1/5/2016

How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena

How to reduce the Security risk in Solaris ?

June 7, 2013

Security, Solaris 10

Generic OS Hardening steps

506 Views

Is your Solaris environment is secure enough ? How can we tighten the system security ? Here we
will see some basic Hardening steps for Solaris OS.Every organization should maintain hardening
checklists of each operating systems which they are using it.Before server is bringing to
operation/production, hardening check list needs to be verified by support team who supports
the server.

Actually OS hardening part is begins before system built.Because you need to choose the customized OS
image according to your environment.By reducing the OS image size,the possibility of risk(security and reliability) is very
less and less size OS image speeds up the boot process and consumes less disk space.

1.Apply Recommended Patch Cluster bundle regularly . It has very important bug fixes and security fix patches. Visit
https://support.oracle.com

to check latest additional security patches and install it if applicable to your environment.

2.Disable all the services which are not being used anymore.There are many services which will make you system in highrisk.Disable services like RPC based services,NFS,NIS, Sendmail,Apache,SNMP,printer services and internet based services if
no longer used in server.

3.Disable inetd services and use ssh for remote login and file-transfer.
Its better not to use telnet,ftp,rlogin services.

http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html

1/4

1/5/2016

How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena

4.There are many parameters in the Solaris kernel which can be tuned to increase the system security.Network parameters
can be tuned using ndd command.Other kernel parameters can modified using /etc/system file.

Network tweaks:
Disable IP forwarding on OS
Protect against SYN floods attacks
Reduce ARP timeouts
5.Restrict root to login only via console and remove un-used users from the system.
Restrict cron access to normal users and disable .rhosts.
6.Set warning banners in /etc/motd & /etc/issue.
7.Increase the level of logging in system accounting,process accounting,kernel level auditing.
8.Create /etc/ftpd/ftpusers to restrict ftp to all users.

9.Remove the group writable from all files in /etc.

# chmod -R g-w /etc
10.Validate the OS start up scripts in all the run levels.Remove the start-up scrips which no longer needed.(/etc/rc2.d &
/etc/rc3.d)
11.Turns on stack protection which will help to protect your system from many buffer overflow attacks.Add the below

http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html

2/4

1/5/2016

How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena

lines in /etc/system to turn on this feature.

set noexec_user_stack = 1
set noexec_user_stack_log = 1
12.Protect File Systems which are mounted on the system by setting nosuid or ro and set logging option for root file
system in vfstab.

13.Enable Packet Filtering is necessary to increase system security.

14.Restrict access to TCP based network services by using TCP wrappers.

15.Disable un-used SMF service using svcadm command.

16.Use Solaris Security Toolkit (JASS)

17.Be cautious with removable media devices.Stop vold if possible.

To know More security information

Thank you for reading this article. If leave a comment if you would like to add more information here.
Image source:www.oralce.com

http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html

3/4

1/5/2016

How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena

http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html

4/4