All tools are free, file headers have to be preserved and please send me
bug fixes/improvements if you make any.
This page can be found at www.boran.com/security/sp/solaris
and adsl.boran.com/solaris
Contents:
- My own tools
- Favourite tools by other people (where I helped a bit)
- Other nifty tools
| Description | Version information | Download |
| A script for cold mirroring of Solaris system disks See the documentation at coldmirroring20010306.html |
9.Apr.01 | mirror_boot.sh mirror_output.txt |
| Backup key configuration files of several machines, remotely
via SSH, into a compressed tarball. Configuration files of many tools are automatically
recognised. OpenBSD, Solaris and Redhat have been tested. Backups are typically maintained
for 1 year. |
19.Mar.01 | backup_configs backup_configs.log |
| Report on disks almost full, and systems with overloaded CPUs (thresholds specified on command line). | check_disk | |
| Common config file for most of these tools . | secure.conf | |
| Solaris, Redhat, OpenBSD, HP, Suse: audit tool |
continually updated | audit.sh audit1.sh audit2.pl audit_tool.html |
| Analysis of log files for unusual entries: The standard logcheck v1.1 (by Craig Rowland) has been extensively improved. Changes: Allow comments and blank lines in config files, use mailx, add DEBUG variable to check report via view rather than Email. Tested on Solaris/Suse/RH. Suppress the violations report (too many false positives). Filter results to make them easier to read. If report is large, compress it. Site generic 'ignore' files. Option to prune files after analysis. Send logcheck email with appropriate subject even if empty. The tar file includes logtail binaries for Linux x86, SPARC and Intel Solaris, logcheck.sh, tidy_syslog.pl and much improved 'logcheck.ignore' expression files. |
updated Aug.2004 |
logcheck.tar |
| Jumpstart sample scripts | May.01 | any_machine
finish rules sysidcfg bootparams |
| Scripts to detect sadmind/IIS trojan | Jun.01 | nmap_port sadmin_scan |
| Log rotation | rotate_log rotate_cron |
|
| Monitoring of active processes | monitor_processes.pl | |
| Syslog configuration for Solaris | server: syslog.conf client syslog_2.conf default syslog_sun.conf |
|
| Integrity checking: Tripwire scripts, configuration, binaries | init_all trip_host.sh trip_all tw.config.SunOS tripwire.Linux.sparc |
|
| Integrity checking: AIDE Script and config developed for using IADE on Suse Linux |
aide.sh aide.conf |
|
| Jass, the "Solaris Security
Toolkit" from Sun Scripts and examples for Jumpstart usage, see also the documentation Solaris_hardening4.html |
jass_sean.tar | |
| Diverse | hourly monitor_logins.pl nmap_diff nmap_port log_stat.pl |
|
| Move
and compress logs: - syslog (/var/log and /var/adm/messages) - /var/adm/loginlog - cron log - sulog - vold.log |
weekly | |
| Empty
login/logout records at year end (utmpx wtmpx), since year number is not recorded. The
last 20 entries from the previous year are kept. |
wtrim.pl |
| Title | Author | Latest draft |
| Saveit: simple version control | Francisco Mancardi | Newest: saveit.248.tar Older versions: saveit.244.tar, saveit.242.tar, saveit |
| Tocsin is a 'featherweight' Intrusion
Detection System. Small, elegent, but very useful. A binary package is included in the Yassp tarball (see below), but not automatically installed. |
Doug Hughes ftp.eng.auburn.edu:/pub/doug/tocsin.tar.gz |
AUBtocsin tocsin.tar.gz S11tocsin |
| Yassp: Solaris Hardening Tool (Note - Aug'01: I'm migrating to Jass, since Yassp has no developer backing at the moment - pity) |
Jean Chouanard & the Yassp gang www.yassp.org |
Some developer documentation is kept on this site: - To Do list - Post installation documentation - rcconf |
OpenSSH binaries for solaris, (compiled on SunOS 8, tested on 5.6, 5.7, 5.8) Compiled according to the instruction in the SSH
article. I don't update this any more, since Suse and Solaris 9 now come with SSH.. |
www.openssh.org
|
See the SSH directory |
| bootmail Send an email when system shuts down or boots. |
Garry J. Garrett
|
bootmail |
| CheckPatches Automated checking and installation of patches for Solaris. See also the discussion in Solaris_hardening4.html |
Reg Quinton
[See also Reg's site which should have the very latest versions]
|
CheckPatches.tar
|
- pkg-get [BOLTpget.pkg], by Philip Brown. Master site www.bolthole.com/solaris/pkg-get.html
- Solaris ndd tuning:
- nettune (Jens)
- ndd_vogel (Karl Vogel)- syscheck.pl - Nightly security checks by SaberNet.net
- rdistd - Binary for Solaris
- mirror_root: DS
| © Copyright 2002, Sean Boran, Last Update: 02 janvier, 2003 |