Security and Network Setup

System Guide

Solaris file permissions secured

The fix-modes utility (from the Solaris Security Toolkit) adjusts group and world write permissions. It is run with the '-s' option to secure file permissions for Solaris files that were created at install time only. Customer-generated files will not be affected.

NOTE: When this command is run, a file called /var/sadm/ install/content.mods is left. Do not delete this file. It contains valuable information needed by fix modes to revert the changes to the system file permissions if the security setting is changed back to medium.

Network and name service changes

Disabling secure name service databases

The following databases are disabled when Security is invoked:

passwd(4)

group(4)

exec_attr(4)

prof_attr(4)

user_attr(4)

Multicast routing disabled

Multicast is used to send data to many systems at the same timewhile using one address.

OS and host information hidden

The ftp, telnet and sendmail banners are set to null so that users in cannot see the hostname and OS level. (Note that all of these services are prohibited with a 'high' security setting, but if they are re-enabled manually the hostname information will remain hidden.)

Sendmail daemon secured

Sendmail is forced to perform only outgoing mail. No incoming mail will be accepted.

4-8

Common Controller

Page 32
Image 32
Xerox 701P40211 manual Solaris file permissions secured, Multicast routing disabled, OS and host information hidden