Home > Articles > Operating Systems, Server > Solaris

Auditing System Security

  • Print
  • + Share This
This article describes how to audit (validate) a system's security using the Solaris Security Toolkit software. You can use the information and procedures in this article to maintain an established security profile after hardening. For systems that are already deployed, you can use this information to assess security before hardening.
Like this article? We recommend

Editor's Note – This article is the complete sixth chapter of the Sun BluePrints™ book, Securing Systems With the Solaris Security Toolkit, by Alex Noodergraaf and Glenn Brunette (ISBN 0-13-141071-7), which is available through http://www.sun.com/books, amazon.com, and Barnes & Noble bookstores in late June or early July.

This chapter describes how to audit (validate) a system's security using the Solaris Security Toolkit software. Use the information and procedures in this chapter for maintaining an established security profile after hardening. For systems that are already deployed, you may want to use the information in this chapter to assess security before hardening.

NOTE

The term audit is used in this chapter and book to define the Solaris Security Toolkit software's automated process of validating a security posture by comparing it with a predefined security profile. The use of this term in this publication does not represent a guarantee that a system is completely secure after using the audit option.

This chapter contains the following topics:

  • "Maintaining Security" on page 2

  • "Reviewing Security Prior to Hardening" on page 3

  • "Customizing Security Audits" on page 3

  • "Preparing to Audit Security" on page 5

  • "Using Options and Controlling Audit Output" on page 6

  • "Performing a Security Audit" on page 13

Maintaining Security

Maintaining security is an ongoing process and is something that must be reviewed and revisited periodically. Maintaining a secure system requires vigilance, because the default security configuration for any system tends to become increasingly open over time. (For more information about maintaining security, refer to Chapter 2, "Maintaining System Security" on page 36.)

Based upon user experience and requests, we developed an automated method for the Solaris Security Toolkit software to audit the security posture of a system, by determining its level of compliance with a specified security profile.

NOTE

This method is only available in standalone mode using the jass-execute -a command and cannot be used during a JumpStart installation.

We recommend that you audit the security posture of your systems periodically, either manually or automatically (for example, via cron job or an rc script). For example, after hardening a new installation, execute the Solaris Security Toolkit software audit command (jass-execute -a <driver-name>) five days later to determine if the system security has changed from the state defined by the security profile.

How often you audit security depends on the criticality of the environment and your security policy. Some users run an audit every hour, every day, or only once a month. Some users run a mini-scan (limited number of checks) every hour, and a full scan (with all the possible checks) once a day.

Consider auditing an essential component to maintain the security posture of deployed systems. If security posture is not periodically audited, then configurations often drift over time due to entropy or modifications that unknowingly or maliciously change the desired security posture. Without periodic review, these changes go undetected and corrective measures are not taken. The result is a system that becomes less secure and, correspondingly, more vulnerable.

In addition to periodic audits, we recommend that you perform audits after upgrades, patches, and other significant system configuration changes.

  • + Share This
  • 🔖 Save To Your Account