An Overview of Solaris 10 Operating System Security Controls

Nosher - Glenn Brunette

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

45 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

An Overview o f Solaris 1 0 Opera ting
Sys tem Sec urity Controls
Glenn Brunette
Distinguished Engineer
Sun Microsy stems, Inc.
http://blogs.sun.com/gbrunett/
September 25, 2007
Version 1.0 Copyright © 2007 Sun Micr osystems, Inc. 1Table o f C ontents
Introduction.................................................................................................................................4
Acknowledgements....................................................................................................................4
Installation Consideratio ns........................................................................................................5
Disk Par titioning.............................................................................................................................................. .....5
Software In stallation Clust ers......................................................................................................... .....................6
Minimization ...................................................................................................................................................... ...6
Configuration Consi derations...................................................................................................9
No n-Exec utable S tacks............................................................................................................... ........................9
File Syste m Security................... ...

Sujets

Privilège

Sunda

Total autorisé de capture

Audition (film, 1999)

Pools of Darkness

Blueprint (homonymie)

Informations

Publié par	Nosher
Nombre de lectures	46
Langue	English

Extrait

An Overview of Solaris 10 Operating System Security Controls

Version 1.0

Glenn Brunette Distinguished Engineer Sun Microsystems, Inc. http://blogs.sun.com/gbrunett/

September 25, 2007

Table of Contents

Introduction........................................................................................................................4........ Acknowledgements...........................................................................................................4........ Installation Considerations.......................................................................................................5 Disk Partitioning...................................................................................................................................................5 Software Installation Clusters..............................................................................................................................6 Minimization.........................................................................................................................................................6 Configuration Considerations.......................................................................................9........... NonExecutable Stacks.......................................................................................................................................9 -File System Security............................................................................................................................................9 Unix Permissions............................................................................................................................................9 Access Control Lists (UFS and ZFS)............................................................................................................10 Mount Options..............................................................................................................................................12 Quotas and Reservations.............................................................................................................................12 Universal Serial Bus (USB) Support..................................................................................................................15 Pluggable Authentication Modules (PAM).........................................................................................................16 Password Security.............................................................................................................................................17 Pluggable Crypt............................................................................................................................................18 Role-based Access Control (RBAC)..................................................................................................................19 Authorizations...............................................................................................................................................20 Rights Profiles..............................................................................................................................................20 Users and Roles...........................................................................................................................................21 Converting the root Account to a Role..........................................................................................................22 Process Rights Management (Privileges)..........................................................................................................23 Privileges Overview......................................................................................................................................23 Privilege Bracketing......................................................................................................................................24 Privilege Debugging.....................................................................................................................................25 Service Management Facility (SMF)..................................................................................................................25 Access Control.............................................................................................................................................25 Execution Contexts.......................................................................................................................................26 Cryptographic Services Management................................................................................................................27 Command-line Utilities..................................................................................................................................28 Administration...............................................................................................................................................28 Compartmentalization (Zones)............................................................................................... ...........................29 General Zones Recommendations...............................................................................................................30 Sparse and Whole Root Zones.....................................................................................................................30 IP Instances for Zones..................................................................................................................................31 Cross-zone Network Communication...........................................................................................................32 Configurable Privileges.................................................................................................................................32 Integrity Management........................................................................................................................................33 Signed ELF Objects......................................................................................................................................33 Basic Audit Reporting Tool (BART)..............................................................................................................33 Solaris Fingerprint Database........................................................................................................................35 Auditing..............................................................................................................................................................35 Audit Policy Configuration.............................................................................................................................36 Audit Record Selection and Display.............................................................................................................36 Packet Filtering..................................................................................................................................................38 IP Filter.........................................................................................................................................................38 TCP Wrappers..............................................................................................................................................39 Remote Access Security....................................................................................................................................40

Version 1.0