注册
个人空间
怎样加固Solaris操作系统
This document gives some suggestions for hardening the stock Solaris SPARC/x86 OS. Not all things may be applicable to every installation. Use common sense. With a few changes, this is applicable to all Unix machines. No warranty is implied; standard disclaimers apply.
In general:
1. Keep the system disconnected from the network until all is ready.
2. Install only the core operating system, adding only necessary packages.
To harden the system, go through the following steps:
1. Install the latest OS version supported by Check Point.
2. Be sure root has a umask setting of 077 or 027 after you have fully configured the system.
3. Be sure root has a safe search path, as in
/usr/bin:/sbin:/usr/sbin
It helps avoid Trojan horses in the current working directory.
4. Generally, examine all "S" files in /etc/rc2.d and /etc/rc3.d.Any files that start unneeded facilities should be renamed (be sure the new names don't start with "S"). Test all boot file changes by rebooting, examining /var/adm/messages, and checking for extraneous processes in ps -elf output.
5. Make sure the to enable the "CONSOLE" line in /etc/default/login. To disable use of ftp by root, add "root" to /etc/ftpusers.
6. Remove /etc/hosts.equiv, /.rhosts, and all of the "r" commands from /etc/inetd.conf. Do a kill -HUP of the inetd process.
7. Remove, lock, or comment out unnecessary accounts, including "sys", "uucp", "nuucp", and "listen". The cleanest way to shut them down is to put "NP" in the password field of the /etc/shadow file. Also consider using the noshell program to log attempts to use secured accounts.
| 论坛热门帖子: | [lch203] 写得蛮好的linux学习笔记(10-21) [黑马制造] 学习java的30个目标(10-19) [笑傲股林] 做测试半年了,有点迷茫,应该再学些什么提高自己的测试水平和测试能力呢?(10-19) [udp8589] 大家用google的来吱一声? 用百度的~~也来报道下?(10-18) [沂偌掳兆] 本人总结的一些认为C++比较经典的书籍,希望对大家有用(10-18) |
| TAG标签: | 地方 指正 不对 怎么 来看 回复 fooquot /.rhosts nosuidquot |
