Locking Down CMS 1

[ceindaco]

Hi,

We have a CMS box running on a SPARC station with Sun OS 5.7, we recently deployed an Intrusion Detection System (IDS) and it has found several vulnerabilities on our box. Do you know a good place to look for instructions on how to lock some ports or shutdown some services on the Sun Solaris platform?.

Thanks for your help,
C.

 

[RTMCKEE]

We had to go thru a Ditscap certification(department of defense thing). We had our system "hardened" by avaya. I'm not sure what they did, but they dialed into the system, changed a bunch of 'vulnerabilities' and those changes made the syste DOD compliant. Our Reps from AVAYA were aware of what need to be done for Ditscap, so i suspect talking to them would be a good place to start.

RTMCKEE

 

[ceindaco]

Thanks for the reply. I was hoping to avoid the "charges" for hardening the system, but the more I research the more it seems that AVAYA will have to take the action on our system.

That was a big help.
C.I.

 

[RFWatts]

Ceindaco

I have run into the same issue. Some of the things you can start with are shutting down services that your aren't using in the inetd.conf file. You need to be careful, as some of those services are interdependent. There are numerous other areas besides system services, such as patch levels. Be prepared to pay big $$ for Avaya hardening. I have used a couple of independent contractors to do the same for much less $$, but they are often tough to get quickly. Let me know if you want me to pass along their contact information. In the mean time, you might want to get the latest patches from sunsolve.com...that's usually the first place to start.

Hope this helps!

 

[RFWatts]

I forgot to mention...Make sure you have a good csadmin backup before installing any patches! It could save you lots of time if things go wrong!

 

[ceindaco]

Thank you very much RFWatts, your information has been very valuable. I found about the inetd.conf file also, but it is hard for me to tell which services can be shut down without impacting the CMS operation itself.
Please pass along the contact information since we will need to do this change no matter what.
I will take a look at the patches in the meantime.

 

[RFWatts]

Ceindaco

Please send a message to me at mdozier9@yahoo.com, and I will forward you the contact information. BTW, in you inetd.conf, you can look for obvious things like finger and qotd, smtp, and pop. Those are just a couple that I can think of. The sunsolve site will tell you what patch you need too. I don't remeber all the other things involved in hardening, but it is quite extensive. Oh yeah, it will also restrict the root account from loging in via TTY as well.