[SunHELP] Secure, Default Installation of Solaris

Ben Ricker sunhelp at sunhelp.org
Tue Mar 27 09:11:14 CST 2001


On 26 Mar 2001 22:31:17 -0800, Kevin Stevens wrote:
> > I was kind of disappointed with the Solaris intsall process throgh Web
> > Install. I tried the core install but could not install Gigabit ethernet
> > because it required the 'Delevoper' install (!). So now, I have to audit
> > all the packages installed to see what I need and do not need. My Sun
> > rep said that there is no dependency list for Gigabit ethernet 3, so I
> > could not just install a subset of the developer install, not that it
> > would allow me to customize that install in the least bit.
> >
> > We exist in a high security environement and I was wondering if anyone
> > has some tricks/hints on doinf secure, but functional installs. Can you
> > get package lists and dependencies? I am starting to like Linux more and
> > more.....
 
> Wouldn't it be easier to start with a less detailed install and just add the
> gigabit package?


I honestly tried to do that, but I had no idea what packages gigabit
required. All the intaller would say is I must install the Developers
install to run Gigabit 3. This may be a weakness on my oart, but how do
you get dependencies information? My Sun Support guyy said I could not
install the Core system and Gigabit ethernet; I must install the
develper's install. Fine I did it. Took me 20 minutes to pick through
the dozens of servers and scripts running; I cut out 30 processes.
Anyway, I am venting. Pardon Moi.....

> Alternatively, there is a utility which goes through and sets various levels
> of security on the system, I'm spacing on the name but am thinking
> art-something?  apropos security didn't turn it up, but I know it's out there,
> someone mentioned it awhile back and I checked it out then.

I have used a nifty script called Armoring Linux :
http://www.enteract.com/~lspitz/armoring.html . It does a good first
stab at it. I also run a script called tunetcp which sets some tcp echo
parameters, sets up a wheel group for su, and ll those little things.

 Ben Ricker




More information about the SunHELP mailing list