|
|
go to navigation
General Guidelines
When working on any UNIX based system, be sure to check the following:
- Patching is your first line of defence.
Start by installing any patches that your vendor may have.
For Solaris, WSG provides
superglue.
- Only essential services should be started out of
inetd.conf.
This should be determined on a per-machine basis, but a good rule of
thumb is to turn off anything you can and run everything else through
tcp wrappers.
- OpenSSH should be installed to replace telnet and older versions of SSH
as the preferred means of remote access.
- Sendmail can, and should be turned off if there is no need for it on
a particular system.
- Avoid using the root account when you don't have to.
- SuperUser accounts should be created for everyone who needs to operate
as root. The permissions are the same, but SU accounts create an extra
record of who did what.
- Netstat is a useful tool in checking for unwanted daemons. Look mainly
at the tcp and udp lines.
|
|
![[CITES]](../../images/cites_home.gif)
![[UIUC]](../../images/iMark_sm.gif)
![[WSG]](../../images/wsg.gif){kind=small}