An Overview of Solaris 10 Operating System Security Controls
45
pages
English
Documents
Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres
45
pages
English
Documents
Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres
An Overview o f Solaris 1 0 Opera ting
Sys tem Sec urity Controls
Glenn Brunette
Distinguished Engineer
Sun Microsy stems, Inc.
http://blogs.sun.com/gbrunett/
September 25, 2007
Version 1.0 Copyright © 2007 Sun Micr osystems, Inc. 1 Table o f C ontents
Introduction.................................................................................................................................4
Acknowledgements....................................................................................................................4
Installation Consideratio ns........................................................................................................5
Disk Par titioning.............................................................................................................................................. .....5
Software In stallation Clust ers......................................................................................................... .....................6
Minimization ...................................................................................................................................................... ...6
Configuration Consi derations...................................................................................................9
No n-Exec utable S tacks............................................................................................................... ........................9
File Syste m Security................... ...
Voir
Sys tem Sec urity Controls
Glenn Brunette
Distinguished Engineer
Sun Microsy stems, Inc.
http://blogs.sun.com/gbrunett/
September 25, 2007
Version 1.0 Copyright © 2007 Sun Micr osystems, Inc. 1 Table o f C ontents
Introduction.................................................................................................................................4
Acknowledgements....................................................................................................................4
Installation Consideratio ns........................................................................................................5
Disk Par titioning.............................................................................................................................................. .....5
Software In stallation Clust ers......................................................................................................... .....................6
Minimization ...................................................................................................................................................... ...6
Configuration Consi derations...................................................................................................9
No n-Exec utable S tacks............................................................................................................... ........................9
File Syste m Security................... ...
An Overview of Solaris 10 Operating System Security Controls
Version 1.0
Glenn Brunette Distinguished Engineer Sun Microsystems, Inc. http://blogs.sun.com/gbrunett/
September 25, 2007
Copyright © 2007 Sun Microsystems, Inc.
1
Table of Contents
Introduction........................................................................................................................4........ Acknowledgements...........................................................................................................4........ Installation Considerations.......................................................................................................5 Disk Partitioning...................................................................................................................................................5 Software Installation Clusters..............................................................................................................................6 Minimization.........................................................................................................................................................6 Configuration Considerations.......................................................................................9........... NonExecutable Stacks.......................................................................................................................................9 -File System Security............................................................................................................................................9 Unix Permissions............................................................................................................................................9 Access Control Lists (UFS and ZFS)............................................................................................................10 Mount Options..............................................................................................................................................12 Quotas and Reservations.............................................................................................................................12 Universal Serial Bus (USB) Support..................................................................................................................15 Pluggable Authentication Modules (PAM).........................................................................................................16 Password Security.............................................................................................................................................17 Pluggable Crypt............................................................................................................................................18 Role-based Access Control (RBAC)..................................................................................................................19 Authorizations...............................................................................................................................................20 Rights Profiles..............................................................................................................................................20 Users and Roles...........................................................................................................................................21 Converting the root Account to a Role..........................................................................................................22 Process Rights Management (Privileges)..........................................................................................................23 Privileges Overview......................................................................................................................................23 Privilege Bracketing......................................................................................................................................24 Privilege Debugging.....................................................................................................................................25 Service Management Facility (SMF)..................................................................................................................25 Access Control.............................................................................................................................................25 Execution Contexts.......................................................................................................................................26 Cryptographic Services Management................................................................................................................27 Command-line Utilities..................................................................................................................................28 Administration...............................................................................................................................................28 Compartmentalization (Zones)............................................................................................... ...........................29 General Zones Recommendations...............................................................................................................30 Sparse and Whole Root Zones.....................................................................................................................30 IP Instances for Zones..................................................................................................................................31 Cross-zone Network Communication...........................................................................................................32 Configurable Privileges.................................................................................................................................32 Integrity Management........................................................................................................................................33 Signed ELF Objects......................................................................................................................................33 Basic Audit Reporting Tool (BART)..............................................................................................................33 Solaris Fingerprint Database........................................................................................................................35 Auditing..............................................................................................................................................................35 Audit Policy Configuration.............................................................................................................................36 Audit Record Selection and Display.............................................................................................................36 Packet Filtering..................................................................................................................................................38 IP Filter.........................................................................................................................................................38 TCP Wrappers..............................................................................................................................................39 Remote Access Security....................................................................................................................................40
Version 1.0
Copyright © 2007 Sun Microsystems, Inc.
2
