Cisco Cisco Broadband Access Center Telco Wireless 3.5 Release Notes
Cisco BAC 3.5 Hardening Guidelines
2
Cisco BAC 3.5 Hardening Guidelines - 2
# showrev -p | grep 137111-04
Patch: 137111-04 Obsoletes: 138052-01, 138054-01, 138315-01, 138316-01 Requires:
118833-36, 119578-30, 120011-14, 126897-02, 127127-11, 127755-01 Incompatibles:
Packages: SUNWcsu, SUNWcsr, SUNWcsl, SUNWkvm, SUNWcakr, SUNWckr, SUNWcsd, SUNWfmd,
SUNWesu, SUNWmdb, SUNWmdbr, SUNWtoo, SUNWcslr, SUNWarcr, SUNWdtrc, SUNWhea
2. Disable unused network services. All network services can be disabled except the secure shell by using
the following command:
# netservices limited
Example:
# netservices limited
restarting syslogd
restarting sendmail
restarting wbem
dtlogin needs to be restarted. Restart now? [Y] y
restarting dtlogin
3. Change to the directory that contains the Sun Solaris Security Toolkit package and install the package
(SUNWjass) by using the following command:
# pkgadd -d ./
Example:
# pkgadd -d ./
The following packages are available:
1 SUNWjass Solaris Security Toolkit 4.2.0
(Solaris) 4.2.0
Select package(s) you wish to process (or 'all' to process all packages). (default:
all) [?,??,q]:
Processing package instance <SUNWjass> from </opt>
Solaris Security Toolkit 4.2.0(Solaris) 4.2.0
Copyright 2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Using </opt> as the package base directory.
## Processing package information.
## Processing system information.
415 package pathnames are already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing Solaris Security Toolkit 4.2.0 as <SUNWjass>
## Installing part 1 of 1.
[ verifying class <none> ]
Installation of <SUNWjass> was successful.
4. Disable unused daemons and services, especially services that use network resources. The following is
an example on how to disable services:
# svcadm disable svc:/network/smtp:sendmail
# svcadm disable svc:/network/finger:default