Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10

Similar documents
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Symantec Enterprise Security Manager Modules for Oracle Release Notes

Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.2

Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.6

Symantec NetBackup Vault Operator's Guide

Veritas CommandCentral Enterprise Reporter Release Notes

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Configuring Symantec. device

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

Security Content Update Release Notes for CCS 12.x

IM: Symantec Security Information Manager Patch 4 Resolved Issues

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Altiris Software Management Solution 7.1 from Symantec User Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Configuring Symantec AntiVirus for BlueArc Storage System

Symantec Security Information Manager FIPS Operational Mode Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Symantec Enterprise Security Manager Modules for Microsoft SQL Server Databases Release Notes. Release 2.1 for Symantec ESM 6.0, 6.1, and 6.5.

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Symantec NetBackup for Lotus Notes Administrator's Guide. Release 7.6

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Veritas Desktop and Laptop Option 9.2. Disaster Recovery Scenarios

Veritas SaaS Backup for Salesforce

Veritas SaaS Backup for Office 365

Altiris Client Management Suite 7.1 from Symantec User Guide

Symantec Enterprise Vault Technical Note

Veritas Operations Manager Storage Insight Add-on for Deep Array Discovery and Mapping 4.0 User's Guide

Altiris IT Analytics Solution 7.1 from Symantec User Guide

PGP Viewer for ios. Administrator s Guide 1.0

Veritas System Recovery 18 Linux Edition: Quick Installation Guide

Symantec NetBackup Appliance Fibre Channel Guide

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec Enterprise Vault

Veritas Dynamic Multi-Pathing readme

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint Server

Veritas Backup Exec Migration Assistant

PGP Viewer for ios. User s Guide 1.0

Symantec ApplicationHA Release Notes

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Symantec PGP Viewer for ios

Symantec Enterprise Vault Technical Note

Symantec ServiceDesk 7.1 SP1 Implementation Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Veritas Desktop and Laptop Option 9.2. High Availability (HA) with DLO

Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Symantec NetBackup OpsCenter Reporting Guide. Release 7.7

Security Content Update Release Notes. Versions: CCS 11.1 and CCS 11.5

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Altiris PC Transplant 6.8 SP4 from Symantec User Guide

PGP(TM) Universal Server Version 3.2 Maintenance Pack Release Notes

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec Enterprise Vault Technical Note

Veritas System Recovery 18 Management Solution Administrator's Guide

Veritas Storage Foundation and High Availability Solutions Application Note: Support for HP-UX Integrity Virtual Machines

Veritas NetBackup Copilot for Oracle Configuration Guide. Release 2.7.2

Veritas Storage Foundation Add-on for Storage Provisioning User's Guide. 4.0 Release Update 1

Symantec Enterprise Security Manager Modules for IBM DB2 Databases (Windows) User s Guide 3.0. Release for Symantec ESM 6.5.x and 9.

Symantec Encryption Desktop Version 10.2 for Mac OS X Release Notes. About Symantec Encryption Desktop

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

Veritas System Recovery 16 Management Solution Administrator's Guide

Security Content Update Release Notes. Versions: CCS 11.1.x and CCS 11.5.x

Symantec System Recovery 2013 R2 Management Solution Administrator's Guide

Symantec Data Loss Prevention System Maintenance Guide. Version 14.0

Veritas NetBackup for SQLite Administrator's Guide

Symantec Corporation NetBackup for Microsoft Exchange Server Administrator s Guide

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide - Linux

Symantec ServiceDesk 7.1 SP2 Portal User Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Dynamic Multi-Pathing for Windows Release Notes

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec NetBackup for Microsoft Exchange Server Administrator s Guide

Symantec ApplicationHA Agent for Microsoft SQL Server 2008 and 2008 R2 Configuration Guide

Veritas Disaster Recovery Advisor Release Notes

Symantec NetBackup Plug-in for VMware vsphere Web Client Guide. Release 7.6.1

Symantec NetBackup PureDisk Storage Pool Installation Guide

Veritas Enterprise Vault. NSF Migration

Symantec Enterprise Vault

Symantec Disaster Recovery Advisor Release Notes

Symantec Enterprise Security Manager Patch Policy Release Notes

Veritas Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft Exchange 2007

Symantec NetBackup OpsCenter 7.6 Performance

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault

Symantec LiveUpdate Administrator 2.3 User's Guide

Wise Mobile Device Package Editor Reference

Veritas Storage Foundation and High Availability Solutions Application Note: Support for HP-UX Integrity Virtual Machines

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec Enterprise Security Manager Agent, Manager, Console Update for Windows Server 2008

Symantec Mobile Management 7.1 Implementation Guide

Symantec Control Compliance Suite Getting Started Guide. Version: 11.0

Symantec Enterprise Security Manager Microsoft SQL Modules User Guide. Version 4.1.2

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Symantec NetBackup for DB2 Administrator's Guide

Symantec Enterprise Security Manager Patch Policy Release Notes

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

About Symantec Encryption Management Server

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Transcription:

Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials Solaris 10

Symantec ESM Baseline Policy Manual for Security Essentials for Solaris 10 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: 4.0 Legal Notice Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo, and Norton AntiVirus are U.S. registered trademarks of Symantec Corporation. Symantec Enterprise Security Manager, LiveUpdate, and Symantec Security Response are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com

Technical Support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level

Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Licensing and registration Customer service Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America customercare_apac@symantec.com semea@symantec.com supportsolutions@symantec.com

Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 This document includes the following topics: Introducing the policy Installing the policy Policy modules Introducing the policy The Symantec Enterprise Security Manager (ESM) policy for the Security Essentials for Solaris 10 assesses a host s compliance with the CIS benchmark recommendations. This release of the policy was built based on the CIS benchmark version 4.0 for Solaris 10. This policy can be installed on Symantec ESM 6.0 and later managers running Security Update 36 or later on Sun Solaris version 10. For information on the Center for Internet Security benchmarks, visit the following URL: http://www.cisecurity.org

8 Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 Installing the policy Installing the policy Before you install, you must decide which Symantec ESM managers require the policy. Policies run on the managers. They do not need to be installed on the agents. The policy runs only on Symantec ESM 6.0 or later, with Security Update 36 or later. Update any managers that do not meet these requirements. Obtaining and Installing the policy using LiveUpdate The standard installation method is to use the LiveUpdate feature in the Symantec ESM console. Another method is to use files from a CD or the Internet to install the policy manually. Install the policy by using the LiveUpdate feature in the Symantec ESM console. To install the policy using LiveUpdate 1 Connect the Symantec ESM Enterprise Console to managers on which you want to install the policy. 2 Click the LiveUpdate icon to start the LiveUpdate Wizard. 3 In the wizard, ensure that Symantec LiveUpdate (Internet) is selected, and then click Next. 4 In the Welcome to LiveUpdate panel, click Next. 5 In the Available Updates panel, do one of the following: To install all checked products and components, click Next. To omit a product from the update, uncheck it, and then click Next. To omit a product component, expand the product node, uncheck the component that you want to omit, and then click Next. 6 In the Thank you panel, click Finish. Installing the policy manually 7 In the list of managers panel, ensure that all the managers that you want to update are checked, and then click Next. 8 In the Updating Managers panel, click OK. 9 In the Update Complete panel, click Finish. If you cannot use LiveUpdate to install the policy directly from a Symantec server, you can install the policy manually.

Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 Policy modules 9 Note: To avoid conflicts with updates that are performed by standard LiveUpdate installations, copy or extract the files into the LiveUpdate folder, which is usually Program Files/Symantec/LiveUpdate. Policy modules To install the policy manually 1 Connect the Symantec ESM Enterprise Console to the managers that you want to update. 2 From the Symantec Security Response webpage download the executable files for Solaris 10. 3 On a computer running Windows NT/2000/XP/Server 2003 that has network access to the manager, run the executable that you downloaded from the Symantec Security Response web page. 4 Click Next to close the Welcome panel. 5 In the License Agreement panel, if you agree to the terms of the agreement, click Yes. 6 In the Question panel, click Yes to continue installation of the best practice policy. 7 In the ESM Manager Information panel, type the requested manager information, and then click Next. If the manager s modules have not been upgraded to Security Update 36 or later, the installation program returns an error message and stops the installation. Upgrade the manager to Security Update 36 or later, and then rerun the installation program. 8 Click Finish. The security essentials for Solaris policy include the modules that ensure compliance with various technical and administrative aspects. Each module lists the enabled checks with the standards that they address, the associated name lists, and the templates. As specific values are not required everywhere, default values and templates are provided. Although the policy appears as read only, you can copy or rename the policy, depending on the requirements of your corporate security policy.

10 Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 Policy modules Account Integrity The Account Integrity module creates and maintains user and group snapshot files on each agent on which the module runs. The module reports new, changed, and deleted users and groups between snapshot updates, as well as account privileges and other information. Table 1-1 Account Integrity Home directory permissions Reserved UID/GID Reserved UID ranges 7.10 7.6 7.6 File Attributes The File Attributes module reports changes to file creation and modification times, file sizes, and CRC/MD5 checksum signatures. It also reports violations of the file permissions that are specified in the template files. Table 1-2 File Attributes Detect Extended attributes Group ownership Permissions Exclude decreased permissions User ownership Local disk only 5.8 3.1, 4.3, 4.5, 4.7, 4.8, 4.9, 6.7, 6.9, 8.1, 8.2, 8.4 3.1, 4.3, 4.5, 4.7, 4.8, 4.9, 6.7, 6.9, 6.13, 7.8, 8.1, 8.2, 8.4 3.1 2.5, 3.1, 4.3, 4.5, 4.7, 4.8, 4.9, 6.7, 6.9, 8.1, 8.2, 8.4 5.8 File Attributes template files Symantec uses LiveUpdate every two weeks to overwrite the default template files that are loaded on your computer. You can edit the template files by copying them into another directory and by renaming them.

Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 Policy modules 11 File and directory permissions are compared with New File template settings. The module uses the following File Attributes template files: Table 1-3 OS Solaris 10 File Attributes template files File name attrcis4sol10.sol Template name New File - Solaris 2.6 File Find The File Find module reports weaknesses in the file permissions and the configuration files. Table 1-4 File Find File content search Setgid executable files Setuid executable files World writable directories without sticky bit World writable files Unowned directories/files 2.5, 3.1, 3.2, 3.3, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 5.1, 5.2, 6.1, 6.2, 6.3, 6.4, 6.6, 6.7, 6.8, 6.10, 6.11, 7.1, 7.5, 7.7, 7.8, 7.14, 7.15, 7.16, 8.2, 8.3, 8.7 5.6 5.6 5.4 5.5 5.7 Login Parameters The Login Parameters module reports accounts, resources, and settings that are inconsistent with proper authorized usage. Table 1-5 Login Parameters Warning banners 8.1, 8.4 Network Integrity The Network Integrity module reports the system configuration settings that pertain to authentication and remote access.

12 Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 Policy modules Table 1-6 Network Integrity FTP debug logging disabled FTP session logging disabled FTP allowed users 4.2 4.2 6.5 OS Patches The OS Patches module reports the patches that are defined in the UNIX patch template files for Solaris but are not installed on the agent. Table 1-7 OS Patches Superseded Patch results summary 1.1 1.1 Password Strength The Password Strength module examines the system parameters that control a password s construction, change, age, expiration, and storage. Table 1-8 Password Strength Accounts without passwords Maximum repeated characters Maximum password age Minimum alphabetic characters Minimum different character Minimum lowercase characters Minimum non-alphabetic characters Minimum password history Minimum uppercase characters 7.2 7.3

Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 Policy modules 13 Table 1-8 Password Strength (continued) Minimum password age NAMECHECK allows username=password Password age warning Password length restrictions Verify DICTIONDBDIR entry Whitespace characters 7.3 7.3 Startup Files The Startup Files module examines the system parameters that control processes and the services that are executed at system startup time. Table 1-9 Startup Files Syslog Verify Network parameter Values Connection logging is not enabled Grub password Non-wrapped services Services which are enabled 4.4 3.4, 3.5 4.1 6.13 2.5 2.2.1, 2.2.2, 2.2.3., 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.3.12, 2.3.13, 2.3.14 System Queues The System Queues module reports messages that let you correct crontab file owners and permissions on the agent. This module lets you create the following: Name lists of users and groups to exclude or include in all System Queues checks

14 Symantec Enterprise Security Manager policy for Security Essentials for Solaris 10 Policy modules Users that are allowed to use the AT and CRON batch utilities Table 1-10 System Queues Only Root access to AT subsystem Only Root access to CRON subsystem 6.9 6.9 User Files The User Files module reports issues with ownership and permissions on the files that are contained in the user home directories. Table 1-11 User Files Current directory not allowed in PATH Forbidden files World writable directories in PATH World writable files Group writable directories in PATH Group writable files Startup file protection 7.9 7.13 7.9 7.11 7.9 7.11 7.12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback