Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Verifying Hardening Results

After performing the procedures in this article to harden the SC and MSP, test the resulting configuration to verify that it is configured properly.

For the example configuration, our testing resulted in the following:

  • TCP IPv4 services listed by netstat went from 31 to 1

  • UDP IPv4 services listed by netstat went from 57 to 0

By reducing the number of services available, we reduced exposure points significantly.

NOTE

Earlier we recommended that you disable the SC failover mechanism before hardening the SCs. Re-enable failover only after you harden and test the entire configuration.

Verifying SC Hardening

After hardening the SC, review the settings to make sure that all the recommendations in "Securing the System Controller" on page 13 are in place.

Verifying MSP Hardening

After hardening the MSP, perform the following procedure to verify changes.

To Verify MSP Hardening Results

  1. Reboot the MSP.

  2. Validate that the number of daemons and services running on the MSP are significantly lower than before hardening.

    Enable failover only after you harden and test the MSP.

    After the MSP is hardened, the only services running in our sample configuration are as follows:

    # netstat -a
    
    UDP: IPv4
      Local Address     Remote Address   State
    -------------------- -------------------- -------
       *.*                  Unbound
    
    TCP: IPv4
    Local Address Remote Address Swind Send-Q Rwind Recv-Q State
    ----------------------------------------------------------- 
    *.*        *.*     0   0  24576  0   IDLE
    *.22       *.*     0   0  24576  0  LISTEN
  3. Enable SC failover.

  • + Share This
  • 🔖 Save To Your Account