Security

Patching, TCP Wrappers, IP Filter...

Patching

Cosmos is regularly patched --- patches are to be found at sunsolve.sun.com.

The directory from which the patches are installed must be readable by user nobody since the installation scripts run as this user. To confirm this 

    cd <patch_dir>
    su nobody
    pwd
If the patch directory is not readable by nobody patches will not be installed: 
    pkgadd: ERROR: checkinstall script did not complete successfully

TCP Wrappers

Will be installed in /opt...

Router-level ACLs

Router-level filtering of packets is in action. See Cosmeric Security for details.

IP Filter

 

    /etc/ipnat.rules
    /etc/ipf.rules
    /etc/init.d/ipfboot
    /etc/rc2.d/S65ipfboot -> ../init.d/ipfboot
See Cosmeric.Security for details of the IP Filter configuration.

...previouscont's...


About this document:

Produced from the SGML: /home/isd/public_html/_cosmos/_reml_grp/base_notes_cosmos.reml
On: 12/10/2005 at 12:11:11
Options: reml2 -i noindex -l long -o html -p multiple