Hardening Solaris: Information resources
From: Matt Collins (matt@clues.com)Date: 10/29/02
- Previous message: Konrad Rieck: "Re: Current Solaris security infodocs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Oct 2002 17:34:48 +0000 From: Matt Collins <matt@clues.com> To: focus-sun@securityfocus.com
Hey Folks,
Thanks for all your help. I received a LOT of documents. Many of them
were crib sheets that added little to material from other sources, and
I spotted outright cut and pastes a plenty between several. I've
included the most useful below (in no particular order) - some were
very very basic but may be useful to those of you who aren't full time
in the security area. Others were more technical and terse, assuming
you already understood the issues.
I was rather surprised at the lack of anything really novel - there were
one or two cleaner more elegant ways of doing things than we already do,
but I guess the 'received wisdom' on Solaris hardening is now so widespread
and homogonised (thanks google! ;) ) that theres little new that needs to
be done.
I've included only those things appropriate to a baseline build - specific
package stripping lists for Checkpoint, iWeb, Apache, etc, are all out there
but weren't what I was interested in.
If anyone out there thinks of something obviously missed then feel free
to chime in ;) Having spent time wading through all the documentation I
was sent in the fear of missing just one novel important thing, I hope
that having cut it down to a shorter list will help some of you - even still
there is much duplication between a lot of these documents.
Personally I found the JASS Internals PDF, compass security checklist,
Solaris TCP/IP tunig, Network security settings blueprint and university
of waterloo documents to provide a very good cross section of cover.
Enjoy,
Matt
Vendor material
---------------
Sun Security blueprints
http://www.sun.com/solutions/blueprints/browsesubject.html#security
http://www.sun.com/software/solutions/blueprints/1299/network.pdf
http://www.sun.com/solutions/blueprints/0601/jass_quick_start-v03.pdf
http://www.sun.com/solutions/blueprints/0601/jass_release_notes-v03.pdf
http://www.sun.com/solutions/blueprints/tools
Unsurprisingly by far the most referenced documents ;) The JASS
internals PDF can make a good substitude for some of the 'checklist'
approaches below, and may have the management-friendly advantage
of being supplied by the Vendor with supportable end states (if not
processes).
Good general (basic) introductions to concepts and issues ('How
hackers do it!' ;-) ) and also useful technical information for
specific products (BSM, JASS, fingerprint database, etc).
Non Vendor guides
-----------------
Christopher A. Petro's 'corrections' guide:
http://fixsolaris.sunhelp.org
Not exclusively security oriented, a 'crib ***' of common
admin changes ('fixes') to Sun default settings with explanations.
University of Waterloo security documents:
http://ist.uwaterloo.ca/security/howto/
A collection of security documents ranging from the configuration
and usage of individual products; their solaris documents are
well thought out and go to great lengths to explain what each
service (for example, in inetd, or individual setuid programs)
do to allow a user of an existing system to try and assess
whether it's required.
Security Focus articles:
http://online.securityfocus.com/infocus/1365
http://online.securityfocus.com/infocus/1366
Hardening Solaris: Diamond in the Rough Pt.1 & 2
Basic primer on network services
http://online.securityfocus.com/infocus/1385
Solaris kernel tunic for security
Basic kernel tweaks with explanation of change reasoning
http://online.securityfocus.com/infocus/1489
Solaris File ACL's
Basic introduction to Solaris's granular file ACL system
recommended if you're still using traditional unix owner/group/other
file permissions on multiuser servers.
SANS institute top 20 list
http://www.sans.org/top20/#U1
The ever famous top 20 SANS issues well described in a clear, concise
corporate manner. Given the FBI tie in this may be useful to reinforce
the idea that issues like FTP and SNMP are, in fact, serious, and
help you overcome the 'but everyone uses them' attitude. Perhaps. ;)
SANS institute 'reading room' articles:
http://rr.sans.org/firewall/solaris_servers.php
A case study in the installation of firewalls on a university
campus. Again, rather basic but a useful and readable guide to
the reasons certain decisions were taken which may help clarify
issues and their presentation for some.
http://rr.sans.org/intrusion/host_solaris.php
A case study in the selection of a host based IDS for solaris
systems. Again, more useful for the methodological approach
than technical data.
http://rr.sans.org/malicious/chkrootkit.php
A basic introduction to the check root kit scanning tool, and
some advice on its operational usage.
http://rr.sans.org/tools/BSM.php
Introduction to Solaris's kernel auditing tool, BSM. Like filesystem
ACLs a good feature to get to know if you are not already considering
it. I (personally) wouldn't recommend some of the verbatim steps,e.g.
the cron files suggested, but rather use it as a primer document.
Boran Consulting papers:
http://www.boran.com/security/sp/Solaris_bsm.html
Some tips and scripts for managing and interpreting BSM
http://www.boran.com/security/sp/Solaris_hardening4.html
A step by step guide for using JASS on Solaris 8 to get
a boran hardened build. Includes some firewalling information,
etc.
Sabernet papers:
http://sabernet.home.attbi.com/papers/Solaris.html
Step by step crib*** for building a minimal hardened Solaris
system.
The system administrators guild (SAGE) checklist:
http://sageweb.sage.org/resources/online/solaris/index.html
This is *extremely* nicely laid out, providing a basic crib
*** of steps that we're all likely more than familiar with
but serve as a useful reminder, then allowing 'drill down'
for detail. While not huge on technical detail the format
may be worth looking over for your own documentation.
http://www.accs.com/p_and_p/SolSec/
Another administrator crib *** with detailed explanations
of the steps taken. Somewhat purist in places, and useful as a tool
for bespoke builds (i.e. hardening a server you know the end use
of) but possibly not so much for a generic 'secured build'.
The center for internet security
http://www.cisecurity.org/
'Benchmarking' tools to check the configuration of your system
against a list of known issues.
Compass Security solaris hardening guide
http://www.csnc.ch/downloads/docs/hardening/SolarisHardening_CSNC.pdf
A nice checklist document with further detail from a practical
DMZ deployment perspective. Includes guidelines for OS and application
deployment, but assumes general prior familiarity with the issues
and suggested remedies raised.
Lance Spitzners security papers
http://www.enteract.com/~lspitz/papers.html
Useful set of tips and how to's for various operating systems,
with an emphasis on network security devices (firewalls,
routers, etc).
Solaris TCP/IP kernel tuning
http://www.sean.de/Solaris/soltune.html
An excellent technical resource detailing network stack related ndd
settings with possible values and explanations; not, however,
focused around security.
Toolsets
--------
* scanners
Fyodors Nmap: (network scanner)
http://www.insecure.org/nmap
Chkrootkit: (local scanner)
http://www.chkrootkit.org/
Foundstone SNScan:
http://www.foundstone.com/knowledge/free_tools.html
SANS SNMPing:
email snmptool@sans.org
Nessus:
http://www.nessus.org
* hardening kits
JASS
(See Vendor materials above)
TITAN
http://www.fish.com/titan/
YASSP
http://www.yassp.org/src/examples/yassp.conf
* operational utilities
Papillon kernel security module
http://www.roqe.org/papillon
Wietses tools (tcp wrappers, rpcbind, portmap, etc) :
ftp://ftp.porcupine.org/pub/security/index.html
Sudo
http://www.courtesan.com/sudo
OpenSSH
http://www.openssh.org
- Previous message: Konrad Rieck: "Re: Current Solaris security infodocs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
