I would highly recommend downloading and running "TITAN"
(http://www.fish.com/titan). It is a Solaris Security tightening program. I've
run it, and the results are EXCELLENT!
Hope this helps, instead of adding to the confusion.
Scott McHenry,
Sys Eng / CSC
--------Original Message-----------
Date: Tue, 23 May 2000 09:22:35 -0600
From: "Huff, Taylor" <[EMAIL PROTECTED]>
Subject: RE: [FW1] Checkpoint dependencies on minimal Solaris install
If you are going to have the Management Server on the same box as the
firewall module all you need to add is SUNWlibC. I also add the SUNWntpu
package for network time.
Taylor
- -----Original Message-----
From: Robert Carr [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 23, 2000 12:35 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Checkpoint dependencies on minimal Solaris install
Hi,
I'm about to install Checkpoint Firewall-1 4.1
under Solaris 7 and would like to do so under the most
minimal install. I've read Lance Spitzner's and
others' documentation, but I have questions about
Solaris / Checkpoint dependencies that I haven't been
able to find specific answers to:
(1) What minimal Solaris feature-set can I get away
with installing? Can I get away with installing the
CORE feature-set?
(2) What additional packages would I need to install
over and above that feature-set, which Checkpoint
requires (or which you would otherwise recommend)?
Does Checkpoint need FlexLM? SUNWcsu for modload?
SUNWter for /bin/ed? Anything else?
(3) Does Checkpoint require certain suid/sgid
binaries? I'm going to remove suid/sgid from all
but a few binaries. By doing so, will I break
anything for Checkpoint? Are there any privileged
binaries which must remain suid/sgid for Checkpoint's
purposes? Would using ACLs with particular binaries
interfere with Checkpoint?
(4) If (after installation of all software) I mount
certain file-systems as read-only (for instance /usr
or /opt) or no-suid, will that present a problem for
Checkpoint?
(5) Are there any inetd-spawned services or RPC
services which must remain for Checkpoint (assuming no
GUI is installed)? Is IPC required at all?
(6) Do you recommend installing the Basic Security
Module?
(7) Would enabling ip_strict_dst_multihoming interfere
with FW-1?
(8) Does FW-1 have any other dependencies on the OS
which I might inadvertently screw up by hardening the
host?
And I assume FW-1 4.1 requires Solaris 7 to be
installed in 32-bit mode instead of 64-bit, correct?
Thanks in advance,
- -- R.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
