[rescue] emo U60 moment (recommendation for SAPP on Solaris 10?)
Dimitar Vasilev
dimitar.vassilev at gmail.com
Mon Nov 27 00:20:05 CST 2006
> - What do you do to tighten down how wide-open Solaris 10 is by default?
Disable all unnecessary services via SMF, change the passwd hash algo,
create an /etc/init.d/inetinit file to
include desired ndd settings, enable ipfilter, run BART on scheduled basis,
enable ipfilter and filter out most of the traffice,
enable BSM, enable noexec_user_stack_protection=1 and
noexec_stack_protection_log=1 in /etc/system,
create some role profile accounts, remove some SUID bits, add
nodev,nosuid,noexec options to some filesystems - /tmp,/export/home and
others.
Me too am in similar sutiation as you for SQL, so hope other colleagues will
give better recommendations.
Cheers,
--
P�P8P<P8Q�Q
Q P�P0Q�P8P;P5P2
Dimitar Vassilev
GnuPG key ID: 0x4B8DB525
Keyserver: pgp.mit.edu
Key fingerprint: D88A 3B92 DED5 917E 341E D62F 8C51 5FC4 4B8D B525
More information about the rescue
mailing list