Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hardening Solaris 9 by removing needless packages

Status
Not open for further replies.
dUbbsNIX

dUbbsNIX

MIS
Jul 10, 2003
70
GB
I am building an FTP bastion host that will reside within our DMZ. It's a V120. I have jumpstarted it with the End User (SUNWCuser). Experience has taught me that installing just the core cluster makes it difficult to continue with the build, for example we need to FLashArchive for recovery and the core cluster doesn't include the flar package.

Anyway, does anyone have any advice, recomendations or documentation regarding end user packages that may be removed from the system in the interest of security.

The last time I built a simlair system it was with Solaris 8, and I used the SUN blueprints security book, but things will have changed with solaris 9.

Cheers,

Dubbs.
 
Sort by date Sort by votes
Some of these might only appply to the OEM install but anyway, you could disable the following:

mv /a/etc/rc2.d/S30sysid.net /a/etc/rc2.d/.NOS30sysid.net
echo "uucp..."
mv /a/etc/rc2.d/S70uucp /a/etc/rc2.d/.NOS70uucp
echo "asppp..."
mv /a/etc/rc2.d/S47asppp /a/etc/rc2.d/.NOS47asppp
echo "slpd..."
mv /a/etc/rc2.d/S72slpd /a/etc/rc2.d/.NOS72slpd
echo "power..."
mv /a/etc/rc2.d/S85power /a/etc/rc2.d/.NOS85power
echo "wbem..."
mv /a/etc/rc2.d/S90wbem /a/etc/rc2.d/.NOS90wbem
echo "ncad..."
mv /a/etc/rc2.d/S95ncad /a/etc/rc2.d/.NOS95ncad
echo "apache..."
mv /a/etc/rc3.d/S50apache /a/etc/rc3.d/.NOS50apache
echo "autoinstall..."
mv /a/etc/rc2.d/S72autoinstall /a/etc/rc2.d/.NOS72autoinstall
echo "cachefs..."
mv /a/etc/rc2.d/S73cachefs.daemon /a/etc/rc2.d/.NOS73cachefs.daemon
echo "flashprom..."
mv /a/etc/rc2.d/S75flashprom /a/etc/rc2.d/.NOS75flashprom
echo "nfsclient..."
mv /a/etc/rc2.d/S73nfs.client /a/etc/rc2.d/.NOS73nfs.client
echo "ldap..."
mv /a/etc/rc2.d/S71ldap.client /a/etc/rc2.d/.NOS71ldap.client
echo "dhcp..."
mv /a/etc/rc3.d/S34dhcp /a/etc/rc3.d/.NOS34dhcp
echo "nfs.server..."
mv /a/etc/rc3.d/S15nfs.server /a/etc/rc3.d/.NOS15nfs.server
echo "spc..."
mv /a/etc/rc2.d/S80spc /a/etc/rc2.d/.NOS80spc
echo "ncalogd..."
mv /a/etc/rc2.d/S94ncalogd /a/etc/rc2.d/.NOS94ncalogd
echo "nscd..."
mv /a/etc/rc2.d/S76nscd /a/etc/rc2.d/.NOS76nscd
echo "lu"
mv /a/etc/rc2.d/S10lu /a/etc/rc2.d/.NOS10lu
echo "llc2"
mv /a/etc/rc2.d/S40llc2 /a/etc/rc2.d/.NOS40llc2
echo "pppd"
mv /a/etc/rc2.d/S47pppd /a/etc/rc2.d/.NOS47pppd
echo "sckm"
mv /a/etc/rc2.d/S70sckm /a/etc/rc2.d/.NOS70sckm
echo "sysid.sys"
mv /a/etc/rc2.d/S71sysid.sys /a/etc/rc2.d/.NOS71sysid.sys
echo "sf880dr"
mv /a/etc/rc2.d/S77sf880dr /a/etc/rc2.d/.NOS77sf880dr
echo "PRESERVE"
mv /a/etc/rc2.d/S80PRESERVE /a/etc/rc2.d/.NOS80PRESERVE
echo "bdconfig"
mv /a/etc/rc2.d/S89bdconfig /a/etc/rc2.d/.NOS89bdconfig
echo "afbinit"
mv /a/etc/rc2.d/S91afbinit /a/etc/rc2.d/.NOS91afbinit
echo "ifbinit"
mv /a/etc/rc2.d/S91ifbinit /a/etc/rc2.d/.NOS91ifbinit
echo "cacheos.finish"
mv /a/etc/rc2.d/S93cacheos.finish /a/etc/rc2.d/.NOS93cacheos.finish
echo "audit"
mv /a/etc/rc2.d/S99audit /a/etc/rc2.d/.NOS99audit
#
#End of rc2.d moves
#
echo "automounter..."
###mv /a/etc/auto_master /a/etc/auto_master.off
mv /a/etc/rc0.d/K41autofs /a/etc/rc0.d/.NOK41autofs
mv /a/etc/rc1.d/K41autofs /a/etc/rc1.d/.NOK41autofs
mv /a/etc/rc2.d/S74autofs /a/etc/rc2.d/.NOS74autofs
mv /a/etc/rcS.d/K41autofs /a/etc/rcS.d/.NOK41autofs

echo "lp..."
mv /a/etc/rc0.d/K39lp /a/etc/rc0.d/.NOK39lp
mv /a/etc/rc1.d/K39lp /a/etc/rc1.d/.NOK39lp
mv /a/etc/rc2.d/S80lp /a/etc/rc2.d/.NOS80lp
mv /a/etc/rcS.d/K39lp /a/etc/rcS.d/.NOK39lp

echo "snmp..."
mv /a/etc/rc1.d/K06mipagent /a/etc/rc1.d/.NOK06mipagent
mv /a/etc/rc1.d/K07dmi /a/etc/rc1.d/.NOK07dmi
mv /a/etc/rc1.d/K07snmpdx /a/etc/rc1.d/.NOK07snmpdx
mv /a/etc/rc2.d/K06mipagent /a/etc/rc2.d/.NOK06mipagent
mv /a/etc/rc2.d/K07dmi /a/etc/rc2.d/.NOK07dmi
mv /a/etc/rc2.d/K07snmpdx /a/etc/rc2.d/.NOK07snmpdx
mv /a/etc/rc3.d/S80mipagent /a/etc/rc3.d/.NOS80mipagent
mv /a/etc/rc3.d/S77dmi /a/etc/rc3.d/.NOS77dmi
mv /a/etc/rc3.d/S76snmpdx /a/etc/rc3.d/.NOS76snmpdx

 
Upvote 0 Downvote

Many thanks for this Steeds.

I will certainly be referencing your reply at a later stage in the hardening process. We will be running Jass all over the box, which will, I think, make many of the changes that you've suggested.

However, my question is specifically regarding software packages that may or even should be removed, without breaking the core functionality of the system.

Any input specifically regarding packages would be massivley appreciated.

thanks again Steeds.

Dubbs.

 
Upvote 0 Downvote
SUMMARY
For Information -

Hi, In the end I removed the following packages from my hardened Solaris 9 Bastion host,

NSCPcom SUNW1251f SUNW5xmft SUNWGtkr SUNWGtku SUNWTcl SUNWTiff SUNWTk SUNWadmap SUNWarrf SUNWauda SUNWaudd SUNWauddx SUNWaudf SUNWbzip SUNWciu8 SUNWciu8x SUNWciu8 SUNWctlu SUNWctpls SUNWctplx SUNWcxmft SUNWdoc SUNWcxmft SUNWdtbas SUNWdtbax SUNWdtcor SUNWdtct SUNWdtdmn SUNWdtdst SUNWdtdte SUNWdtezt SUNWdthe SUNWdthev SUNWdthez SUNWdticn SUNWdtim SUNWdtjxt SUNWdtlog SUNWdtnsc SUNWdtscm SUNWdtwm SUNWeuxwe SUNWfdl SUNWfns SUNWfnsx SUNWfwdcu SUNWfwdcx SUNWgsdhx SUNWgss SUNWgssc SUNWgssdh SUNWgssk SUNWgsskx SUNWgssx SUNWhiu8 SUNWhiu8x SUNWi13rf SUNWi15cs SUNWi15rf SUNWi1cs SUNWi1of SUNWi2rf SUNWi4rf SUNWi5rf SUNWi7rf SUNWi8rf SUNWi9rf SUNWiniu8 SUNWiniu8x SUNWislcc SUNWislcx SUNWj2pi SUNWj3irt SUNWj3rt SUNWjcom SUNWjcomx SUNWjib SUNWjiu8 SUNWjiu8x SUNWjmfp SUNWjpg SUNWjsnmp SUNWjxmft SUNWkey SUNWkiu8 SUNWkiu8x SUNWkoi8f SUNWkxmft SUNWlpmsg SUNWm64 SUNWm64cf SUNWm64w SUNWm64x SUNWmfrun SUNWmgapp SUNWmp SUNWpamsc SUNWpamsx SUNWpdas SUNWplow SUNWplow1 SUNWpng SUNWppm SUNWrmodu SUNWrmwbr SUNWrmwbu SUNWrmwbx SUNWrsg SUNWrsgk SUNWrsgx SUNWscgui SUNWsmbac SUNWsmbar SUNWspl SUNWsregu SUNWssad SUNWssadx SUNWtiu8 SUNWtiu8x SUNWtltk SUNWtltkx SUNWtxfnt SUNWuxlcf SUNWuxlcx SUNWvid SUNWwbapi SUNWwbcor SUNWwbcou SUNWwbpro SUNWxcu4 SUNWxi18n SUNWxi18x SUNWxildh SUNWxilow SUNWxilrl SUNWxilvl SUNWxim SUNWximx SUNWxwacx SUNWxwcft SUNWxwcsl SUNWxwdem SUNWxwdim SUNWxwdv SUNWxwdvx SUNWxwdxm SUNWxwfa SUNWxwfnt SUNWxwfs SUNWxwhl SUNWxwice SUNWxwicx SUNWxwmod SUNWxwmox SUNWxwoft SUNWxwopt SUNWxwpft SUNWxwplt SUNWxwplx SUNWxwpsr SUNWxwrtl SUNWxwrtx SUNWxwsrv
 
Upvote 0 Downvote
You also might want to look at this thread: thread60-411053.

Although the document was written for Solaris 8, you might get some other ideas.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arciua
  • Locked
  • Question
SUN Solaris 7: How to pin Workspace Menu?
Replies
0
Views
699
arciua
arciua
austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
696
AvayaTier3
AvayaTier3
MauroCMSVR
  • Locked
  • Question
Print as PDF file in Solaris System
Replies
0
Views
541
MauroCMSVR
MauroCMSVR
BOKA
  • Locked
  • Question
Solaris NTP server
Replies
0
Views
513
BOKA
BOKA
thiruram
  • Locked
  • Question
SOLARIS 8
Replies
1
Views
604
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top