Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
61626364656667686970
Solaris 9 Security CX-310-301 65
It is good practice to disable all services and then only re-instate the services that are genuinely necessary.
When the file has been edited, inetd must be instructed to re-read the configuration file, so that changes are
made operational. This can be easily done using the following command:
# pkill –HUP inetd
The command above sends a “Hangup” signal to the daemon causing it to examine its configuration file
again. You could also reboot the system or find the pid of inetd and restart it manually, using kill –1. (Note
that –1 is the same as HUP).
Run Control Services
Disable any run control scripts that are not needed. These scripts are found in the /etc/rc*.d/ directories.
Any services not required should be renamed. A good practice is to rename the script so that it is preceded
by an underscore character (_) or by changing the initial letter to lowercase. The following example
disables the dtlogin script to start the graphical login utility:
# mv /etc/rc2.d/S99dtlogin /etc/rc2.d/_S99dtlogin
Now, when the system reboots, this script will be ignored, because startup scripts must being with an
uppercase “S” character and shutdown scripts must begin with an uppercase “K” character.
Remote Procedure Call (RPC) Services
If you don’t need to use RPC at all, then turn it off by disabling the following script:
# mv /etc/rc2.d/S71rpc /etc/rc2.d/_S71rpc
If you do need to use RPC, then restrict the programs used. There are a number of RPC programs in the file
/etc/inetd.conf. Normally these can all be disabled. Check the entries in the file /etc/rpc and comment out
those that are not required. You can then restart the rpcbind daemon to implement the changes.
Host Hardening
Host hardening is the action of making a system more secure. The more hardening that is done on a system,
the more secure it will be against external (and internal) attack. The act of hardening involves removing
potential vulnerabilities and security risks that are present in the Solaris operating system, but most of the
techniques used here are simply good practice for securing your systems. The following techniques are
some that are recommended to improve the security of your system:
¾ Install Solaris from recognized media
¾ Perform an Initial installation so that any residual information or files is cleared