Solaris filesystem security: Protecting the family jewels

Protecting the Family Jewels

My high school track coach had a speech he gave at least once a year about "protecting the family jewels." I was clueless; I thought he was talking about my watch and class ring. Many Solaris system managers are equally clueless about how to protect the "family jewels" of their systems, namely the filesystems and files. One of the principles of computer security is "Know your systems." One way to accomplish

    Requires Free Membership to View

Solaris filesystem security is by auditing the filesystems. There are several tools available to accomplish this.

ASET is Sun Microsystems' Automated System Enhancement Tool. Odds are you already have ASET installed on your Solaris system. ASET is part of the Sun package SUNWast. Check for SunWast with the following command:

pkginfo | grep SUNWast

ASET is a set of administrative utilities that can improve system security by allowing the system administrators to check the settings of system files, including both the attributes (permissions, ownership, etc.) and the contents of the system files. There are three security levels associated with ASET, low, medium and high. At the low level, ASET makes no modifications but checks and reports any potential security weaknesses. At the medium level, ASET modifies some of the settings of system files and parameters to restrict system access in order to reduce the risks from security attacks. ASET reports the security weaknesses and the modifications performed to restrict access. At the high level, further restrictions are made to system access, creating a very hardened system. More information can be found in the ASET man page and the administrator manual.

AIDE (Advanced Intrusion Detection Environment) is an open source system integrity checker, i.e., a utility that compares the properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email reporting. Additionally, support files (databases, reports, etc.) are cryptographically signed. AIDE is available for download at http://www.cs.tut.fi/~rammer/aide.html.

Fix-modes is a set of scripts written by Casper Dik that try to make the filesystem modes more secure. It does this by removing group and world write permissions of all files, devices, and directories listed in /var/sadm/install/contents. Fix-modes creates an audit trail and its changes can be undone. Fix-modes is available at http://www.sun.com/blueprints/tools/FixModes_license.html.

One of the best tools for auditing a filesystem is good old find. For instance, to find all the files in /usr that are setuid or setgid, respectively, use these commands:

find /usr ?perm ?u+s ?print
find /usr ?perm ?g+s ?print

There should be no files in /etc that are have group and/or other write permissions set. To find those files use

find /etc ?type f ?perm -g+w ?print
find /etc ?type f ?perm -o+w ?print

There's no reason to be clueless about the family jewels residing on your systems when these tools are available. As my track coach used to say, "Nobody's gonna protect the family jewels for you."

This was first published in March 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.