SUMMARY: Programs/scripts to perform security checks

From: <>
Date: Wed Jun 25 2003 - 16:11:37 EDT

     Thanks to all the responses I received regarding this query.  The majority
opinion has been the Center for Internet Security's (
benchmark tools. Their use of a score system can provide a good metric for
management when they ask "did the changes improve security".  Their explanations
of how to fix a problem are also understandable.  Other helpful suggestions have

- Titan ( to help lock down a system since it can be
easily scripted to apply to a new system
- SARA (Security Auditors Research Assistant)
- going  through inetd.conf and turning off anything not required
- secure shell (SSH)
- tripwire





     We have some systems running Solaris 2.6 & Solaris 8 and we want to test
the boxes from a security point of view.  I was wondering what program or
scripts people would suggest that could be run on these boxes to test their
security levels and generate a report with recommendations for resolving issues
(i.e. patches, processed stopped, file permissions, etc).  Any thoughts are

Thanks in advance,

sunmanagers mailing list
Received on Wed Jun 25 16:23:54 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:15 EST