Solaris Web services security: Install OpenSSH, disable NFS and reboot

Part 9: Install OpenSSH, disable NFS and reboot

Install OpenSSH as a Telnet Replacement Telnet is a notoriously insecure protocol. Data, including passwords, are

passed in cleartext. Replace telnet with OpenSSH. OpenSSH is an open source version of the SSH protocol. OpenSSH encrypts all traffic, including passwords, to effectively eliminate eavesdropping connection hijacking, and other network level attacks.

Disable cron and at Jobs Except for root
Make sure the entry CRONLOG=YES in /etc/default/cron.

Remove all files except root's from /var/spool/cron/crontabs.
Create at.deny and cron.deny in /etc/cron.d. Make the two files owned by root with permissions rw-r--r--. The contents of the file should include the userids that are not permitted to submit batch or run cron jobs. As a starting point set the files up to look like this:

daemon
bin
smtp
nuucp
listen
nobody
noaccess

Disable NFS File Sharing Services
Remove the file /etc/dfs/dfstab to disable NFS exports.
Make sure the file /etc/rc3.d/S15nfs.server has been removed to prevent the host from acting as an NFS server.
Make sure the file /etc/rc2.d/S73nfs.client has been removed to prevent the host from acting as an NFS client.

Reboot the System
Now it's time to reboot the configuration of the system. Reboot the system and observe the boot up process in particular, what processes startup. After the system is up, log in and do ps -ef. Check for extraneous processes. Also, check /var/adm/messages.


In this 12-part tip Unix expert Gary Smith breaks down the process of building and maintaining a highly secure Web services architecture on the Solaris platform.

Table of contents:
Part 1: Isolate the Web services host server
Part 2: Install and configure a very basic operating system
Part 3: Force the use of su to gain root access
Part 4: Disable trusted host relationships and create a warning banner
Part 5: Configuring user accounts
Part 6: Disabling and removing unnecessary accounts
Part 7: Configure network access control
Part 8: Configure network services
Part 9: Install OpenSSH, disable NFS and reboot
Part 10: Set file permissions
Part 11: Test the configuration
Part 12: Conclusion

This was first published in October 2002

Dig deeper on Web Services Security and SOA Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close