disable-ab2.fin |
Answer Book 2 |
disable-apache.fin |
|
disable-apache2.fin |
|
disable-appserv.fin |
Java App Server |
disable-asppp.fin |
Async PPP |
disable-autoinst.fin |
Disables SYS-UNCONFIG |
disable-automount.fin |
NFS Automouter |
disable-dhcpd.fin |
Disables DHCP server |
disable-directory.fin |
Sun One Directory Server LDAP |
disable-dmi.fin |
Desktop Management Interface lrc:/etc/rc3_d/S77dmi |
disable-dtlogin.fin |
Disabled CDE from starting |
disable-face-log.fin |
Removed write permission on log for SUNWfac - rarely used |
disable-ipv6.fin |
Disables IPV6 |
disable-IIim.fin |
Internet-Intranet Input Method - Asian input |
disable-kdc.fin |
Kerberos Key Server |
disable-keyserv-uid-nobody.fin |
disables User ID Nobody for secure RPC |
disable-ldap-client.fin |
Prevents LDAP Client from starting |
disable-lp.fin |
Stop Print Services |
disable-mipagent.fin |
Mobile IP |
disable-named.fin |
BIND DNS Server |
disable-nfs-client.fin |
|
disable-nfs-server.fin |
|
disable-nscd-caching.fin |
disable caching of passwords/groups & hosts |
disable-ppp.fin |
Sync PPP |
disable-preserve.fin |
Stops moving saved files - been edited |
disable-power-mgmt.fin |
|
disable-remote-root-login.fin |
|
disable-rhosts.fin |
Disable use of .rhosts changes PAM config |
disable-routing.fin |
Disables RDISC/RIP/Forwarding - routeadm |
disable-rpc.fin |
RPC - Also breaks NFS |
disable-samba.fin |
Disable from starting |
disable-sendmail.fin |
Disable sendmail accepting mail |
disable-slp.fin |
Disables Service Location Protocol RFC 2608 |
disable-sma.fin |
System Management Agent - NET-SNMP |
disable-smcwebserver.fin |
Solaris Management Console |
disable-snmp.fin |
SNMP |
disable-spc.fin |
Sun Soft print Client svc:/application/print/cleanup:default |
disable-ssh-root-login.fin |
Disables ROOT login via SSH |
disable-syslogd-listen.fin |
Disable SYSLOGD from accepting logs |
disable-system-accounts.fin |
remove smtp listen nobody4 |
disable-uucp.fin |
Disable Unix to Unix Copy |
disable-vold.fin |
VOLD = CDROM automount |
disable-xfs.fin |
X Font Server |
disable-xserver-listen.fin |
Disable X11 port 6000 |
enable-account-lockout.fin |
Enabling account lockout to lock user accounts with repeated |
enable-coreadm.fin |
Save cores |
enable-ftpaccess.fin |
Enable -a flag - FTPACCESS |
enable-ftp-syslog.fin |
Enable -l flag - SYSLOG |
enable-inetd-syslog.fin |
SYSLOG all connections to inetd services |
enable-ipfilter.fin |
Enable Firewall - rules /etc/ipf/ipf.conf |
enable-password-history.fin |
Remember previous passwords |
enable-priv-nfs-ports.fin |
Allow NFS access from port <1024 |
enable-process-accounting.fin |
Enable process accounting SUNWaccr |
enable-rfc1948.fin |
TCP Sequence Number - TCP_STRONG_ISS=2 |
enable-stack-protection.fin |
Kernel Level Stack Protection |
enable-tcpwrappers.fin |
create hosts.allow and hosts.deny SSHD may be too restrictive. |
install-at-allow.fin |
at.allow - restrict access to at command |
install-ftpusers.fin |
Add all users for ftpusers to denied access |
install-loginlog.fin |
Enable logging of failed login attempts - loginlog |
install-md5.fin |
Install MD5 on Solaris 8 and 9, Sol 10 use digest cmd |
install-nddconfig.fin |
Enable secure network settings |
install-newaliases.fin |
Creates correct aliases for Sendmail - minimal install |
install-sadmind-options.fin |
Sol 8 & 9 - Security level for sadmind service |
install-security-mode.fin |
Enable OBP Command security - need passwd |
install-shells.fin |
Add SHELLS |
install-sulog.fin |
Track SU use and attempted use |
print-rhosts.fin |
Finds .rhosts & hosts.equiv |
remove-unneeded-accounts.fin |
Removes unneeded accounts |
set-banner-dtlogin.fin |
adds banner to DTLOGIN |
set-banner-ftpd.fin |
|
set-banner-sendmail.fin |
|
set-banner-sshd.fin |
|
set-banner-telnetd.fin |
|
set-flexible-crypt.fin |
Enable stronger encryption of local passwords - md5 |
set-ftpd-umask.fin |
|
set-login-retries.fin |
Allow 3 attempts to login |
set-power-restrictions.fin |
Restrict access to power commands |
set-rmmount-nosuid.fin |
Disable mounting of SET-UID files of CDROMS |
set-root-group.fin |
Change root group to 0 |
set-strict-password-checks.fin |
Complex passwords for local users |
set-sys-suspend-restrictions.fin |
Restrict suspend function |
set-system-umask.fin |
Create umask 022 |
set-tmpfs-limit.fin |
Set to 512Mb |
set-user-password-reqs.fin |
Min Length, Expire etc.. |
set-user-umask.fin |
Profile /etc/skel .. |
update-at-deny.fin |
|
update-cron-allow.fin |
|
update-cron-deny.fin |
|
update-cron-log-size.fin |
CRON LOG set to 512K |
update-inetd-conf.fin |
JASS_SVCS_DISABLE Drivers/finish.init |
enable-bart.fin |
Sol10 only - Setup BART - basic audit reporting tool |
Tuesday, July 12, 2011
Sun Security Tool Kit - Finish Script Descriptions
Sun Security Tool Kit (SUNWjass) provides a Oracle Solaris OS Hardening driver (template). Behind this is a number of Finish scripts (.fin) which actually does the OS hardening. This a brief description of each one when the name isn't obvious..
Saturday, June 04, 2011
Windows - Must Install Open Source Utilities
Windows - Must Install Open Source Utilities
Name | Description | URL |
7Zip | Archive/Compression | |
Putty | The default SSH client | |
GIMP | Graphics | |
Wireshark | Network Sniffer/Analyser | |
WINscp | SCP/FTP client | |
UltraVNC | VNC Server/Client | |
FreeMind | Mind Mapper | |
Lanchy | Windows Quick Launcher | |
Greenshot | Screen Capture | |
VIM | VI Improved Editor | |
CCleaner | Remove cache and cookies | |
Notepad++ | Notepad replacement | |
NX Client | NoMachine Client | |
NMAP | Port Scanner Zenmap GUI | |
LibreOffice | Word processor, Spreadsheet | |
Putty Session Manager | Putty Quick Launcher - Hot Keys | |
VirtualBox | Desktop Virtualisation | |
Firefox 4 | Mozilla Browser | |
Google Chrome 11 | Google Browser | |
Drop Box | Cloud Storage |
Monday, January 03, 2011
2011 Todo List
Certifications
Veritas Storage Foundation HA re-certify for 5.1
RedHat RHCE
Translate Sun Microsystems certifications to Oracle Knowledge Zones
Courses
VMware 4.x Design Workshop (Required for Partner Enterprise Certification)
Learn
IBM Director for AIX and x86 world
Oracle VM Server (x86)
Cloud Deployment of Infrastucture and Services.
Solaris 11, been playing with OpenSolaris but need to get serious now.
WTL Internal,
Move vSphere 4.0 ESX hosts to 4.1 ESXi
Updated Firewall hardware.
Veritas Storage Foundation HA re-certify for 5.1
RedHat RHCE
Translate Sun Microsystems certifications to Oracle Knowledge Zones
Courses
VMware 4.x Design Workshop (Required for Partner Enterprise Certification)
Learn
IBM Director for AIX and x86 world
Oracle VM Server (x86)
Cloud Deployment of Infrastucture and Services.
Solaris 11, been playing with OpenSolaris but need to get serious now.
WTL Internal,
Move vSphere 4.0 ESX hosts to 4.1 ESXi
Updated Firewall hardware.
Subscribe to:
Comments (Atom)