Tuesday, July 12, 2011

Sun Security Tool Kit - Finish Script Descriptions

Sun Security Tool Kit (SUNWjass) provides a Oracle Solaris OS Hardening driver (template). Behind this is a number of Finish scripts (.fin) which actually does the OS hardening. This a brief description of each one when the name isn't obvious..


disable-ab2.fin


Answer Book 2


disable-apache.fin


disable-apache2.fin


disable-appserv.fin


Java App Server


disable-asppp.fin


Async PPP


disable-autoinst.fin


Disables SYS-UNCONFIG


disable-automount.fin


NFS Automouter


disable-dhcpd.fin


Disables DHCP server


disable-directory.fin


Sun One Directory Server LDAP


disable-dmi.fin


Desktop Management Interface lrc:/etc/rc3_d/S77dmi


disable-dtlogin.fin


Disabled CDE from starting


disable-face-log.fin


Removed write permission on log for SUNWfac - rarely used


disable-ipv6.fin


Disables IPV6


disable-IIim.fin


Internet-Intranet Input Method - Asian input


disable-kdc.fin


Kerberos Key Server


disable-keyserv-uid-nobody.fin


disables User ID Nobody for secure RPC


disable-ldap-client.fin


Prevents LDAP Client from starting


disable-lp.fin


Stop Print Services


disable-mipagent.fin


Mobile IP


disable-named.fin


BIND DNS Server


disable-nfs-client.fin


disable-nfs-server.fin


disable-nscd-caching.fin


disable caching of passwords/groups & hosts


disable-ppp.fin


Sync PPP


disable-preserve.fin


Stops moving saved files - been edited


disable-power-mgmt.fin


disable-remote-root-login.fin


disable-rhosts.fin


Disable use of .rhosts changes PAM config


disable-routing.fin


Disables RDISC/RIP/Forwarding - routeadm


disable-rpc.fin


RPC - Also breaks NFS


disable-samba.fin


Disable from starting


disable-sendmail.fin


Disable sendmail accepting mail


disable-slp.fin


Disables Service Location Protocol RFC 2608


disable-sma.fin


System Management Agent - NET-SNMP


disable-smcwebserver.fin


Solaris Management Console


disable-snmp.fin


SNMP


disable-spc.fin


Sun Soft print Client svc:/application/print/cleanup:default


disable-ssh-root-login.fin


Disables ROOT login via SSH


disable-syslogd-listen.fin


Disable SYSLOGD from accepting logs


disable-system-accounts.fin


remove smtp listen nobody4


disable-uucp.fin


Disable Unix to Unix Copy


disable-vold.fin


VOLD = CDROM automount


disable-xfs.fin


X Font Server


disable-xserver-listen.fin


Disable X11 port 6000


enable-account-lockout.fin


Enabling account lockout to lock user accounts with repeated
failed entries


enable-coreadm.fin


Save cores


enable-ftpaccess.fin


Enable -a flag - FTPACCESS


enable-ftp-syslog.fin


Enable -l flag - SYSLOG


enable-inetd-syslog.fin


SYSLOG all connections to inetd services


enable-ipfilter.fin


Enable Firewall - rules /etc/ipf/ipf.conf


enable-password-history.fin


Remember previous passwords


enable-priv-nfs-ports.fin


Allow NFS access from port <1024


enable-process-accounting.fin


Enable process accounting SUNWaccr


enable-rfc1948.fin


TCP Sequence Number - TCP_STRONG_ISS=2


enable-stack-protection.fin


Kernel Level Stack Protection


enable-tcpwrappers.fin


create hosts.allow and hosts.deny SSHD may be too restrictive.


install-at-allow.fin


at.allow - restrict access to at command


install-ftpusers.fin


Add all users for ftpusers to denied access


install-loginlog.fin


Enable logging of failed login attempts - loginlog


install-md5.fin


Install MD5 on Solaris 8 and 9, Sol 10 use digest cmd


install-nddconfig.fin


Enable secure network settings


install-newaliases.fin


Creates correct aliases for Sendmail - minimal install


install-sadmind-options.fin


Sol 8 & 9 - Security level for sadmind service


install-security-mode.fin


Enable OBP Command security - need passwd


install-shells.fin


Add SHELLS


install-sulog.fin


Track SU use and attempted use


print-rhosts.fin


Finds .rhosts & hosts.equiv


remove-unneeded-accounts.fin


Removes unneeded accounts


set-banner-dtlogin.fin


adds banner to DTLOGIN


set-banner-ftpd.fin


set-banner-sendmail.fin


set-banner-sshd.fin


set-banner-telnetd.fin


set-flexible-crypt.fin


Enable stronger encryption of local passwords - md5


set-ftpd-umask.fin


set-login-retries.fin


Allow 3 attempts to login


set-power-restrictions.fin


Restrict access to power commands


set-rmmount-nosuid.fin


Disable mounting of SET-UID files of CDROMS


set-root-group.fin


Change root group to 0


set-strict-password-checks.fin


Complex passwords for local users


set-sys-suspend-restrictions.fin


Restrict suspend function


set-system-umask.fin


Create umask 022


set-tmpfs-limit.fin


Set to 512Mb


set-user-password-reqs.fin


Min Length, Expire etc..


set-user-umask.fin


Profile /etc/skel ..


update-at-deny.fin


update-cron-allow.fin


update-cron-deny.fin


update-cron-log-size.fin


CRON LOG set to 512K


update-inetd-conf.fin


JASS_SVCS_DISABLE Drivers/finish.init


enable-bart.fin


Sol10 only - Setup BART - basic audit reporting tool

Saturday, June 04, 2011

Windows - Must Install Open Source Utilities

Windows - Must Install Open Source Utilities

Name

Description

URL

7Zip

Archive/Compression

http://www.7-zip.org

Putty

The default SSH client

http://www.chiark.greenend.org.uk/~sgtatham/putty/

GIMP

Graphics

http://www.gimp.org/

Wireshark

Network Sniffer/Analyser

http://www.wireshark.org/

WINscp

SCP/FTP client

http://winscp.net

UltraVNC

VNC Server/Client

http://www.uvnc.com/

FreeMind

Mind Mapper

http://freemind.sourceforge.net

Lanchy

Windows Quick Launcher

http://www.launchy.net/

Greenshot

Screen Capture

http://getgreenshot.org/

VIM

VI Improved Editor

http://www.vim.org/

CCleaner

Remove cache and cookies

http://www.piriform.com/ccleaner

Notepad++

Notepad replacement

http://notepad-plus-plus.org/

NX Client

NoMachine Client

http://www.nomachine.com/

NMAP

Port Scanner Zenmap GUI

http://nmap.org/

LibreOffice

Word processor, Spreadsheet

http://www.libreoffice.org

Putty Session Manager

Putty Quick Launcher - Hot Keys

http://puttysm.sourceforge.net/

VirtualBox

Desktop Virtualisation

http://www.virtualbox.org/

Firefox 4

Mozilla Browser

http://www.mozilla.com

Google Chrome 11

Google Browser

http://www.google.com/chrome

Drop Box

Cloud Storage

http://www.dropbox.com/

Monday, January 03, 2011

2011 Todo List

Certifications
Veritas Storage Foundation HA re-certify for 5.1
RedHat RHCE
Translate Sun Microsystems certifications to Oracle Knowledge Zones

Courses
VMware 4.x Design Workshop (Required for Partner Enterprise Certification)

Learn
IBM Director for AIX and x86 world
Oracle VM Server (x86)
Cloud Deployment of Infrastucture and Services.
Solaris 11, been playing with OpenSolaris but need to get serious now.

WTL Internal,
Move vSphere 4.0 ESX hosts to 4.1 ESXi
Updated Firewall hardware.