Re: Solaris Security Script
From: Harry Hoffman (hhoffman_at_ip-solutions.net)
Date: Fri, 10 Dec 2004 13:48:28 -0500 To: xyberpix <firstname.lastname@example.org>
check out JASS on the sun.com site and also Titan and Bastille Linux
(also works on sun)
> Hi All,
> I'm working on a rather large Solaris security script, could you please
> all post your idea's in here or mail me directly for things that you would
> recommend checking for. I will be releasing the script undel the GPL when
> it's finished, at the moment it is only in a development stage, but works,
> and is a right mess. At this point in time I am mainly concerned about
> functionality, I will do a lot of tidying up later on.
> So far here's what it's doing, checking for:
> - Does a complete filesystem search in all files for the word "password",
> as a load of developers tend to leave passwords lying around in scripts,
> etc. The output here is a mess, but as I said I will be tidying it up.
> - Check what files users have in their home directories, and what the
> permissions on these files are.
> - Check for the presence of SUID files
> - Get network information, IP's routes, netstat -a output.
> - Copy important configuration files to have a look at, inetd.conf,
> sshd2_conf, services, passwd
> - Checks what services are set to run automatically
> - Search for symbolic links
> - Check for known development tools, gcc, cc, jave, perl, etc
> - Check mount points, and what options they are mounted with
> - Check ftpusers file to make sure root is not allowed to ftp
> - Check various files executable permissions, snoop, sshd2, rlogin, rwho, etc
> - Check certain accounts for the presence of a shell, lp, nobody, sys,
> adm, etc
> - Check for programs that shouldn't be on a production box, nmap, tcpdump,
> nc, etc
> That's all I have for now, but any ideas would be really welcome. The idea
> is to run this script as root, so that as much information as possible can
> be obtained, so that it takes the grunt work out of checking a solaris
> box, and so that we can concentrate on more important things.
> As soon as the script gets to a decent level I will post links to it, so
> whoever wants it can grab it. If I get enough responses I may open up an
> area on sourceforge for it as well, and get a couple more people working
> on if anyone is willing.