HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
Rough Cuts are manuscripts that are developed but not yet published, available through Safari. Rough Cuts provide you access to the very latest information on a given topic and offer you the opportunity to interact with the author to influence the final publication.
This is a working draft of a pre-release book. It is available before the published date as part of the Rough Cuts service.
Solaris™ 10 Security Essentials describes the various security technologies contained in the Solaris operating system. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment, whether your systems are on the edge of the Internet or running a data center. The authors present the material in a straightforward way that makes a seemingly arcane subject accessible to system administrators at all levels.
The strengths of the Solaris operating system’s security model are its scalability and its adaptability. It can protect a single user with login authentication or multiple users with Internet and intranet configurations requiring user-rights management, authentication, encryption, IP security, key management, and more. This book is written for users who need to secure their laptops, network administrators who must secure an entire company, and everyone in between.
The book’s topics include
Solaris™ 10 Security Essentials is the first in a new series on Solaris system administration. It is a superb guide to deploying and managing secure computer environments.
Preface xv
About the Authors xix
Chapter 1: Solaris Security Services 1
1.1 A Solaris Security Story 1
1.2 Security Services in the Solaris OS 3
1.3 Configurable Security Services in the Solaris OS 5
Chapter 2: Hardening Solaris Systems 9
2.1 Securing Network Services 9
2.2 Configuration Hardening 16
2.3 Basic Audit and Reporting Tool 20
2.4 Signed ELF Filesystem Objects 22
2.5 Solaris Fingerprint Database (sfpDB) 23
Chapter 3: System Protection with SMF 29
3.1 Service Management Facility (SMF) 29
3.2 How SMF Configuration Works 30
3.3 Modifying Solaris Services Defaults 31
Chapter 4: File System Security 41
4.1 Traditional UNIX File System Security 41
4.2 ZFS/NFSv4 ACLs 48
4.3 Maintaining File System Integrity 52
4.4 UFS and NFSv4 Mount Options 57
4.5 ZFS Mount Options 58
4.6 ZFS Delegated Administration 59
Chapter 5: Privileges and Role-Based Access Control 63
5.1 Traditional UNIX Security Model 63
5.2 Solaris Fine-Grained Privileges 66
5.3 Solaris Role-Based Access Control 72
5.4 Privileges for System Services 90
Chapter 6: Pluggable Authentication Modules (PAM) 95
6.1 The PAM Framework 96
6.2 The PAM Modules 96
6.3 The PAM Configuration File 101
6.4 PAM Consumers 106
6.5 The PAM Library 109
6.6 PAM Tasks 110
Chapter 7: Solaris Cryptographic Framework 113
7.1 PKCS #11 Standard and Library 114
7.2 User-Level Commands 119
7.3 Administration of the Solaris Cryptographic Framework 122
7.4 Hardware Acceleration 125
7.5 Examples of Using the Cryptographic Framework 127
Chapter 8: Key Management Framework (KMF) 133
8.1 Key Management Administrative Utility 134
8.2 KMF Policy-Enforcement Mechanism 139
8.3 Key Management Policy Configuration Utility 140
8.4 KMF Programming Interfaces 142
Chapter 9: Auditing 145
9.1 Introduction and Background 145
9.2 Definitions and Concepts 147
9.3 Configuring Auditing 148
9.4 Analyzing the Audit Trail 157
9.5 Managing the Audit Trail 163
9.6 Common Auditing Customizations 165
Chapter 10: Solaris Networ