Solaris filesystem security: Protecting the family jewels

Protect your Solaris system's filesystems with these tools and utilities.

This Content Component encountered an error

Protecting the Family Jewels

My high school track coach had a speech he gave at least once a year about "protecting the family jewels." I was clueless; I thought he was talking about my watch and class ring. Many Solaris system managers are equally clueless about how to protect the "family jewels" of their systems, namely the filesystems and files. One of the principles of computer security is "Know your systems." One way to accomplish Solaris filesystem security is by auditing the filesystems. There are several tools available to accomplish this.

ASET
ASET is Sun Microsystems' Automated System Enhancement Tool. Odds are you already have ASET installed on your Solaris system. ASET is part of the Sun package SUNWast. Check for SunWast with the following command:

pkginfo | grep SUNWast

ASET is a set of administrative utilities that can improve system security by allowing the system administrators to check the settings of system files, including both the attributes (permissions, ownership, etc.) and the contents of the system files. There are three security levels associated with ASET, low, medium and high. At the low level, ASET makes no modifications but checks and reports any potential security weaknesses. At the medium level, ASET modifies some of the settings of system files and parameters to restrict system access in order to reduce the risks from security attacks. ASET reports the security weaknesses and the modifications performed to restrict access. At the high level, further restrictions are made to system access, creating a very hardened system. More information can be found in the ASET man page and the administrator manual.

AIDE
AIDE (Advanced Intrusion Detection Environment) is an open source system integrity checker, i.e., a utility that compares the properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email reporting. Additionally, support files (databases, reports, etc.) are cryptographically signed. AIDE is available for download at http://www.cs.tut.fi/~rammer/aide.html.

Fix-modes
Fix-modes is a set of scripts written by Casper Dik that try to make the filesystem modes more secure. It does this by removing group and world write permissions of all files, devices, and directories listed in /var/sadm/install/contents. Fix-modes creates an audit trail and its changes can be undone. Fix-modes is available at http://www.sun.com/blueprints/tools/FixModes_license.html.

Find
One of the best tools for auditing a filesystem is good old find. For instance, to find all the files in /usr that are setuid or setgid, respectively, use these commands:

find /usr ?perm ?u+s ?print
find /usr ?perm ?g+s ?print

There should be no files in /etc that are have group and/or other write permissions set. To find those files use

find /etc ?type f ?perm -g+w ?print
find /etc ?type f ?perm -o+w ?print

There's no reason to be clueless about the family jewels residing on your systems when these tools are available. As my track coach used to say, "Nobody's gonna protect the family jewels for you."


This was first published in March 2002

Dig deeper on Alternative OS security: Mac, Linux, Unix, etc.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close