Professional Documents
Culture Documents
How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena
June 7, 2013
Security, Solaris 10
506 Views
Is your Solaris environment is secure enough ? How can we tighten the system security ? Here we
will see some basic Hardening steps for Solaris OS.Every organization should maintain hardening
checklists of each operating systems which they are using it.Before server is bringing to
operation/production, hardening check list needs to be verified by support team who supports
the server.
Actually OS hardening part is begins before system built.Because you need to choose the customized OS
image according to your environment.By reducing the OS image size,the possibility of risk(security and reliability) is very
less and less size OS image speeds up the boot process and consumes less disk space.
1.Apply Recommended Patch Cluster bundle regularly . It has very important bug fixes and security fix patches. Visit
https://support.oracle.com
to check latest additional security patches and install it if applicable to your environment.
2.Disable all the services which are not being used anymore.There are many services which will make you system in highrisk.Disable services like RPC based services,NFS,NIS, Sendmail,Apache,SNMP,printer services and internet based services if
no longer used in server.
3.Disable inetd services and use ssh for remote login and file-transfer.
Its better not to use telnet,ftp,rlogin services.
http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html
1/4
1/5/2016
How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena
4.There are many parameters in the Solaris kernel which can be tuned to increase the system security.Network parameters
can be tuned using ndd command.Other kernel parameters can modified using /etc/system file.
Network tweaks:
Disable IP forwarding on OS
Protect against SYN floods attacks
Reduce ARP timeouts
5.Restrict root to login only via console and remove un-used users from the system.
Restrict cron access to normal users and disable .rhosts.
6.Set warning banners in /etc/motd & /etc/issue.
7.Increase the level of logging in system accounting,process accounting,kernel level auditing.
8.Create /etc/ftpd/ftpusers to restrict ftp to all users.
http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html
2/4
1/5/2016
How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena
Thank you for reading this article. If leave a comment if you would like to add more information here.
Image source:www.oralce.com
http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html
3/4
1/5/2016
How to reduce the Security risk in Solaris ? - Generic OS Hardening steps - UnixArena
http://www.unixarena.com/2013/06/how-to-reduce-security-risk-in-solaris.html
4/4