2 Replies Latest reply: Jun 4, 2012 3:45 AM by Vandy_Kh RSS

    hardening security on Solaris 10

    Vandy_Kh
      Dear All,

      How to configure hardening on Solaris 10 by enable bsdmconv command and editing files in */etc/security* directory to allow and not allow to access to websites on Solaris 10.

      Thanks and regards,
      Heng
        • 1. Re: hardening security on Solaris 10
          Fieropunk
          The first step I would take is working on the firewall for Solaris. There is a nice explanation here. Set your firewall to only allow traffic you want.

          http://www.computing.net/answers/solaris/solaris-enable-firewall/5063.html

          The other things would be disable any kind of plain text network traffic like ssh instead of telnet, sftp instead of ftp, and other plain text communication.

          Unix authentication is pretty strong as is but if your worried there is kerebos installed by default. Disabling root access to the system is highly recommended. Use sudo instead

          Since your using it as a web server chroot your ftp server to prevent attacks through FTP.

          After doing this you can do the /etc/security but be warned you can even disable root if you don't watch out.

          Telling you everything about securing Solaris would fill several books but the steps above should get started. Most attacks on web servers are through port forwarding on the http port. Make sure your main focus is on that port.
          • 2. Re: hardening security on Solaris 10
            Vandy_Kh
            Dear Fieropunk,

            Now I have problem with wget utility below with the same URL, please kindly help to check to check and give advice.

            If access with URL below is can receive data

            #./wget no-check-certificate private-key=/cert/data.pem --certificate=/cert/data.crt "https://server1.com.kh"

            10:29:13 https://server1.com.kh
            => `index.html'
            Resolving https://server1.com.kh... 172.168.100.67
            Connecting to https://server1.com.kh. connected.
            WARNING: Certificate verification error for https://server1.com.kh: self signed certificate in certificate chain
            HTTP request sent, awaiting response... 200 OK
            Length: 285 [text/html]

            100%[====================================>] 285 --.--K/s

            10:29:13 (8.85 MB/s) - `index.html' saved [285/285]

            If I access with long URL below is cannot receive data too but on Linux OS(Debian) can receive data

            #./wget no-check-certificate private-key=/cert/data.pem --certificate=/cert/data.crt "https://server1.com.kh/data/?action=datano;datano=aaaa"

            10:38:56 https://server1.com.kh/data/?action=datano;datano=aaaa
            => `index.html?action=datano;datano=aaaa'
            Resolving server1.com.kh... 172.168.100.67
            Connecting to server1.com.kh|172.168.100.67|:443... connected.
            WARNING: Certificate verification error for server1.com.kh: self signed certificate in certificate chain
            HTTP request sent, awaiting response... No data received.
            Retrying.

            Note: this domain (server1.com.kh) is running on CentOS

            Please kindly give advice,

            Thanks and regards,
            Heng