You may find:
7 steps to better Solaris Network Settings
Tag:solaris 10 secure ftp
secure ftp |
 110 Viewers|  hackathology 2007-11-21 14:36:26 Publish:1. Configure for more random TCP sequence number generation. Check that in(/etc/default/inetinit), the TCP_STRONG_ISS is set to 2. For instance, TCP_STRONG_ISS=2 2. IP forwarding is to be turned off to prevent the machine acting as a router. To disable IP forwarding, a file "/etc/notrouter" need to be present. If the file is missing, issue the following command to create one : touch /etc/notrouter To prevent dynamic routes updates via the network, move "in.routed" and "in.rdisc" away from "/usr/sbin" directory by perform the following commands : mv /usr/sbin/in.routed /export/home/cfgh/base mv /usr/sbin/in.rdisc /export/home/cfgh/base 3. Change default kernel IP settings for better security. Following the following steps to change the kernel IP defaults values : Setup files and environment: touch /etc/init.d/exconfig ln -s /etc/init.d/exconfig /etc/rc2.d/S70exconfig chmod 744 /etc/init.d/exconfig /etc/rc2.d/S70exconfig Edit file "/etc/init.d/exconfig" and add the following lines: #!/bin/sh # /etc/init.d/exconfig RELEASE=`/usr/bin/uname -r` release7 () { /usr/sbin/ex -set /dev/ip ip_forwarding 0 /usr/sbin/ex -set /dev/ip ip_strict_dst_multihoming 1 /usr/sbin/ex -set /dev/ip ip_send_redirects 0 /usr/sbin/ex -set /dev/ip ip_ignore_redirect 1 /usr/sbin/ex -set /dev/ip ip_forward_src_routed 0 /usr/sbin/ex -set /dev/ip ip_forward_directed_broadcasts 0 /usr/sbin/ex -set /dev/ip ip_respond_to_echo_broadcast 0 /usr/sbin/ex -set /dev/tcp tcp_conn_req_max_q0 4096 /usr/sbin/ex -set /dev/tcp tcp_ip_abort_cinterval 60000 /usr/sbin/ex -set /dev/ip ip_respond_to_timestamp 0 /usr/sbin/ex -set /dev/ip ip_respond_to_timestamp_broadcast 0 /usr/sbin/ex -set /dev/ip ip_respond_to_address_mask_broadcast 0 /usr/sbin/ex -set /dev/arp arp_cleanup_interval 60000 id -a mqm > /dev/null 2>&1 if [ \$? -eq 0 ] then /usr/sbin/ex -set /dev/tcp tcp_keepalive_interval 600000 fi } release8 () { /usr/sbin/ex -set /dev/ip ip6_forwarding 0 /usr/sbin/ex -set /dev/ip ip6_strict_dst_multihoming 1 /usr/sbin/ex -set /dev/ip ip6_send_redirects 0 /usr/sbin/ex -set /dev/ip ip6_ignore_redirect 1 /usr/sbin/ex -set /dev/ip ip6_forward_src_routed 0 /usr/sbin/ex -set /dev/ip ip_ire_arp_interval 60000 } release6 () { /usr/sbin/ex -set /dev/ip ip_respond_to_echo_broadcast 0 /usr/sbin/ex -set /dev/ip ip_forward_directed_broadcasts 0 /usr/sbin/ex -set /dev/ip ip_strict_dst_multihoming 1 /usr/sbin/ex -set /dev/ip ip_ignore_redirect 1 /usr/sbin/ex -set /dev/ip ip_forward_src_routed 0 } if [ \$RELEASE = "5.7" ] then release7 elif [ \$RELEASE = "5.8" ] || [ \$RELEASE = "5.10" ] || [ \$RELEASE = "5.9" ] then release7 release8 elif [ \$RELEASE = "5.6" ] then release6 fi 4. Disable multicast from the server, edit the file "/etc/rc2.d/S72inetsvc" and comment out/remove the following lines : #( #if [ "$_INIT_NET_STRATEGY" = "dhcp" ]; then # mcastif=`/sbin/dhcpinfo Yiaddr` || mcastif=$_INIT_UTS_NODENAME #else # mcastif=$_INIT_UTS_NODENAME #fi # #echo "Setting default Ipv4 interface for multicase:" \ # "add net 224.0/4: gateway $mcastif # #/usr/sbin/route -n add -interface "224.0/4" "$mcastif" >/dev/null #)& For Solaris 10 Multicast would be disabled using /etc/rc2.d/S72inetsvc-os10 5. Denial of Service Prevention System Settings. Services that must be disabled on all servers, unless required by business function from /etc/services. Services include: ftp-data ftp tftp pop2 pop3 pop-2 nntp chargen daytime discard echo finger talk who whois new-rwho klogin eklogin telnet systat netstat time 6. Prevent "core dump" generated by inetd as it may contain login information. This could be achieved by editing the file "/etc/rc2.d/S72inetsvc". Change the line : /usr/sbin/inetd -s & to /usr/bin/ulimit -c 0; /usr/sbin/inetd -s -t & Note : ulimit -c 0 : set the core file size to 0 byte inetd -s -t : stand-alone server with tracing of all tcp connections For Solaris 10 Create the script /etc/rc2.d/S72inetsvc-os10 as per below. #cat /etc/rc2.d/S72inetsvc-os10 IPADDR=`netstat -nr | grep -w 224.0.0.0 | awk '{print $2}'` /usr/sbin/route -n delete -interface "224.0/4" $IPADDR /usr/sbin/svcadm enable inetd /usr/sbin/inetadm -M tcp_trace=TRUE #chmod 555 /etc/rc2.d/S72inetsvc-os10 7. .netrc files System Settings (.netrc files, .netrc files in root’s home directory). Files are not permitted, remove the files if any, issue command find / -name .netrc -print The Hacka Man Yahoo: secure ftp 7 steps to better Solaris Network Settings solaris 10 secure ftp Google: solaris 10 secure ftp 7 steps to better Solaris Network Settings secure ftp |
Related
›› [Java How-To] #1 FTP Without a Plugin
›› gcc-4.1.1 solaris 10 AMD Sun Fire X4100
›› hardening solaris ten
›› LDOM Installation
›› Building and installing OpenLDAP v2.4.7
›› Solaris tips - find out RAM and HD size
›› Oracle 10gR2 RAC : Solaris 10 U1 on ESX
›› Using ufsdump for directory backup
›› UNIXCBT feat Solaris 10
›› uninitialized state for any service on s
›› gcc-4.1.1 solaris 10 AMD Sun Fire X4100
›› hardening solaris ten
›› LDOM Installation
›› Building and installing OpenLDAP v2.4.7
›› Solaris tips - find out RAM and HD size
›› Oracle 10gR2 RAC : Solaris 10 U1 on ESX
›› Using ufsdump for directory backup
›› UNIXCBT feat Solaris 10
›› uninitialized state for any service on s
Computers Latest
›› FTPGetter v3.0.0.33
›› THC Accused of Rudolf Host-napping, Comp
›› Free Ringtone Sprint Pictures Of You
›› Workaround for archiving my "Other Journ
›› The BEST Web Hosting for Any Budget
›› What is an FTP Server?
›› Windows FTP Analyst
›› Fast, Secure and Free Web Based FTP Clie
›› Core FTP LE 2.1 (Build 1607)
›› Core FTP 2.1 Build 1612
›› TurboFTP 6.00
›› SSH Port Forwarding
›› THC Accused of Rudolf Host-napping, Comp
›› Free Ringtone Sprint Pictures Of You
›› Workaround for archiving my "Other Journ
›› The BEST Web Hosting for Any Budget
›› What is an FTP Server?
›› Windows FTP Analyst
›› Fast, Secure and Free Web Based FTP Clie
›› Core FTP LE 2.1 (Build 1607)
›› Core FTP 2.1 Build 1612
›› TurboFTP 6.00
›› SSH Port Forwarding
Computers Popular
›› EducationDynamics Experts to Discuss Inn
›› OpenCandy: A New Kind of Adware/Spyware
›› Fast, Secure and Free Web Based FTP Clie
›› 7 steps to better Solaris Network Settin
›› Ultra Antivir 2009 Removal Instructions
›› HP Compaq CQ2035D Nettop
›› How to remove "Your system was infected
›› Spyware Doctor v6.0.0.427 + Full License
›› Remove WinPC Antivirus rogue anti-spywar
›› Netbooks Computer Store
›› Putty .ppk convert to SecureCRT .pub
›› How to make money as an adware distribut
›› OpenCandy: A New Kind of Adware/Spyware
›› Fast, Secure and Free Web Based FTP Clie
›› 7 steps to better Solaris Network Settin
›› Ultra Antivir 2009 Removal Instructions
›› HP Compaq CQ2035D Nettop
›› How to remove "Your system was infected
›› Spyware Doctor v6.0.0.427 + Full License
›› Remove WinPC Antivirus rogue anti-spywar
›› Netbooks Computer Store
›› Putty .ppk convert to SecureCRT .pub
›› How to make money as an adware distribut