Oracle Solaris 10 Security Guidelines



Documents pareils
Oracle FS Data Protection Manager. Release Notes. Part Number E Oracle FS Data Protection Manager release 3.5.

Sun ZFS Appliance Monitor. Configuration Guide, Version 1.0

Oracle Fabric Manager. Security Guide

StorageTek Tape Analytics

Oracle SDN Controller. Security Guide

Quick Start Guide This guide is intended to get you started with Rational ClearCase or Rational ClearCase MultiSite.

Paxton. ins Net2 desktop reader USB

SunATM 4.0 Release Notes

Introduction aux environnements de virtualisation d'oracle Solaris 11.1

Optimisation du bureau Oracle Solaris pour un environnement multiutilisateur

Folio Case User s Guide

SERVEUR DÉDIÉ DOCUMENTATION

en SCÈNE RATIONAL Rational Démonstration SDP : automatisation de la chaîne de développement Samira BATAOUCHE sbataouche@fr.ibm.com

Package Contents. System Requirements. Before You Begin

Guide d'installation du serveur Sun Fire X4800 M2 pourvirtual Machine Software (VMware)

What s New. Sun ONE Application Server. Version 7, Enterprise Edition

Solaris Server Intranet Extension 1.0 Licensing Guide

Oracle Virtual Desktop Client. Notes de version de la version 3.0

Subject to the terms of this Agreement, Adobe hereby grants you a nonexclusive,

Sun Java SystemWeb Server 7.0 Documentation Center

Sun Datacenter InfiniBand Switch 36. Hardware Security Guide

Notice Technique / Technical Manual

Cheque Holding Policy Disclosure (Banks) Regulations. Règlement sur la communication de la politique de retenue de chèques (banques) CONSOLIDATION

Sun Explorer Release Notes

How to Login to Career Page

Guide de récupération de Windows Server 2003 R2 pour serveurs Sun x64

AMENDMENT TO BILL 32 AMENDEMENT AU PROJET DE LOI 32

Tom Pertsekos. Sécurité applicative Web : gare aux fraudes et aux pirates!

RULE 5 - SERVICE OF DOCUMENTS RÈGLE 5 SIGNIFICATION DE DOCUMENTS. Rule 5 / Règle 5

Le Cloud Computing est-il l ennemi de la Sécurité?

Instructions Mozilla Thunderbird Page 1

Sun Blade G2 RAID 0/1 Expansion Module Installation Guide

FCM 2015 ANNUAL CONFERENCE AND TRADE SHOW Terms and Conditions for Delegates and Companions Shaw Convention Centre, Edmonton, AB June 5 8, 2015

GIGABIT PCI DESKTOP ADAPTER DGE-530T. Quick Installation Guide+ Guide d installation+

Oracle Virtual Desktop Client 2.0 Guide d'administration. February 2011

First Nations Assessment Inspection Regulations. Règlement sur l inspection aux fins d évaluation foncière des premières nations CONSOLIDATION

DOCUMENTATION - FRANCAIS... 2

Name Use (Affiliates of Banks or Bank Holding Companies) Regulations

VTP. LAN Switching and Wireless Chapitre 4

Grandes tendances et leurs impacts sur l acquisition de produits et services TI.

DOCUMENTATION - FRANCAIS... 2

SAP Runs SAP Reporting Opérationnel & BI avec HANA et SAP Analytics. Pierre Combe, Enterprise Analytics Juin, 2015

Qualité et ERP CLOUD & SECURITY (HACKING) Alireza MOKHTARI. 9/12/2014 Cloud & Security

F1 Security Requirement Check List (SRCL)

SunVTS 7.0 Software Quick Reference

Export Permit (Steel Monitoring) Regulations. Règlement sur les licences d exportation (surveillance de l acier) CONSOLIDATION CODIFICATION

LE FORMAT DES RAPPORTS DU PERSONNEL DES COMMISSIONS DE DISTRICT D AMENAGEMENT FORMAT OF DISTRICT PLANNING COMMISSION STAFF REPORTS

If the corporation is or intends to become a registered charity as defined in the Income Tax Act, a copy of these documents must be sent to:

Accompagner nos clients vers.cloud. Nicolas Luneau Business Development Manager Symantec.cloud

CALCUL DE LA CONTRIBUTION - FONDS VERT Budget 2008/2009

Règlement relatif à l examen fait conformément à la Déclaration canadienne des droits. Canadian Bill of Rights Examination Regulations CODIFICATION

SAP Best Practices. Commande en ligne pour les clients et les partenaires SAP

Server Architecture Overview

CARTOON FICHE DESCRIPTIVE. Introduction. 1. Architecture

Domino Attachment and Object Service (DAOS)

Contents Windows

APPENDIX 2. Provisions to be included in the contract between the Provider and the. Holder

Academic Project. B2- Web Development. Resit Project. Version 1.0 Last update: 24/05/2013 Use: Students Author: Samuel CUELLA

Application Form/ Formulaire de demande

86 rue Julie, Ormstown, Quebec J0S 1K0

Sun Ultra 45 and Ultra 25 Workstations Getting Started Guide

Multiple issuers. La cotation des actions ROBECO ci-dessous est suspendue sur EURONEXT PARIS dans les conditions suivantes :

An Act to Amend the Tobacco Sales Act. Loi modifiant la Loi sur les ventes de tabac CHAPTER 46 CHAPITRE 46

TABLE DES MATIERES A OBJET PROCEDURE DE CONNEXION

Archived Content. Contenu archivé

Railway Operating Certificate Regulations. Règlement sur les certificats d exploitation de chemin de fer CODIFICATION CONSOLIDATION

General Import Permit No. 13 Beef and Veal for Personal Use. Licence générale d importation n O 13 bœuf et veau pour usage personnel CONSOLIDATION

PAR RINOX INC BY RINOX INC PROGRAMME D INSTALLATEUR INSTALLER PROGRAM

MELTING POTES, LA SECTION INTERNATIONALE DU BELLASSO (Association étudiante de lʼensaparis-belleville) PRESENTE :

Guide d'utilisation de l'assistant d'installation du matériel Oracle pour les serveurs x86

WEB page builder and server for SCADA applications usable from a WEB navigator

Optimisez la gestion de vos projets IT avec PPM dans le cadre d une réorganisation. SAP Forum, May 29, 2013

Import Allocation Regulations. Règlement sur les autorisations d importation CONSOLIDATION CODIFICATION

Lieberman Software Corporation

L'Offre sera ouverte pendant 18 jours de bourse, à un prix par action de 152,30 EUR. BPCE International et Outre-Mer

Ships Elevator Regulations. Règlement sur les ascenseurs de navires CODIFICATION CONSOLIDATION. C.R.C., c C.R.C., ch. 1482

RAPID Prenez le contrôle sur vos données

Instructions pour mettre à jour un HFFv2 v1.x.yy v2.0.00

ADMINISTRATION DE ADOBE LIVECYCLE MOSAIC 9.5

SunVTS Quick Reference Card

Phone Manager Soutien de l'application OCTOBER 2014 DOCUMENT RELEASE 4.1 SOUTIEN DE L'APPLICATION

COUNCIL OF THE EUROPEAN UNION. Brussels, 18 September 2008 (19.09) (OR. fr) 13156/08 LIMITE PI 53

Gestion des prestations Volontaire

22/09/2014 sur la base de 55,03 euros par action

AUDIT COMMITTEE: TERMS OF REFERENCE

Règlement sur le télémarketing et les centres d'appel. Call Centres Telemarketing Sales Regulation

DOCUMENTATION MODULE BLOCKCATEGORIESCUSTOM Module crée par Prestacrea - Version : 2.0

Interest Rate for Customs Purposes Regulations. Règlement sur le taux d intérêt aux fins des douanes CONSOLIDATION CODIFICATION

CADETS CATO OAIC 11-06

Règlement sur les baux visés à la Loi no 1 de 1977 portant affectation de crédits. Appropriation Act No. 1, 1977, Leasing Regulations CODIFICATION

Filed December 22, 2000

SCHOLARSHIP ANSTO FRENCH EMBASSY (SAFE) PROGRAM APPLICATION FORM

Support Orders and Support Provisions (Banks and Authorized Foreign Banks) Regulations

Guide d'installation rapide TFM-560X YO.13

Module Title: French 4

AIDE FINANCIÈRE POUR ATHLÈTES FINANCIAL ASSISTANCE FOR ATHLETES

Form of Deeds Relating to Certain Successions of Cree and Naskapi Beneficiaries Regulations

donor which means an individual person who makes a charitable contribution to The Playhouse or one of its Clients;

Institut français des sciences et technologies des transports, de l aménagement

Transcription:

Oracle Solaris 10 Security Guidelines Part No: E23335 August 2011 E23335-10

Copyright 2011, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. Ce logiciel et la documentation qui l accompagne sont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions d utilisation et de divulgation. Sauf disposition de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diffuser, modifier, breveter, transmettre, distribuer, exposer, exécuter, publier ou afficher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est interdit de procéder à toute ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des fins d interopérabilité avec des logiciels tiers ou tel que prescrit par la loi. Les informations fournies dans ce document sont susceptibles de modification sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu elles soient exemptes d erreurs et vous invite, le cas échéant, à lui en faire part par écrit. Si ce logiciel, ou la documentation qui l accompagne, est concédé sous licence au Gouvernement des Etats-Unis, ou à toute entité qui délivre la licence de ce logiciel ou l utilise pour le compte du Gouvernement des Etats-Unis, la notice suivante s applique : U.S. GOVERNMENT RIGHTS. Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065. Ce logiciel ou matériel a été développé pour un usage général dans le cadre d applications de gestion des informations. Ce logiciel ou matériel n est pas conçu ni n est destiné à être utilisé dans des applications à risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel ou matériel dans le cadre d applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures nécessaires à son utilisation dans des conditions optimales de sécurité. Oracle Corporation et ses affiliés déclinent toute responsabilité quant aux dommages causés par l utilisation de ce logiciel ou matériel pour ce type d applications. Oracle et Java sont des marques déposées d Oracle Corporation et/ou de ses affiliés.tout autre nom mentionné peut correspondre à des marques appartenant à d autres propriétaires qu Oracle. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d Advanced Micro Devices. Intel et Intel Xeon sont des marques ou des marques déposées d Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des marques déposées de SPARC International, Inc. UNIX est une marque déposée concédé sous license par X/Open Company, Ltd. 111219@25097

Contents Preface...5 1 Oracle Solaris 10 Security Guidelines... 9 Oracle Solaris 10 System Hardening References...9 Additional Security References for Oracle Solaris 10... 10 3

4

Preface This guide provides pointers to and descriptions of security guidelines for the Oracle Solaris operating system (Oracle Solaris OS). The system hardening references describe how to harden Oracle Solaris 10 systems and how to use Oracle Solaris security features to protect your data and applications. You can tailor the recommendations in these references to your site security policy. Additionally, this guide provides pointers to background information about Oracle Solaris security, and white papers that guide you through common implementations. Audience The Oracle Solaris 10 Security Guidelines is intended for security administrators and other administrators who perform the following tasks: Analyze security requirements Implement security policy in software Install and configure the Oracle Solaris OS Maintain system and network security To use this guide, you must have general knowledge of UNIX administration, a good foundation in software security, and knowledge of your site security policy. RelatedThird-PartyWeb Site References Third-party URLs are referenced in this document and provide additional, related information. Oracle is not responsible for the availability of third-party web sites mentioned in this document. Oracle does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Oracle is not responsible or liable for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources. 5

Preface Access to Oracle Support Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. Typographic Conventions The following table describes the typographic conventions that are used in this book. TABLE P 1 Typographic Conventions Typeface Meaning Example AaBbCc123 AaBbCc123 The names of commands, files, and directories, and onscreen computer output What you type, contrasted with onscreen computer output Edit your.login file. Use ls -a to list all files. machine_name% you have mail. machine_name% su Password: aabbcc123 Placeholder: replace with a real name or value The command to remove a file is rm filename. AaBbCc123 Book titles, new terms, and terms to be emphasized Read Chapter 6 in the User's Guide. A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online. Shell Prompts in Command Examples The following table shows the default UNIX system prompt and superuser prompt for shells that are included in the Oracle Solaris OS. Note that the default system prompt that is displayed in command examples varies, depending on the Oracle Solaris release. TABLE P 2 Shell Prompts Shell Prompt Bash shell, Korn shell, and Bourne shell $ 6 Oracle Solaris 10 Security Guidelines August 2011 E23335-10

Preface TABLE P 2 Shell Prompts (Continued) Shell Prompt Bash shell, Korn shell, and Bourne shell for superuser # C shell C shell for superuser machine_name% machine_name# 7

8

1C HAPTER 1 Oracle Solaris 10 Security Guidelines Oracle Solaris 10 is a robust, premier enterprise operating system that offers proven security features. With a sophisticated network-wide security system that controls the way users access files, protect system databases, and use system resources, Oracle Solaris 10 addresses security needs at every layer. While traditional operating systems can contain inherent security weaknesses, the flexibility of Oracle Solaris 10 enables it to satisfy a variety of security objectives from enterprise servers to desktop clients. Oracle Solaris 10 System Hardening References The following two documents describe how to harden Oracle Solaris, how to use its security features to configure your systems to operate securely when you add applications and users to the systems, and how to use particular security features to protect network-based applications. A short description accompanies each document title. CIS Solaris 10 Benchmark v5.0.0 (http://benchmarks.cisecurity.org/ en-us/?route=downloads.show.single.solaris10.500), 9 July 2010. Another name for this document is Security Configuration Benchmark for Solaris 10 11/06 through 10/09. This benchmark is the result of over seven years of work by many contributors, including Sun Microsystems, the Defense Information Systems Agency (DISA), the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and many individual enterprises, academic institutions, and individuals. This benchmark establishes a set of baseline hardening guidance that Sun, CIS, NSA, and DISA agreed to. An Overview of Solaris 10 Operating System Security Controls (http://www.nsa.gov/ia/ _files/os/sunsol_10/s10-cis-appendix-v1.1.pdf), Glenn Brunette, September 2007, v1.0 9

Additional Security References for Oracle Solaris 10 This appendix to the Security Configuration Benchmark for Solaris 10 11/06 through 10/09 focuses on the security controls in Oracle Solaris 10 that fall outside of the area of system hardening and security configuration validation. This appendix provides a complete overview of the security features and capabilities of Oracle Solaris 10 and offers specific recommendations, where possible. Additional Security References for Oracle Solaris 10 The following guides and articles supplement the system hardening guidelines in the preceding section: System Administration Guide: Security Services This security guide is published by Oracle for Oracle Solaris 10 administrators. This guide describes the security features of the Oracle Solaris 10 OS and how to use them when configuring your systems. Unlike Security Configuration Benchmark for Solaris 10 11/06 through 10/09, this guide is not designed as a system hardening or best practices document. Solaris 10 Security Essentials, Sun engineers, 2009. ISBN 978-0137012336 Solaris engineers and technical writers describe 12 Solaris security technologies with examples in this trade book. Unlike Security Configuration Benchmark for Solaris 10 11/06 through 10/09, this guide is not designed as a system hardening or best practices document. Using Oracle Solaris 10 to Overcome Security Challenges (http://www.oracle.com/ technetwork/server-storage/solaris/solaris-10-security-167783.pdf), August 2010. This Oracle white paper targets organizations that require comprehensive system security features. IT departments that need an effective and efficient solution to computer security can use the unique and powerful security features of Oracle Solaris 10 to protect the enterprise from potential threats, comply with corporate and regulatory requirements, and stay ahead of security challenges. This white paper provides a high-level description of Oracle Solaris security capabilities. It is not designed as a hardening or best practices document Hardening Oracle Database with Oracle Solaris Security Technologies (http://www.oracle.com/ technetwork/server-storage/solaris/ solaris-security-hardening-db-167784.pdf), Glenn Faden and Christoph Schuba, August 2010. This Oracle white paper describes and demonstrates how commodity Oracle Solaris OS security features can be used to lock down network-facing services in order to protect them against internal and external threats. Technology concepts and their implementations are presented in a hands-on fashion using a running example, the Oracle Database Server 11g Release 2, executing on the Solaris 10 10/09 release. 10 Oracle Solaris 10 Security Guidelines August 2011 E23335-10

2026 © DocPlayer.fr Politique de confidentialité | Conditions de service | Feed-back