-----BEGIN PGP SIGNED MESSAGE-----
Keywords: sunos 4.1.4 hardening bastion s/key wu-ftpd
Quite a few people asked me for a summary of the things to do to turn
SunOS 4.1.4 into a bastion host. Most things that I found were for 4.1.3
or 4.1.3_U1, but they seem to apply equally as well...
Here's what I had:-
* From: Kate <karndt @
smiley .
mitre .
org>
> ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist
> ftp://ftp.hawaii.edu/pub/security/docs/how.to.improve.security.on.SunOS.4.1.3
* From: David Edmondson <davide @
cre .
canon .
co .
uk>
> http://www.livingston.com/Tech/Appnotes/app.firewall-appnotes-contents.shtml
This was an excellent source of information, aimed at people putting up a
screened subnet with Livingston IRX 211's and bastion hosts running SunOS.
Plus other tips about setting up ftpd as well - including the location of
a statically linked version of 'ls' on the distribution cd.
Plus plenty of tips from others.
* http://www.sunsolve.com/sunsolve/freeinfo.html has a list of recommended
patches for all versions from SunOS 4.1.3 upwards.
* ftp.academ.com/pub/wu-ftpd/private is an execute only directory that
contains a version of wu-ftpd which has been modified to use S/Key.
And that's about as good as it gets. Thanks to all, and I hope this helps
someone else in future (especially if searching through the archives).
- --
Dave Roberts, Unix Systems Administrator, SAA Consultants Ltd, Plymouth, UK.
"smap has the advantage [over bare sendmail] that it was written by somone
who is almost certifiably paranoid" - Brent Chapman, London, 19 Oct 95.
-=[ For PGP 2.6.3i public key, send mail with subject of "get pgp" ]=-
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAwUBMoN2IkWAQCd/b8xRAQFqSQP8C27RvUcbR18FL75EYdiKVold2R6USnJK
OYUpqcDAT5YRJJkkUTMWGQ2cru0O08rmnFDxVMwum5o/+tB02WRNXYOkSPLggpCP
z4m0bR9piDWmMrAcG9iYX7nLuIHpkEmhPmkE21Q9KBCIYrbWRBfjwWrO2rzVvZ1U
NGOHTcT5aJg=
=fwMe
-----END PGP SIGNATURE-----
|
|
