SUMMARY -- hardening sol9

From: Brent Bailey <mrb_at_bmyster.com>
Date: Wed Feb 18 2004 - 14:07:47 EST
I wanted to thank those who replied to my post .

QUESTION was ---
 I have a freshly installed Solaris 9 system. Im in the middle of hardening
 the system. (it will be a server at some point )

 anywho one of the things a read on hardening is to set in /etc/vsftab
 under mount options:

 mount / with options "remount,nosuid"

ANSWER was ---
No.  Whoever said to do that for Solaris is incorrect.  All the devices
are in the root filesystem.  On Solaris, nosuid is equivalent to nodev.
You'll stop all your devices from working.
(in the man page)

suid | nosuid
                      Allow or disallow setuid/setgid  execution.
                      The  default  is  suid.  This  option  also
                      allows/disallows opening any device-special
                      entries that appear within the filesystem.

Boot -s, and hopefully you can modify the mount options.

If not, boot from cdrom or network, mount the root filesystem, change
the mount option.


-- 
Brent Bailey CCNA
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed Feb 18 14:07:27 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:28 EST