Return to Main
Install minimum operating system packages
Install the current recommended patch cluster
Set an eeprom password and security mode
Disable root login capability
Restrict root's search path
Check files sourced by root's login files
Set root's umask to 077 or 027.
Disable trusted host capability
Provide a security warning banner
Make sure passwords are required for login to all accounts
Force passwords to be at least eight (8) characters long
Disable or remove all unnecessary accounts
Make sure disabled accounts are assigned an invalid shell
Create the file /etc/ftpusers
Review user accounts for common configuration errors
Disable IP forwarding and dynamic routing
Block broadcast packets
Stop the host from responding to broadcast packets
Install tcp_wrappers to provide access control for TCP/IP services
Install S/Key to provide additional protection for processes requiring remote login
Consider replacing the standard ftpd daemon with wu-ftp (version 2.4 or later)
Restrict access to audit files
Log all su activity
Log incoming connections for all TCP services
Remove startup scripts for unneeded services
Remove unneeded network service entries from /etc/inetd.conf
Disable all cron jobs except those belonging to root
Disable NFS
Test all boot file changes by rebooting and checking for extraneous processes in ps -elf output and examining the /var/adm/messages file
Limit non-root user access to files and file systems
Remove setgid permissions from system files
Prohibit setuid programs from being executed
Use security probing tools from a trusted source to check your system for weaknesses (before someone else does)! Recommended resources include:
