Solaris Web services security: Disable trusted host relationships and create a warning banner

In Part 4 of Solaris Web Services security, Gary Smith explains how to disable trusted relationships and create a banner.

Disable Trusted Host Relationships The use of .rhosts and /etc/host.equiv files permit users at remote machines

to log in without providing a password.

With Solaris 2.6, editing the PAM configuration policy file, pam.conf, to force users to provide a password even when a trust relationship has been defined using .rhosts or /etc/hosts.equiv. To do this, comment out the following lines in /etc/pam.conf:

rloginauth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rloginauth required /usr/lib/security/pam_unix.so.1
rshauth required /usr/lib/security/pam_rhosts_auth.so.1

Create a Warning Banner
Create the file /etc/issue with something similar to this as its contents:

This system is a restricted access system. All activity on this system is subject to monitoring. If information collected reveals possible criminal activity or activity that exceeds privileges, evidence of such activity may be provided to the relevant authorities for further action. By continuing past this point, you expressly consent to this monitoring.

This block of text will be displayed at the login prompt.


In this 12-part tip Unix expert Gary Smith breaks down the process of building and maintaining a highly secure Web services architecture on the Solaris platform.

Table of contents:
Part 1: Isolate the Web services host server
Part 2: Install and configure a very basic operating system
Part 3: Force the use of su to gain root access
Part 4: Disable trusted host relationships and create a warning banner
Part 5: Configuring user accounts
Part 6: Disabling and removing unnecessary accounts
Part 7: Configure network access control
Part 8: Configure network services
Part 9: Install OpenSSH, disable NFS and reboot
Part 10: Set file permissions
Part 11: Test the configuration
Part 12: Conclusion

This was first published in October 2002

Dig deeper on Web Services Security and SOA Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close