All tools are free, file headers have to be preserved and please send me
bug fixes/improvements if you make any.
This page can be found at www.boran.com/security/sp/solaris and adsl.boran.com/solaris
My own tools
|A script for cold mirroring of Solaris system disks
See the documentation at coldmirroring20010306.html
|Backup key configuration files of several machines, remotely
via SSH, into a compressed tarball. Configuration files of many tools are automatically
recognised. OpenBSD, Solaris and Redhat have been tested. Backups are typically maintained
for 1 year.
|Report on disks almost full, and systems with overloaded CPUs (thresholds specified on command line).||check_disk|
|Common config file for most of these tools .||secure.conf|
Solaris, Redhat, OpenBSD, HP, Suse: audit tool
|Analysis of log files for unusual entries:
The standard logcheck v1.1 (by Craig Rowland) has been extensively improved.
Changes: Allow comments and blank lines in config files, use mailx, add DEBUG variable to check report via view rather than Email. Tested on Solaris/Suse/RH. Suppress the violations report (too many false positives). Filter results to make them easier to read. If report is large, compress it. Site generic 'ignore' files. Option to prune files after analysis. Send logcheck email with appropriate subject even if empty.
The tar file includes logtail binaries for Linux x86, SPARC and Intel Solaris, logcheck.sh, tidy_syslog.pl and much improved 'logcheck.ignore' expression files.
|Jumpstart sample scripts||May.01||any_machine
finish rules sysidcfg bootparams
|Scripts to detect sadmind/IIS trojan||Jun.01||nmap_port
|Monitoring of active processes||monitor_processes.pl|
|Syslog configuration for Solaris||server: syslog.conf
|Integrity checking: Tripwire scripts, configuration, binaries||init_all
|Integrity checking: AIDE
Script and config developed for using IADE on Suse Linux
|Jass, the "Solaris Security
Toolkit" from Sun
Scripts and examples for Jumpstart usage, see also the documentation Solaris_hardening4.html
and compress logs:
- syslog (/var/log and /var/adm/messages)
- cron log
|Empty login/logout records at year end (utmpx wtmpx), since year number is not recorded. The last 20 entries from the previous year are kept.||wtrim.pl|
|Saveit: simple version control||Francisco Mancardi||Newest: saveit.248.tar
saveit.244.tar, saveit.242.tar, saveit
|Tocsin is a 'featherweight' Intrusion
Detection System. Small, elegent, but very useful.
A binary package is included in the Yassp tarball (see below), but not automatically installed.
|Yassp: Solaris Hardening Tool
(Note - Aug'01: I'm migrating to Jass, since Yassp has no developer backing at the moment - pity)
|Jean Chouanard & the Yassp gang
|Some developer documentation is kept on this site:
- To Do list
- Post installation documentation
OpenSSH binaries for solaris, (compiled on SunOS 8, tested on 5.6, 5.7, 5.8)
Compiled according to the instruction in the SSH
article. I don't update this any more, since Suse and Solaris 9 now come with SSH..
|See the SSH directory|
Send an email when system shuts down or boots.
|Garry J. Garrett
Automated checking and installation of patches for Solaris. See also the discussion in Solaris_hardening4.html
[See also Reg's site which should have the very latest versions]
Other nifty tools:
|© Copyright 2002, Sean Boran, Last Update: 02 janvier, 2003|