Version 1.4
1/5/2004

Securing a Solaris Server - Watch for Changes

  1. Introduction
  2. History of this Web Page
  3. Overview
  4. Network Topology
  5. System Hardware Configuration
  6. Initial Installation
  7. Minimizing Solaris
  8. Minimizing Network Services
  9. Remove the Solaris Installation Leftovers
  10. Install Necessary Third Party Packages
  11. Close the Doors
  12. Obscure the Tracks
  13. Post the Warnings
  14. Perform System Backups
  15. Watch for Changes
  16. Sources of Tools
  17. Bibliography

---------------

 
Purchase Policies Contact ACCS Aout ACCS Home Papers & Projects Services Products

15. Watch for Changes

Install a package to inform you about changes to configuration files, and other critical files (executables and shells). There are several packages available to do this.

ASET
ASET is a SUN package for Solaris (SUNWast). It's fairly good, but the SUN security experts recommend against using it. The reason for this was not obvious from the message. Based on this, I wouldn't use it.

Axe Handle
This is a set of scripts that I created. Their purpose is to look for the results of a successful intrusion. This tool examines files and network status. These scripts are available for use under the GNU Public License.

COPS
This tool was developed at Purdue University. It primarily searches for new security problems in a system, but is also useful in securing a system initially.

Tripwire
Tripwire is the most frequently used intrusion detection tool. It is available in both commercial and freeware versions.

For those with a bit less paranoia (or a bit more scripting / programming skill), a simple set of scripts could be constructed to perform similar functions. I have done this, and found that it only takes a few hours to create a rather flexible, and powerful, tool. The advantage provided is that you will know exactly how it works.

Now, it is time to reconnect your system to the network. All reasonable security measures have been put in place, along with the appropriate monitoring tools.

Prev Index Next

If you have any comments or suggestions, please E-mail webmaster@accs.com

© 2004 - Ashford Computer Consulting Service