鸿 网 互 联 www.68idc.cn

当前位置 : 服务器租用 > 操作系统维护 > solaris > >

Solaris系统安全加固列表(3)

来源:互联网 作者:佚名 时间:2015-06-03 08:40
使多路广播(multicasting)无效 为了使多路广播(multicasting)无效请在/etc/init d/inetsvc中注解掉route add 周围的几行 关闭系统的snmp服务 更改 /etc/rc d/K snmpdx 和/etc/rc d/S snmpdx文件名 X Windows不安全 可以使用ssh对其加密 加强网络访问控制 编

   使多路广播(multicasting)无效
为了使多路广播(multicasting)无效请在/etc/initd/inetsvc中注解掉"route add "周围的几行

关闭系统的snmp服务
更改 /etc/rcd/Ksnmpdx 和/etc/rcd/Ssnmpdx文件名

XWindows不安全可以使用ssh对其加密

加强网络访问控制
编辑/etc/inetd/inetsvc在inetd后面加上t选项
类似命令/usr/sbin/inetd –s –t
停止再运行inetd
运行的使用使用 #/usr/sbin/inetd –s –t

网络访问控制
原则去掉不必要的网络访问在所需要的网络访问周围简历访问控制

Solaris网络服务(/etc/inet/services)[没有被注释/* */的服务可关闭]
#ident "@(#)services // SMI" /* SVr */
#
#
# Copyright (c) by Sun Microsystems Inc
# All rights reserved
#
# Network services Internet style
#
tcpmux /tcp /*必须*/
echo /tcp
echo /udp
discard /tcp sink null
discard /udp sink null
systat /tcp users
daytime /tcp
daytime /udp
netstat /tcp
chargen /tcp ttytst source
chargen /udp ttytst source
ftpdata /tcp /*依服务可选*/
ftp /tcp /*依服务可选*/
ssh /tcp /*依服务可选*/
telnet /tcp /*依服务可选*/
smtp /tcp mail /*依服务可选*/
time /tcp timserver
time /udp timserver
name /udp nameserver
whois /tcp nicname # usually to srinic
domain /udp /*依服务可选*/
domain /tcp /*依服务可选*/
bootps /udp # BOOTP/DHCP server
bootpc /udp # BOOTP/DHCP client
hostnames /tcp hostname # usually to srinic
pop /tcp pop # Post Office Protocol V
pop /tcp # Post Office Protocol Version
sunrpc /udp rpcbind
sunrpc /tcp rpcbind
imap /tcp imap # Internet Mail Access Protocol v
ldap /tcp # Lightweight Directory Access Protocol
ldap /udp # Lightweight Directory Access Protocol
submission /tcp # Mail Message Submission
submission /udp # see RFC
ldaps /tcp # LDAP protocol over TLS/SSL (was sldap)
ldaps /udp # LDAP protocol over TLS/SSL (was sldap)
#
# Host specific functions
#
tftp /udp
rje /tcp
finger /tcp
link /tcp ttylink
supdup /tcp
isotsap /tcp
x /tcp # ISO Mail
xsnd /tcp
csnetns /tcp
pop /tcp # Post Office
uucppath /tcp
nntp /tcp usenet # Network News Transfer
ntp /tcp # Network Time Protocol
ntp /udp # Network Time Protocol
netbiosns /tcp # NETBIOS Name Service
netbiosns /udp # NETBIOS Name Service
netbiosdgm /tcp # NETBIOS Datagram Service
netbiosdgm /udp # NETBIOS Datagram Service
netbiosssn /tcp # NETBIOS Session Service
netbiosssn /udp # NETBIOS Session Service
NeWS /tcp news # Window System
slp /tcp slp # Service Location Protocol V
slp /udp slp # Service Location Protocol V
mobileip /udp mobileip # MobileIP
cvc_hostd /tcp # Network Console
#
# UNIX specific services
#
# these are NOT officially assigned
#
exec /tcp
login /tcp
shell /tcp cmd # no passwords used
printer /tcp spooler # line printer spooler
courier /tcp rpc # experimental
uucp /tcp uucpd # uucp daemon
biff /udp comsat
who /udp whod
syslog /udp /*依服务可选*/
talk /udp
route /udp router routed
ripng /udp
klogin /tcp # Kerberos authenticated rlogin
kshell /tcp cmd # Kerberos authenticated remote shell
newrwho /udp newwho # experimental
rmonitor /udp rmonitord # experimental
monitor /udp # experimental
pcserver /tcp # ECD Integrated PC board srvr
sundr /tcp # Remote Dynamic Reconfiguration
kerberosadm /tcp # Kerberos V Administration
kerberosadm /udp # Kerberos V Administration
kerberos /udp kdc # Kerberos key server
kerberos /tcp kdc # Kerberos key server
krb_prop /tcp # Kerberos V KDC propogation
ufsd /tcp ufsd # UFSaware    

网友评论
<