Assumptions and Limitations
The recommendations made in this article are based on several assumptions and limitations as to what may be done and still have a Sun supported configuration.
This article is based on Solaris 8 OE 10/01 or update 6 and SMS software version 1.1. All of the Solaris OE components discussed are included in this release. In some cases, there may be Solaris OE functionality discussed in this article which is not discussed in the Sun BluePrints OnLine article, Solaris Operating Environment Security - updated for Solaris 8 Operating Environment. These Solaris OE issues are discussed in the following sections, and may require an update of the Solaris Operating Environment Security article to be released.
Solaris OE hardening can be interpreted in a variety of ways. For the purposes of developing a hardened SC configuration, the following sections represent hardening of all possible Solaris OE configurations. That is, anything that can be hardened, is hardened. Configurations that are not hardened are not modified for a reason.
Solaris OE configurations hardened to the level described in this article may not be appropriate for all environments. Some installations may choose to perform fewer hardening operations than recommended in this article. The configuration will remain supported in these cases. However, additional hardening beyond what is recommended or discussed by this article will not be supported.
In addition, Solaris OE minimization or the removal of Solaris OE packages to minimize security exposures, is not a supported option on the Sun Fire 15K SC. Only the Solaris OE hardening tasks discussed in this article are supported configurations for the SC.
Standard security rules apply to the hardening of Sun Fire 15K SCs: That which is not specifically permitted is denied.
The Sun Fire 15K SC module of the Toolkit, sunfire_15k_sc-secure.driver, may be modified to disable certain hardening scripts.
When running the Toolkit, either in standalone or JumpStart installation modes, copies of the files modified by the Toolkit must be kept and not deleted. This is the default behavior of the Toolkit. The JASS_SAVE_BACKUP environment variable specifies whether backup copies of files are kept or not.
The Solaris Security Toolkit must be used to harden the SC in order for the final configuration to be supported.
Additional software which may be installed on the SC, such as Sun Remote Services or Sun_ Management Center (Sun MC) platform agent software, are not discussed in this article. The security implications implicit with the installation of these types of software should be carefully evaluated.