OpenSolaris

1. Community: Security
   1. Announcements
   2. News
   3. Blogs
   4. Discussions
   5. Community Projects
      1. Pluggable Authentication Module
      2. Trusted Extensions
         1. History
         2. Trusted Extensions Developer Guide
         3. Installing the Solaris Trusted Extensions Software on a Laptop Computer
         4. Experimental Java Classes for Trusted Extensions Labeling APIs
      3. Secure By Default
         1. Secure by Default Design
      4. Privilege Debugging
      5. RBAC - Role Based Access Control
      6. Auditing
      7. Basic File Privs
      8. Kerberos
      9. Java
      10. SSH
      11. Cryptographic Framework
   6. Library
      1. HOWTO Documents
         1. Privilege Bracketing
      2. Username length
   7. Presentations
   8. Events
   9. Leaders
   10. Observers
   11. Files
   12. Contributor Grants

Secure by Default

Traditionally Solaris systems have provided a large number of network services by default. This open approach is convenient, but it also makes it easy for remote attackers to exploit any vulnerabilities that may exist in the software providing the network services. The Secure by Default project reduces this attack surface by disabling as many network services as possible while still leaving a useful system.

This project changes the default configuration of Solaris so that ssh is the only network-listening service. Other network services are either disabled or configured to accept requests only from the local system.

Secure by Default uses the Solaris Service Management Facility (SMF) to control the affected network services. The key elements of the project are:

• conversion of some existing services to SMF control
• additional properties for existing SMF services to provide for local-only operation
• an SMF profile to configure the system in the hardened state
• a new netservices(1M) command to apply the SMF profile and set related SMF properties

More detailed information about the implementation, including the affected service and property names, is included in the design specification.

Customizing Services

Fresh installations of Solaris will be configured with network services disabled as described above. This initial configuration can be customized using existing SMF commands. Any individual service can be enabled using the normal svcadm(1M) and svccfg(1M) commands.

Disabling network services can be achieved manually by running

     # netservices limited

This can be used on upgraded systems, where no changes are made by default, or to re-establish the hardened state after enabling individual services. Similarly, default services can be enabled as they were in previous Solaris releases by running

     # netservices open

Availability

This project is integrated in Nevada build 42 and Solaris Express 7/06.

Documents

• Overview presentation
• Design specification