Solaris Security Toolkit 4.2

Hi!
I've downloaded the Solaris Security Toolkit 4.2 (http://www.sun.com/software/security/jass/) and I've installed on a Solaris 9 but when I try to run the jass-execute I got the folwong error:
./jass-execute: syntax error at line 974: `end of file' unexpected
Could anyone help me?
Thanks.

I was running form /opt/SUNWjass/bin but it needs to be run from /opt/SUNWjass directory.

Similar Messages

Accepting Manual Updates - Solaris Security Toolkit

I have hardened a Solaris 10 server with Security Toolkit 4.2 and since then have
modified the system.
How do I get the Toolkit (Jass) to accept the changes?
I suspect that I must create a new driver and do a Jass Execute but I would like to approach
this problem with some certainty. FYI - I created some new slices and mounted them
but the changes to vfstab do not seem to stick.
Any advice is appreciated.
LB

I think I found the issue, only somewhat related to Security Toolkit ...
[http://groups.google.de/group/comp.unix.solaris/browse_frm/thread/93f6231c5bdc8409|http://groups.google.de/group/comp.unix.solaris/browse_frm/thread/93f6231c5bdc8409]
I activated smserver and the drive now works...
LB

Solaris Security Toolkit 4.2 download format

I've downloaded the newest release of the ToolKit for Sol10 and it appears to be in compressed tar format.
(Solaris_Security_Toolkit_4_2_0_pkg.tar.Z)
According to docs it should be in compressed package format and I should be able to do a pkgadd after uncompressing.
What am I missing?
Thanks in advance!
s

I think when I last installed SUNWjass (this was under solaris 9)I had to go into that directory (once moved to /opt) and run the install scripts something like:
~/jass-execute -d secure.driver (read the INSTALL file)
and then it showed up in things like pkginfo .
Hope this helps more.
cheers
Paul

Solaris Security Toolkit (JASS) for Solaris 11?

Has anyone heard anything about an updated version of this for Solaris 11?
Or I'm curious if anyone has tried running the Solaris 10 version on 11?
Thanks

Don't run the Solaris 10 version on Solaris 11, it will not work correctly.
Many aspects of what SST did on Solaris 10 are part of Solaris 11. If there are things you need that aren't covered, I'd suggest opening a support case.

SMC 3.6 and Security Toolkit

Hello,
I'm installing the SUNWjass Security Toolkit 4.2 and am loosing my SMC clients. Has anyone already gone through this and figured out what parts of the standard Security Toolkit drivers NOT to run and/or what services to NOT disable to keep the SMC clients reporting to the server?
Much Thanks

Hello Thanks for your answer.
In my first post i made a mistake the "Name pattern" is not blank but tnslsnr.
So to complete my first post, it seems that process monitor can't monitor all processes.
On my SMC client i made other tests :
# ps -ef | grep -i tns
oracle 2185 1 0 Jul 12 ? 0:00 /appli/oracle/bin/tnslsnr LISTENER -inherit
Entry Name : tnslsnr
Name Pattern:tnslsnr or tns or tns*
Argv Pattern:
User specification: oracle or blank
--> It doesn't work process count =0
# ps -ef | grep -i orca
root 5367 1 0 Jul 20 ? 1:47 /opt/RICHPse/bin/se.sparcv9 -DWATCH_OS /opt/Orca/lib/orcallator.se
Entry Name : Orca
Name Pattern:se.sparcv9 or orca or orcallator.se
Argv Pattern:
User specification: root or blank
--> It doesn't work process count =0
# ps -ef | grep -i tty
UID PID PPID C STIME TTY TIME CMD
root 2246 1 0 Jul 12 console 0:00 /usr/lib/saf/ttymon -g -h -p musun00001 console login: -T sun -d /dev/console
root 2252 2245 0 Jul 12 ? 0:00 /usr/lib/saf/ttymon
Entry Name : ttymon
Name Pattern:ttymon
Argv Pattern:
User specification:
--> it's work process count =2
Someone as an idea why I can't monitor the listener and orcallator process but it's work for ttymon ?

Digital signature : security toolkit error

Hello,
I have a problem in digital signature, when I use the function module SSF_VERSION,
I get an error message
SSFRFC V1.46.3 No security toolkit version information found.
1. I have tested the destination conncetion,Workingfine.
2. Security Product is SAPSECULIB.
Could some one help me in solving this issue?
Regards,
Prabhu Rajesh.

Hi,
It seems that your settings are all right but there is a problem in the way you are using SSF01. The problem is that neither the program and nor the FMs are documented. So its a hit and try. Here is how it goes:
1. Run SSF01
2. Select Signing radio button
3. Clear RFC Destination field
4. In the user profile section, input your SSF Profile ID that you have generated using trn. PSEMAINT. (If you do not know it, run PSEMAINT and press the Certificate List button. Copy contents of Own Certif. field. This is your SSF Profile ID).
5. In the SSF Profile field, enter SAPSYS.pse
6. Select the paths for your input and output files
7. Select SAPSECULIB in the Security Product (only AS) field
8. Run the program.
This will sign your data and output it to the file you mentioned.
To verify this file, choose Verify radio button, select the path of the output (signed) file in the input path section. Clear output path field. The system will verify the file.
To use Add Signature option, pass the same signed file as input file. Clear out output file path. Run the program. You will see the results.
Hope this helps.
Let me know about the outcome.
Regards
Message was edited by: Shehryar Khan
Message was edited by: Shehryar Khan

Hyperion Essbase on Solaris & Security issue in Shared services

I installed Hyperion system 9.3.1 in my dev environment. Every thing is working properlly.
But i still have questions on couple of things.
1) I installed essbase on solaris 10. I was just trying to configure the sql interface for ESSBASE.
I went through the documentation. It says i supposed to get a file called libesssql.so.1
But i can't able to see this file in ARBORPATH/bin location. But still I could able to load the data
into sample Essbase application. My essbase is working fine. when i ran the script inst -sql.sh
it created a file called libesssql.so in the ARBORPATH/bin location. But no libesssql.so.1.
Can some one help me regarding this................
2)In the shared services when i clicked under Hyperion system 9 BI+, i cant able to see
any reporting related files to assign security. i am seeing a message saying refer to the security guide to confiure
permissions for this application.
I logged into the shared services with admin privileges.
Please help me in this...........
Thanks,

Hi,
What version are you using ?
Just to be clear are you saying that the utility only exported one native user and you expected it to export more ?
Cheers
John
http://john-goodwin.blogspot.com/

Solaris security level

Not quite sure what you mean by the question - usual unix security
applies plus ACLs and kerberos. There are also some good whitepapers you can find at the Sun website
For serious applications Trusted Solaris for both Sparc and Intel
platforms can be purchased via www.sun.com/store
Product details at sun.com:
Home -> Products & Solutions -> Software -> Operating Environments & Platforms -> Solaris Product Line -> Products -> Trusted Solaris 8

Solaris security patch

Hi All,
I would like to ask some questions, I have an Solaris 10 and RHEL which is install in separate machine..
The question is:
1. how can I check the latest patches or latest update? (I need a step or command)
2. where can I get the latest security patch or necessary patch that I need to put in into my servers?
Please help to give me some guidance or information for this issue.. I would like to thank you first for your reply and help. GBU.

Hi,
Where can I check the patch that installed in my servers? which directory or path..? so I will know what is the next patch that I should install into this servers.
oh btw, I check above link and I use the search function 'updatemanager' but it ended up lots of links in 'support'
Thanks for your reply.

Security issue - or not? (remote trigger SMC startup)

Hi,
During installation of a few zones on a Sol10U2 system today, I noticed that simply running an nmap scan on a freshly installed and booted zone would cause the SMC to start:
Starting Solaris Management Console server version 2.1.0.
endpoint created: :898
Adding instance of solaris_providerpath
Adding class Solaris_LocalFileSystem
Adding class Solaris_Directory
Adding class Solaris_Mount
Adding class Solaris_UFS
Adding class Solaris_HSFS
Adding class Solaris_UFSMount
Adding class Solaris_HSFSMount
Adding class Solaris_LocalFSResidesOnExtent
Compilation succeeded.
Adding class Solaris_DiskDrive
Adding class Solaris_DiskPartition
Adding class Solaris_MediaPresent
Adding class Solaris_LogicalDisk
Adding class Solaris_PhysicalMedia
Adding class Solaris_Disk
Adding class Solaris_PhysicalPackage
Adding class Solaris_RealizesExtent
Adding class Solaris_RealizesDiskPartition
Adding class Solaris_RealizesDiskDrive
Adding class Solaris_DiskPartitionBasedOnDisk
Adding class Solaris_DiskPartitionBasedOnFDisk
Adding class Solaris_SCSIController
Adding class Solaris_IDEController
Adding class Solaris_MPXIOController
Adding class Solaris_USBSCSIController
Adding class Solaris_GenericController
Adding class Solaris_SCSIInterface
Adding class Solaris_MPXIOInterface
Adding class Solaris_IDEInterface
Adding class Solaris_ExtraCapacityGroup
Adding class Solaris_MPXIOGroup
Adding class Solaris_ControllerLogicalIdentity
Adding class Solaris_MPXIOCtrlrLogicalIdentity
Adding class Solaris_ControllerComponent
Adding class Solaris_MPXIOComponent
Adding class Solaris_StorageLibrary
Compilation succeeded.
Adding class CIM_ManagedElement
Adding class CIM_SettingData
Adding class CIM_Share
Adding class CIM_FileShare
Adding class CIM_NFSShare
Adding class CIM_SharedElement
Adding class CIM_HostedShare
Compilation succeeded.
Adding class Solaris_NFSShare
Adding class Solaris_NFSShareSecurity
Adding class Solaris_NFS
Adding class Solaris_PersistentShare
Adding class Solaris_MountSetting
Adding class Solaris_NFSMountSetting
Adding class Solaris_ShareSetting
Adding class Solaris_NFSShareSetting
Adding class Solaris_ShareService
Adding class Solaris_MountService
Adding class Solaris_NFSMount
Adding class Solaris_NFSShareSecurityModes
Adding class Solaris_NFSShareDefSecurityMode
Adding class Solaris_HostedShare
Adding class Solaris_PersistentShareConfiguration
Adding class Solaris_PersistentShareForSystem
Adding class Solaris_NFSShareEntry
Adding class Solaris_SharedElement
Adding class Solaris_NFSExport
Adding class Solaris_SharedFileSystem
Compilation succeeded.
Adding instance of solaris_providerpath
Adding instance of solaris_providerpath
Adding class Solaris_VMStateDatabase
Adding class Solaris_VMSoftPartition
Adding class Solaris_VMExtent
Adding class Solaris_VMStripe
Adding class Solaris_VMConcat
Adding class Solaris_VMMirror
Adding class Solaris_VMRaid5
Adding class Solaris_VMTrans
Adding class Solaris_VMHotSparePool
Adding class Solaris_VMDiskSet
Adding class Solaris_VMStorageVolume
Adding class Solaris_VMConcatComponent
Adding class Solaris_VMDriveInDiskSet
Adding class Solaris_VMExtentBasedOn
Adding class Solaris_VMSoftPartComponent
Adding class Solaris_VMExtentInDiskSet
Adding class Solaris_VMHostInDiskSet
Adding class Solaris_VMHotSpareInUse
Adding class Solaris_VMHotSpares
Adding class Solaris_VMMirrorSubmirrors
Adding class Solaris_VMRaid5Component
Adding class Solaris_VMStatistics
Adding class Solaris_VMStripeComponent
Adding class Solaris_VMTransLog
Adding class Solaris_VMTransMaster
Adding class Solaris_VMUsesHotSparePool
Adding class Solaris_VMVolumeBasedOn
Adding class Solaris_DiskIOPerformanceMonitor
Compilation succeeded.
Adding instance of solaris_providerpath
Adding class Solaris_ActiveUser
Adding class Solaris_ActiveProject
Adding class Solaris_ProcessStatisticalInformation
Adding class Solaris_UserProcessAggregateStatisticalInformation
Adding class Solaris_ProjectProcessAggregateStatisticalInformation
Adding class Solaris_ProcessStatistics
Adding class Solaris_ActiveUserProcessAggregateStatistics
Adding class Solaris_ActiveProjectProcessAggregateStatistics
Compilation succeeded.
Registration setup: 8/8 (Executing SUNWpmgr_reg.sh)
Registering components: 64/64 (Registering PatchMgrCli.jar)                 er)
Solaris Management Console server is ready.For interest, the nmap result is:
toby@deepthought ~ $ nmap -v 192.168.1.122
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-08-29 20:39 EDT
DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect() Scan against 192.168.1.122 [1672 ports] at 20:39
The Connect() Scan took 44.49s to scan 1672 total ports.
Host 192.168.1.122 appears to be up ... good.
Interesting ports on 192.168.1.122:
(The 1662 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open ftp
22/tcp   open ssh
23/tcp   open telnet
79/tcp   open finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
898/tcp open sun-manageconsole
4045/tcp open lockd
7100/tcp open font-service
Nmap finished: 1 IP address (1 host up) scanned in 44.874 seconds(port 7100 is actually a non-standard VNC server which was carried over from the global zone)
Of course, this is immediately before running Solaris Security Toolkit (jass) to apply a secure profile.
Does it matter that this SMC startup can be triggered so easily remotely?

It just struck me odd that simply port-scanning the
machine could produce this behaviour, and I wonder if
it might be a security issue.Probably not directly. Sun has distributed several items in the past that launch via inetd connections (calendar manager and font server were two common ones). Just because it launches doesn't mean it's a security problem. The application itself may require authentication after running.
Of course the resources required by the process may be non-trivial, and the application may have security issues, but the fact that it launches isn't a direct indication of a problem.
Darren

Jumpstart of Solaris 10 halts when "Discovering additional network..."

Installing Solaris 10 using jumpstart from Solaris 9 server, using JASS 4.2 (Solaris Security Toolkit 4.2.0)
However, the install just hangs after the following printout:
Discovering additional network configuration...
I tried snoop on the install server, but that does not catch any packets after the stalling.
The machines are connected via a router, but broadcast should be transmitted and installing Solaris 9 was OK.
Client is added in ethers, using NIS.
Any hints?
Gerhard
~> sudo snoop -o nov.cap november
Using device /dev/bge0 (promiscuous mode)
93384
ok boot net - install
Resett
LOM event: +38d+3h18m33s host reset
ing ...
Sun Netra X1 (UltraSPARC-IIe 500MHz), No Keyboard
OpenBoot 4.0, 512 MB memory installed, Serial #51100009.
Ethernet address 0:3:ba:b:b9:69, Host ID: 830bb969.
Executing last command: boot net - install
Boot device: /pci@1f,0/ethernet@c File and args: - install
Timeout waiting for ARP/RARP packet
SunOS Release 5.10 Version Generic 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Configuring devices.
Using RPC Bootparams for network configuration information.
Attempting to configure interface dmfe1...
Skipped interface dmfe1
Attempting to configure interface dmfe0...
Configured interface dmfe0
Beginning system identification...
Searching for configuration file(s)...
Using sysid configuration file 10.1.0.51:/opt/SUNWjass/Sysidcfg/Solaris_10/sysidcfg
Search complete.
Discovering additional network configuration...
NFS server app01 not responding still trying
NFS server app01 not responding still trying

The IP subnets are not technically the same (10.1/16 and 10.2/16), but they are handled by the same router.
Normal operation and Solaris9 jumpstart is fine. I got the same problem when I tried jumpstart in the same subnet as the jumpstart server.
The Solaris10 installer is doing something unexpected when detecting setting. Something like checking that address with DHCP is the same as the one gotten initially ( I do not believe this is the problem, this is just in the area where I believe that there is problems).
Any specific hints?

ERROR: Missing driver file /opt/SUNWjass/Drivers/ldm_control-secure.driver.

Environment:
Solaris 10u10
vm server for sparc 2.0 V22736-01.zip
p10264419_420_SOLARIS64.zip --> SUNWjass-4.2.0.pkg.tar.Z
Problem: Documentation and LDOM/SST tool refer to "ldm_control-secure.driver", but the file does not exist.
bash-3.2# ./install-ldm -p
Welcome to the Oracle VM Server for SPARC installer.
You are about to install the LDoms Manager package, SUNWldm, that will enable
you to create, destroy and control other domains on your system. You will
also be given the option of running the Oracle VM Server for SPARC Configuration
Assistant (ldmconfig) to setup the control domain and create guest domains.
If the Solaris Security Toolkit (SST) is installed, you will be prompted to
optionally harden your control domain.
Oracle VM Server for SPARC Configuration
Once installed, you may configure your system for a basic LDoms
deployment. If you select "y" for the following question, the Oracle
VM Server for SPARC Configuration Assistant (tty) will be launched
following a successful installation of the packages.
(You may launch the Configuration Assistant at a later time with the
command: /usr/sbin/ldmconfig, or use the GUI Configuration Assistant
which is bundled in the Oracle VM Server for SPARC zip file - see
README.GUI for more details)
Select an option for configuration:
y) Yes, launch the Configuration Assistant after install
n) No thanks, I will configure the system manually later
Enter y or n [y]: n
Given the capabilities of the LDoms Manager, you can now change the
security configuration of this Solaris instance using the Solaris
Security Toolkit.
Select a security profile from this list:
a) Hardened Solaris configuration for LDoms (recommended)
b) Standard Solaris configuration
c) Your custom-defined Solaris security configuration profile
Enter a, b, or c [a]: a
The changes made by selecting this option can be undone through the
Solaris Security Toolkit's undo feature. This can be done with the
'/opt/SUNWjass/bin/jass-execute -u' command.
Verifying that all packages are fully installed. OK.
ERROR: Missing driver file
/opt/SUNWjass/Drivers/ldm_control-secure.driver. <-------------- DOES NOT EXIST
bash-3.2#
bash-3.2# ls -al /opt/SUNWjass/Drivers/
total 876
drwxr-xr-x 2 root root 32 May 8 10:24 .
drwxr-xr-x 15 root root 21 May 8 10:24 ..
-r--r--r-- 1 root root 63935 Jul 25 2005 audit_private.funcs
-r--r--r-- 1 root root 42960 Jul 25 2005 audit_public.funcs
-r--r--r-- 1 root root 312 Jul 25 2005 clean.driver
-r--r--r-- 1 root root 2401 Jul 25 2005 clean.run
-r--r--r-- 1 root root 3093 Jul 25 2005 clean_private.funcs
-r--r--r-- 1 root root 53510 Jul 25 2005 common_log.funcs
-r--r--r-- 1 root root 10155 Jul 25 2005 common_misc.funcs
-r--r--r-- 1 root root 1023 Jul 25 2005 config.driver
-r--r--r-- 1 root root 20904 Jul 25 2005 driver.init
-r--r--r-- 1 root root 7299 Jul 25 2005 driver.run
-r--r--r-- 1 root root 39699 Jul 25 2005 driver_private.funcs
-r--r--r-- 1 root root 90923 Jul 25 2005 driver_public.funcs
-r--r--r-- 1 root root 38268 Jul 25 2005 finish.init
-r--r--r-- 1 root root 3861 Jul 25 2005 hardening.driver
-r--r--r-- 1 root root 598 Jul 25 2005 install-Sun_ONE-WS.driver
-r--r--r-- 1 root root 485 Jul 25 2005 secure.driver
-r--r--r-- 1 root root 1056 Jul 25 2005 server-config.driver
-r--r--r-- 1 root root 3784 Jul 25 2005 server-hardening.driver
-r--r--r-- 1 root root 1788 Jul 25 2005 server-secure.driver
-r--r--r-- 1 root root 1467 Jul 25 2005 suncluster3x-config.driver
-r--r--r-- 1 root root 4329 Jul 25 2005 suncluster3x-hardening.driver
-r--r--r-- 1 root root 2092 Jul 25 2005 suncluster3x-secure.driver
-r--r--r-- 1 root root 1446 Jul 25 2005 sunfire_15k_sc-config.driver
-r--r--r-- 1 root root 5845 Jul 25 2005 sunfire_15k_sc-hardening.driver
-r--r--r-- 1 root root 1791 Jul 25 2005 sunfire_15k_sc-secure.driver
-r--r--r-- 1 root root 274 Jul 25 2005 undo.driver
-r--r--r-- 1 root root 13976 Jul 25 2005 undo.funcs
-r--r--r-- 1 root root 2557 Jul 25 2005 undo.run
-r--r--r-- 1 root root 2151 Jul 25 2005 user.init.SAMPLE
-r--r--r-- 1 root root 498 Jul 25 2005 user.run.SAMPLE

Applied recommended patch cluster...
Explicitly applied 122608-08
bash-3.2# patchadd 122608-08
Validating patches...
Loading patches installed on the system...
Done!
bash-3.2# ls -al /opt/SUNWjass/Drivers/
total 966
drwxr-xr-x 2 root root 38 May 8 18:37 .
drwxr-xr-x 15 root root 21 May 8 10:24 ..
-r--r--r-- 1 root root 64345 Jul 23 2010 audit_private.funcs
-r--r--r-- 1 root root 41937 Jul 23 2010 audit_public.funcs
-r--r--r-- 1 root root 1007 Jul 23 2010 cis-config.driver
-r--r--r-- 1 root root 5311 Jul 23 2010 cis-hardening.driver
-r--r--r-- 1 root root 2242 Jul 23 2010 cis-secure.driver
-r--r--r-- 1 root root 312 Jul 25 2005 clean.driver
-r--r--r-- 1 root root 2434 Jul 23 2010 clean.run
-r--r--r-- 1 root root 3093 Jul 25 2005 clean_private.funcs
-r--r--r-- 1 root root 65067 Jul 23 2010 common_log.funcs
-r--r--r-- 1 root root 10298 Jul 23 2010 common_misc.funcs
-r--r--r-- 1 root root 1023 Jul 25 2005 config.driver
-r--r--r-- 1 root root 22242 Jul 23 2010 driver.init
-r--r--r-- 1 root root 9092 Jul 23 2010 driver.run
-r--r--r-- 1 root root 42969 Jul 23 2010 driver_private.funcs
-r--r--r-- 1 root root 96975 Jul 23 2010 driver_public.funcs
-r--r--r-- 1 root root 39218 Jul 23 2010 finish.init
-r--r--r-- 1 root root 3888 Jul 23 2010 hardening.driver
-r--r--r-- 1 root root 598 Jul 25 2005 install-Sun_ONE-WS.driver
-r--r--r-- 1 root root 1499 Jul 23 2010 ldm_control-config.driver
-r--r--r-- 1 root root 4809 Jul 23 2010 ldm_control-hardening.driver
-r--r--r-- 1 root root 840 Jul 23 2010 ldm_control-secure.driver
Thanks.

Messsage logging gone after jass on x86, but works on sparc ????

Hi!
Questian to SunRay development.
Ive run into a rather suprising result in running solaris security toolkit
on a X86 server running SunRay 4.2 and solaris 05/09
The Sun-provided security profile applied and tested () on a Sparc T1
running solaris 10/08 and this worked worked as expected.
However, running the exact same security toolkit setup on the X86-server caused
message-logging in SunRay to disappear ???
-rw-r----- 1 root utadmin 0 Jan 13 03:03 /var/opt/SUNWut/log/messages
-rw-r----- 1 root utadmin 0 Jan 12 03:03 /var/opt/SUNWut/log/messages.0
-rw-r----- 1 root utadmin 0 Jan 11 03:03 /var/opt/SUNWut/log/messages.1
-rw-r----- 1 root utadmin 0 Jan 10 03:03 /var/opt/SUNWut/log/messages.2
-rw-r----- 1 root utadmin 0 Jan 9 03:03 /var/opt/SUNWut/log/messages.3
-rw-r----- 1 root utadmin 0 Jan 8 03:03 /var/opt/SUNWut/log/messages.4
-rw-r----- 1 root utadmin 0 Jan 7 03:03 /var/opt/SUNWut/log/messages.5
in order to tweak this down, the rather obvious questian is;
In what way is the logging different in SunRay on X86 different from Sparc ???
Rgds,
Mat

sifka wrote:
In what way is the logging different in SunRay on X86 different from Sparc ???Not at all, really.
Logging to /var/opt/SUNWut/log/messages is via syslog. Can you check what happened to the entries for that in /etc/syslog.conf.
Jörg

Help with pkgadd, tar, and uncompress

All,
I've just downloaded the Solaris Security Toolkit in package format, and I'm trying to install it with pkgadd. My process should look like this:
uncompress SUNWjass-x.pkg.tar.Z
tar -xvf SUNWjass-x.pkg.tar
pkgadd -d SUNWjass -x.pkg
However, on the second step tar uncompresses the package format as well, giving me a directory named SUNWjass that is useless to the pkgadd command.
Any help would really be great!

All,
I've just downloaded the Solaris Security Toolkit in
package format, and I'm trying to install it with
pkgadd. My process should look like this:
uncompress SUNWjass-x.pkg.tar.Z
tar -xvf SUNWjass-x.pkg.tar
pkgadd -d SUNWjass -x.pkg
However, on the second step tar uncompresses the
package format as well, giving me a directory named
SUNWjass that is useless to the pkgadd command.Then the package is in directory(file) format instead of pkgstream format. Just use '-d .'
The argument to -d is a container of packages. It can be a datastream file, or it can be a directory with packages within.
Darren

Ssh_exchange_identificaiton error

I just completed running Solaris Security toolkit and I am trying to connect through ssh to the server and I am getting this error.
I know that tcp_wrappers is involved. I have the the domain defined in the hosts.allow that are allowed to connect to the server.
sshd: LOCAL, .domainname.net
The only way I am able to connect is if I put the client hostname in the servers /etc/hosts file. I have DNS server defined in the /etc/resolv.conf file and the /etc/nsswitch.conf file is setup hosts: files dns.
When I do a nslookup on my clients hostname, the DNS servers finds it.
Does sshd determine whether or not to use DNS as a lookup method?? It does seem like it.

Sorry, but I just noticed you refer to 'StrictModes' being enabled... this is not the same as strict host checking. StrictModes has to do with checking the owership of the user's home directory.
I think strict host checking uses the 'UseDNS' directive. So, set 'UseDNS no' if you do not want to do strcit host checking.

Solaris Security Toolkit 4.2

Similar Messages

Maybe you are looking for