Tip

Securing Solaris servers...

To secure a Solaris box do the following:

1. Download YASSP (Yet Another Solaris Security Package) from http://www.yassp.org, install it, and follow the instructions. This package does runs fix perms (script from Sun that drastically improves the default file system permissions). It also installs OpenSSH, Tripwire and some checking scripts. It then updates all of your rc files so that you can control all of your exposed services from a single administration point, namely /etc/yassp.conf. The nice thing about this security package is that if you stop using it you can program it and to restore your system to its previous state. To connect to the server after the install you will need an SSH client. Personally, I use TeraTerm (http://hp.vector.co.jp/authors/VA002416/teraterm.html) with the SSH extension available from http://www.zip.com.au/~roca/ttssh.html.

2. Now go to http://www.snort.org and download, compile and install Snort. It is a very lightweight (in terms of resource usage) intrusion detection system but it has a huge database of exploits. Snort should be started from an rc script with something like:

snort -g snort -h [home network] -i [interface name] -N -q -s -c /etc/snort/snort.conf

This will log all alerts via the syslog.

3. Get IP Filter from http://coombs.anu.edu.au/ipfilter/ and install it. Be sure to read the FAQs in order to produce a set of useful rules. This is a stateful packet filter and essentially

    Requires Free Membership to View

firewalls the host. A good set of rules will usually consist of denying all incoming packets except those for the specific services that you wish to offer. You will also want to include a set of stateful rules designed to dynamically allow whatever packets the host requires to be sent to the network.

4. Download SWATCH from http://www.stanford.edu/~atkins/swatch and configure it to monitor your log files for Snort alerts and IP Filter packet rejects and SSH rejects, etc. Then set it to alert you via email.

5. Get the latest set of Sun recommended patches and install them. Sun lists recommended patches at http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches.

6. Look at the Solaris section of http://www.securityfocus.com, particularly the exploit database, and see if there is anything new to consider.

7. Go to http://www.insecure.org and get a copy of Nmap. Run this from another Unix host against the host you are securing (documentation on site). Check to make sure that you get alerts from Snort and IP Filter. If not, investigate. Nmap is the most common tool used to identify interesting hosts to hack, so use it before someone else does.

8. Go to http://www.nessus.org and download and intsall Nessus on another Unix host and run it against the host you are securing. Nessus is an auditing tool that has hundreds of exploits which is runs against your host and then gives you a report.

9. If you are securing a number of hosts, go to http://www.samba.org and get rsync and configure it to run over SSH. Then you can securely update all of your server configurations from a master server. This works best if you divide your servers into classes such as Web servers, ftp servers and nfs servers. Then you can hold a single set of IP Filter and Snort config files for each class of host, and push them out to all the hosts of that type when you need to make a config change.

This will give a reasonably secure server that will keep the ankle biters at bay. This configuration can be greatly improved upon but the above will make you more secure than about 99% of Solaris servers I have come across.

Ken Robson is a Solaris systems administrator.


This was first published in May 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.