We are using Nessus 3.0.5 build W313 with all standard plug-ins in order to verify the security of our system (Netra 210, Netra 440). This tool is complaining that the SSH version contained in ALOM 1.6.3 is older than 3.1.Here is the Nessus report:You are running a version of OpenSSH which is older ...

Is there any way to securely delete individual files from the Solaris OS so that the file is removed and overwritten. I have read on using the format utility to wipe whole disks, however I do not want to lose all data on that disk. In Linux the shred command deletes individual files and then ...

Hi,Correct me if I'm wrong that rstatd uses port number randomly evey time it started? Can it be configured to use a fixed port number?Thanks in advance.

HelloIn a desktop, standalone, not networked in a LAN, that does not even have a peer-to-peer computer in the local environment, but connected to the Internet for Browsing (The desktop is not a web server ) , e-mail and chat, what are the ports that are absolutely needed to be kept open ?How ...

We are running Trusted Solaris 8 x86 HW 12/02 and are having trouble with one of our applications starting. The application is called in dtprofile to be started upon login and randomly it fails to open. We receive the errors listed below in /var/adm/messages. It seems completely random as I ...

I am running Trusted Solaris 8 12/02 x86I have installed patches 125235-01 and 125237-01. It appears the spring forward time change works however the fall back time change does not seem to be losing an hour. I performed the following steps to test the time changes.Spring forward time change:1. ...

What is Sun doing about the Solaris 10 telnet authentication bypass vulnerability whichwas mentioned here: http://www.kb.cert.org/vuls/id/881872

1. In the Reference Manual:Using File Templates...This directory stores file templates that are copied to aJumpStart client during a hardening run.Not just Jumpstart clients as I can tell, but standalone runs as well.2. Messed up numeric list in docs:To Add a New Variable to the user.init ...

Hello,Does any one give me the procedure how to block port (1521) at solaris 5.8 server so that no one can use it ? I do know there is a procedure existing for linux environment.thanks in advance,Murugesht

Hi I want to upgrade Open SSL to 0.9.8d in all my Sun servers.Will there be any patch for doing that or i need to remove the previous installation and put a new one.Please advice me.prathap.

Hi All,I'm in the middle of setting up a workstation (Blade-100) connected to two Sun Ray 2 terminals for some analytical work (I know it isn't exactly the fastest system going, but it is all we have available until the new stuff comes in...). Due to the confidentiality and security ...

Hi, All:There is an issue bugs me for a long time: the ipsecinit.conf conruptted occutionally during Solaris reboot, then the maunal IPsec SAs are no longer validated, can anybody have ideas on how it happened?Thanks in advance!

We will be porting an existing Solaris 10 (serial) device driver to Trusted Solaris in the next few months. Can you point us to documentation that specifies what criteria is used for saying a driver is trusted ?For instance, are there changes to the DDI/DDK required to support trusted drivers, ...

Dear SSH experts,I was working for troubleshooting SSH for the whole afternoon. I have no idea what's wrong with my configuration.Whatever you input password or not,your login window hung up. Please refer to the following debug log:root@walden # /usr/lib/ssh/sshd -ddddebug1: sshd version ...

How do I stop error messages from popping up on my terminal screen?

Does anybody know how to set a paramater in SSH so that if the connection have been idle (all channels) for a specified period of time thechild process is killed with SIGHUP, and connection is closed down. Does anybody know what value this is to set in the sshd_config file and what is the ...

I have a problem on a SunFire V480 server running SunOS5.9. When I login as a user other than root to "vi" a file, I get the following error:Permission Denied. Any idea why?Thanks for your help.Amal

Hello, hopefully I am posting this in the correct forum. I am trying to use Keytool to install a certificate purchased through Entrust. I have installed in in IIS successfully, but when I get to the Import portion of the keytool, I get an error that states:"Keytool error: java.lang.Exception: ...

I'm using Trusted Solaris 8 7/03 and when I try to display the scheduled jobs via SMC I get the following error: "The management server cannot perform the operation requested. Verify that the CIMOM is running. The actual error reported was: RMIERROR". I didn't see any process running with a ...

Hi Guys,Anyone knows if TSol-8 would run ok the Sun Fire V40z server?ThanksbigAl

Hi Guys,I am wondering if TSol-8 will install and run ok on the Sun Fire V440 Server?Any ideas?

Gents:We have our TSOL servers configured much like guard servers...one NIC per Security Family with workstations on that specific LAN and at a specific maximum level.Only 127.0.0.1 lives in the TSOL family on any of our systems.That being said, here's our challenge:We still would like to be ...

Hi,Can someone show an example of an acl entry for the tsolinfo file ?There is no example in the documentation and the setfacl format doesn't work as far as I can tell.Thanks.J.D.

I just want to get some clarification since news report on this subject is not clear. I understand the whole concepts of the trusted extensions. Where I am cloudy will this still be strong enough to be able to continue multi-level processing? Will this version still have the labels encoding ...

Are there any C commands to get the collor that belongs to a label?I know I can parse the label_encodings file and figure it out but I was hoping that TSOL 8 would provide a command to get the collor for a label without me having to parse the label_encodings file.thanksPerry ...

I am trying to install and get running the IPF package on Trusted Solaris. The packages (ipfx and ipf) seem to install fine and even run on boot however I can not run some of the support commands like ipfstatWhen I run ipfstat I get an error cannot open /dev/kmem. Reading throught he manuals I ...

HiI'm hoping someone will be able to help me here.I'm running Solaris 10 i386 (Virtually - i.e using VMWare). I'm trying to enable and test System Auditing. My questions:- Do I need Trusted Solaris (TSOL) or does Solaris 10 come with TSOL modules enabled.- Will it be possible to run ...

Hi all,I have a couple of scripts that I need to run in ADMIN_HIGH or even ADMIN_LOW. I need access to all directories and files under /. I am new to trusted solaris so I would like to ask some help in understanding as to how I can launch a shell script from cron in priviledged mode. I modified ...

Hi,I have several java processes running as 'nobody' with a SECRET label. A standard 'ps -ef' from a SECRET workspace finds the processes, but not pgrep java or pgrep -U nobody I've tried several combinations of parameters and it seems pgrep must not be running at the right label. Is this ...

Hello,Thinking to migrate to TS, I have a few questions about accounting on this system.On Solaris 8, accounting only logs commands, and not their parameters. For exemple, <div class="pre"><pre>$> rm -rf /</pre></div>would only be logged as<div ...

Hi everyone,Due to security reasons, we've been asked to look for more secured systems than 'plain' Solaris. That's how I discovered Trusted Solaris.I've read quite a few pages on it, and still have some questions that could not be answered, and I hope you could bring me answers, or at ...

Hi!I'm a researcher writing a thesis on MLS technology. I'm not a Trusted Solaris user, so many questions may sound silly.I would like to know if the root account on a Trusted Solaris can change the label of a file or directory. Is root still the all-powerfull, super-user account?Thanks!Maxi ...

Currently, the globe control icon on front panellaunches netscape and I want to switch it tolaunch firefox instead. What files need to be modifiedfor this to happen?Thanks,

Have a stupid question for anyone that can help.... I have installed Netscape 7.0 and do not have any problems using it. I have also installed Adobe Reader 7.0, again the application itself runs fine with no problems. The TSOL environment is very simple. Java 1.5.0.3 is loaded as well, (along ...

I want to now if and how I can configure 2 xntpd process at the same time.I have TSOL 8 703 with 2 network cards one is card is locked down to high class and the other one is locked down to low class.I want to run a xntpd client at high class and anouther xntpd server at low class.The high ...

I am trying to create a custom jumpstart that would restore the system back to its freshly installed state. Unfortunately, the collective size of ufsdump of all partitions came out to be larger than 700MB, so, a CD would not do, but a DVD would be great. But then, I run into the problem of VTOC ...

Hi ,Whats the diference between Standard Soalris 10 and Trusted Solaris 10 ?I think, in the past the standard version of Solaris have been evaluated but at lower levels -- could you please tell me if the standard Solaris 10 has been or is in the process of being evaluated for Common Criteria ...

How can I connect to a single unlabeled host (a MS Windows box) from multiple labels?I have tsol setup with several compartments at the same sensitivity level. There is a MS Windows box on the network containing services that users from all compartments at this level need to connect to. I've ...

Has anyone ever seen an issue on a NIS + server that does not allow new users to be properly created within SMC on TSOL 8? I have to reboot to solve the issue? Also, has anyone ever rebooted a NIS+ server in a Sun Ray environment while users are logged in? Does it Kill there sessions?

I upgraded and did a fresh install of Sun Ray Server 3.0 on TSOL 8 7/03 and I had it configure the default httpd server for Web Admin use. However upon boot it's not starting httpd due to some permission errors. Any body else have this problem? What are good permission settings for ...

I'm running Trusted Solaris 8 7/03 on a Sunfire v210.I continuously receive the following error message in /var/adm/messagesOct1 11:21:15 alpha auditwrite(3)[21457]:[ID 652923 user.alert] aborted:aw_errno = 4 = audit(2) failed, errno = 9 = Bad file numberI have not placed any ...

I installed Trusted Solaris Certified Edition and the window manager displayed "Certified Edition" at the far right on the trusted stripe but I later re-installed and now the window manager displays 齆ot Licensed?

We are creating a system that needs to be delivered to a customer. In the past, we would use a flash archive to deliver the images to the customer so they could install it on their own systems. What would be the best delivery method with TSol?

I'm trying to setup my TSOL 8 12/02 workstation so that all users can access a memory stick.Through the command line I can mount the memory stick using the command : mount -F pcfs /dev/dsk/c1t0d0s0 /dev/usb/usb0however i have to do this in a privelaged shell otherwise I get the error Could not ...

I have this problem in the UNIX server I'm login from my PC to the server by telnet ?error transferring print job 552Check queue for (pr5@nksubs)this is information from excuting lpstat command :printer nksubs unknown state. enabled since May 22 13:53 2004. available.Remote Name: pr5Remote ...

Hola!For many years now, my organization has been a loyal Solaris customer. And while we still have issues with the default setup we have been able to get by with information from the blueprint articles and the tools (a big thanks to Alex Noordergraaf, Keith Watson, and Glenn Brunette!). In ...

Hi,Patches are provided for Solaris 8-10. i have a number of Solaris 7 prod boxes. anyone else in the same boat.Alert Id 102178CheersRob

Hi,I got a problem that you might able to help meLast week, I installed the latest pactches on my Sun Machine and run a "Fix-modes" to correct variuos ownership and permission issue with files throughtout the Solaris OS file system.After that, I can't use "pg" command tool ...

When i use patchadd this error shows:#patchadd 112963-15Verifying signed patch <112963-15>... ERROR: Unable to open keystore </var/sadm/security/patchadd/truststore> for reading ERROR: Unable to lock keystore </var/sadm/security> for exclusive accessSignature invalid on signed ...

I want to automatic log input command to a file.for example:the user 'test'input a 'rm -rf /data' command.the system can log the user,date and command to a file.So i can find who destroy or delete my data.Please help me.Thanks and Best Regards ! ...