Decrypting a file that has been encrypted (low-grade encryption):
# crypt
File encryption with crypt (low-grade encryption):
# crypt
Stops users logging in:
# echo 'Please go away' > /etc/nologin
Find all your writable directories:
# find / -perm -0777 -type d -ls
Find all SGID files:
# find / -type f -perm -2000 -print
Find all SUID files:
# find / -type f -perm -4000 -print
Generate passwords for LDAP Using ‘getpwenc’ Utility:
# getpwenc [encryption scheme] password
Trap specific signals and exit:
# trap 'exit 0' 1 2 3 9 15
Encrypt a file with vi editor:
# vi -x [filename]
Create a protected area for core dumps:
# mkdir -p /var/core
# chown root:root /var/core
# chmod 700 /var/core
# coreadm -g /var/core/core_%n_%f_%u_%g_%t_%p -e log -e global -e global-setid -d process -d proc-setid
Completely disable core dumps:
# coreadm -d global -d global-setid -d process -d proc-setid
Stack protection – limit buffer overflow exploits:
if [ ! "`grep noexec_user_stack /etc/system`" ]; then
cat <
* Attempt to prevent and log stack-smashing attacks
set noexec_user_stack = 1
set noexec_user_stack_log = 1
END_CFG
fi
Enable Strong TCP Sequence Number Generation:
# cd /etc/default
# awk '/TCP_STRONG_ISS=/ { $1 = "TCP_STRONG_ISS=2" }; \
{ print }' inetinit > inetinit.new
# mv inetinit.new inetinit
# pkgchk -f -n -p /etc/default/inetinit
The variable TCP_STRONG_ISS sets the mechanism for generating the order of TCP packets. If an attacker can predict the next sequence number, it is possible to inject fraudulent packets into the data stream to hijack the session. Solaris supports three sequence number methods:
# 0 = Old-fashioned sequential initial sequence number generation.
# 1 = Improved sequential generation, with random variance in increment.
# 2 = RFC 1948 sequence number generation, unique-per-connection-ID.
Log all failed login attempts:
# touch /var/adm/loginlog
# chown root:sys /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# logadm -w loginlog -C 13 /var/adm/loginlog
# cd /etc/default
# awk '/SYSLOG_FAILED_LOGINS=/ { $1 = "SYSLOG_FAILED_LOGINS=0" }; \
{ print }' login >login.new
# mv login.new login
# pkgchk -f -n -p /etc/default/login
Enable cron logging:
# cd /etc/default
# awk '/CRONLOG=/ { $1 = "CRONLOG=YES" }; { print }' cron > cron.new
# mv cron.new cron
# pkgchk -f -n -p /etc/default/cron
# chown root:root /var/cron/log
# chmod go-rwx /var/cron/log
Enable system accounting:
# svcadm enable -r svc:/system/sar:default
# export EDITOR=vi
# crontab -e sys << END_ENTRIES
\$a
0,20,40 * * * * /usr/lib/sa/sa1
45 23 * * * /usr/lib/sa/sa2 -s 0:00 -e 23:59 -i 1200 ñA
.
w
q
END_ENTRIES
# chown sys:sys /var/adm/sa/*
# chmod go-wx /var/adm/sa/*
Check file and group permissions of all installed packages:
# pkgchk -n
Find all world-writable directories:
# find / \( -fstype nfs -o -fstype cachefs -o -fstype ctfs -o -fstype mntfs -o -fstype objfs -o -fstype proc \) -prune -o -type d \( -perm -0002 -a ! -perm -1000 \) -print
Find all world-writeable files:
# find / \( -fstype nfs -o -fstype cachefs -o -fstype ctfs -o -fstype mntfs -o -fstype objfs -o -fstype proc \) -prune -o -type f -perm -0002 -print
Enable sticky-bit on all world-writable directories:
# for DIR in `find / \( -fstype nfs -o -fstype cachefs -o -fstype ctfs -o -fstype mntfs -o -fstype objfs -o -fstype proc \) -prune -o -type d \( -perm -0002 -a ! -perm -1000 \) -print`; do
chmod +t $DIR
done
# for FILE in `find / \( -fstype nfs -o -fstype cachefs -o -fstype ctfs -o -fstype mntfs -o -fstype objfs -o -fstype proc \) -prune -o -type f -perm -0002 -print`; do
chmod +t $FILE
done
Using ASET (Automated Security Enhancement Tool):
/usr/aset/aset -l [level] -d [pathname]
Where:
level is low, medium, high
pathname is working dir (default /usr/aset)
This post is tagged Security, Solaris, Sun Microsystems
No Comments
Leave a Reply