Maintaining a Secure System
Maintaining a secure system requires vigilance, because the default security configuration for any system tends to become increasingly open over time. In the case of a cluster, this is particularly true due to the sensitivity of information contained on and offered by it. An in-depth coverage of ongoing system maintenance is beyond the scope of this article, however, the following areas are introduced to raise your awareness.
Keep in mind that Solaris OE patches install additional software packages as part of their installation and may overwrite your system configuration files. Be sure to review the security posture of a system after, and ideally before, any patch installation is performed.
The Solaris Security Toolkit software can assist you with installing patches, as it was built to support multiple runs on a system. Running it after any patch installation, with the correct drivers, ensures that added software is disabled. Also perform a manual review of the system because the version of the Solaris Security Toolkit software being used may not support the new features added by the installed patches.
Monitor the system on an ongoing basis to ensure that unauthorized behavior is not taking place. Review system accounts, passwords, and access patterns; they can provide a great deal of information about what is being done on a system.
Deploy and maintain a centralized syslog repository to collect and parse syslog messages from the cluster nodes. A tremendous amount of information can be logged and valuable information obtained by gathering and reviewing these logs.
Your organization needs to have a comprehensive vulnerability and audit strategy in place to monitor and maintain system configurations. This requirement is particularly important in the context of maintaining systems in secure configurations over time.