Jeff,
Sun has been working with the Center for Internet Security for nearly four years on their Solaris guides to align them with Sun's recommended practices and to ensure that the settings recommended could be supported by Sun. In fact, we are working with CIS right now to update the Solaris 10 guide to account for the changes made in the upcoming Solaris 10 11/06 release. The only other guide which does cover some aspects of Solaris 10 is the current version of the DISA UNIX STIG. Of course to automate the implementation and/or assessment of the changes, you can use the Solaris Security Toolkit which is tool developed and supported by Sun. It can be found at: http://www.sun.com/security/jass/ I believe that there are a few settings recommended by CIS that are not accounted for today in the Solaris Security Toolkit, but the vast majority are. All of the other documents and/or checklists of which I am aware have not been updated for Solaris 10. Glenn [EMAIL PROTECTED] wrote:
All, Has anyone out there found a good checklist or tool for securing Solaris 10? I found the CISecurity benchmark, but I didn't know if there was anything else out there? I'm not very well versed on Solaris, but I have the task of double checking the admins to ensure it was locked down. I haven't seen very many checklists posted for this version of Solaris yet. Any suggestions? Thanks in Advance, Jeff
-- Glenn Brunette Distinguished Engineer Director, GSS Security Office Sun Microsystems, Inc.
