Problem solve Get help with specific problems with your technologies, process and projects.

Solaris filesystem security: Protecting the family jewels

Protect your Solaris system's filesystems with these tools and utilities.

Protecting the Family Jewels

My high school track coach had a speech he gave at least once a year about "protecting the family jewels." I was clueless; I thought he was talking about my watch and class ring. Many Solaris system managers are equally clueless about how to protect the "family jewels" of their systems, namely the filesystems and files. One of the principles of computer security is "Know your systems." One way to accomplish Solaris filesystem security is by auditing the filesystems. There are several tools available to accomplish this.

ASET is Sun Microsystems' Automated System Enhancement Tool. Odds are you already have ASET installed on your Solaris system. ASET is part of the Sun package SUNWast. Check for SunWast with the following command:

pkginfo | grep SUNWast

ASET is a set of administrative utilities that can improve system security by allowing the system administrators to check the settings of system files, including both the attributes (permissions, ownership, etc.) and the contents of the system files. There are three security levels associated with ASET, low, medium and high. At the low level, ASET makes no modifications but checks and reports any potential security weaknesses. At the medium level, ASET modifies some of the settings of system files and parameters to restrict system access in order to reduce the risks from security attacks. ASET reports the security weaknesses and the modifications performed to restrict access. At the high level, further restrictions are made to system access, creating a very hardened system. More information can be found in the ASET man page and the administrator manual.

AIDE (Advanced Intrusion Detection Environment) is an open source system integrity checker, i.e., a utility that compares the properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email reporting. Additionally, support files (databases, reports, etc.) are cryptographically signed. AIDE is available for download at

Fix-modes is a set of scripts written by Casper Dik that try to make the filesystem modes more secure. It does this by removing group and world write permissions of all files, devices, and directories listed in /var/sadm/install/contents. Fix-modes creates an audit trail and its changes can be undone. Fix-modes is available at

One of the best tools for auditing a filesystem is good old find. For instance, to find all the files in /usr that are setuid or setgid, respectively, use these commands:

find /usr ?perm ?u+s ?print
find /usr ?perm ?g+s ?print

There should be no files in /etc that are have group and/or other write permissions set. To find those files use

find /etc ?type f ?perm -g+w ?print
find /etc ?type f ?perm -o+w ?print

There's no reason to be clueless about the family jewels residing on your systems when these tools are available. As my track coach used to say, "Nobody's gonna protect the family jewels for you."

This was last published in March 2002

Dig Deeper on Alternative operating system security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.