Solaris Security Toolkit v0.3.10

From: Glenn M. Brunette, Jr. (
Date: 12/24/02

  • Next message: Casper Dik: "Re: Crypt Setting"
    Date: Mon, 23 Dec 2002 18:03:12 -0500
    From: "Glenn M. Brunette, Jr." <>

    I am pleased to announce the release of the Solaris Security
    Toolkit version 0.3.10. The Solaris Security Toolkit, also known
    as JASS, is a free tool that can be used to automatically secure
    and minimize systems running the Solaris Operating Environment.

    With this new release, the Toolkit adds the capability to verify
    the security posture of a system against a supplied security profile
    (Driver script). Note that the same Driver scripts used to harden
    a system can be used in verify mode to query the system's status.

    The majority of changes released in this version support the verify
    functionality including:

       - the addition of the '-v' (verify) option to jass-execute to
         operate in verify mode. Note that the older '-v' option has
         been remapped to '-p' as documented in the CHANGES file that
         is included with the distribution.

       - the implementation of a new logging framework to begin the
         process of standardizing output across all of the operating
         modes (hardening, undo, verify).
       - the ability to select one of five verbosity modes when running
         the Toolkit in verify mode. The five levels (0-4) are listed
         and described in the INSTALL file included with the Toolkit

       - the ability to customize the output of verify runs based on
         the data desired. For more information on this functionality,
         see the INSTALL file included in the Toolkit distribution.

       - the addition of the '-m' (mail) option to jass-execute to
         e-mail the output of a run to a specified e-mail address.

    Other changes implemented in this release include:

       - addition of enable-tcpwrappers.fin Finish script (Solaris 9)

       - addition of 'sun-dr' to the list of services to disable
         by default. This is still permitted however on F15K domains
         since this functionality is required.

       - updated disable-sendmail.fin to disable message submission
         agent in the Solaris 9 OE.

    In addition, there were several minor enhancements and bug fixes
    included in this distribution. For more details on these
    enhancements, refer to the CHANGES file included in the

    As before, the Toolkit can run in standalone mode on pre-installed
    systems or as part of the JumpStart(tm) installation process.

    The latest Toolkit information and download source is available at:


    Glenn M. Brunette, Jr.
    Principal Engineer, Lead Security Architect
    Sun Professional Services, Americas
    Sun Microsystems, Inc.