---- Glenn Brunette <[EMAIL PROTECTED]> wrote: > > Jeff, > > Sun has been working with the Center for Internet Security for > nearly four years on their Solaris guides to align them with > Sun's recommended practices and to ensure that the settings > recommended could be supported by Sun. In fact, we are working > with CIS right now to update the Solaris 10 guide to account for > the changes made in the upcoming Solaris 10 11/06 release. > > The only other guide which does cover some aspects of Solaris > 10 is the current version of the DISA UNIX STIG. > > Of course to automate the implementation and/or assessment of the > changes, you can use the Solaris Security Toolkit which is tool > developed and supported by Sun. It can be found at: > > http://www.sun.com/security/jass/ > > I believe that there are a few settings recommended by CIS that > are not accounted for today in the Solaris Security Toolkit, but > the vast majority are. > > All of the other documents and/or checklists of which I am aware > have not been updated for Solaris 10. > > Glenn > > > [EMAIL PROTECTED] wrote: > > All, > > > > Has anyone out there found a good checklist or tool for securing Solaris > > 10? I found the CISecurity benchmark, but I didn't know if there was > > anything else out there? I'm not very well versed on Solaris, but I have > > the task of double checking the admins to ensure it was locked down. I > > haven't seen very many checklists posted for this version of Solaris yet. > > > > Any suggestions? > > > > Thanks in Advance, > > Jeff > > > > -- > Glenn Brunette > Distinguished Engineer > Director, GSS Security Office > Sun Microsystems, Inc.
Glenn, As someone who has to use the DISA STIG to secure systems Solaris and Linux systems, I would not recommend the current DISA STIG as guidance for anyone trying to secure a Solaris 10 system. From what I have read of DISA's current STIG (5.1) mentions Solaris 10 in 11 instances but does not go into any deatil on how to use the security features of the OS or any recommendations. Further, I just used the September release of the DISA SRR scripts (generally not available to the public) and found that some of them support Solaris 10, while other scripts do not. If I was going to recommend documentation from the Government, I would recommend the NSA guides. The NSA has not released a guide for Solaris 10 (yet), but I find their guides straightforward and cover securing the OS (and why) far better than anything DISA produces. Robert Escue System Administrator
