How to Use Solaris 10 Security Features
Solaris 10 is Sun Microsystems' answer to Microsoft's Windows series of operating systems. Solaris, overall, is a more advanced form of operating system, demanding more technical interaction with its users. This level of interactivity, however, gives administrators far more power over security features and more.
- Difficulty:
- Moderately Easy
Instructions
-
-
1
Reduce the amount of exposure your network exhibits when connected to the Internet. This can be done by using the Generic Limited Network feature. It can be enabled by typing in the shell using the "# rm generic.xml" command line. Remember, however, that this change needs to be made to each profile on the system or simply to the default profile.
-
2
Take advantage of the BART file integrity-checking tool. The BART tool is capable of searching your system for instances of data that is not authorized, as well as tracking modifications that are made to system files.
-
3
Create a Data Container within Solaris 10's new Service Manager. The Service Manager monitors the processes currently running on the system (called "services"), and enables you to control how they behave. You can start new processes or cancel others whenever you need.
-
4
Modify user access to the Apache2 system. You can change file ownership for specific users, thereby removing access to certain files, or you can change the root directory to "webservd" to remove root privileges from those with access to the root directory.
-
5
Use the Three-Strikes (N-strikes) PAM module. This service causes a lockout of accounts when authentication fails a number of times (indicated by N).
-
6
Use the "ipfilter" feature when connected to the Internet. The IP filter allows users to automatically block all traffic to and from a specific IP address, helping to reduce the risk of having malicious code uploaded to the system.
-
1
Tips & Warnings
Use the Resource Management feature of Solaris 10. Not only can you control aspects of the security system, but you can also tweak your system's performance and even adjust the CPU speed.
Always verify configuration changes you make to the Apache2 or the security features.
Care is required whenever you access security features in Solaris 10. While it is possible to make your PC nearly impregnable from attack by outside sources, it is also possible, through the simplest of syntax errors, to disable key features or even cause system errors to occur. Use the graphical user interface (GUI) whenever possible, or always double-check your input prior to executing.
