Solaris 9 Security CX-310-301 Introduction This CramSession will help you prepare for the Solaris 9 Sun Certified Security Administrator. The exam topics that are covered by this document include general security concepts, device management and detection of devices, the types of security attacks that can be used, the protection of file and system resources, preventing attacks on hosts and networks and how to protect network access using encryption and authentication.
Solaris 9 Security CX-310-301 Make use of the manual pages because they provide a wealth of information about the utilities as well as full descriptions of the syntax and available options. For packages that are installed, ensure you have the directory /usr/local/man added to the MANPATH variable so these are accessible as well. Use Sun’s website for documentation and “how-to” guides. They are comprehensive guides and will provide expert information and guidance.
Solaris 9 Security CX-310-301 3 CRAMSESSION™ SINGLE USER LICENSE This is a legal agreement between you, an individual user, and CramSession. CramSession provides you with the content, information, and other material associated with this CramSession™ study guide, hereinafter referred to as the “Content,” solely under the following terms and conditions, hereinafter referred to as the “License.” By accessing the Content, you agree to be bound by the terms of this License.
Solaris 9 Security CX-310-301 The Content may be subject to export restrictions. You agree that you will not export the Content or any part thereof to any country, person, entity, or end user subject to U.S. export restrictions. You expressly agree not to export any part of the Content to any country to which the U.S. has embargoed or restricted the export of goods or services, or to any national who intends to export the Content back to any embargoed country. You warrant and represent that no U.S.
Solaris 9 Security CX-310-301 General Security Concepts .......................................................................................... 10 Information Security ................................................................................................................... 10 The Security Life Cycle .............................................................................................................. 10 Good Security .....................................................................
Solaris 9 Security CX-310-301 Detection and Device Management............................................................................. 23 Monitoring Login Attempts ......................................................................................................... 23 Loginlog .................................................................................................................................. 23 lastlog, utmpx, wtmpx and last ............................................................
Solaris 9 Security CX-310-301 Using File Listings .................................................................................................................. 40 Using Checksums .................................................................................................................. 40 Using File Digests .................................................................................................................. 40 Using the find Command..................................................
Solaris 9 Security CX-310-301 The Set-Uid and Set-Gid Permissions ................................................................................... 57 Implications of Lax File and Directory Permissions................................................................ 57 Access Control Lists (ACL) ........................................................................................................ 58 Identifying an ACL ......................................................................................
Solaris 9 Security CX-310-301 Undoing SST .......................................................................................................................... 69 Verifying SST.......................................................................................................................... 70 Network Connection Access, Authentication and Encryption ................................. 71 TCP Wrappers ................................................................................................
Solaris 9 Security CX-310-301 Security Administrator for the Solaris 9 Operating System General Security Concepts This section is concerned with describing a number of fundamental concepts and terms relating to computer and information security. It also covers an analysis of a potential attacker, how crucial information can be gained by ill-prepared security procedures and the motives and methods of an attacker.
Solaris 9 Security CX-310-301 ¾ Detect – You should, at regular intervals, run tests to see if you can break in to your systems. A number of scanning tools and vulnerability checking applications are available to do this.
Solaris 9 Security CX-310-301 is less likely that he/she will continue with the attack. Compare this aspect with adding security to your motor car – alarms, immobilizers, steering wheel clamps, wheel clamps and so on. This creates problems for the attacker (or thief) and will take longer to break in. Remember, there is always another, easier opportunity for the attacker, just make sure it isn’t you! A simple example is allowing the root user to login only from the system console.
Solaris 9 Security CX-310-301 ¾ The procedure to follow in the event of a security breach ¾ Any special dispensation procedures, for example, to allow rapid deployment of a system or application before being fully accredited to the policy ¾ References to Data Protection legislation and how the policy complies with the legal requirements Physical Security This describes the physical security measures that must be taken to protect the assets described in the policy and must include the following: ¾ Lo
Solaris 9 Security CX-310-301 Application Security An insecure application can undermine the entire security policy and must be treated with respect when defining a security policy. Most of the time, you will not have the source code for an application (unless it is open source), so there is a reliance on the supplier to provide a “fix” for a security problem. The security policy must state the accepted tolerance (if any) to allow a solution to be implemented.
Solaris 9 Security CX-310-301 ¾ Unnecessary services and ports being available, allowing known vulnerabilities to be exploited ¾ The system giving out too much information to potential attackers ¾ No firewall implemented ¾ No logging of failed login attempts, which would indicate, for example, an attacker trying to guess passwords ¾ No auditing of operations, such as file deletions User Trust With any computer network, or computer system, there has to be an element of trust between the system adm
Solaris 9 Security CX-310-301 Accountability Accountability is the assignment of responsibility, frequently associated with user accounts on computer systems. When you, as a user, are given a user account and password, you become accountable (responsible) for all actions carried out by that user. Shared user accounts that are used by more than one person undermine the accountability – how can you be certain of who did what? Maintaining accountability is an important aspect of computer security.
Solaris 9 Security CX-310-301 ¾ Individual – Detailed information on an individual person, family, company or Government is targeted. Terrorists and criminals might use this approach. ¾ Data Harvest – Bulk data is targeted normally by criminal elements for the purpose of a scam. This might include personal, or financial information so that groups of people can be targeted automatically.
Solaris 9 Security CX-310-301 ¾ Employees – Probably the worst form of attacker is one from within. Normally an employee with a grudge against the company – no pay rise, no prospects, recently missed out on a promotion for example. The internal employee knows the business and can potentially cause untold damage. The majority of attacks still come from within. ¾ Criminals – Individuals are not normally very experienced and are looking for ways to make “easy money”.
Solaris 9 Security CX-310-301 19 information for example, the attacker would consult publicly available sites such as www.cert.org or www.sans.org for news on vulnerabilities. Attackers choose their targets based on a variety of criteria, depending on the overall objective. A terrorist will target a specific company or type of company, whereas a cracker will just scan around looking for a vulnerable site to break into and cause damage.
Solaris 9 Security CX-310-301 100000 100000 100000 100000 100024 100024 100133 100133 100021 100021 100021 100021 100021 100021 100021 100021 100005 100005 100005 100005 100005 100005 100003 100003 100227 100227 100003 100003 100227 100227 300598 300598 805306368 805306368 100249 100249 ¾ 1 1 2 4 3 2 1 1 1 1 1 2 3 4 1 2 3 4 1 2 3 1 2 3 2 3 2 3 2 3 2 3 1 1 1 1 20 tcp udp udp udp udp tcp udp tcp udp udp udp udp tcp tcp tcp tcp udp udp udp tcp tcp tcp udp udp udp udp tcp tcp tcp tcp udp tcp udp tcp udp tc
Solaris 9 Security CX-310-301 220 ultra10.example.com ESMTP Sendmail 8.12.10+Sun/8.12.9; Thu, 1 Apr 2004 18:38:49 +0100 (BST) expn john 250 2.1.5 John Philcox expn testuser 550 5.1.1 testuser... User unknown expn admin 250 2.1.5 System Administrator quit 221 2.0.0 ultra10.example.com closing connection Connection to 0 closed by foreign host.
Solaris 9 Security CX-310-301 ¾ B2 – Fully documented configuration control, facility management and system configuration. Security administration and operator functions are separated ¾ B3 – Access control lists and full system documentation. Access is based on access control lists and labels ¾ A – Requires formal proof of the security of the system Note that each subsequent level builds on the previous level. To put the above into perspective, a normal PC is rated at D and Trusted Solaris at B1.
Solaris 9 Security CX-310-301 ¾ By operating lax permissions and revealing passwords Detection and Device Management This section looks at logging important system messages so that incidents can be recorded, including the use of the process accounting facility that comes with the standard Solaris 9 installation. Also, the Solaris Basic Security Module (BSM) is described here showing how to configure BSM and conduct an audit, as well as interpreting the results.
Solaris 9 Security CX-310-301 24 It should be noted that login attempts using CDE (dtlogin) will not be caught by this facility. Only attempts that use the login command will be noticed. lastlog, utmpx, wtmpx and last The files /var/adm/utmpx and /var/adm/wtmpx record information about who is logged in to a system. utmpx contains current information and wtmpx contains historical information. The file /var/adm/lastlog records the prior login information. It is not an ASCII readable file.
Solaris 9 Security CX-310-301 25 ¾ Hardware error messages ¾ Failed su attempts ¾ User login failures ¾ System software and application error conditions ¾ Notification of root logins Note that successful su attempts, when a user enters the correct password, are NOT recorded in this file. SU logging When a user uses the su command to become (substitute user), it is logged by default to the file /var/adm/sulog. The behavior of this logging activity is controlled by the file /etc/default/su.
Solaris 9 Security CX-310-301 ¾ daemon – Messages concerning daemon processes (syslogd, inetd for example) ¾ * - All of the facilities ¾ local.* – Locally defined message criteria The priorities are: ¾ emerg – Emergency situations.
Solaris 9 Security CX-310-301 27 *.err;kern.notice;auth.notice *.err;kern.debug;daemon.notice;mail.crit *.alert;kern.err;daemon.err *.alert *.emerg /dev/sysmsg /var/adm/messages operator root * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.
Solaris 9 Security CX-310-301 28 access to your system. However, if you configure syslog to send its messages to one or more central logging servers, then this is made infinitely more difficult, if not impossible, thereby preserving your evidence. TIP: On any central logging servers, disable ALL services, except syslog on UDP port 514. This prohibits ANY access to the servers other than the logging messages. Also, configure more than one logging server to avoid having a single point of failure.
Solaris 9 Security CX-310-301 Process Accounting Process accounting is installed as part of a default Solaris 9 installation and, although it is primarily designed as an accounting tool for billing uses, it also has value as a security monitoring tool.
Solaris 9 Security CX-310-301 ¾ /etc/security/audit_user – Provides more detailed control allowing specific users and actions to be audited ¾ /etc/security/audit_event – Defines the events that can occur ¾ /etc/security/audit_class – Groups events into classes for easier management ¾ /etc/security/audit_data – Contains the current pid for the auditing daemon and the full pathname for the current audit log file The file /etc/security/audit_startup is read when the daemon process is started and sets
Solaris 9 Security CX-310-301 ¾ Reboot the system to bring it up with auditing enabled # /etc/security/bsmconv This script is used to enable the Basic Security Module (BSM). Shall we continue with the conversion now? [y/n] y bsmconv: INFO: checking startup file. bsmconv: INFO: move aside /etc/rc3.d/S81volmgt. bsmconv: INFO: turning on audit module. bsmconv: INFO: initializing device allocation files. The Basic Security Module is ready. If there were any errors, please fix them now.
Solaris 9 Security CX-310-301 Interpreting the Results Continuing the example scenario, you now want to inspect the audit file(s) to see if any files have been deleted by the root user. Use the auditreduce command to select only the records of interest and then pipe the result to praudit to present the data in readable form.
Solaris 9 Security CX-310-301 Note: A reboot of the system automatically causes the current log file to close and a new one to be opened when the system comes back up. Disabling BSM If you no longer want to run the auditing facility it can be easily disabled by running: # /etc/security/bsmunconv bsmunconv: ERROR: this script should be run at run level 1. Are you sure you want to continue? [y/n] y This script is used to disable the Basic Security Module (BSM).
Solaris 9 Security CX-310-301 ¾ deallocate – Used to deallocate a device after a user has finished with it ¾ dminfo – Used to report information on a device. Reads the device_maps file ¾ list_devices – Produces a list of allocatable devices ¾ device-clean scripts – A series of scripts that prohibit any other user from accessing information or data from a device when the user has finished using it. The scripts can be found in the directory /etc/security/lib.
Solaris 9 Security CX-310-301 Security Attacks This section looks at different types of attacks that can be attempted against your systems or network. It also looks at ways in which these can be detected and prevented. Denial of Service (DoS) Attacks A DoS attack is one where the resources of a system (or network) become depleted so as to prevent the normal operation of that system (or network). As the name implies it denies service to legitimate users of the system.
Solaris 9 Security CX-310-301 Preventing DoS Attacks Some DoS attacks can be prevented fairly easily, whilst for others there is little protection. The following points can be used to assist with stopping some of the attacks listed in the previous section: ¾ TCP SYN and Ping of Death attacks use ICMP messages. If you have a firewall installed, then restrict, or disable the use of ICMP through the use of the firewall rules.
Solaris 9 Security CX-310-301 Privilege Escalation Attacks Types of Attack ¾ Trojan Horse – As the name implies, this exploit involves installing, or modifying a legitimate program to perform not only its real actions, but some additional ones too. It is these additional actions which undermine the security of the system and allow unauthorized access.
Solaris 9 Security CX-310-301 Detecting Attacks There are various methods for detecting that an attack has taken place. This section looks at detecting backdoor and Trojan Horse attacks. Using Solaris Fingerprint Database The fingerprint database supplied by Sun Microsystems provides the facility to check that Solaris Operating Environment files have not been tampered with, or modified by an unauthorized intruder. For single files, you can use the interactive option on Sun’s web site at: http://sunsolve.
Solaris 9 Security CX-310-301 The result is shown in the next screenshot.
Solaris 9 Security CX-310-301 Note that the checksums match and the 1 match(es) indicates this too. The interactive method is quite labor intensive, if you want to check a larger number of files, so you can download the Solaris Fingerprint companion and the sidekick utility from http://wwws.sun.com/software/security/downloads.html This method allows a number of MD5 signatures to be generated and automatically fed to the Solaris Fingerprint database for comparison.
Solaris 9 Security CX-310-301 41 Using the find Command If you do not have access to a fingerprinting tool, then the find command is the next best utility for detecting unauthorized access to a system.
Solaris 9 Security CX-310-301 -r-sr-xr-x -r-sr-xr-x -r-s--x--x -r-sr-xr-x -r-sr-xr-x -r-sr-xr-x -r-sr-xr-x -r-s--x--x -r-s--x--x -r-s--x--x -r-s--x--x -r-sr-xr-x -r-sr-xr-x -r-sr-xr-x -r-sr-xr-x -r-sr-xr-x -r-sr-xr-x ---s--x--x ---s--x--x ---s--x--x ---s--x--x ---s--x--x ---s--x--x ---s--x--x -rwsr-xr-x ¾ 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 root root root root root root root root root root root root root root root root root root uucp uucp uucp uucp uucp uucp root 42 bin 15296 bin 15296 sy
Solaris 9 Security CX-310-301 The following output shows the result of a Tripwire report after running a check on the fingerprint database. Before running the check, the following commands were run to force two changes: ¾ touch /etc/passwd – to update the access time on the password file ¾ cp /etc/inet/hosts /etc/inet/hosts.JP – to make a copy of the hosts file # bin/twprint --print-report --report-file ultra-20040413-165329.twr Note: Report is not encrypted. Tripwire Integrity Check Report version 4.
Solaris 9 Security CX-310-301 Include Files Man Pages Administrative Binaries * System configuration files System Directories 44 35 35 100 100 100 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 Total objects scanned: 28489 Total violations found: 2 ==================================================== Object Detail: ==================================================== ----------------------------------------------------------------------Section: Unix File System --------------------------------------------------------
Solaris 9 Security CX-310-301 Kernel Trust and OpenBoot The kernel is implicitly trusted because it IS the operating system. For this reason, the kernel is potentially vulnerable to attacks, because, once compromised, an attacker has full control of the system.
Solaris 9 Security CX-310-301 46 This prompts the user to enter a password twice. Note: Setting the EEPROM password should not be done lightly because it cannot be reset easily if forgotten and could render the system useless. The EEPROM device would have to be removed and reprogrammed – this must be done by Sun Microsystems.
Solaris 9 Security CX-310-301 47 ¾ After a specified time of inactivity ¾ On a specific date ¾ Immediately You can also use a combination in that an account could be set to expire if it is not used for a specific number of days, but also expire on a certain date.
Solaris 9 Security CX-310-301 Note: The expiry information is stored in /etc/shadow. Restricting root Logins It is bad practice to allow root to login directly across the network. The only time that root should be able to login, is at the console.
Solaris 9 Security CX-310-301 49 # find / -user 8888 -print -exec chown root {} \; /var/report1 /var/report2 /var/report3 Now list the files to check they have changed owner: # ls -l /var/report* -rw-r--r--rw-r--r--rw-r--r-- 1 root 1 root 1 root other other other 0 Apr 10 22:34 /var/report1 0 Apr 10 22:34 /var/report2 0 Apr 10 22:34 /var/report3 Protecting Passwords The security policy should provide users with guidelines for passwords, including details on how they should be protected and also guidel
Solaris 9 Security CX-310-301 50 ¾ It has become increasingly common, when choosing a password, to replace some vowels with numerals that are similar in appearance, such as the number “1” for the letters “l” or “i”, or “3” for “E”.
Solaris 9 Security CX-310-301 Another aspect of password aging is to be able to control how frequently a user may change their own password. One popular scenario is to make a user change the password, only for the user to immediately change it back. For this reason, an option to specify the minimum number of days before a password can be changed is implemented with Solaris 9, as is the number of days’ warning a user receives before a password change is required.
Solaris 9 Security CX-310-301 ¾ The step above creates the file passwd.guess, which john will work on to try and obtain the actual password. ¾ Start the program running. Any passwords that are guessed are, by default, echoed to the screen and also written to an output file in the current directory called john.pot. ¾ At any time during the run, you can press any key to see what the current status of the run is. The following output shows an actual run: # ./john passwd.
Solaris 9 Security CX-310-301 It should also be remembered that password authentication is only one method of gaining access to a system. If the system is not secured in other ways, then an attacker can often gain privileged access without even entering a password. One popular method of circumventing the password procedure is for an attacker to install a trojaned version of the login program. It performs the same function as the legitimate login program, but captures the input from a user, i.e.
Solaris 9 Security CX-310-301 ¾ SULOG – Normally set to /var/adm/sulog defines the log file that is written to when the su command is run ¾ CONSOLE – Normally commented out, but is set to /dev/console. If set, this sends a message to the console when su is run. It is recommended that this line be uncommented, so the system administrator can monitor its usage ¾ PATH – Normally commented out, but is set to /usr/bin.
Solaris 9 Security CX-310-301 Creating A Profile A profile is created by making an entry with an editor, such as vi, in the file /etc/security/prof_attr. To create a new profile for adding user groups add the following entry, noting the number of “:” characters: Group Creation:::Create new groups: Associating Executions with a Profile The previous action created a profile. At this point the profile does not do anything. The commands for a profile must be entered in /etc/security/exec_attr.
Solaris 9 Security CX-310-301 Logging in to a Role To access the functionality of a role, you must first be logged in as a normal user. The user then uses su to assume the role identity. For example, user temptest assumes the newgroup role, running the id command before and after: $ id uid=8888(temptest) gid=10(staff) $ su newgroup Password: $ id uid=50002(newgroup) gid=1(other) Test the role by checking you can run the required commands as well as normal user commands.
Solaris 9 Security CX-310-301 ¾ ¾ Directories • Read – This allows the directory to be read, but the files cannot be listed • Write – This allows files to be created, renamed and deleted, regardless of the individual permissions set on a file within the directory • Execute – This allows the directory to be listed Files • Read – This allows a file to be read and copied • Write – This allows a file to be written, but it should be noted that this permission alone does not allow read access as well,
Solaris 9 Security CX-310-301 58 ¾ An attacker can gain valuable information about the system which can be used later to aid further attacks ¾ Files can be accidentally deleted or corrupted by legitimate users ¾ Sensitive management information could potentially be read by employees ¾ Customer confidence in the organization can suffer greatly if data is exposed in the public domain ¾ An organization might be vulnerable to prosecution if data protection legislation is deemed to have been breached
Solaris 9 Security CX-310-301 59 Setting ACLs To set # setfacl -s user::rwx,g::r--,o:---,mask:rw-,u:temptest:r-- testfile To see the ACL just created, use the getfacl command: # getfacl testfile # file: testfile # owner: john # group: john user::rwx user:temptest:r-group::r-mask:rwother:--- #effective:r-#effective:r-- The ACL allows the user temptest to have read access to the file testfile. Note that if you run setfacl –s on an existing ACL, it will replace the entire ACL, overriding the current ACL.
Solaris 9 Security CX-310-301 60 Deleting an ACL To remove an ACL, use the setfacl –d command to remove the specific permissions. When the last permission is removed, there is no longer an ACL on the file: # setfacl –d u:temptest testfile Recalculating the Mask of an ACL The mask of an ACL reports on the effective permissions that are in effect on an ACL.
Solaris 9 Security CX-310-301 ¾ Control Flag – The deciding factor on what constitutes a success or failure – can be requisite, required, optional or sufficient. When an auth module is used for example, the controls function like this: • Requisite – The module being executed must be successful for any further authentication to be allowed. • Required – The overall result of the authentication must be successful.
Solaris 9 Security CX-310-301 ¾ Make sure the module is owned by root and the permissions should be equal to 555 ( or r-xr-xr-x ). You should note that the default installation puts permissions at 755, so you might want to change these ¾ Edit the PAM configuration file, /etc/pam.conf and add the new module to the services it is going to provide authentication for ¾ It is always advisable to reboot the system and then test the new module to ensure it is working as expected.
Solaris 9 Security CX-310-301 ¾ Kerberos is not a transparent service, like PAM where modules can be plugged in.
Solaris 9 Security CX-310-301 ¾ Network Address Translation (NAT) – where a corporate network can be made to look (externally) like it has only one address, or a limited number of addresses. Numerous internal addresses can be mapped to a single external IP address, protecting the identity of the internal hosts. A firewall works on a set of rules which either allow or deny certain addresses or types of data. The rules are usually processed in a top-down fashion, stopping when a match is found.
Solaris 9 Security CX-310-301 It is good practice to disable all services and then only re-instate the services that are genuinely necessary. When the file has been edited, inetd must be instructed to re-read the configuration file, so that changes are made operational. This can be easily done using the following command: # pkill –HUP inetd The command above sends a “Hangup” signal to the daemon causing it to examine its configuration file again.
Solaris 9 Security CX-310-301 ¾ Only install the Solaris cluster containing packages that you actually need. There is no need to install everything if it’s not required and it will created unnecessary security risks if you do ¾ Restrict network services in /etc/inetd.conf ¾ Restrict RPC services ¾ Manage user accounts effectively by including expiry dates and locking the passwords of dormant accounts ¾ Secure system accounts such as adm, lp, sys, nobody etc.
Solaris 9 Security CX-310-301 http://www.sun.com/solutions/blueprints/0601/jass_quick_start-v03.pdf and for a full install, configure and run guide go to: http://www.sun.com/solutions/blueprints/0601/jass_conf_install-v03.pdf SST installs by default into /opt/SUNWjass and the current version at the time of writing is 4.0.1. SST can be implemented in standalone mode or as part of a JumpStart configuration.
Solaris 9 Security CX-310-301 ¾ Audit – This contains the scripts to run in order to carry out a verification check jass run. These scripts do not make changes, they just analyze the current state of the system and report the vulnerabilities it finds The secure.driver script is shown here: # cat secure.driver #!/bin/sh # # Copyright (c) 2000-2003 by Sun Microsystems, Inc. # All rights reserved. # #ident "@(#)secure.driver 3.
Solaris 9 Security CX-310-301 [NOTE] Copying /.profile from /opt/SUNWjass/Files/.profile. ======================================================================= secure.driver: Finish script: print-jass-environment.
Solaris 9 Security CX-310-301 70 You should note that not all SST actions can be undone, only those that are called by a script. This needs to be borne in mind when trying to undo SST, because you might get some unexpected results and residual security implementations left over. Verifying SST Earlier release of SST called this an Audit run, but it is now known as a verify run.
Solaris 9 Security CX-310-301 71 Network Connection Access, Authentication and Encryption The final section looks at remote connections and the basics of cryptology. TCP Wrappers TCP Wrappers provides additional logging and authentication for the network daemon processes such as: ¾ ftp ¾ telnet ¾ rlogin ¾ rsh ¾ tftp ¾ exec ¾ finger The wrappers are small daemon programs that “wrap” the actual network daemons, like in.telnetd.
Solaris 9 Security CX-310-301 telnet stream tcp 72 nowait root /usr/local/bin/tcpd in.telnetd –d1 Denying and Allowing Host Connects The files /etc/hosts.allow and /etc/hosts.deny can be created to allow or deny specific connections. Note that if there is no entry, then access is allowed. One way round this is to edit the two files like this: In /etc/hosts.deny put the following entry: ALL: ALL: Then, to allow for example, 192.168.1.1 to use telnet, put the following entry in /etc/hosts.allow: in.
Solaris 9 Security CX-310-301 rm -f nul.c ( ./nul ; cat prototype ) > in.rlogind chmod 644 in.rlogind ¾ This creates banner files for in.ftpd, in.telnetd and in.rlogind. ¾ Now when an unauthorized host tries to connect, the banner message will be displayed and the connection refused. Logging TCP Wrappers writes to the log files using syslog. Valid connect messages are written to the auth.info level and refused connections are written to the auth.warning level.
Solaris 9 Security CX-310-301 warning: ultra1: hostname alias warning: (official name: ultra1.mobileventures.homeip.net) client: hostname ultra1.mobileventures.homeip.net client: address 192.168.1.1 server: process in.telnetd matched: /etc/hosts.allow line 1 access: granted Cryptology Terminology This section describes a number of terms used in cryptology: ¾ Secret-key – Also known as private-key and symmetric key. It describes a method by which date is encrypted and decrypted using the same key.
Solaris 9 Security CX-310-301 ¾ ssh – Secure session connection to replace telnet ¾ scp – Secure copy of files between hosts ¾ sshd – The server daemon that processes requests from clients ¾ ssh-agent – The authentication agent that holds the “keys” ¾ ssh-add – This registers new keys with the agent ¾ ssh-keygen – Used to create a new pair of keys for the client and server authentication Configuring the Server The SSH server uses the configuration file /etc/ssh/sshd_config.
Solaris 9 Security CX-310-301 Generating a Client Key The client generates a key pair (private and public keys) by using the ssh-keygen command. When this command is run, the client has to enter a passphrase that is to be used to create the keys. An example is shown below: $ ssh-keygen Enter file in which to save the key(/export/home/john/.ssh/id_rsa): Generating public/private rsa key pair.