Security Diagnostic Review for SolarisTM 2.X
Gary Bahadur and Dan Robertson
How do you know what is happening to your Solaris machine in a timely manner?
One method is through regularly scheduled security diagnostic reviews. A review
in this sense is a snapshot in time of the system. Continuous reviews are necessary
to ensure that the system settings are correct and secure over time. A thorough
review of the UNIX system, as well as the environment in which it operates,
can identify many security weaknesses. In this article, we'll describe how to
perform a basic diagnostic review of a Solaris machine. The basic concepts and
script commands discussed can be applied to most UNIX environments.
A diagnostic review covers user and system administration, network environmental
controls, and administrative policies and procedures. There are a number of
security issues related to each of these topics that can be fixed upon completion
of the diagnostic review. The script we describe, sec-check.csh, will
help determine a number of these security weaknesses and should be run periodically,
such as every two months. The current and previous runs should then be compared
to determine what changes have occurred on the system. This script is not all
encompassing, however, so other tools or scripts available on the Internet or
from commercial vendors should also be used to gain a complete understanding
of your system.
There are a number of commercial products available that perform diagnostic
reviews. Our script performs many of the standard checks that a commercial product
will do and can be used on systems where installing a commercial product is
not feasible. In cases when a firewall needs to be reviewed or the commercial
product takes up too much space or has installation or execution errors, it
is a good idea to have a backup method of reviewing the system.
|
