Oracle Solaris 11 Hardening

1. Update and Patch

2. Remove Unnecessary Services
3. Firewall Configuration
4. User Account Management
5. File system hardening
6. Audit Logging
7. Network Security
8. SSH Configuration
9. System Resource Control
10. Security Compliance Checking
11. System Monitoring
12. Regular Security Audit
13. Documentation
 1. Update and Patch

Ensure that the system is up-to-date with the latest patches and updates. Use the Oracle
support portal to download and apply the necessary
To update and patch Oracle Solaris 11, can use the pkg (Package) management commands.
The primary command for this purpose is pkg update. Here are the basic steps:
1.Update the Package Repository Catalog: Before updating the packages, you should ensure
that your package repository catalog is up to date.
2.Update Installed Packages: After refreshing the package repository catalog, and update
the installed packages to the latest versions available in the repository:

3.Install Available Updates: If there are any updates available, you can install them
4.Reboot if Necessary: Some updates may require a system reboot. If this is the case, the
system will usually display a message indicating that a reboot is required.

2. Remove Unnecessary Services

Identify and disable or remove unnecessary services and daemons running on the
system. This helps reduce the attack surface.
1. Identify Running Services:
Use the svcs command to list the currently running services:

Review the list of services and identify those that are unnecessary for your system's
functionality.
2. Disable Unnecessary Services:
Use the svcadm command to disable specific services. For example, to disable the Telnet
service:
Replace network/telnet with the actual service name you want to disable.
3. Check and Disable Services at Boot:
Use the svcprop command to check if a service is enabled to start at boot:
To disable a service from starting at boot, use the svcadm command:

4. Review and Disable Legacy Services:

Oracle Solaris 11 may still support legacy services that are not secure by default. Review the
inetd configuration for legacy services and disable them. Edit the /etc/inet/inetd.conf file to
comment out or remove unnecessary services.

After editing, restart the inetd service:

5. Audit Services Regularly:
Periodically review and audit the enabled services on your system. Ensure that only essential
services are running and that they are configured securely.
6. Document Changes:
Keep detailed documentation of the services you disable and the reasons behind each
decision. This documentation is valuable for troubleshooting and audits.

3. Firewall Configuration
Configure the built-in firewall to allow only necessary incoming and outgoing traffic. The
ipfilter and ipfw utilities can be used for this purpose.
1. Install IPFilter:
Ensure that the IPFilter package is installed on your system. You can use the following
command to install it:
2. Enable and Start IPFilter:
Enable the IPFilter service and start it:
3. Configure IPFilter Rules:
Create a configuration file for IPFilter, typically located at /etc/ipf/ipf.conf. Edit the file using
a text editor (e.g., vi or nano) and add your filtering rules.
This example allows all incoming and outgoing traffic on the e1000g0 interface but logs and
blocks any other incoming traffic.
4. Reload IPFilter Rules:
After modifying the ipf.conf file, you need to reload the IPFilter rules to apply the changes:
5. Enable IPFilter at Boot:
Ensure that IPFilter starts at boot time:
6. Verify IPFilter Status:
Check the status of IPFilter to ensure that it is running without any errors:
7. Monitor IPFilter Logs:
IPFilter logs can be found in the /var/adm/messages file. Monitor these logs regularly for any
indications of blocked or allowed traffic.
8. Test Firewall Rules:
Thoroughly test your firewall rules to ensure that they are working as expected. Verify that
only the intended traffic is allowed and that unauthorized traffic is blocked.
9. Adjust Rules as Needed:
As your network requirements change, you may need to modify your IPFilter rules
accordingly. Update the ipf.conf file and reload the rules.

4. User Account Management

Follow best practices for user account management:
• Disable unnecessary user accounts.
• Enforce strong password policies.
• Use role-based access control (RBAC) to restrict user privileges.
Creating a User Account:
To create a new user account, you can use the useradd command. For example:
sudo useradd -m -s /bin/bash username
Setting User Password:
You can use the passwd command to set or change the password for a user:
sudo passwd username

Modifying User Account:

The usermod command is used to modify user account attributes.
Deleting a User Account:
To delete a user account, use the userdel command:
5. File system hardening
Access Controls:
Implement strong access controls to restrict file and directory access to only authorized
users and processes.
Use the principle of least privilege, granting users and processes only the minimum
permissions necessary to perform their tasks.
File Permissions:
Regularly review and update file permissions to ensure that only authorized users have
access to sensitive files.
Remove unnecessary read, write, and execute permissions for non-essential users or
processes.
Encryption:
Encrypt sensitive data stored in the file system to protect it from unauthorized access. This
includes using full-disk encryption or encrypting specific files and directories.
File System Auditing:
Enable file system auditing to log and monitor file access and changes. Regularly review
audit logs for any suspicious or unauthorized activities.
Logging and Monitoring:
Implement comprehensive logging and monitoring mechanisms to detect and respond to
any unusual file system activities promptly.
Integrate file system logs with a centralized log management system for easier analysis and
correlation of events.
Integrity Checking:
Implement file integrity checking tools to detect unauthorized changes to critical system
files. Regularly scan and verify the integrity of files and directories.
Regular Updates and Patching:
Keep the operating system and file system software up-to-date with the latest security
patches to address known vulnerabilities.
Network File System (NFS) Security:
If using NFS, secure the NFS configuration to prevent unauthorized access and ensure data
integrity during file transfers.
Secure Backup and Recovery:
Implement secure backup practices to protect against data loss and ensure the availability of
critical files in the event of a system failure or compromise.
File System Quarantine:
Isolate and quarantine files suspected of being malicious to prevent further harm. Employ
tools and practices to analyze and neutralize potential threats.
User Training and Awareness:
Educate users about secure file handling practices, such as avoiding opening suspicious files
and being cautious with file-sharing activities.
Endpoint Protection:
Deploy endpoint protection solutions that include file system monitoring and threat
detection capabilities.
Disable Unnecessary Services:
Disable unnecessary services and features that may introduce vulnerabilities to the file
system.

6. Audit Logging
Enable and configure the audit framework to monitor and log security-relevant events.
Regularly review audit logs for any suspicious activities.
The Audit service in Solaris is managed by the auditd daemon Audit logs are stored in the
specified directory (e.g., /var/audit).
Review logs regularly using tools like auditreduce, praudit, or the audit_viewer GUI.

7. Network Security
Disable unnecessary network services.
• Use tools like tcpwrappers to control access to network services.
• Implement network segmentation and VLANs to isolate sensitive components.
Firewall: Solaris 11 includes the ipfilter and ipfw utilities for configuring firewalls. You can
use these tools to set up rules to control incoming and outgoing network traffic.
IPS (Image Packaging System) and Updates:
Keeping the operating system and software up-to-date is crucial for security. Solaris 11 uses
IPS for package management, allowing you to easily update the system and applications.
RBAC (Role-Based Access Control):

RBAC allows administrators to define roles and assign specific privileges to those roles. By
using RBAC, you can control access to network-related configuration and administration
tasks.
Zones and Virtualization:

Solaris Zones provide a way to virtualize the operating system. By isolating different services
or applications in separate zones, you can enhance security by containing potential security
breaches to a specific zone.
Secure by Default:

Solaris 11 is designed with security in mind, and it follows the principle of being "secure by
default." This means that unnecessary services are disabled by default, and you need to
explicitly enable them if required.
Encryption and Security Protocols:

Solaris 11 supports various encryption and security protocols, including IPsec, for securing
communication between systems. Ensure that you configure these protocols appropriately
based on your security requirements.
Audit Framework:

Solaris includes an audit framework that allows you to monitor and log system events.
Enabling and configuring auditing can help you track security-related activities and detect
potential security incidents.
Network Intrusion Detection and Prevention:

Consider using additional tools or solutions for network intrusion detection and prevention.
Third-party applications or appliances can be integrated with Solaris 11 to enhance security
against network threats.
Network Services Security:
Disable unnecessary network services and configure the security settings for essential
services. This includes services like SSH, FTP, and others. Use strong authentication methods
and encryption where applicable.
Regular Security Audits and Monitoring:

Implement regular security audits and monitoring to detect and respond to potential
security incidents. This includes reviewing logs, analyzing network traffic, and staying
informed about security vulnerabilities and patches.

8. SSH Configuration
Configure SSH to use strong encryption and key-based authentication.
• Disable root login via SSH if not required.
1. Enable and Configure SSH: Ensure that the SSH service is enabled and properly configured
on your Oracle Solaris 11 system. If it's not installed, you can install it using the following
command:
After installation, you may need to enable and start the SSH service:
2. Configure SSH Options: Edit the SSH configuration file at /etc/ssh/sshd_config to specify
options and restrictions. Some

9. System Resource Control:

Use resource controls such as projects and zones to limit the resources available to specific
users or processes.
Resource Pools (rpool): Resource pools are a fundamental concept in Solaris 11's Resource
Management framework. Resource pools allow administrators to partition system resources,
such as CPU and memory, among different groups of applications or users. This ensures that
each pool gets a fair share of the resources, preventing any single application from
monopolizing the system.

To create and manage resource pools, you can use the pooladm and poolcfg commands. For
example, to create a pool, you can use the following command:

Processor Sets (psets): Processor sets allow you to allocate a specific set of CPUs to a
particular resource pool. This helps in isolating and controlling the CPU resources assigned to
different applications or users.
To create and manage processor sets, you can use the psrset and poolcfg commands. For
example, to associate a processor set with a resource pool:

Projects: Projects in Solaris 11 allow you to group and manage related processes together.
Each project can have resource controls defined, such as CPU shares, memory limits, and
more.

Use the projadd and prctl commands to create and manage projects.

Fair Share Scheduler (FSS): The Fair Share Scheduler is a scheduling class in Solaris that
allows administrators to allocate CPU resources based on specified shares. This helps in
ensuring that each project or application gets its fair share of CPU time.

You can use the priocntl and ps commands to configure and monitor fair share scheduler
settings.

10. Security Compliance Checking

Regulatory Compliance: Identify and understand the relevant industry-specific regulations
and legal requirements that apply to your organization (e.g., GDPR, HIPAA, PCI DSS, SOX).
Regularly monitor updates and changes to compliance standards to ensure ongoing
adherence.
Security Policies and Standards: Develop and enforce security policies and standards that
align with regulatory requirements and best practices.
Periodically review and update policies to address emerging threats and changes in the
business environment.
Risk Assessment: Conduct regular risk assessments to identify potential security
vulnerabilities and assess the impact of these vulnerabilities on compliance.
Prioritize and address high-risk areas to mitigate potential security breaches.
Audit and Assessment: Perform regular internal and external audits to assess compliance
with security policies and standards.
Use tools and methodologies to conduct vulnerability assessments and penetration testing.
Documentation and Reporting: Maintain comprehensive documentation of security
controls, processes, and compliance measures.
Generate regular reports to demonstrate compliance status to stakeholders, auditors, and
regulatory authorities.
Training and Awareness: Provide ongoing security training and awareness programs for
employees to ensure they understand and comply with security policies.
Foster a culture of security awareness and responsibility within the organization.
Incident Response and Monitoring: Establish an incident response plan to quickly and
effectively respond to security incidents.
Implement monitoring systems to detect and respond to security events in real-time.
Continuous Monitoring and Improvement: Implement continuous monitoring processes to
ensure that security controls are consistently applied.
Regularly review and update security measures based on the evolving threat landscape and
compliance requirements.
Third-Party Compliance: Evaluate and ensure that third-party vendors and partners comply
with security standards to mitigate risks associated with external relationships.
Automated Compliance Tools: Consider leveraging automated tools and technologies to
streamline compliance checks and assessments, reducing manual effort and improving
accuracy.

11. System Monitoring

Set up monitoring tools to detect and alert on unusual or suspicious activities. This may
include the use of intrusion detection systems (IDS) or security information and event
management (SIEM) solutions.
Use System Monitoring Tools:
1. prstat: Use the prstat command to monitor resource usage, including CPU, memory, and
process statistics.
2. vmstat: Utilize vmstat to display information about system virtual memory, including swap
space usage.
3. iostat: Monitor input/output statistics using iostat to identify potential disk I/O issues.
4. sar: Use sar (System Activity Reporter) to collect, report, or save system activity
information.

12. Regular Security Audit

Conduct regular security audits to identify and address potential vulnerabilities.
1. Periodic Audits:
• Conduct regular security audits to identify vulnerabilities and assess the overall
security posture of the system.
2. Vulnerability Scanning:
• Use vulnerability scanning tools to identify security weaknesses and ensure that
patches are up-to-date.
• Update incident response plans based on lessons learned during drills or actual
incidents.
• Implement regular backups and test the restoration process. • Develop a disaster recovery
plan. in solaris 11

13. Documentation
Maintain detailed documentation of the system's security configuration and any changes
made. This documentation is crucial for audits and troubleshooting.