Configure Network Services The default installation of Solaris provides many network services, most of which the...
Web services host does not need. These additional services can be used by hackers to exploit vulnerabilities within them to compromise the host. Eliminating these unneeded services will enhance the security of the Web services host.
Remove Unneeded Files
Remove all files except the following from /etc/rcS.d:
Remove all files except the following from /etc/rc2.d:
Remove all files except the following from /etc/init.d:
Remove ALL files, except those for services remaining in the directories above from /etc/rc0.d and /etc/rc1.d
Remove ALL files from /etc/rc3.d
Remove all entries except the following from /etc/services.
Remove all entries except the following from /etc/inetd.conf:
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
In this 12-part tip Unix expert Gary Smith breaks down the process of building and maintaining a highly secure Web services architecture on the Solaris platform.
Table of contents:
Part 1: Isolate the Web services host server
Part 2: Install and configure a very basic operating system
Part 3: Force the use of su to gain root access
Part 4: Disable trusted host relationships and create a warning banner
Part 5: Configuring user accounts
Part 6: Disabling and removing unnecessary accounts
Part 7: Configure network access control
Part 8: Configure network services
Part 9: Install OpenSSH, disable NFS and reboot
Part 10: Set file permissions
Part 11: Test the configuration
Part 12: Conclusion
Dig Deeper on Web Services Security and SOA Security