Original Question:
We are about to start a project to architect a site with many Sun servers.
Does anyone have any recommendations for installation actions, jumpstart scripts, extra software, security lockdowns that are different from an "out-of-the-box" Sun OS installation?
URLs, software suggestions and scripts welcome.
from bill hathaway:
I like using titan, it is basically a wrapper for a bunch of
"best practices" that you customize for your site
http://www.fish.com/titan/
If you haven't looked into it, you may also want to check out cfengine
http://www.gnu.org/software/cfengine/
it isn't a security tool, but a general sysadmin tool that allows you
to keep large numbers of systems in sync, you can automatically fix system
entropy, which can be handy from a security perspective.
###############
from Dave McFerren:
Look at
Hope this helps...
###############
from Dave Foster:
SABERNET: Security Papers : http://www.sabernet.net/papers/ [!!]
(How to lock down Solaris/HP systems)
Lance Spitzner's Security Papers:
http://www.enteract.com/~lspitz/
Info on inetd Daemons:
http://uwsg.ucs.indiana.edu/security/inetd.html
Changes to make to Solaris system:
http://www.thinc.org/petro/fixsolaris.txt
Solaris Security (Sun website)
http://www.sun.com/software/solutions/blueprints/browsesubject.html#security
Wietse's collection of tools and papers (TCP_WRAPPERS)
ftp://ftp.porcupine.org/pub/security/index.html
"Security Vulnerabilities" by Eric Knight (book, .pdf)
www.securityparadigm.com
##############
>From Mike Stephens:
Here is the Solaris Security FAQ for starters - Good Luck!
http://www.sunworld.com/sunworldonline/common/security-faq.html#Q3.5
#############
from Jeff Kennedy:
For security related issues try
http://fixsolaris.sunhelp.org/fixsolaris.txt. It's designed for 2.6 but
the practices can be applied to 7 as well.
As for jumpstart scripts, that will be determined by what you need to
load upon install.
###########
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:09 CDT