Securing Solaris - Hard bodies

It's difficult to turn on the TV these days and not be inundated with commercials for all sorts of fitness equipment. There's BowFlex, Abs Energizer, Health Rider, and Gut-B-Gone. All these devices promise leaner, harder bodies in just a few weeks for only 20 minutes three times a week. What about your

    Requires Free Membership to View

Solaris systems? Are they lean, mean, security machines or are they flabby, overweight, insecure systems just begging for a break in? How can you get your Solaris systems on an exercise program making them into security hard bodies? Here are three exercisers that take the grunt out of getting secure.

First, there's JASS. The JumpStart Architecture and Security Scripts (JASS) toolkit from Sun is a flexible and extensible mechanism to reduce, harden, and secure the Solaris system. Members of Sun's Enterprise Engineering and Professional Services teams developed JASS based on proven security best practices and practical customer site experience. JASS supports Sparc and Intel versions of Solaris 2.5.1, 2.6, 7, and 8. JASS is at version 0.35. You can download JASS at http://wwws.sun.com/software/security/jass/.

YASSP (Yet Another Secure Solaris Program) is a bundle of packages to secure Solaris. It does this by turning off most of the services, which is suitable for an external server like a firewall, a web server or an ftp server. Various levels of OS security tuning can be done. Some of these levels are turning off unneeded network services, modifying file owner/mode, enabling logging, tuning the network stack, changing the system parameters and providing a coherent default environment so that administrators know what they can expect and where. YASSP is based on the consensus of a large working group. YASSP is now at version beta 15 RC2. You can find YASSP at http://www.yassp.org.

Remember Dan Farmer of SATAN fame? Dan Farmer, Matt Archibald, and Brad Powell have developed TITAN, an extensible, freely available host-based security tool that can be used to improve or audit the security of a Solaris system. TITAN is written almost entirely in Bourne shell, with a master script controlling the execution of many smaller programs. Each program either fixes or detects a potential security problem. With such a framework, anyone who can write a shell script can enhance and extend the capabilities of TITAN. What does TITAN stand for? It doesn't stand for anything; they developers just like the name. Get TITAN at http://www.fish.com/titan.

Why have flabby, insecure systems? Look into JASS, YASSP, or TITAN and make your systems hard bodies.


This was first published in June 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.