Thank you very much for this information and links! I am now installing Solaris 10. After that I will go over the checklist from the DISA site.
Regards, Subbarao Mike Gerdts wrote: > On Sat, Sep 12, 2009 at 6:52 AM, Subba Rao <subbapi at tanucoo.com> wrote: >> Hi, >> >> My experience is mostly with AIX and Linux. I have been assigned a task >> to check the security of a Solaris system. I have downloaded the > > The checklist at > http://iase.disa.mil/stigs/checklist/unix_checklist_v5r1-19_20090815.zip > (linked from http://iase.disa.mil/stigs/checklist/) may be of help > here. I stumbled across it just recently and have not given a > thorough review. It looks to have some very good stuff, however. > Inside the zip file are lots of MS word documents. The one that > seemed most useful to me is Unix-Sec3-081509.doc, but I haven't looked > at the appendices. > >> OpenSolaris VMware appliance from vmplanet. > > You could also download virtualbox (free) and Solaris 10x86 media > (free) and install Solaris 10 into virtualbox. I don't know of any > Solaris 10 appliances. > > http://www.virtualbox.org/ > http://www.sun.com/software/solaris/get.jsp#download > >> What are the security commands on Solaris that I need to be familiar >> with? I wanted to check the interface settings and executed "ifconfig". >> The syntax appears to be a lot different. Same with "ping", I get the >> "xyz is alive". > > The UNIX Rosetta Stone can be of great help here. > > http://bhami.com/rosetta.html > >> Is there a big difference between the commercial Solaris and OpenSolaris? > > There is a great deal of similarity between Solaris and OpenSolaris, > but there are also areas that diverged. For example, ifconfig and > ping are pretty much identical. However, the way that network > interfaces are configured to come up at boot have changed. If your > evaluation target is Solaris 10, I highly suggest virtualbox + Solaris > 10. Note that later releases of Solaris 10 are hardened out of the > box more than earlier releases of Solaris 10 and lots more than > previous releases of Solaris. > > Glenn Brunette has a lot to say about this... > > http://blogs.sun.com/gbrunett/tags/secure-by-default > >> Thank you for any help and advice. > > FWIW, I think the sysadmin-discuss list has people that have current > familiarity with Solaris, OpenSolaris, AIX, and other OS's. They may > be of help if you are trying to get into more detail than the Rosetta > stone offers. >
