SOLARIS 9 - Security checkList

Similar Messages

• Windows 2012 server security checklist for corporate company standard/recommended check-list

  Hello All,
  Good Day.
  I am looking for Windows 2012 server security checklist (standard hardening
  settings), would you kindly assist me by providing Wintel 2012 standard/recommended check-list ASAP?
  Thanks in advance.

  Hi,
  The Microsoft Security Compliance Manager 3.0 tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows Server 2012 in your environment.
  For more detailed information, please refer to the articles below:
  Windows Server 2012 Security Baseline
  http://technet.microsoft.com/en-us/library/jj898542.aspx
  Security Hardening Tips and Recommendations
  http://social.technet.microsoft.com/wiki/contents/articles/18931.security-hardening-tips-and-recommendations.aspx
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Solaris Security Toolkit 4.2

  Hi!
  I've downloaded the Solaris Security Toolkit 4.2 (http://www.sun.com/software/security/jass/) and I've installed on a Solaris 9 but when I try to run the jass-execute I got the folwong error:
  ./jass-execute: syntax error at line 974: `end of file' unexpected
  Could anyone help me?
  Thanks.

  I was running form /opt/SUNWjass/bin but it needs to be run from /opt/SUNWjass directory.

• Hyperion Essbase on Solaris & Security issue in Shared services

  I installed Hyperion system 9.3.1 in my dev environment. Every thing is working properlly.
  But i still have questions on couple of things.
  1) I installed essbase on solaris 10. I was just trying to configure the sql interface for ESSBASE.
  I went through the documentation. It says i supposed to get a file called libesssql.so.1
  But i can't able to see this file in ARBORPATH/bin location. But still I could able to load the data
  into sample Essbase application. My essbase is working fine. when i ran the script inst -sql.sh
  it created a file called libesssql.so in the ARBORPATH/bin location. But no libesssql.so.1.
  Can some one help me regarding this................
  2)In the shared services when i clicked under Hyperion system 9 BI+, i cant able to see
  any reporting related files to assign security. i am seeing a message saying refer to the security guide to confiure
  permissions for this application.
  I logged into the shared services with admin privileges.
  Please help me in this...........
  Thanks,

  Hi,
  What version are you using ?
  Just to be clear are you saying that the utility only exported one native user and you expected it to export more ?
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Security Checklist

  I am selling my Mac - "Gasp?! WHY?!" I hear you say. Don't worry, it is for a better model, I am not going back to PCs.
  Before I hand over my computer I want to make sure that there is no way of anyone gaining any personal/secure knowledge about me from my Mac.
  Can anyone think of a checklist to run through to make sure this can't be done.
  I'll start:
  1) Delete all my documents.
  2) Open iTunes, click "advanced" and "deauthorise computer"
  ....what next?
  Regards
  PISMO   Mac OS X (10.3.9)  

  Bjorn...
  Prepare Your MAC fo Resale or to be donated....
  1. After you have backed up all your data...insert your Mac OS Install Disc..
  2. Double-click Install Mac OS X...and then click Restart
  3. Enter your password when prompted...click OK.The computor will restart from the Mac OS X Install disc.
  4. In the language selection screen...choose English...click Continue.
  5. Choose Installer>Open Disk Utility and select the physical volume...this will be the upper left Pane (assuming you only have one hard drive)
  6. Click ...Erase and in the next window...
  • Volume Format....should be Mac OS Extended (Journaled)
  • Name..... Macintosh HDii
  7. Click on Security Options...you have two options..
  • Zero All Data
  • 8 Way Random Write...This will take much, much longer to erase.
  8. To continue, click OK and then click ... Erase
  9. Dialog will warn you everything will be erased...click on Erase.
  10. When erase is done...choose Disk Utility>Quit Disk Utility.
  11. At this point you can proceed with your chose of Mac OS Installation.
  12. Click continue until you see the disk selection screen.
  13. Choose the internal hard drive....then initiate the installation
  14. The computor will automatically restart when installation is done, and take you to the Mac OS X Setup Assistant.
  15. Do not create a new user account, instead, wait intil the assistant is done loading...then hold the power button for five seconds to sutdown the Mac.
  16. When the new owner first starts up ... now they will go through the
  Mac OS Setup Assistant...just as though it was a new Mac computor.
  george

• Solaris Security Toolkit 4.2 download format

  I've downloaded the newest release of the ToolKit for Sol10 and it appears to be in compressed tar format.
  (Solaris_Security_Toolkit_4_2_0_pkg.tar.Z)
  According to docs it should be in compressed package format and I should be able to do a pkgadd after uncompressing.
  What am I missing?
  Thanks in advance!
  s

  I think when I last installed SUNWjass (this was under solaris 9)I had to go into that directory (once moved to /opt) and run the install scripts something like:
  ~/jass-execute -d secure.driver (read the INSTALL file)
  and then it showed up in things like pkginfo .
  Hope this helps more.
  cheers
  Paul

• Solaris security level

   

  Not quite sure what you mean by the question - usual unix security
  applies plus ACLs and kerberos. There are also some good whitepapers you can find at the Sun website
  For serious applications Trusted Solaris for both Sparc and Intel
  platforms can be purchased via www.sun.com/store
  Product details at sun.com:
  Home -> Products & Solutions -> Software -> Operating Environments & Platforms -> Solaris Product Line -> Products -> Trusted Solaris 8

• Solaris security patch

  Hi All,
  I would like to ask some questions, I have an Solaris 10 and RHEL which is install in separate machine..
  The question is:
  1. how can I check the latest patches or latest update? (I need a step or command)
  2. where can I get the latest security patch or necessary patch that I need to put in into my servers?
  Please help to give me some guidance or information for this issue.. I would like to thank you first for your reply and help. GBU.

  Hi,
  Where can I check the patch that installed in my servers? which directory or path..? so I will know what is the next patch that I should install into this servers.
  oh btw, I check above link and I use the search function 'updatemanager' but it ended up lots of links in 'support'
  Thanks for your reply.

• Accepting Manual Updates - Solaris Security Toolkit

  I have hardened a Solaris 10 server with Security Toolkit 4.2 and since then have
  modified the system.
  How do I get the Toolkit (Jass) to accept the changes?
  I suspect that I must create a new driver and do a Jass Execute but I would like to approach
  this problem with some certainty. FYI - I created some new slices and mounted them
  but the changes to vfstab do not seem to stick.
  Any advice is appreciated.
  LB

  I think I found the issue, only somewhat related to Security Toolkit ...
  [http://groups.google.de/group/comp.unix.solaris/browse_frm/thread/93f6231c5bdc8409|http://groups.google.de/group/comp.unix.solaris/browse_frm/thread/93f6231c5bdc8409]
  I activated smserver and the drive now works...
  LB

• Best Practice paper for SSO Security CheckList

  Is there any white papers or guides on how to secure the SSO? THKS

  also, try:
  SSL + certificate (will login automatically)
  Portal Security and Login Server Forum

• Weblogic Security Checklist

  Does anybody have any documents or links that cover "hardening" a Weblogic server?
  We are putting together a security plan and we are trying to list the steps that
  one would take to secure a default Weblogic install. Any help would be appreciated.
  Thanks

  instead of import weblogic.security.SubjectUtils; use import weblogic.security.spi.WLSUser; and get the username as below
  Set users = subject.getPrincipals(WLSUser.class);
            Iterator iter = users.iterator();
            while (iter.hasNext()){
                 userName = ((WLSUser)iter.next()).getName();
                 System.out.println(userName);
  this returns you the username

• Solaris Security Toolkit (JASS) for Solaris 11?

  Has anyone heard anything about an updated version of this for Solaris 11?
  Or I'm curious if anyone has tried running the Solaris 10 version on 11?
  Thanks

  Don't run the Solaris 10 version on Solaris 11, it will not work correctly.
  Many aspects of what SST did on Solaris 10 are part of Solaris 11. If there are things you need that aren't covered, I'd suggest opening a support case.

• Webologic solution for below question (security checklist)

  how to disable multiple session in weblogic?
  Edited by: 946501 on Jul 15, 2012 6:15 AM

  Hi,
  What you mean by disabling multiple session in weblogic ?
  can you brief with your query?
  Regards,
  Kal

• Solaris 10, Tomcat 5 Cant connect to a database

  Hi:
  I installed Solaris 10 in a Sun Sunfire V100 Server and installed Tomcat 5.5.20 with JDK1.5, when my application needs to connect to my database server (MS Windows 2000 with MS SQL SERVER 2000 by Port 1433) using JDBC, the application do nothing, There's no information in Tomcat and System logs, I think it is related with Solaris Security (IPFilter) open/closed ports but I am not sure.
  I tested the connection to the database using a java class program and got the next error: [Microsoft][SQLServer 2000 Driver for JDBC]Error establishing socket.
  Thanks for the help.

  I know nothing about tomcat & DBs, but you could
  try telnetting out from Solaris on various ports to
  connect to other services on the MSWin box.
  Eg,
  $ telnet 192.168.1.244 80
  will attempt to hit port 80 on the MSWin machine.
  You'll know what services WIndows is running.
  This'll help you isolate the problem, if you can get
  through on some ports rather than others. If can't
  get out at all at all, check that your network services
  are ok with
  # svcs -x
  'snoop' is also worth trying out on the Solaris box.
  snoop 192.168.1.244
  will give you brief info on packets.
  snoop -V 192.168.1.244
  will give you more info
  snoop -v 192.168.1.244
  will give you shedloads
  Apologies if these steps were already known to you.

• Oracle 8 security risks

  ISS Security Advisory
  May 6, 1999
  Multiple File System Vulnerabilities in Oracle 8
  Synopsis:
  Internet Security Systems (ISS) X-Force has discovered that
  multiple vulnerabilities exist in Oracle 8 that may allow local
  attackers to exploit weaknesses in Oracle administrative tools.
  Oracle is the market leader in enterprise database solutions.
  Attackers may use these vulnerabilities to amplify their
  privilege to that of the foracleF user. By default, the oracle
  user controls the entire Oracle database system. Attackers may
  launch local denial of service attacks against the database as
  well as alter or manipulate data.
  Affected Versions:
  ISS X-Force has determined that most current versions of Oracle
  8 for Unix are vulnerable. These versions include 8.03, 8.04,
  8.05, and 8.15. Oracle 8 for Windows NT is not affected by
  these vulnerabilities.
  Description:
  The Oracle 8 distribution is shipped with many administrative
  utilities that are owned by the oracle user with the setuid bit
  enabled. Several of these utilities implement insecure file
  creation and manipulation. These utilities also trust Oracle-
  related environment variables. The combined effect of these
  vulnerabilities may allow local attackers to create, append to,
  or overwrite privileged oracle files. Certain vulnerabilities
  exist that may allow local attackers to execute arbitrary
  commands as the oracle user. Attackers may also be able to
  permanently elevate their privilege to that of the oracle user.
  Temporary files that follow symbolic links are a common source
  of vulnerabilities in setuid executables. Administrators should
  remove or restrict access to setuid executables if possible.
  Developers of setuid programs need to take special precautions
  to prevent
  the introduction of vulnerabilities of this nature. ISS X-Force
  recommends
  that all Unix developers become familiar with Matt BishopFs
  secure
  programming guide, available at
  http://olympus.cs.ucdavis.edu/~bishop/secprog.html
  Fix Information:
  ISS X-Force has worked with Oracle to provide a patch for the
  vulnerabilities described in this advisory. Oracle has provided
  the following FAQ to answer any questions concerning these
  vulnerabilities.
  Q: IFve heard about a setuid security issue with the Oracle
  database? What is this all about?
  A: On Unix platforms, some executable files have the setuid bit
  on. It may be possible for a very knowledgeable user to use
  these executables to bypass your system security by elevating
  their operating system privileges to that of the Oracle user.
  Q: Which releases are affected by this problem?
  A: This problem affects Oracle data server releases 8.03, 8.0.4,
  8.0.5, and 8.1.5 on Unix platforms only.
  Q: Can I correct this problem or do I need a patch?
  A: This problem can easily be corrected. The customer can
  download the patch from the Oracle MetaLink webpages at
  http://www.oracle.com/support/elec_sup. The patch is a Unix
  shell script. This shell script should be run immediately, and
  also run after each relink of Oracle.
  Q: What is Oracle doing to fix this problem?
  A: Effective immediately, Oracle will provide the patch on
  OracleFs Worldwide Support Web pages. Oracle will ensure the
  patches are incorporated into future releases of Oracle8i
  (8.1.6) and Oracle8.0 (8.0.6)
  Q: What is Oracle doing to notify users about this problem now?
  A: Oracle is notifying all supported customers, via the Oracle
  Worldwide Support Web pages, of this issue so they can address
  it as required.
  ISS X-Force also recommends that all administrators complete a
  proactive survey on the use or potential misuse of setuid bits
  on privileged executables on their systems.
  Credits:
  These vulnerabilities were primarily researched by Dan
  Ingevaldson of the ISS X-Force.
  Copyright ( 1999 by Internet Security Systems, Inc. Permission
  is hereby granted for the electronic redistribution of this
  Security Alert. It is not to be edited in any way without
  express consent of the X-Force. If you wish to reprint the
  whole or any part of this Alert Summary in any other medium
  excluding electronic medium, please e-mail [email protected] for
  permission.
  About ISS
  ISS is the pioneer and leading provider of adaptive network
  security software delivering enterprise-wide information
  protection solutions. ISSF award-winning SAFEsuite family of
  products enables information risk management within intranet,
  extranet and electronic commerce environments. By combining
  proactive vulnerability detection with real-time intrusion
  detection and response, ISSF adaptive security approach creates
  a flexible cycle of continuous security improvement, including
  security policy implementation and enforcement. ISS SAFEsuite
  solutions strengthen the security of existing systems and have
  dramatically improved the security posture for organizations
  worldwide, making ISS a trusted security advisor for firms in
  the Global 2000, 21 of the 25 largest U.S. commercial banks and
  over 35 governmental agencies. For more information, call ISS at
  678-443-6000 or 800-776-2362 or visit the ISS Web site at
  www.iss.net.
  Disclaimer
  The information within this paper may change without notice. Use
  of this information constitutes acceptance for use in an AS IS
  condition. There are NO warranties with regard to this
  information. In no event shall the author be liable for any
  damages whatsoever arising out of or in connection with the use
  or spread of this information. Any use of this information is at
  the userFs own risk.
  X-Force PGP Key available at:
  http://www.iss.net/xforce/sensitive.html as well as on MITFs PGP
  key server and PGP.comFs key server.
  Please send suggestions, updates, and comments to:
  X-Force <[email protected] <mailto:[email protected]>> of Internet
  Security Systems, Inc.
  null

  http://metalink.oracle.com has all the Oracle documentation online. If you search for Security, you'll get plenty of documents. The Oracle Administrator's Guide has a Security Checklist that it probably a good starting point.
  This is a huge topic, though.
  Justin