Sun Logo


Solaris Security Toolkit 4.2 Administration Guide

819-1402-10



Contents

Figures

Tables

Code Samples

Preface

1. Introduction

Securing Systems With the Solaris Security Toolkit Software

JumpStart Mode

Stand-alone Mode

Understanding the Software Components

Directories

Audit Directory

Documentation Directory

man Directory

Drivers Directory

Files Directory

Finish Directory

OS Directory

Packages Directory

Patches Directory

Profiles Directory

Sysidcfg Directory

Data Repository

Maintaining Version Control

Configuring and Customizing the Solaris Security Toolkit Software

Policies and Requirements

Guidelines

2. Securing Systems: Applying a Methodology

Planning and Preparing

Considering Risks and Benefits

Reviewing Security Policy, Standards, and Related Documentation

Example 1

Example 2

Determining Application and Service Requirements

Identifying Application and Operational Service Inventory

Determining Service Requirements

Developing and Implementing a Solaris Security Toolkit Profile

Installing the Software

Performing Preinstallation Tasks

Backing Up Data

Verifying System Stability

Performing the Post-installation Task

Verifying Application and Service Functionality

Verifying Security Profile Installation

Verifying Application and Service Functionality

Maintaining System Security

3. Upgrading, Installing, and Running Security Software

Performing Planning and Preinstallation Tasks

Software Dependencies

Determining Which Mode to Use

Stand-alone Mode

JumpStart Mode

Upgrading Procedures

procedure iconsmall spaceTo Upgrade Solaris Security Toolkit Software and the Solaris Operating System

procedure iconsmall spaceTo Upgrade Solaris Security Toolkit Software Only

Upgrading the Solaris OS Only

Downloading Security Software

Downloading Solaris Security Toolkit Software

procedure iconsmall spaceTo Download the pkg Version

Downloading Recommended Patch Cluster Software

procedure iconsmall spaceTo Download Recommended Patch Cluster Software

Downloading FixModes Software

procedure iconsmall spaceTo Download FixModes Software

Downloading OpenSSH Software

procedure iconsmall spaceTo Download OpenSSH Software

Downloading the MD5 Software

procedure iconsmall spaceTo Download the MD5 Software

Customizing Security Profiles

Installing and Executing the Software

Executing the Software in Stand-alone Mode

procedure iconsmall spaceTo Execute the Software in Stand-alone Mode

Audit Option

Clean Option

Display Help Option

Driver Option

Email Notification Option

Execute History Option

Most Recent Execute Option

Output File Option

Quiet Output Option

Root Directory Option

Undo Option

Executing the Software in JumpStart Mode

procedure iconsmall spaceTo Execute the Software in JumpStart Mode

Validating the System Modifications

Performing QA Checks of Services

Performing Security Assessments of Configuration

Validating Security Profile

Performing the Post-installation Task

4. Reversing System Changes

Understanding How Changes Are Logged and Reversed

Requirements for Undoing System Changes

Customizing Scripts to Undo Changes

Checking for Files That Were Manually Changed

Using Options With the Undo Feature

Backup Option

Force Option

Keep Option

Output File Option

Quiet Output Option

Email Notification Option

Undoing System Changes

procedure iconsmall spaceTo Undo a Solaris Security Toolkit Run

5. Configuring and Managing JumpStart Servers

Configuring JumpStart Servers and Environments

procedure iconsmall spaceTo Configure for JumpStart Mode

Using JumpStart Profile Templates

core.profile

end-user.profile

developer.profile

entire-distribution.profile

oem.profile

minimal-SunFire_Domain*.profile

Adding and Removing Clients

add-client Script

rm-client Script

6. Auditing System Security

Maintaining Security

Reviewing Security Prior to Hardening

Customizing Security Audits

Preparing to Audit Security

Using Options and Controlling Audit Output

Command-Line Options

Display Help Option

Email Notification Option

Output File Option

Quiet Option

Verbosity Option

Banners and Messages Output

Host Name, Script Name, and Timestamp Output

Performing a Security Audit

procedure iconsmall spaceTo Perform a Security Audit

7. Securing a System

Planning and Preparing

Assumptions and Limitations

System Environment

Security Requirements

Creating a Security Profile

Installing the Software

Downloading and Installing Security Software

procedure iconsmall spaceTo Download and Install the Security Software

Installing Patches

procedure iconsmall spaceTo Install Patches

Specifying and Installing the OS Cluster

procedure iconsmall spaceTo Specify and Install the OS Cluster

Configuring the JumpStart Server and Client

Preparing the Infrastructure

procedure iconsmall spaceTo Prepare the Infrastructure

Validating and Checking the Rules File

Customizing the Hardening Configuration

Enabling FTP Service

procedure iconsmall spaceTo Enable FTP Service

Installing Secure Shell Software

procedure iconsmall spaceTo Install Secure Shell

Enabling RPC Service

procedure iconsmall spaceTo Enable RPC

Customizing the syslog.conf File

procedure iconsmall spaceTo Customize the syslog.conf File

Installing the Client

procedure iconsmall spaceTo Install the Client

Testing for Quality Assurance

procedure iconsmall spaceTo Verify Profile Installation

procedure iconsmall spaceTo Verify Application and Service Functionality

Glossary

Index