Home > Solaris > Solaris Hardening Document

Solaris Hardening Document

Solaris 7 Comments

This document details the configuration, hardening, monitoring and vulnerability assessment of the Solaris OE. It can also be used as a configuration standard, providing a baseline to audit against.

About The Author

Eugenia Loli

Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.

Follow me on Twitter @EugeniaLoli

7 Comments

  1. 2002-11-23 9:21 pm
    Anonymous

    This is a great starting place for new sys admins. Not just for us Solaris guys, but also for Linux. Yeah, some of the files and commands are different, but the over all idea is the same. This is very much needed as Linux becomes more popular. New sys admins should run to the amazon.com site and search for Linux security. Check out all of the recommendations from other Linux and Unix users. Just a thought.

  2. 2002-11-23 10:21 pm
    Anonymous

    How do you change the hostname of a (sparc) Solaris host?

    This was/is a question that this dude who gives the the Solaris Cluster course, always asks. And apparently, there is nobody that ever gave a complete answer.

    This is a rather offtopic post, but what the heck, there’s something in having some fun, not just being on topic.

  3. 2002-11-24 1:10 am
    Anonymous

    Well the easy way is to run sys-unconfig. This will remove the system name and network config, but nothing else so your data is safe. Then reboot. The hard way is to edit the /etc/hosts, /etc/nodename, /etc/hostname.network_inface_name (ex:/etc/hostname.hme0), /etc/net/ticlts/hosts, /etc/net/ticots/hosts, and /etc/net/ticotsord/hosts files, then reboot. Hope this helps. Oh by the way, comment out all nfs mounts before rebooting if the mounts have changed or moved. You don’t want the system looking for mounts that are no longer there. If the mounts are still good, then it is no big deal.

  4. 2002-11-24 1:24 am
    Anonymous

    it was just for fun. But you did an excellent job, you even mentioned the /etc/tic* stuff! If you don’t have Veritas Volume manager, you’d be OK. Otherwise, you should take care of the VXVM diskgroup ID, which contains the hostname, too. Use vxdctl for ths operation

    vxdctl hostid new-host-name

    Note that the system will work even if you don’t do this, but Veritas will report the old hostname all the time if you don’t.

  5. 2002-11-24 1:50 am
    Anonymous

    ‘duh!

  6. 2002-11-24 5:27 pm
    Anonymous

    I seem to recall that iPlanet/Netscape directory server would also need some special care after a hostname change.

    Others?

  7. 2002-11-24 7:39 pm
    Anonymous

    This is not a Solaris problem. And the same goes for Veritas VM, it uses the same or at least very similar diskgroup ID system on all supported platforms.