- Sun Cluster 3.0 12/01 Security with the Apache and iPlanet Web and Messaging Agents
- Assumptions and Limitations
- Solaris OE Service Restriction
- Sun Cluster 3.0 Daemons
- Terminal Server Usage
- Node Authentication
- Securing Sun Cluster 3.0 12/01 Software
- Verifying Node Hardening
- Maintaining a Secure System
- Solaris Security Toolkit Software Backout Capabilities
Assumptions and Limitations
The configuration described in this article has the following characteristics:
Solaris 8 OE 10/01 or update 6 software
Sun Cluster 3.0 12/01 software
iPlanet web and messaging severs and Apache web server supported
Solaris OE packages and installation
Cluster interconnect links
Solaris Security Toolkit software
Solaris OE minimization not supported
The following sections describe each of these characteristics in greater detail.
Solaris 8 OE
This article is based on Solaris 8 OE 10/01 (Update 6). All of the hardening results presented in this article were produced on this version of the Solaris OE. Using versions other than Solaris 8 OE may produce results that are slightly different than those presented in this article.
Sun Cluster 3.0 12/01 Software
Sun Cluster 3.0 12/01 software is the version of Sun Cluster software that supports the configuration described in this article. Previous versions of Sun Cluster software do not support the hardened configurations described in this article and should not be used to deploy these configurations.
iPlanet Web and Messaging Servers and Apache Web Server Supported
Only the following agents are supported in secured configurations:
iPlanet Web Server software
Apache web server
iPlanet Messaging Server software
The iPlanet and Apache web server agents are supported in either scalable or failover mode while the iPlanet Messaging Server software does not have a scalable mode and is correspondingly supported only in failover mode.
Solaris OE Packages and Installation
Sun Cluster 3.0 12/01 software requires only the Solaris OE end user cluster. It is strongly recommended that this Solaris OE cluster be used instead of the entire Solaris OE distribution. Minimizing the number of Solaris OE packages installed directly reduces the number of services to disable, the quantity of patches to install, and the number of potential vulnerabilities on the system.
This article does not discuss how the Solaris OE and Sun Cluster 3.0 12/01 software are installed and configured on the cluster nodes. Sun Cluster 3.0 12/01 software does enable you to automate the installation of the cluster and OS software through JumpStart™ software-based installations. Correspondingly, you can also include the hardening steps performed by the Solaris Security Toolkit software in the JumpStart installation process. This article does not discuss methods for integrating the hardening process documented in this article with JumpStart software-based installations. For information about this topic, refer to the Sun Cluster 3.0 and Solaris Security Toolkit documentation.
Cluster Interconnect Links
It is critical to the overall security of the cluster that cluster interconnect links are kept private and are not exposed to a public network. Sensitive information about the health of the cluster and information about the file system is shared over this link. It is strongly recommended that these interconnects be implemented using separate and dedicated network equipment. The use of VLAN's is discouraged from a security and availability perspective because they typically restrict packets based only on tags added by the switch. There is also minimal, if any, assurance that these tags are valid, and there is no additional protection against directed Address Resolution Protocol (ARP) attacks.
Solaris Security Toolkit Software
The drivers described in this article are included in version 0.3.3 of the Solaris Security Toolkit software. This version, or newer versions, of the software must be used when implementing the recommendations of this article.
The hardening of a Sun Cluster 3.0 node does not have to be performed with the toolkit; however, because it provides an error free, standardized mechanism for performing the hardening process, and because it enables you to undo changes after they are made, it is highly recommended that you use the toolkit.
Security Modification Scope
Solaris OE hardening can be interpreted in a variety of ways. For the purposes of developing a hardened server configuration, the recommendations in this article represent all of the possible Solaris OE hardening. That is, anything that can be hardened, is hardened. Things that are not hardened are not modified for the reasons described in this article. A Solaris OE configuration hardened to the degree described in this article may not be appropriate for all environments. When installing and hardening a specific Solaris OE instance, you can perform fewer hardening operations than are recommended. For example, if your environment requires Network File System (NFS)-based services, you can leave them enabled. However, hardening beyond that which is presented in this article should not be performed and is neither recommended, nor supported.
Standard security rules apply to the hardening of Sun Cluster 3.0 12/01 software installations: That which is not specifically permitted is denied.
Minimization is the removal of unnecessary Solaris OE packages from the system which reduces the number of components that have to be patched and made secure. While, reducing the number of components reduces entry points to an intruder, minimization is not supported on Sun Cluster 3.0 nodes at this time. Only the Solaris OE hardening tasks discussed in this article are supported modifications for systems with Sun Cluster 3.0 12/01 software running supported agents.