Brian Cuttler wrote:
Gene, et al,
Brian, for those of us who have not heard of JASS, and for the lists
enlightenment, could you discuss what it is and does without having to write a
new War & Peace?
JASS is a set of scripts provided by SUN to harden systems.
There are several different driver choices, for desktops, servers,
etc which will enable/disable different services. I believe all
check system passwords, set password expiration and length, etc.
>From the look of it hundreds of items are checked/altered.
JASS can be run independently or can be specified as an option
during install or as an adjunct to creation of non-global zones.
JASS itself installs as a package from SUN.
Another alternative is to go through the NSA security guide for Solaris
(see
http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml).
They also have guides for Mac OS X, Linux, Windows, and various
applications. I prefer locking down what I want to the degree I want,
reading through the guide step by step and making a decision at each
step. Then I feel like I understand what I have done (and I have
documented it).
I've also gone the route of starting with the minimal Solaris install
and then adding specifically what I want, chasing dependencies when
necessary (so on a lot of the steps of the NSA guide, what they want
secured or disabled, I don't even have installed). So my servers have an
extremely lean OS with no GUI elements, no Java elements, etc. (my
management interface is serial ILOM --
http://blogs.umass.edu/choogend/2008/05/23/ammonoidea/). After an
install, I do the latest recommended and security patches, and then go
through the NSA security guide before installing and configuring
applications. When setting up a bunch of servers, I'll set up one and
then clone the basic setup to the others.
--
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<[email protected]>
---------------
Erdös 4
