Solaris Web services security: Set file permissions

Limit non-root access to system files and directories by making the following changes from the command line.

This Content Component encountered an error
This Content Component encountered an error

Set File Permissions Limit non-root Access to System Files and Directories Make the following changes from the command line: chown root /etc/mail/aliases chmod 644 /etc/mail/aliases chmod 444 /etc/default/login chmod 750 /etc/security chmod 000 /usr/bin/at chmod 500 /usr/bin/rdist chmod 400 /usr/sbin/snoop chmod 400 /usr/sbin/sync chmod 400 /usr/bin/uudecode chmod 400 /usr/bin/uuencode chmod u-s /usr/lib/fs/ufs/ufsdump chmod u-s /u...

sr/lib/fs/ufs/ufsrestore

Remove SetGID Permissions From System Files
Make the following manual changes.
chmod g-s /usr/bin/mail
chmod g-s /usr/bin/mailx
chmod g-s /usr/bin/write
chmod g-s /usr/bin/netstat
chmod g-s /usr/bin/nfsstat
chmod g-s /usr/bin/ipcs

chmod g-s /usr/sbin/arp
chmod g-s /usr/sbin/dmesg
chmod g-s /usr/sbin/prtconf
chmod g-s /usr/sbin/swap
chmod g-s /usr/sbin/sysdef
chmod g-s /usr/sbin/wall


chmod g-s /usr/lib/fs/ufs/ufsdump
chmod g-s /usr/lib/fs/ufs/ufsrestore

Prohibit the Execution of SetUID Programs
To prevent execution of setuid programs, use the nosuid option in /etc/vfstab.

The /usr file system contains some setuid executables essential to system operation. It is recommended it be mounted read-only instead of using the nosuid option.

/proc - /proc proc - no -
fd - /dev/fd fd - no -
swap - /tmp tmpfs - yes -
/dev/dsk/c0t3d0s1 - - swap - no -
/dev/dsk/c0t3d0s0 /dev/rdsk/c0t3d0s0 / ufs 1 no remount,nosuid
/dev/dsk/c0t3d0s4 /dev/rdsk/c0t3d0s4 /usr ufs 1 no ro
/dev/dsk/c0t3d0s5 /dev/rdsk/c0t3d0s5 /var ufs 1 no nosuid


In this 12-part tip Unix expert Gary Smith breaks down the process of building and maintaining a highly secure Web services architecture on the Solaris platform.

Table of contents:
Part 1: Isolate the Web services host server
Part 2: Install and configure a very basic operating system
Part 3: Force the use of su to gain root access
Part 4: Disable trusted host relationships and create a warning banner
Part 5: Configuring user accounts
Part 6: Disabling and removing unnecessary accounts
Part 7: Configure network access control
Part 8: Configure network services
Part 9: Install OpenSSH, disable NFS and reboot
Part 10: Set file permissions
Part 11: Test the configuration
Part 12: Conclusion

This was first published in October 2002
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

This Content Component encountered an error
This Content Component encountered an error

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close