Re: Solaris Security Script

From: Harry Hoffman (hhoffman_at_ip-solutions.net)
Date: 12/10/04

  • Next message: Christoph Kaegi: "Re: Solaris Security Script"
    Date: Fri, 10 Dec 2004 13:48:28 -0500
    To: xyberpix <xyberpix@xyberpix.com>
    
    

    check out JASS on the sun.com site and also Titan and Bastille Linux
    (also works on sun)

    xyberpix wrote:
    > Hi All,
    >
    > I'm working on a rather large Solaris security script, could you please
    > all post your idea's in here or mail me directly for things that you would
    > recommend checking for. I will be releasing the script undel the GPL when
    > it's finished, at the moment it is only in a development stage, but works,
    > and is a right mess. At this point in time I am mainly concerned about
    > functionality, I will do a lot of tidying up later on.
    > So far here's what it's doing, checking for:
    >
    > - Does a complete filesystem search in all files for the word "password",
    > as a load of developers tend to leave passwords lying around in scripts,
    > etc. The output here is a mess, but as I said I will be tidying it up.
    >
    > - Check what files users have in their home directories, and what the
    > permissions on these files are.
    >
    > - Check for the presence of SUID files
    >
    > - Get network information, IP's routes, netstat -a output.
    >
    > - Copy important configuration files to have a look at, inetd.conf,
    > sshd2_conf, services, passwd
    >
    > - Checks what services are set to run automatically
    >
    > - Search for symbolic links
    >
    > - Check for known development tools, gcc, cc, jave, perl, etc
    >
    > - Check mount points, and what options they are mounted with
    >
    > - Check ftpusers file to make sure root is not allowed to ftp
    >
    > - Check various files executable permissions, snoop, sshd2, rlogin, rwho, etc
    >
    > - Check certain accounts for the presence of a shell, lp, nobody, sys,
    > adm, etc
    >
    > - Check for programs that shouldn't be on a production box, nmap, tcpdump,
    > nc, etc
    >
    > That's all I have for now, but any ideas would be really welcome. The idea
    > is to run this script as root, so that as much information as possible can
    > be obtained, so that it takes the grunt work out of checking a solaris
    > box, and so that we can concentrate on more important things.
    > As soon as the script gets to a decent level I will post links to it, so
    > whoever wants it can grab it. If I get enough responses I may open up an
    > area on sourceforge for it as well, and get a couple more people working
    > on if anyone is willing.
    >
    > xyberpix
    >
    >


  • Next message: Christoph Kaegi: "Re: Solaris Security Script"