Security Training
Security Certification
Cyber Security Graduate School
Internet Storm Center
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software SecuritySANS InfoSec Reading Room - Solaris Issues
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 10 papers as of Jun 20, 2013
- Solaris 8 Build Document (.pdf document)
- Gideon Rasmussen, CISSP
Local Privilege Escalation in Solaris 8 and Solaris 9 via Buffer Overflow in passwd(1)- By: Shaun McAdams (posted on May 5, 2005)
- While remote compromises are preferred by attackers and most feared by defenders, local privilege escalation can be equally as dangerous and even harder to uncover. A buffer overflow in the passwd program used in Sun Microsystems' Solaris 8 and Solaris 9 Operating Environments can be silently exploited by a valid local user to gain root privileges.
- Solaris Patching: Problems, Solutions, and Open Issues
- By: Julie Baumler (posted on December 13, 2003)
- This paper takes a high level look at reasons to patch, the extent to which systems in the wild are being patched and the patch management process; specifically under current versions of Sun's Solaris Operating Environment.
- The Security Implications of Unix Naming Services
- By: Paul Kirtland (posted on November 19, 2003)
- This paper will provide an overview of some of the security implications of Unix naming services with a view towards the adoption of an LDAP v3 based directory.
- Automation of the OS Installation and Security Hardening Process
- By: Kyle Martin (posted on October 31, 2003)
- This paper addresses the SOLARIS(TM) SECURITY TOOLKIT initiative which holds promise in providing secure installations and upgrades for repeatable, quick installations and upgrades within the Solaris Operating Environment.
- Solaris C2 Auditing with BSM
- By: Mohd Fared Abdul Khir (posted on October 31, 2003)
- This article is intended to introduce the C2 auditing capabilities of Solaris BSM.
- Security Features Overview of Merlin (J2SE Version 1.4)
- By: Craig Walker (posted on October 31, 2003)
- This paper provides an overview of the security feature of JavaTM 2 Standard Edition version 1.4.
- Operating Environment Minimisation for Security
- By: Jeffrey Bailey (posted on October 31, 2003)
- This paper covers the concept of "Operating Environment Minimization for Security", how it relates to other host based security measures used today, guidelines and the application to the Sun Microsystems Solaris 8 operating environment.
- Central Logging with a Twist of COTS in a Solaris Environment
- By: Kent Stout (posted on October 31, 2003)
- This paper will address how to set up a central logging system for a network of Solaris (Solaris version 8) machines, some of which will be hosting COTS products, including configuration of a central log server.
- BSM Security Auditing for Solaris Servers
- By: John Sun (posted on October 31, 2003)
- This article discusses the pros and cons of BSM. It describes how to enable, configure, and manage the BSM auditing on Solaris servers to secure the system, and it offers a few solutions to overcome some problems and disadvantages of BSM.
- Configuration and Patch Verification on Solaris Systems
- By: Scott Cromar (posted on October 31, 2003)
- In this paper, I discuss two configuration monitoring scripts which I have used to ensure that systems are up to patch and configuration standards.
Check Them Out!
SANS training is like a catalyst. It not only boosts your knowledge but also inspires you to learn more.
-Tan Koon Yaw, IDA
