Upgrading, Installing, and Running Security Software
This chapter provides instructions for downloading, upgrading or installing, and running the Solaris Security Toolkit software and other security-related software. Included are instructions for configuring your environment for either stand-alone or JumpStart mode, and for obtaining support.
Follow the instructions and process provided in this section to upgrade or install, configure, and execute the software. These instructions include downloading additional security software, helpful examples, and guidelines.
Although the Solaris Security Toolkit software is a stand-alone product, it is most effective when used with the additional security software provided for downloading. This software includes the latest Recommended and Security Patch Cluster from SunSolve OnLine, Secure Shell software for Solaris OS releases that do not include it, permission and ownership modification software to tighten Solaris OS and third-party software permissions, and integrity validation binaries to validate the integrity of Sun files and executables.
This chapter contains the following tasks:
- Performing Planning and Preinstallation Tasks
- Software Dependencies
- Determining Which Mode to Use
- Upgrading Procedures
- Downloading Security Software
- Customizing Security Profiles
- Installing and Executing the Software
- Validating the System Modifications
Performing Planning and Preinstallation Tasks
Proper planning is key to successfully using the Solaris Security Toolkit software to secure systems. See Chapter 2 for detailed information about planning before you install the software.
If you are installing the software on a deployed system, see Performing Preinstallation Tasks for information about performing preinstallation tasks prior to installing the software on deployed systems.
Software Dependencies
The Solaris Security Toolkit 4.2 software depends upon the SUNWloc package. The absence of this package causes the Solaris Security Toolkit to fail.
See Supported Solaris OS Versions for information about supported versions of the Solaris Operating System.
See Supported SMS Versions for information about supported versions of the System Management Services (SMS) software.
Determining Which Mode to Use
Harden systems during or immediately after the OS installation, to limit the period a system might be exposed to attack while in an unsecured state. Before using the Solaris Security Toolkit software to secure a system, configure the Solaris Security Toolkit software to run properly in your environment.
The Solaris Security Toolkit software has a modular framework. If you are not using the JumpStart product, the flexibility of the Solaris Security Toolkit software’s framework enables you to efficiently prepare for using JumpStart later. If you are using JumpStart, you benefit from the Solaris Security Toolkit software’s ability to integrate into existing JumpStart architectures.
The following sections describe the stand-alone and JumpStart modes.
Stand-alone Mode
The Solaris Security Toolkit software runs directly from a Solaris OS shell prompt in stand-alone mode. This mode enables you to use the Solaris Security Toolkit software on those systems that require security modifications or updates, yet cannot be taken out of service to reinstall the OS from scratch. However, whenever possible, operating systems should be reinstalled from scratch prior to being secured.
Stand-alone mode is particularly useful when hardening a system after installing patches or third-party software. You can run the Solaris Security Toolkit software multiple times on a system with no ill effects. Patches might overwrite or modify files the Solaris Security Toolkit software has modified; by rerunning the Solaris Security Toolkit software, any security modifications negated by the patch installation can be reimplemented.
| Note – In production environments, stage patches in test and development environments before installing the patches in live environments. |
The stand-alone mode is one of the best options to harden a deployed system as quickly as possible. No special steps are required to integrate the Solaris Security Toolkit software into an architecture without JumpStart, other than those steps in the downloading and installing instructions provided in Downloading Security Software
JumpStart technology, which is Sun’s network-based Solaris OS installation mechanism, can run Solaris Security Toolkit scripts during the installation process. This book assumes that the reader is familiar with JumpStart technology and has an existing JumpStart environment available. For more information about JumpStart technology, refer to the Sun BluePrints book JumpStart Technology: Effective Use in the Solaris Operating Environment.
The Solaris Security Toolkit 4.2 package is relocatable, so that it can be installed to whatever directory you want by using the correct options to the pkgadd command. JASS_HOME_DIR becomes the base directory of the JumpStart server.
Only a few steps are required to integrate the Solaris Security Toolkit software into a JumpStart architecture. See Chapter 5 for instructions on how to configure a JumpStart server.
Upgrading Procedures
This section contains information about how to upgrade your system from Solaris Security Toolkit 4.0 and 4.1 software to Solaris Security Toolkit 4.2 software, with and without upgrading your Solaris OS. The system is hardened by using the Solaris Security Toolkit software on your Solaris operating system. The procedures are the same whether upgrading from version 4.0 or 4.1. The procedures given here are very important to use as prescribed, because they will prevent you from overwriting all your prior customizing.
Leave a Reply