Solaris Security

System administrators: Learn the specifics for making your system secure, whether it's an organization-wide network or a standalone workstation. Expert author Peter Gregory has managed security for everything from top-secret corporate research facilities to casinos. Take advantage of his expertise to build a secure, reliable system of your own.

Solaris Security looks at the physical, logical, and human factors that affect security, including :

• PROMS, physical security, bootpaths, permissions, auditing tools, system logs, passwords and more
• Secure network interfaces and services for remote and Internet access, intrusion detection, access control, e-mail, and printing.
• Enhanced security for NIS, NIS+, DNS, and NFS
• A concise guide to maintaining secure systems in the Solaris environment
• Standalone and networked systems running Solaris
• A special section on disaster preparations and recovery operations

Every chapter opens with a checklist of key topics and their significance, so you can quickly find the information you need. Whether you are a security manager, information technology/systems manager or a network security administrator, Solaris Security is the single resource to answer all your questions and get your systems in shape now and for the future.

Table of contents

List of Figures

List of Tables

Foreword

Preface

Part One: Introduction

Chapter 1: The Security Problem

Causes of Security Weaknesses

Growth of Network Connectivity

Software Vulnerabilities

Employees and Contractors

Motivated and Resourceful Hackers

Site Policies

Chapter 2: The Security Paradigm

Principle 1: The Hacker Who Breaks Into Your System Will Probably Be Someone You Know

Principle 2: Trust No One, or Be Careful About Whom You Are Required to Trust

Principle 2a: Don't Trust Yourself, or Verify Everything You Do

Principle 3: Make Would-Be Intruders Believe They Will Be Caught

Principle 4: Protect In Layers

Principle 5: While Planning Your Security Strategy, Presume the Complete Failure of Any Single Security Layer

Principle 6: Make Security a Part of the Initial Design

Principle 7: Disable Unneeded Services, Packages, and Features

Principle 8: Before Connecting, Understand and Secure

Principle 9: Prepare for the Worst

The Nine Principles: A Way of Life

Part Two: The Standalone System

Chapter 3: The PROM, OpenBoot, and Physical Security

What is PROM?

What Is OpenBoot?

Why Users Must be Kept Out of OpenBoot

Protecting OpenBoot by Setting Security Parameters

Procedures for Changing OpenBoot Security Levels

All Passwords Lost -- Partial Recovery Procedure

Boot Device Recommendations

Change the OpenBoot Banner

Recover a Lost Root Password

Physical Security Considerations

Theft and Access Prevention

Audit PROMs

OpenBoot Passwords

CD-ROM Drives

Backup Media

OS Release Media

Where to Go for Additional Information

Chapter 4: The Filesystem

What Is the Filesystem?

Some Applications Require Open Permissions

Understanding File and Directory Permissions

Who: User, Group, and Other

Permission Summary: Read, Write, Execute, SetUID, SetGID, Sticky Bit

Putting It All Together: The Who and the What

How to View File and Directory Permissions

Permissions: Numeric Form

Setting File and Directory Permissions -- Numeric

Setting File and Directory Permissions -- Symbolic

umask and How It Works

Default File Permissions and umask

Root User umask

Default Directory Permissions and umask

How to Find Files with Specific Permission Settings

System Device Access Permissions

Filesystem Auditing Tools

ASET

COPS

Tiger

Tripwire

lsof (list open files)

Other Security Tools and Techniques

Check /etc Permissions

Ensure Proper utmp and utmpx Permissions

Use Fix-modes Tool to Enhance Security

Use the fuser Command

Use the ls Command to Show Hidden Files and Hidden Characters in File names

Alias the rm Command

Randomize Filesystem Inode Numbers with fsirand

Filesystem Quotas

Filesystem Access Control Lists

Where to Go for Additional Information

Chapter 5: User Accounts and Environments

Introduction

User Account Security

The Root Account

Other Administrative Accounts and Groups

User Accounts

When Users Need Root Privileges

PATH and LD_LIBRARY_PATH

The Password, Shadow, and Group Files

Password File

Shadow File

Password Security

UNIX Groups

The /etc/default/passwd File

Root Access

Direct Root Login

The su Command

Shell and Application Security

Forced Application Startup

Include System Name in Root Shell Prompt

Restricted Shell

Default Login Environment

Writing Directly to the Console

Program Buffer Overflow

Additional Process Information

X-Windows Security

X-Windows Screen Lock, Manual

X-Windows Screen Lock, Auto

X-Windows Display Permissions

Auditing Tools

COPS

Crack

Where to Go for Additional Information

Chapter 6: System Startup and Shutdown

System Run Levels

Determining Current Run Level

System Startup

PROM

init

Multiuser Mode

The rc Mechanism

System Shutdown

init

uadmin

More Information on rc Files

An Example rc File Examined

Auditing Startup and Shutdown Mechanisms

COPS

Tripwire

Modifying Startup and Shutdown Mechanisms

Adding Startup and Shutdown Scripts

Changing Startup and Shutdown Scripts

Disabling Startup and Shutdown Scripts

More on Linked Startup Files

Where to Go For Additional Information

Chapter 7: cron and at

cron

What is cron?

How cron Works

How cron Is Configured

cron User Configuration

User Access to cron System

at

What Is at?

How at Works

User Access to a System

Common Mistakes to Avoid

Failure to Adequately Conceal Programs Launched by cron

Leaving crontab Files Lying Around for All to See

Unsecure PATH Elements in Scripts Launched by cron

Indeterminate PATH Elements in Scripts Launched by cron

Use of stdin and stdout in cron and at Jobs

Auditing Tools

Tripwire

COPS

Where to Go for Additional Information

Chapter 8: System Logs

What is a System Log

syslog

syslog Facilities and Severity Levels

syslog Message Classification Notation

syslog Configuration

Debugging syslog

loginlog

sulong

Last Log

Volume Manager Log

Install Log

sysidtool Log

Tools to Help with Logging

Logcheck

Where to Go for Additional Information

Part Three: The Network-Connected System

Chapter 9: Network Interfaces and Services

Networks

Network Interfaces

Network Interface Characteristics

Network Interface Configuration

ifconfig

ndd

Turn Off IP Forwarding with /etc/notrouter

netstat

/etc/inet/hosts

/etc/inet/netmasks

/etc/defaultrouter

/etc/nodename

/etc/hostname.interface

How Adaptors Are Configured

Promiscuous Mode

Network Services

Unnecessary Services

Network Service Numbers

Network Service Configuration

How Network Services Are Started

Daemon Network Services Not Started with inetd

Routing

Adding Static Routes

Adding Dynamic Routes

Using snoop

Where to Go For Additional Information

Chapter 10: Network/System Architecture

What is an Architecture?

Simple vs. Complex Architectures

Architecture Principles

Principle 1: Minimize the Number of Failure Points (or Shorten the Critical Path)

Principle 2: Keep Services Close to Those Being Served

Principle 3: Vertically Align Services with Their Applications

Principle 4: Prepare for Increasing Network Partitioning

Chapter 11: Electronic Mail

Overview of E-Mail

Transport Agent

Delivery Agent

User Agent

Types of E-Mail Security Weaknesses

Auth (or Identd) Protocol

Message Brokering

Message Source Routing

Privacy

Authenticity

Mitigating E-Mail Security Weaknesses

Run Sendmail Only on Mail Servers

Disconnect Inside Mail Server(s) from the Internet

Prevent Message Source Routing

Implement Mail Encryption and Digital Signatures

Replace Sendmail

Remove Unnecessary E-Mail Aliases

Implement Smrsh

Implement ForwardPath

Where to Go for Additional Information

Chapter 12: Printing

Printing Architectures

Print Subsystem Directories

Auditing Print Subsystem Directories

Local Printing

Local Print Devices

How to Determine Which Device a Specific Printer Uses

Print Device Permissions

Auditing Print Device Permissions

Restricting Access to Printers and Print Servers

Direct Access to Network Printers

Where to Go for Additional Information

Chapter 13: Network Access Control

Network Access Control Principles

Unnecessary Network Access Points Are Security Risks

Unguarded Network Access Points Are Security Risks

Necessary and Unnecessary Services

How to Disable Unnecessary Services

Strengthening Network Access Control

inetd Connection Tracing

TCP Wrappers

Public-Domain rpcbind

.rhosts File -- Gateway to the r-Commands

/etc/hosts.equiv File

Auditing .rhosts and hosts.equiv Files

Secure Replacement for telnet, rsh, and rlogin

ftp

tftp

X-Windows Is Unsecure

Firewalls

Testing System Accessibility

Satan

ISS

Intrusion Detection

Syn

Klaxon

Courtney

Tocsin

Gabriel

Intrusion Detection: Staying Current

Authentication

System Authentication

DES (Diffie-Hellman) Authentication

Kerberos Authentication

Virtual Private Networks

SKIP

IPsec

Where to Go for Additional Information

Chapter 14: Name Services

Domain Name Service (DNS)

/etc/nsswitch.conf

/etc/resolv.conf

DNS Security Weaknesses and Solutions

Too Much Information Visible to the Internet

Illicit Zone Transfers from DNS Servers

Differences Between nslookup and Actual DNS Queries

Public-Domain DNS (BIND)

DIG Public-Domain Tool

Disable nscd Caching

Know Your BIND Version

NIS

Obtaining and Installing NISKIT

NIS Security Weaknesses and Solutions

Move NIS Maps out of /etc Directory

Protect NIS Maps Directory

Use a Hard-to-Guess NIS Domain Name

Implement /var/yp/securenets

Hide Shadow Fields

Avoid Illicit NIS Servers

Keep Root and Other Administrative Accounts out of NIS

Disable nscd Caching

Other NIS Weaknesses

NIS+

NIS+ Default Access Rights

Access Rights for Principal nobody

NIS+ Security Level

Administering NIS+

Back Up NIS+ Tables

Flush NIS+ Transactions

Keep Root and Other Administrative Accounts of NIS+

Disable nscd Caching

Name Service Switch

nscd

Where to Go for Additional Information

Chapter 15: NFS and the Automounter

NFS

NFS Operations

Improving Security with NFS Share

Improving Security with NFS Mount

Improving Security by Setting NFS Portman

NFS Authentication

Servers as NFS Clients

NFS and Access Control Lists

NFS on the Network

Disabling NFS

Automounter

Indirect Automounter Maps

Direct Automounter Maps

Automounter Browsing

Automounter and the Name Service Switch

Disabling Automounter

Where to Go for Additional Information

Part Four: Disaster and Recovery

Chapter 16: System Recovery Preparation

What Can and Will Go Wrong

Natural Disaster

Man-Made Disaster

Inside Utility Failure

Hardware Failure

UNIX Administrator Error

Documentation Error

Programmer Error

User Error

Sabotage

Preparing for Recovery

Create an Incident Response Team

System Filesystem Design

Filesystem Geometry

Tape Backups

System Recovery Testing

Release Media

System Event Logbooks

Solaris and Tool Patches

CD-ROM Drives

Hardware and Software Services Agreements

Keep Hardware Spares

Copies of Critical Server PROMs

Disk Space to Spare

Recovery Documentation

Contacts and Cross-Training

Partner with Inside Suppliers

Partner with Outside Suppliers

Where to Go for Additional Information

Part Five: Appendices

Appendix A: Online Sources for Security Information

Security Web Sites

Hacker Web Sites

Security Mailing Lists

Patches

Appendix B: Online Sources for Public-Domain Security Tools

TCP/IP Security Tools

ISS (Internet security scan)

Satan (Security Administrator's Tool for Analyzing Networks)

cpm (check promiscuous mode)

tcpdump (network monitoring and data acquisition)

Access Control Security Tools

TCP Wrappers

rpcbind

Ssh (secure shell)

Kerberos

crack (password cracker)

fwtk (firewall toolkit)

S/Key

Intrusion Detection Tools

Klaxon

Courtney

Tocsin

Gabriel

syn

Filesystem Security Tools

Tiger

Tripwire

COPS

Encryption Tools

PGP

MD5

E-Mail Security Tools

SMAP (sendmail wrapper)

sendmail V8 (public domain sendmail)

Postfix (formerly Vmailer)

smrsh

DNS Tools

Public-Domain BIND

Dig

Other DNS Tools

Other Tools and Sources

logcheck

lsof (list open files)

Patchdiag

fix-modes

perl

Washington University ftpd

Security Tools Site

CERT Tools

CIAC Tools

COAST Tools

Doug's Tools

LIST (Laboratory for Information Security Technology)

Security Tools

Sun Freeware Site

Wietse Venema's UNIX Security Tools Collection

Hacker Tools Sites

Appendix C: Obtaining and Applying Solaris Patches

Sources for Patch Information

Understanding Solaris Patches

Understanding Solaris Patch Clusters

Sources for Patches

Patch Installation Strategies

Before Installing Patches

Which Patches to Install

Testing Patches

For Patches Requiring System Reboot

The patchdiag Program

Patch Installation Procedure, Solaris 2.x -- 2.5.1

Patch Installation Procedures for Solaris 2.6 and Solaris 7

Solaris OS Upgrades

Where to Go for Additional Information

Appendix D: Suggested Reading

Books

Publications and Articles Available Online

SunSolve Publications

Periodicals Online

Internet RFCs

Appendix E: Solaris Security Products

SunScreen EFS

SunScreen SPF

SunScreen SKIP

Sun Security Manager

SunScreen SecureNet

Trusted Solaris

Where to Go for Additional Information

Appendix F: Implementing C2 Security

What is C2 Security?

Implications of C2 Security

Enabling C2 Security

Disabling C2 Security

Managing C2 Security

Configuration of C2 Audit Capture

Management of C2 Logs

Management of Performance

Audit Events

Audit Trail Analysis

Removable Media Management

Device Allocation

Recommendations

Where to Go for Additional Information

Appendix G: Verifying the Integrity of Public-Domain Software

Verification Using PGP

Verification Using MD5

Where to Go for Additional Information

Appendix H: Glossary of Attacks

Appendix I: Secure System Checklist

Index