hello all,
I am new to Solaris. How do I lock down Solaris? Does Solaris have a firewall and antivirus that can be administrated using a GUI? Reason, is, I have been used to using Windows.
Does anyone have any tips. I am a total newbie, and am not used to the Solaris Enviroment and configuration. Is there any easy way of handling Solaris Security?
Thanks in advance for all help.
Solaris did have something that I think was GUI but that got tossed in 10. Now they have the greatest thing since sliced bread (developed outside of sun).
ipfilter.
After you start using this you will laugh at your little gui friends.
http://coombs.anu.edu.au/~avalon/ip-filter.html
Go to the sun docs to find solaris specific instructions. Search this forum for an example ipf.conf.
All the relevant configuration files are located in the /etc/ipf directory.
If I remember right, to get it working all you have to do is edit the pfil.ap file and uncomment your network card, run svcadm enable pfil, restart your system (maybe), then run svcadm enable ipfilter (after you add some rules to ipf.conf, again search the forums for an example).
If it errors out (check svcs -x) then you have a misconfiguration in your ipf.conf.
Very powerful and has fantastic documentation all over the web.
I am in the process of trying to write a perl script to dynamically add the ips of people attempting to do bad things to your system, but I am not there yet. See http://www.pettingers.org/code/sshblack.html although I am more interested in people tapping at ports they shouldnt be remotely interested in.
Security isn't gained by using some fancy tools but by getting an understanding of the system. First check out, as suggested, docs.sun.com. It has some very good guides on common administration, including basic security.
Once you have that you might be interested in JASS, the Solaris security toolkit. Its not perfect but can help a more familiar administrator. Check out: http://www.sun.com/software/security/jass/.
I guess I was assuming you were not going to 'create' problems, but if that is your worry than definitely look at some best practices materials. I looked at JASS once but it was not necessary for my machines.
Out of the box solaris is solid for an individual user after you configure ipfilter and do some tcpwrappers.
IF this is going to be a box that others use and you administrate than you do need to make sure you pay close attention to the docs.
