Solaris security audit esp zones & container

Q1:
What the specific security items to audit in a Solaris zones
& container environment?

Q2:
What are the services required & not required in zones &
container & commands to check/disable them?

Q3:
Any freeware to run in Solaris to scan for vulnerabilities
(eg: CIS scanner?) & up-to-date security patches?
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
I am deep into it but this security article is a good way to start the benchmark,
@ http://www.oracle.com/technetwork/server-storage/solaris/documentation/o11-076-s10-cis-appendix-487450.pdf

pls check out the -Compartmentalization (Zones), -Integrity Management and -Auditing

For more information on Solaris Auditing, see:
• OpenSolaris Community Project: OpenSolaris Security Audit: http://hub.opensolaris.org/bin/view/Project+audit/WebHome

• “Using Solaris Auditing in Zones” in Chapter 27, “Solaris Zones Administration (Overview),” of System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris: http://download.oracle.com/docs/cd/E19253-01/index.html

• Archived Oracle technical paper: “Enforcing the Two-Person Rule via Role-Based Access Control in the Solaris 10 Operating System”: http://www.oracle.com/technetwork/server-storage/archive/a11-011-two-person-rule-role-access-438989.pdf
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
For CIS Solaris 11, it is available and handy as for every hardening aspects it state the relevant of zone support such as "Global Zone only", "All", "N/A", "Global Zone and non-global zones configured with exclusive IP stacks"

@ https://benchmarks.cisecurity.org/tools2/solaris/CIS_Solaris_11_Benchmark_v1.0.0.pdf
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.