signed packages are correctly signed.
For more information, see the following:
Properties for Signing Packages in Adding and Updating Software in Oracle Solaris 11.3
Copying and Creating Package Repositories in Oracle Solaris 11.3
pkg(1) man page
Oracle Solaris provides an audit service that collects data about system access and use. The audit data provides a reliable time-stamped log of security-related system events. This data can then be used to assign responsibility for actions that take place on a system.
Auditing is a basic requirement for security evaluation, validation, compliance, and certification bodies. Auditing can also provide a deterrent to potential intruders.
For more information, see the following:
For a list of audit-related man pages, see Chapter 7, Auditing Reference in Managing Auditing in Oracle Solaris 11.3.
For guidelines, see How to Audit Significant Events in Addition to Login/Logout and the man pages.
For an overview of auditing, see Chapter 1, About Auditing in Oracle Solaris in Managing Auditing in Oracle Solaris 11.3.
For auditing tasks, see Chapter 3, Managing the Audit Service in Managing Auditing in Oracle Solaris 11.3.
BART is a rule-based file integrity scanning and reporting tool that uses cryptographic-strength hashes and file system metadata to report changes. BART enables you to comprehensively validate systems by performing file-level checks of a system over time. After you verify that files are installed correctly, as described in Package Integrity Verification, you can use BART to easily and reliably track file changes.
BART is a useful tool for integrity management on one system or on a network of systems. A system's files can be compared to the system's original files, and to other system's files. The reports might indicate that a system has not been patched, an intruder has installed unapproved files, or an intruder has changed the permissions or contents of system files, such as the root-owned files.
For more information, see the following:
For an overview and examples, see Chapter 3, Verifying File Integrity by Using BART in Securing Files and Verifying File Integrity in Oracle Solaris 11.3.
Selected man pages include bart(1M), bart_rules(4), and bart_manifest(4).
The compliance assess command provides a snapshot of your system's security posture. The reports from the assessments suggest specific changes to your system to satisfy industry security benchmarks. Additionally, you can create tailorings from these benchmarks. Tailorings are customized assessments based on security benchmarks and profiles. For more information, see Oracle Solaris 11.3 Security Compliance Guide and the compliance(1M) man page.
The Service Management Facility (SMF) feature of the Oracle Solaris logs the status of its services per service. Many services, such as auditing and Secure Shell, write their own logs. The syslog or rsyslog daemon writes a centralized log that can inform and warn administrators of critical conditions in many services. For example, auditing can be configured to write summarized auditing records to syslog. See the syslogd(1M) and syslog.conf(4) man pages.