I just finished using JASS 4.2 from Sun on 4 Solaris 10 installs. In the past, I used Titan, but JASS is better integrated. JASS has an audit (like Titan) capability that doesn't change the system, but it will tell you how well your system is locked down based on your policy that you created.
I'm in the process right now of comparing the CIS Solaris Benchmark v2.1.1 against the standard JASS lock down/ audit script called secure.driver. From a cursory view, it looks like the CIS benchmark is covered, but there may be some missing parts. The only part that disappointed me about JASS was the lack of additional user support. I thought that there should have been some additional sites with info on JASS and some additional scripts, but I didn't find anything interesting. I personally added 8 additional scripts to do things like fully qualify the host in /etc/inet/hosts and /etc/inet/ipnodes, install additional packages, update the aliases file, ensure that a default route was defined, set nosuid on certain partitions in /etc/vfstab, and set the PS1, PATH, and EDITOR variables in /etc/profile. Ron Ogle -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 12:11 PM To: [email protected] Subject: Securing Solaris 10 All, Has anyone out there found a good checklist or tool for securing Solaris 10? I found the CISecurity benchmark, but I didn't know if there was anything else out there? I'm not very well versed on Solaris, but I have the task of double checking the admins to ensure it was locked down. I haven't seen very many checklists posted for this version of Solaris yet. Any suggestions? Thanks in Advance, Jeff
