It's difficult to turn on the TV these days and not be inundated with commercials for all sorts of fitness equipment. There's BowFlex, Abs Energizer, Health Rider, and Gut-B-Gone. All these devices promise leaner, harder bodies in just a few weeks for only 20 minutes three times a week. What about your Solaris systems? Are they lean, mean, security machines or are they flabby, overweight, insecure systems just begging for a break in?...
How can you get your Solaris systems on an exercise program making them into security hard bodies? Here are three exercisers that take the grunt out of getting secure.
First, there's JASS. The JumpStart Architecture and Security Scripts (JASS) toolkit from Sun is a flexible and extensible mechanism to reduce, harden, and secure the Solaris system. Members of Sun's Enterprise Engineering and Professional Services teams developed JASS based on proven security best practices and practical customer site experience. JASS supports Sparc and Intel versions of Solaris 2.5.1, 2.6, 7, and 8. JASS is at version 0.35. You can download JASS at http://wwws.sun.com/software/security/jass/.
YASSP (Yet Another Secure Solaris Program) is a bundle of packages to secure Solaris. It does this by turning off most of the services, which is suitable for an external server like a firewall, a web server or an ftp server. Various levels of OS security tuning can be done. Some of these levels are turning off unneeded network services, modifying file owner/mode, enabling logging, tuning the network stack, changing the system parameters and providing a coherent default environment so that administrators know what they can expect and where. YASSP is based on the consensus of a large working group. YASSP is now at version beta 15 RC2. You can find YASSP at http://www.yassp.org.
Remember Dan Farmer of SATAN fame? Dan Farmer, Matt Archibald, and Brad Powell have developed TITAN, an extensible, freely available host-based security tool that can be used to improve or audit the security of a Solaris system. TITAN is written almost entirely in Bourne shell, with a master script controlling the execution of many smaller programs. Each program either fixes or detects a potential security problem. With such a framework, anyone who can write a shell script can enhance and extend the capabilities of TITAN. What does TITAN stand for? It doesn't stand for anything; they developers just like the name. Get TITAN at http://www.fish.com/titan.
Why have flabby, insecure systems? Look into JASS, YASSP, or TITAN and make your systems hard bodies.