Solaris Security Script

From: xyberpix (xyberpix_at_xyberpix.com)
Date: 12/10/04

  • Next message: Harry Hoffman: "Re: Solaris Security Script"
    Date: Fri, 10 Dec 2004 10:37:12 -0000 (GMT)
    To: focus-sun@securityfocus.com
    
    

    Hi All,

    I'm working on a rather large Solaris security script, could you please
    all post your idea's in here or mail me directly for things that you would
    recommend checking for. I will be releasing the script undel the GPL when
    it's finished, at the moment it is only in a development stage, but works,
    and is a right mess. At this point in time I am mainly concerned about
    functionality, I will do a lot of tidying up later on.
    So far here's what it's doing, checking for:

    - Does a complete filesystem search in all files for the word "password",
    as a load of developers tend to leave passwords lying around in scripts,
    etc. The output here is a mess, but as I said I will be tidying it up.

    - Check what files users have in their home directories, and what the
    permissions on these files are.

    - Check for the presence of SUID files

    - Get network information, IP's routes, netstat -a output.

    - Copy important configuration files to have a look at, inetd.conf,
    sshd2_conf, services, passwd

    - Checks what services are set to run automatically

    - Search for symbolic links

    - Check for known development tools, gcc, cc, jave, perl, etc

    - Check mount points, and what options they are mounted with

    - Check ftpusers file to make sure root is not allowed to ftp

    - Check various files executable permissions, snoop, sshd2, rlogin, rwho, etc

    - Check certain accounts for the presence of a shell, lp, nobody, sys,
    adm, etc

    - Check for programs that shouldn't be on a production box, nmap, tcpdump,
    nc, etc

    That's all I have for now, but any ideas would be really welcome. The idea
    is to run this script as root, so that as much information as possible can
    be obtained, so that it takes the grunt work out of checking a solaris
    box, and so that we can concentrate on more important things.
    As soon as the script gets to a decent level I will post links to it, so
    whoever wants it can grab it. If I get enough responses I may open up an
    area on sourceforge for it as well, and get a couple more people working
    on if anyone is willing.

    xyberpix


  • Next message: Harry Hoffman: "Re: Solaris Security Script"