Re: Solaris Security Script

From: Jason A Horn (Jason_A_Horn_at_raytheon.com)
Date: 12/13/04


To: "xyberpix" <xyberpix@xyberpix.com>
Date: Mon, 13 Dec 2004 08:02:54 -0500


Another suggestion, to make sure you don't do unnecessary work...check out
tne Center for Internet Security (www.cisecurity.org). They have a
hardening benchmark document for Solaris (another for Linux). If you
download the benchmark document, you can also download a validation script
that checks some of the same things that you have mentioned in your email
(SUID, world writable, inspects inet.d).

May be worth a quick look to see what it does, and what you can complement
it with.

Jason Horn
Raytheon

|---------+--------------------------->
| | "xyberpix" |
| | <xyberpix@xyberp|
| | ix.com> |
| | |
| | 12/10/2004 05:37|
| | AM |
|---------+--------------------------->
>-------------------------------------------------------------------------------------------------------------------------------|
  | |
  | To: focus-sun@securityfocus.com |
  | cc: |
  | Subject: Solaris Security Script |
>-------------------------------------------------------------------------------------------------------------------------------|

Hi All,

I'm working on a rather large Solaris security script, could you please
all post your idea's in here or mail me directly for things that you would
recommend checking for. I will be releasing the script undel the GPL when
it's finished, at the moment it is only in a development stage, but works,
and is a right mess. At this point in time I am mainly concerned about
functionality, I will do a lot of tidying up later on.
So far here's what it's doing, checking for:

- Does a complete filesystem search in all files for the word "password",
as a load of developers tend to leave passwords lying around in scripts,
etc. The output here is a mess, but as I said I will be tidying it up.

- Check what files users have in their home directories, and what the
permissions on these files are.

- Check for the presence of SUID files

- Get network information, IP's routes, netstat -a output.

- Copy important configuration files to have a look at, inetd.conf,
sshd2_conf, services, passwd

- Checks what services are set to run automatically

- Search for symbolic links

- Check for known development tools, gcc, cc, jave, perl, etc

- Check mount points, and what options they are mounted with

- Check ftpusers file to make sure root is not allowed to ftp

- Check various files executable permissions, snoop, sshd2, rlogin, rwho,
etc

- Check certain accounts for the presence of a shell, lp, nobody, sys,
adm, etc

- Check for programs that shouldn't be on a production box, nmap, tcpdump,
nc, etc

That's all I have for now, but any ideas would be really welcome. The idea
is to run this script as root, so that as much information as possible can
be obtained, so that it takes the grunt work out of checking a solaris
box, and so that we can concentrate on more important things.
As soon as the script gets to a decent level I will post links to it, so
whoever wants it can grab it. If I get enough responses I may open up an
area on sourceforge for it as well, and get a couple more people working
on if anyone is willing.

xyberpix



Relevant Pages

  • Re: constant runtime errors-please help
    ... Common script errors messages can be eliminated by Clicking: ... click Internet Options. ... Two download versions are available for Windows Script 5.6. ... HiJackThis: - Free ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Idiot proof removal of junk?
    ... | I would like to send everyone a single script or small set of scripts ... | convince windows to boot into safe mode with command prompt. ... FireWall to allow it to download the needed AV vendor related files. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ...
    (microsoft.public.windowsxp.help_and_support)
  • =?UTF-8?Q?Re=3A_Terminal_=E2=80=93_ls=2Dlike_command_for_http_directorie?= =?UTF-8?Q?s=3F?=
    ... I have a script that downloads and installs unetbootin to my system. ... echo "Senaste versionen är redan installerad." ... Download the latest version. ...
    (Ubuntu)
  • Re: sunmanagers Digest, Vol 28, Issue 14
    ... I have an V65x server x86 base, how do I format this box? ... I inser a solaris 9 cd and boot up try to do stop a so I can boot from ... need script to measure system performance. ... Moving a disk from SPARC to x86 ...
    (SunManagers)
  • Announcement: Fix management tool for AIX 4.x/5.x available
    ... I'm pleased to announce a tool to automate download and management ... of ".bff" and ".rpm" fix packages for AIX ver. ... "fix-get.sh" script has been designed to automate fix packages ... discovery and download for servers with Unix AIX versions up to 5.3. ...
    (comp.unix.aix)