Solaris Basic Security Configuration A

A sun system, like the NT system, is vulnerable to all kinds of hateful attacks from the Internet. Fortunately, unlike NT, you can use the following three simple means to make sun relatively safe, they are:

1) Prevent stack Overflow

2. Close Unused Service

3) to the system to make patches

#1 Prevent Stack Overflow

At least 90% of all security problems come from so-called "stack overflows." An attacker could alter execution by giving a program that runs as root a lot more input than it expected, making it impossible for the attacked program to handle.

Process to execute code specified by the attacker.

Both Solaris 2.6 and Solaris 7 have the ability to set the user stack as not executable so that the attack is not successful. To enable this feature:

0) becomes root

1 Make a copy of the/etc/system file

Cp/etc/system/etc/system. BACKUP

2 Edit the/etc/system file with your favorite editor

3 to the end of the file, insert the following lines:

Set Noexec_user_stack=1

Set Noexec_user_stack_log=1

4 Save the file and exit the editor

Once the machine is restarted, the changes will take effect. If this is not a system that you can shut down, then it is possible to use the ADB to change the parameters of a running system, but that is not something I personally enjoy doing.

Of course there are some legitimate programs that use the executable stack do not function correctly after you make a change. Fortunately, there are not many such programs, and all I know is the GNU Ada compiler.

#2 turn off services that are not needed in inetd.conf

There are many services that are not needed to be automatically in the enabling State. Potential vulnerabilities in them will allow attackers to control your machine without even needing an account. Turn off these unwanted services to protect your system, and you can