SlideShare une entreprise Scribd logo

UKOUG Tech17 - Stay Secure With Oracle Solaris

JomaSoft
JomaSoft

IT Security is more important than ever. Solaris 11 is installed "Secure by Default". Weak and modified configuration can be detected using the Security Compliance tool. On SPARC Systems Buffer Overflows can be detected. The Virtualization Features increase the overall Security by Separation of Applications. This Session provides samples to allow you to learn how to use this Security Technologies.

Logiciels
1  sur  36
Télécharger pour lire hors ligne
1 Stay Secure With Oracle Solaris Marcel Hofstetter hofstetter@jomasoft.ch https://www.jomasoftmarcel.blogspot.ch CEO / Enterprise Consultant JomaSoft GmbH Oracle ACE „Solaris“
2 Agenda About JomaSoft Oracle ACE Program Solaris 11: Secure by Default Virtualization Compliance tool SPARC Silicon Secured Memory Compliance and Hardening using VDCF
3 About JomaSoft Engineering company founded July 2000 specialized in Solaris and software development, operations and consulting Product VDCF (Virtual Datacenter Cloud Framework) Installation, Management, Operations, Monitoring, Security and DR for Solaris 10/11, Virtualize using LDoms and Solaris Zones VDCF is used in production since 2006
4 About JomaSoft Flexible and Customer focused Oracle Certified Employees 17 Years Solaris Experience Regular Oracle Solaris Beta Tester Well connected with Oracle Solaris & LDOM Engineering Teams
5 500+ Technical Experts Helping Peers Globally 3 Membership Tiers • Oracle ACE Director • Oracle ACE • Oracle ACE Associate Nominate yourself or someone you know: acenomination.oracle.com bit.ly/OracleACEProgram Connect: @oracleace Facebook.com/oracleaces oracle-ace_ww@oracle.com
6 IT Security Not Topic of this Session - Firewalls - Applikation Development OS Security with Oracle Solaris - What's there by default - How can I check my Servers? - How can I protect my Applications? - Hardening
7 Solaris 11 – Secure by Default (1/7) No direct root Login g0086 console login: root Password: Roles can not login directly Login incorrect g0086 console login: marcel Password: Last login: Wed Sep 20 15:42:30 2017 from g0069.jomasoft- Oracle Corporation SunOS 5.11 11.3 March 2017 -bash-4.4$ su Password: Sep 20 17:16:55 g0086 su: 'su root' succeeded for marcel on /dev/console
8 Solaris 11 – Secure by Default (2/7) No direct root Login -bash-4.4$ id uid=501(larry) gid=10(staff) -bash-4.4$ su Password: Roles can only be assumed by authorized users su: Sorry -bash-4.4$ grep roles=root /etc/user_attr admin::::lock_after_retries=no;profiles=System Administrator;roles=root marcel::::profiles=VDCF Logger,VDCF admin Module;roles=root
9 Solaris 11 – Secure by Default (3/7) Auditing is activated (for Logins) # auditreduce -c lo | praudit -l | tail -4 header,69,2,login - ssh,fe,g0087,2017-09-01 15:37:32.707 +02:00,subject,root,root,root,root,root,6021,3233957173,15531 196630 g0069.jomasoft-lab.ch,return,failure,Permission denied header,69,2,login - ssh,na:fe,g0087,2017-09-01 15:37:38.864 +02:00,subject,- 1,-1,-1,-1,-1,6023,3999938775,12434 196630 g0069.jomasoft- lab.ch,return,failure,No account present for user header,69,2,login - ssh,,g0087,2017-09-01 15:37:42.013 +02:00,subject,marcel,marcel,staff,marcel,staff,6026,3889292888,15007 65558 g0069.jomasoft-lab.ch,return,success,0 file,2017-09-01 15:37:42.000 +02:00,
10 Solaris 11 – Secure by Default (4/7) Unsafe Services are not running or not installed -bash-4.4$ telnet g0086 Trying 192.168.100.86... telnet: Unable to connect to remote host: Connection refused -bash-4.4$ ftp g0086 ftp: connect: Connection refused -bash-4.4$ ssh g0086 Last login: Wed Sep 20 17:18:35 2017 from g0069.jomasoft- Oracle Corporation SunOS 5.11 11.3 March 2017 -bash-4.4$
11 Solaris 11 – Secure by Default (5/7) Daemons as non-root with Privileges # ps -f -u netadm,daemon,smmsp,dladm UID PID PPID C STIME TTY TIME CMD daemon 75 1 0 Aug 28 ? 0:00 /lib/crypto/kcfd netadm 46 1 0 Aug 28 ? 0:00 /usr/sbin/ibmgmtd netadm 66 1 0 Aug 28 ? 0:02 /lib/inet/ipmgmtd dladm 52 1 0 Aug 28 ? 0:02 /usr/sbin/dlmgmtd daemon 448 1 0 Aug 28 ? 0:00 /usr/sbin/rpcbind -w daemon 204 1 0 Aug 28 ? 0:00 /usr/lib/utmpd netadm 315 1 0 Aug 28 ? 0:02 /lib/inet/nwamd smmsp 644 1 0 Aug 28 ? 0:00 /usr/lib/inet/sendmail -Ac-q15m
12 Solaris 11 – Secure by Default (6/7) Restrictive umask -bash-4.4$ umask 0022 -bash-4.4$ touch /tmp/test -bash-4.4$ ls -l /tmp/test -rw-r--r-- 1 marcel staff 0 Sep 1 15:53 /tmp/test
13 Solaris 11 – Secure by Default (7/7) Role-based access control (RBAC) -bash-4.4$ profiles -a | grep ZFS ZFS File System Management ZFS Storage Management # usermod -P+"ZFS File System Management" marcel -bash-4.4$ zfs create rpool/test1 cannot create 'rpool/test1': permission denied -bash-4.4$ pfbash bash-4.4$ zfs create rpool/test1
14 Solaris 11 – pkg verify Detect changes -# ls -l /etc/shadow -r-------- 1 root sys 807 May 8 2017 /etc/shadow # chmod o+r /etc/shadow # ls -l /etc/shadow -r-----r-- 1 root sys 807 May 8 2017 /etc/shadow # pkg verify PACKAGE STATUS pkg://solaris/system/core-os ERROR file: etc/shadow ERROR: Mode: 0404 should be 0400
15 Solaris 11 – pkg fix Revert changes # pkg fix core-os Packages to fix: 1 Create boot environment: No Create backup boot environment: Yes Repairing: pkg://solaris/system/core-os@0.5.11,5.11- 0.175.3.14.0.5.0:20161105T004625Z PACKAGE STATUS pkg://solaris/system/core-os ERROR file: etc/shadow ERROR: Mode: 0404 should be 0400 PHASE ITEMS Updating modified actions 1/1 Updating package state database Done Updating package cache 0/0 Updating image state Done Creating fast lookup database Done Updating package cache 2/2 # ls -l /etc/shadow -r-------- 1 root sys 807 May 8 2017 /etc/shadow
16 CVE Common Vulnerabilities and Exposures Industrie Standard Namingconvention for Security Bugs Format: CVE-<jahr>-<nr> Sample: CVE-2014-7187 (Bash/Shellshock) Scoring: Common Vulnerability Scoring System (CVSS) Medium 4 – 6.9 / High 7 – 8.9 / Critical 9 – 10 Search u.v.a. https://www.cvedetails.com/ Oracle Solaris 376 Redhat Enterprise Linux 426 Windows 7 820
17 Solaris 11.3 – CVE Metadata Required: Metadata Package installed # pkg install solaris-11-cpu Analysis Is Fix installed for CVE-2014-7187 (Bash/Shellshock)? -bash-4.4$ pkg search -l CVE-2014-7187 INDEX ACTION VALUE PACKAGE info.cve set CVE-2014-7187 pkg:/support/critical-patch-update/solaris-11- cpu@2017.6-1 Is CVE-2017-3629 (Local Privilege Escalation) installed? -bash-4.4$ pkg search -l CVE-2017-3629 -bash-4.4$ Which Update is required for CVE-2017-3629? -bash-4.4$ pkg search CVE-2017-3629: | head -2 INDEX ACTION VALUE PACKAGE CVE-2017-3629 set pkg://solaris/network/legacy-remote-utilities@0.5.11,5.11- 0.175.3.22.0.3.0 pkg:/support/critical-patch-update/solaris-11-cpu@2017.7-1
18 SPARC-Virtualization: LDoms / Zonen Oracle & Fujitsu SPARC Server Systeme: T4-x, T5-x, M5, M6, M10, T7-x, M7-x, S7-2, M12, T8-x,M8-x Multiple, separated Solaris Instances on the same HW Combine with Zones Dedicated Memory Hacker on one Zone or LDom has limited Impact
19 Solaris – Virtualization using Zones Immutable (Read-Only) Zones A) file-mac-profile=flexible-configuration # touch /bla touch: cannot change times on /bla: Read-only file system # pkg install apache-22 pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem. # touch /etc/test # touch /var/myfile
20 Solaris – Virtualization using Zones Immutable (Read-Only) Zones B) file-mac-profile=fixed-configuration # touch /bla touch: cannot change times on /bla: Read-only file system # pkg install apache-22 pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem. # touch /etc/test touch: cannot change times on /etc/test: Read-only file system # touch /var/myfile
21 Solaris – Virtualization using Zones Immutable (Read-Only) Zones C) file-mac-profile=strict Completely Read-Only / Only Remote Logging # touch /bla touch: cannot change times on /bla: Read-only file system # pkg install apache-22 pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem. # touch /etc/test touch: cannot change times on /etc/test: Read-only file system # touch /var/myfile touch: cannot change times on /var/myfile: Read-only file system
22 Solaris – Virtualization using Zones Trusted Path for Immutable (Read-Only) Zones Beispiel mit file-mac-profile=strict -bash-4.1$ touch /etc/test touch: cannot change times on /etc/test: Permission denied On the global Zone / No RW Reboot required # zlogin -T v0128 [Connected to zone 'v0128' pts/3] Oracle Corporation SunOS 5.11 11.2 August 2014 root@v0128:~# touch /etc/test
23 Solaris 11.3 – Compliance tool Based on OpenSCAP Checks Systems against predefined Rules Allows to detect changes on the System Produces detailed HTML Report Execution: compliance assess -b solaris -p Baseline compliance assess -b solaris -p Recommended compliance assess -b pci-dss
24 Solaris 11.3 – Compliance tool
25 Solaris 11.3 – Compliance tool compliance Output # compliance assess -b solaris -p Baseline Assessment will be named 'solaris.Baseline.2017-09-01,16:37' Package integrity is verified OSC-54005 pass The OS version is current OSC-53005 pass Service svc:/network/ftp:default is in disabled state OSC-17510 pass Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured OSC-63005 fail
26 SPARC – Silicon Secured Memory Integrated in SPARC CPU M7/M8 and S7 You detect and prevent - Memory Reference Errors - Buffer Overruns - Memory Usage after free Alternatives in Software are expensive and 30x – 70x slower Oracle Developer Studio Compiler includes Support for Discovery at Development Demo Video about OpenSSL Heartbleed https://swisdev.oracle.com/_files/ADI-Demo.html
27 SPARC – Silicon Secured Memory void main(int argc, char *argv[]) { char *buffer = malloc( sizeof(char) * 10); strcpy(buffer, "Test-Text"); for (int i = 0; i < 20; ++i) printf( "%c ", buffer[i] ); printf("|n"); free(buffer); } /opt/solarisstudio12.4/bin/cc -m64 -g -o buffer_overrun buffer_overrun.c -bash-4.4$ ./buffer_overrun T e s t - T e x t | - X TTTST E E ? P W D
28 SPARC – Silicon Secured Memory With SSM (ADI) activated the Program is stopped and can't access foreign Memory. -bash-4.4$ LD_PRELOAD_64=/lib/64/libadimalloc.so.1 ./buffer_overrun Segmentation Fault (core dumped) -bash-4.4$ echo ::status | mdb core debugging core file of buffer_overrun (64-bit) from g0072 file: /export/home/marcel/buffer_overrun initial argv: ./buffer_overrun threading model: native threads status: process terminated by SIGSEGV (Segmentation Fault), pc=100000bb0 , ADI version d mismatch for VA ffffffff7e93ffc0
29 SPARC – Silicon Secured Memory Detailed Results when using the Compiler Libraries LD_PRELOAD_64=/opt/developerstudio12.5/lib/compilers/sparcv9/libdiscoverADI.so ./ buffer_overrun T e s t - T e x t |
30 VDCF – Virtual Datacenter Cloud Framework Management Tool for Zones and LDOMs Installation, Operation, Migration, Monitoring, Security and Failover/DR Supports Solaris 10 + 11 on SPARC/x86 In productive use since 2006 Dynamic Virtualization Live / Cold Migration and Failover Resource Configuration and Monitoring Agility for your Enterprise Private Cloud Implemented by Admins for Admins
31 Dynamic Virtualization
32 VDCF – Compliance Assess 3 Standard Benchmarks: baseline, recommended, pci-dss VDCF Benchmarks: default & cdom -bash-4.4$ more /var/opt/jomasoft/vdcf/conf/compliance/cdom.tailor ..... # ------------------------------- # commented, activate if required # ------------------------------- .... # OSC-53005: The OS version is current #exclude OSC-53005 ... # -------------------------- # disabled to avoid failures # -------------------------- # OSC-55010: The r-protocols services are disabled in PAM exclude OSC-55010 # OSC-73505: ssh(1) is the only service binding a listener to non-loopback addresses exclude OSC-73505 # -------------------------------------- # added to detect more than the baseline # -------------------------------------- ..... # OSC-47500: Passwords require at least 1 digits include OSC-47500 # OSC-49500: Passwords require at least 1 upper-case characters include OSC-49500 # OSC-93005: User home directories have appropriate permissions include OSC-93005 .... Individual Benchmarks for Customers and Servers
33 VDCF – Compliance Assess Fully automated Compliance check over the Datacenter osmon -c assess all all_vserver Compliance Report
34 VDCF – Hardening Individual Hardening Profiles -bash-4.4$ more /var/opt/jomasoft/vdcf/conf/compliance/baseline.hardening OSC-12510: Service svc:/network/nfs/fedfs-client:default is in disabled state OSC-63005: Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured OSC-93005: User home directories have appropriate permissions OSC-34010: Service svc:/application/cups/in-lpd:default is in disabled state OSC-85000: The maximum number of waiting TCP connections is set to at least 1024 OSC-99011: Service svc:/system/rad:remote is in enabled state Hardening -bash-4.4$ node -c harden name=g0087 profile=baseline Hardening started ... OSC-12510: Service svc:/network/nfs/fedfs-client:default is in disabled state - DONE OSC-34010: Service svc:/application/cups/in-lpd:default is in disabled state - DONE OSC-63005: Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured - DONE OSC-85000: The maximum number of waiting TCP connections is set to at least 1024 - DONE (Changed from 128 to 1024) OSC-93005: User home directories have appropriate permissions - DONE OSC-99011: Service svc:/system/rad:remote is in enabled state - DONE Hardening of 6 items on Node g0087 was successful
35 VDCF – Online Ressources Produkt Documentation Online Complete Documentation and Videos on Webpage available Free Edition No-Cost Test Version with limited number of managable Servers. Test using combined POC Install and test together with JomaSoft on-site in your Test environment. Webpage https://www.jomasoft.ch/vdcf
36 Ending Slide Marcel Hofstetter hofstetter@jomasoft.ch http://www.jomasoftmarcel.blogspot.ch CEO / Enterprise Consultant JomaSoft GmbH Oracle ACE „Solaris“ Questions?

Recommandé

SOUG - Experiences with Oracle Solaris 11.4
SOUG - Experiences with Oracle Solaris 11.4SOUG - Experiences with Oracle Solaris 11.4
SOUG - Experiences with Oracle Solaris 11.4JomaSoft
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
UKOUG - What is Delivered with Solaris 11.4
UKOUG - What is Delivered with Solaris 11.4UKOUG - What is Delivered with Solaris 11.4
UKOUG - What is Delivered with Solaris 11.4JomaSoft
 
Install Solaris 11.1 on a Virtualbox VM
Install Solaris 11.1 on a Virtualbox VMInstall Solaris 11.1 on a Virtualbox VM
Install Solaris 11.1 on a Virtualbox VMLaurent Leturgez
 
Solaris 11 Consolidation Tools
Solaris 11 Consolidation ToolsSolaris 11 Consolidation Tools
Solaris 11 Consolidation ToolsRoman Ivanov
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Rac on NFS
Rac on NFSRac on NFS
Rac on NFSmengjiagou
 
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisPresentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisxKinAnx
 

Recommandé

SOUG - Experiences with Oracle Solaris 11.4
SOUG - Experiences with Oracle Solaris 11.4SOUG - Experiences with Oracle Solaris 11.4
SOUG - Experiences with Oracle Solaris 11.4JomaSoft
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
UKOUG - What is Delivered with Solaris 11.4
UKOUG - What is Delivered with Solaris 11.4UKOUG - What is Delivered with Solaris 11.4
UKOUG - What is Delivered with Solaris 11.4JomaSoft
 
Install Solaris 11.1 on a Virtualbox VM
Install Solaris 11.1 on a Virtualbox VMInstall Solaris 11.1 on a Virtualbox VM
Install Solaris 11.1 on a Virtualbox VMLaurent Leturgez
 
Solaris 11 Consolidation Tools
Solaris 11 Consolidation ToolsSolaris 11 Consolidation Tools
Solaris 11 Consolidation ToolsRoman Ivanov
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Rac on NFS
Rac on NFSRac on NFS
Rac on NFSmengjiagou
 
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisPresentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisxKinAnx
 
如何安装Oracle one off临时小补丁及注意事项
如何安装Oracle one off临时小补丁及注意事项如何安装Oracle one off临时小补丁及注意事项
如何安装Oracle one off临时小补丁及注意事项maclean liu
 
Installing the Oracle SOA Suite on Red Hat 6
Installing the Oracle SOA Suite on Red Hat 6Installing the Oracle SOA Suite on Red Hat 6
Installing the Oracle SOA Suite on Red Hat 6TUSHAR VARSHNEY
 
Kirankumar_Satuluri_540633_Linux_and_Unix_Administrator
Kirankumar_Satuluri_540633_Linux_and_Unix_AdministratorKirankumar_Satuluri_540633_Linux_and_Unix_Administrator
Kirankumar_Satuluri_540633_Linux_and_Unix_Administratorskiankumar
 
Automated Configuration of Firmware
Automated Configuration of FirmwareAutomated Configuration of Firmware
Automated Configuration of FirmwareMichael Arnold
 
Oreilly solinea-managing-openstack
Oreilly solinea-managing-openstackOreilly solinea-managing-openstack
Oreilly solinea-managing-openstackVietnam Open Infrastructure User Group
 
Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Jaskaran Narula
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
Rh401 rhel5.2
Rh401 rhel5.2Rh401 rhel5.2
Rh401 rhel5.2Ranjeet Kumar Azad
 
Upgrade IOS Cisco Aironet 1130AG Series Access Point
Upgrade IOS Cisco Aironet 1130AG Series Access PointUpgrade IOS Cisco Aironet 1130AG Series Access Point
Upgrade IOS Cisco Aironet 1130AG Series Access PointDani Royman Simanjuntak
 
DEFCON 23 - Etienne Martineau - inter vm data exfiltration
DEFCON 23 - Etienne Martineau - inter vm data exfiltrationDEFCON 23 - Etienne Martineau - inter vm data exfiltration
DEFCON 23 - Etienne Martineau - inter vm data exfiltrationFelipe Prado
 
Karl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at MediaflyKarl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at MediaflyMediafly
 
Mysql repos testing.odp
Mysql repos testing.odpMysql repos testing.odp
Mysql repos testing.odpRamana Yeruva
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
Develop and Maintain a Distro with Open Build Service
Develop and Maintain a Distro with Open Build ServiceDevelop and Maintain a Distro with Open Build Service
Develop and Maintain a Distro with Open Build ServiceSUSE Labs Taipei
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)Sumant Garg
 
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Arie Vayner
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASACisco Russia
 
Distributed Compiler Icecc
Distributed Compiler IceccDistributed Compiler Icecc
Distributed Compiler IceccSZ Lin
 
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...NETWAYS
 
Select, manage, and backport the long term stable kernels
Select, manage, and backport the long term stable kernelsSelect, manage, and backport the long term stable kernels
Select, manage, and backport the long term stable kernelsSZ Lin
 
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOrgad Kimchi
 
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - MattoonDrupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoonsmattoon
 

Contenu connexe

Tendances

如何安装Oracle one off临时小补丁及注意事项
如何安装Oracle one off临时小补丁及注意事项如何安装Oracle one off临时小补丁及注意事项
如何安装Oracle one off临时小补丁及注意事项maclean liu
 
Installing the Oracle SOA Suite on Red Hat 6
Installing the Oracle SOA Suite on Red Hat 6Installing the Oracle SOA Suite on Red Hat 6
Installing the Oracle SOA Suite on Red Hat 6TUSHAR VARSHNEY
 
Kirankumar_Satuluri_540633_Linux_and_Unix_Administrator
Kirankumar_Satuluri_540633_Linux_and_Unix_AdministratorKirankumar_Satuluri_540633_Linux_and_Unix_Administrator
Kirankumar_Satuluri_540633_Linux_and_Unix_Administratorskiankumar
 
Automated Configuration of Firmware
Automated Configuration of FirmwareAutomated Configuration of Firmware
Automated Configuration of FirmwareMichael Arnold
 
Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Jaskaran Narula
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
Upgrade IOS Cisco Aironet 1130AG Series Access Point
Upgrade IOS Cisco Aironet 1130AG Series Access PointUpgrade IOS Cisco Aironet 1130AG Series Access Point
Upgrade IOS Cisco Aironet 1130AG Series Access PointDani Royman Simanjuntak
 
DEFCON 23 - Etienne Martineau - inter vm data exfiltration
DEFCON 23 - Etienne Martineau - inter vm data exfiltrationDEFCON 23 - Etienne Martineau - inter vm data exfiltration
DEFCON 23 - Etienne Martineau - inter vm data exfiltrationFelipe Prado
 
Karl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at MediaflyKarl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at MediaflyMediafly
 
Mysql repos testing.odp
Mysql repos testing.odpMysql repos testing.odp
Mysql repos testing.odpRamana Yeruva
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
Develop and Maintain a Distro with Open Build Service
Develop and Maintain a Distro with Open Build ServiceDevelop and Maintain a Distro with Open Build Service
Develop and Maintain a Distro with Open Build ServiceSUSE Labs Taipei
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)Sumant Garg
 
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Arie Vayner
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASACisco Russia
 
Distributed Compiler Icecc
Distributed Compiler IceccDistributed Compiler Icecc
Distributed Compiler IceccSZ Lin
 
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...NETWAYS
 
Select, manage, and backport the long term stable kernels
Select, manage, and backport the long term stable kernelsSelect, manage, and backport the long term stable kernels
Select, manage, and backport the long term stable kernelsSZ Lin
 

Tendances (20)

如何安装Oracle one off临时小补丁及注意事项
如何安装Oracle one off临时小补丁及注意事项如何安装Oracle one off临时小补丁及注意事项
如何安装Oracle one off临时小补丁及注意事项
 
Installing the Oracle SOA Suite on Red Hat 6
Installing the Oracle SOA Suite on Red Hat 6Installing the Oracle SOA Suite on Red Hat 6
Installing the Oracle SOA Suite on Red Hat 6
 
Kirankumar_Satuluri_540633_Linux_and_Unix_Administrator
Kirankumar_Satuluri_540633_Linux_and_Unix_AdministratorKirankumar_Satuluri_540633_Linux_and_Unix_Administrator
Kirankumar_Satuluri_540633_Linux_and_Unix_Administrator
 
Automated Configuration of Firmware
Automated Configuration of FirmwareAutomated Configuration of Firmware
Automated Configuration of Firmware
 
Oreilly solinea-managing-openstack
Oreilly solinea-managing-openstackOreilly solinea-managing-openstack
Oreilly solinea-managing-openstack
 
Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - Mediafly
 
Rh401 rhel5.2
Rh401 rhel5.2Rh401 rhel5.2
Rh401 rhel5.2
 
Upgrade IOS Cisco Aironet 1130AG Series Access Point
Upgrade IOS Cisco Aironet 1130AG Series Access PointUpgrade IOS Cisco Aironet 1130AG Series Access Point
Upgrade IOS Cisco Aironet 1130AG Series Access Point
 
DEFCON 23 - Etienne Martineau - inter vm data exfiltration
DEFCON 23 - Etienne Martineau - inter vm data exfiltrationDEFCON 23 - Etienne Martineau - inter vm data exfiltration
DEFCON 23 - Etienne Martineau - inter vm data exfiltration
 
Karl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at MediaflyKarl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at Mediafly
 
Mysql repos testing.odp
Mysql repos testing.odpMysql repos testing.odp
Mysql repos testing.odp
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
 
Develop and Maintain a Distro with Open Build Service
Develop and Maintain a Distro with Open Build ServiceDevelop and Maintain a Distro with Open Build Service
Develop and Maintain a Distro with Open Build Service
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
 
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
 
Distributed Compiler Icecc
Distributed Compiler IceccDistributed Compiler Icecc
Distributed Compiler Icecc
 
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
 
Select, manage, and backport the long term stable kernels
Select, manage, and backport the long term stable kernelsSelect, manage, and backport the long term stable kernels
Select, manage, and backport the long term stable kernels
 

Similaire à UKOUG Tech17 - Stay Secure With Oracle Solaris

Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOrgad Kimchi
 
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - MattoonDrupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoonsmattoon
 
Drupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from SunDrupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from Sunsmattoon
 
Drupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, ScalingDrupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, Scalingsmattoon
 
Oracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise ApplicationsOracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise Applicationsglynnfoster
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn ContainerDay Security 2023
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACSecure-24
 
SANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management DatabasesSANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management DatabasesPhil Hagen
 
Making MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid InfrastructureMaking MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid InfrastructureIlmar Kerm
 
Whitepaper MS SQL Server on Linux
Whitepaper MS SQL Server on LinuxWhitepaper MS SQL Server on Linux
Whitepaper MS SQL Server on LinuxRoger Eisentrager
 
Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Santosh Kangane
 
OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)Jooho Lee
 
Linux Desktop Automation
Linux Desktop AutomationLinux Desktop Automation
Linux Desktop AutomationRui Lapa
 
Installing oracle grid infrastructure and database 12c r1
Installing oracle grid infrastructure and database 12c r1Installing oracle grid infrastructure and database 12c r1
Installing oracle grid infrastructure and database 12c r1Voeurng Sovann
 
Drupalcon2007 Sun
Drupalcon2007 SunDrupalcon2007 Sun
Drupalcon2007 Sunsmattoon
 
Presentation linux on power
Presentation linux on powerPresentation linux on power
Presentation linux on powersolarisyougood
 
Red Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security AgencyRed Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security Agencysanchetanparmar
 
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Vincent Batts
 

Similaire à UKOUG Tech17 - Stay Secure With Oracle Solaris (20)

Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOracle Solaris 11.1 New Features
Oracle Solaris 11.1 New Features
 
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - MattoonDrupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
 
Drupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from SunDrupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from Sun
 
Drupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, ScalingDrupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, Scaling
 
Oracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise ApplicationsOracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise Applications
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RAC
 
SANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management DatabasesSANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management Databases
 
Making MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid InfrastructureMaking MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid Infrastructure
 
Whitepaper MS SQL Server on Linux
Whitepaper MS SQL Server on LinuxWhitepaper MS SQL Server on Linux
Whitepaper MS SQL Server on Linux
 
Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0Oracle 11g R2 RAC setup on rhel 5.0
Oracle 11g R2 RAC setup on rhel 5.0
 
OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)
 
Hardening solaris
Hardening solarisHardening solaris
Hardening solaris
 
Linux Desktop Automation
Linux Desktop AutomationLinux Desktop Automation
Linux Desktop Automation
 
Installing oracle grid infrastructure and database 12c r1
Installing oracle grid infrastructure and database 12c r1Installing oracle grid infrastructure and database 12c r1
Installing oracle grid infrastructure and database 12c r1
 
Drupalcon2007 Sun
Drupalcon2007 SunDrupalcon2007 Sun
Drupalcon2007 Sun
 
Presentation linux on power
Presentation linux on powerPresentation linux on power
Presentation linux on power
 
Red Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security AgencyRed Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security Agency
 
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]
 

Plus de JomaSoft

JomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft
 
Private Cloud mit Solaris auf SPARC
Private Cloud mit Solaris auf SPARCPrivate Cloud mit Solaris auf SPARC
Private Cloud mit Solaris auf SPARCJomaSoft
 
Erfahrungen und Stolpersteine mit Solaris 11.4
Erfahrungen und Stolpersteine mit Solaris 11.4Erfahrungen und Stolpersteine mit Solaris 11.4
Erfahrungen und Stolpersteine mit Solaris 11.4JomaSoft
 
Praktische Erfahrungen mit den kleinen SPARC S7-2 Servern
Praktische Erfahrungen mit den kleinen SPARC S7-2 ServernPraktische Erfahrungen mit den kleinen SPARC S7-2 Servern
Praktische Erfahrungen mit den kleinen SPARC S7-2 ServernJomaSoft
 
Experiences with Oracle SPARC S7-2 Server
Experiences with Oracle SPARC S7-2 ServerExperiences with Oracle SPARC S7-2 Server
Experiences with Oracle SPARC S7-2 ServerJomaSoft
 
Increase Efficiency of Solaris Operations & SPARC Life Cycle
Increase Efficiency of Solaris Operations & SPARC Life CycleIncrease Efficiency of Solaris Operations & SPARC Life Cycle
Increase Efficiency of Solaris Operations & SPARC Life CycleJomaSoft
 
DOAG 2018 / Was bringt Solaris 11.4
DOAG 2018 / Was bringt Solaris 11.4DOAG 2018 / Was bringt Solaris 11.4
DOAG 2018 / Was bringt Solaris 11.4JomaSoft
 
DOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 Server
DOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 ServerDOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 Server
DOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 ServerJomaSoft
 
DOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFS
DOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFSDOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFS
DOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFSJomaSoft
 
Wie gehts weiter mit Oracle Solaris?
Wie gehts weiter mit Oracle Solaris?Wie gehts weiter mit Oracle Solaris?
Wie gehts weiter mit Oracle Solaris?JomaSoft
 
Sicherheit, Compliance, Höchsteistung mit SPARC/Solaris
Sicherheit, Compliance, Höchsteistung mit SPARC/SolarisSicherheit, Compliance, Höchsteistung mit SPARC/Solaris
Sicherheit, Compliance, Höchsteistung mit SPARC/SolarisJomaSoft
 
Rapid Deploy von OS, Virtualsierung und Applikation
Rapid Deploy von OS, Virtualsierung und ApplikationRapid Deploy von OS, Virtualsierung und Applikation
Rapid Deploy von OS, Virtualsierung und ApplikationJomaSoft
 
Rapid Deployment mit JomaSoft VDCF
Rapid Deployment mit JomaSoft VDCFRapid Deployment mit JomaSoft VDCF
Rapid Deployment mit JomaSoft VDCFJomaSoft
 
Effizienter Hardware LifeCycle auf Oracle SPARC M7 Server
Effizienter Hardware LifeCycle auf Oracle SPARC M7 ServerEffizienter Hardware LifeCycle auf Oracle SPARC M7 Server
Effizienter Hardware LifeCycle auf Oracle SPARC M7 ServerJomaSoft
 
Increase Efficiency of Solaris Operations & Hardware Life Cycle
Increase Efficiency of Solaris Operations & Hardware Life CycleIncrease Efficiency of Solaris Operations & Hardware Life Cycle
Increase Efficiency of Solaris Operations & Hardware Life CycleJomaSoft
 
JomaSoft & VDCF Overview
JomaSoft & VDCF OverviewJomaSoft & VDCF Overview
JomaSoft & VDCF OverviewJomaSoft
 
Wie setzt Swisscom Solaris 11 ein
Wie setzt Swisscom Solaris 11 einWie setzt Swisscom Solaris 11 ein
Wie setzt Swisscom Solaris 11 einJomaSoft
 
VDCF Overview
VDCF OverviewVDCF Overview
VDCF OverviewJomaSoft
 

Plus de JomaSoft (18)

JomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private Cloud
 
Private Cloud mit Solaris auf SPARC
Private Cloud mit Solaris auf SPARCPrivate Cloud mit Solaris auf SPARC
Private Cloud mit Solaris auf SPARC
 
Erfahrungen und Stolpersteine mit Solaris 11.4
Erfahrungen und Stolpersteine mit Solaris 11.4Erfahrungen und Stolpersteine mit Solaris 11.4
Erfahrungen und Stolpersteine mit Solaris 11.4
 
Praktische Erfahrungen mit den kleinen SPARC S7-2 Servern
Praktische Erfahrungen mit den kleinen SPARC S7-2 ServernPraktische Erfahrungen mit den kleinen SPARC S7-2 Servern
Praktische Erfahrungen mit den kleinen SPARC S7-2 Servern
 
Experiences with Oracle SPARC S7-2 Server
Experiences with Oracle SPARC S7-2 ServerExperiences with Oracle SPARC S7-2 Server
Experiences with Oracle SPARC S7-2 Server
 
Increase Efficiency of Solaris Operations & SPARC Life Cycle
Increase Efficiency of Solaris Operations & SPARC Life CycleIncrease Efficiency of Solaris Operations & SPARC Life Cycle
Increase Efficiency of Solaris Operations & SPARC Life Cycle
 
DOAG 2018 / Was bringt Solaris 11.4
DOAG 2018 / Was bringt Solaris 11.4DOAG 2018 / Was bringt Solaris 11.4
DOAG 2018 / Was bringt Solaris 11.4
 
DOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 Server
DOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 ServerDOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 Server
DOAG 2018 / Praktische Erfahrungen mit SPARC S7-2 Server
 
DOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFS
DOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFSDOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFS
DOAG2018 / Oracle DB erfolgreich betreiben auf SPARC/LDoms/Solaris/ZFS
 
Wie gehts weiter mit Oracle Solaris?
Wie gehts weiter mit Oracle Solaris?Wie gehts weiter mit Oracle Solaris?
Wie gehts weiter mit Oracle Solaris?
 
Sicherheit, Compliance, Höchsteistung mit SPARC/Solaris
Sicherheit, Compliance, Höchsteistung mit SPARC/SolarisSicherheit, Compliance, Höchsteistung mit SPARC/Solaris
Sicherheit, Compliance, Höchsteistung mit SPARC/Solaris
 
Rapid Deploy von OS, Virtualsierung und Applikation
Rapid Deploy von OS, Virtualsierung und ApplikationRapid Deploy von OS, Virtualsierung und Applikation
Rapid Deploy von OS, Virtualsierung und Applikation
 
Rapid Deployment mit JomaSoft VDCF
Rapid Deployment mit JomaSoft VDCFRapid Deployment mit JomaSoft VDCF
Rapid Deployment mit JomaSoft VDCF
 
Effizienter Hardware LifeCycle auf Oracle SPARC M7 Server
Effizienter Hardware LifeCycle auf Oracle SPARC M7 ServerEffizienter Hardware LifeCycle auf Oracle SPARC M7 Server
Effizienter Hardware LifeCycle auf Oracle SPARC M7 Server
 
Increase Efficiency of Solaris Operations & Hardware Life Cycle
Increase Efficiency of Solaris Operations & Hardware Life CycleIncrease Efficiency of Solaris Operations & Hardware Life Cycle
Increase Efficiency of Solaris Operations & Hardware Life Cycle
 
JomaSoft & VDCF Overview
JomaSoft & VDCF OverviewJomaSoft & VDCF Overview
JomaSoft & VDCF Overview
 
Wie setzt Swisscom Solaris 11 ein
Wie setzt Swisscom Solaris 11 einWie setzt Swisscom Solaris 11 ein
Wie setzt Swisscom Solaris 11 ein
 
VDCF Overview
VDCF OverviewVDCF Overview
VDCF Overview
 

Dernier

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 

Dernier (20)

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 

UKOUG Tech17 - Stay Secure With Oracle Solaris

  • 1. 1 Stay Secure With Oracle Solaris Marcel Hofstetter hofstetter@jomasoft.ch https://www.jomasoftmarcel.blogspot.ch CEO / Enterprise Consultant JomaSoft GmbH Oracle ACE „Solaris“
  • 2. 2 Agenda About JomaSoft Oracle ACE Program Solaris 11: Secure by Default Virtualization Compliance tool SPARC Silicon Secured Memory Compliance and Hardening using VDCF
  • 3. 3 About JomaSoft Engineering company founded July 2000 specialized in Solaris and software development, operations and consulting Product VDCF (Virtual Datacenter Cloud Framework) Installation, Management, Operations, Monitoring, Security and DR for Solaris 10/11, Virtualize using LDoms and Solaris Zones VDCF is used in production since 2006
  • 4. 4 About JomaSoft Flexible and Customer focused Oracle Certified Employees 17 Years Solaris Experience Regular Oracle Solaris Beta Tester Well connected with Oracle Solaris & LDOM Engineering Teams
  • 5. 5 500+ Technical Experts Helping Peers Globally 3 Membership Tiers • Oracle ACE Director • Oracle ACE • Oracle ACE Associate Nominate yourself or someone you know: acenomination.oracle.com bit.ly/OracleACEProgram Connect: @oracleace Facebook.com/oracleaces oracle-ace_ww@oracle.com
  • 6. 6 IT Security Not Topic of this Session - Firewalls - Applikation Development OS Security with Oracle Solaris - What's there by default - How can I check my Servers? - How can I protect my Applications? - Hardening
  • 7. 7 Solaris 11 – Secure by Default (1/7) No direct root Login g0086 console login: root Password: Roles can not login directly Login incorrect g0086 console login: marcel Password: Last login: Wed Sep 20 15:42:30 2017 from g0069.jomasoft- Oracle Corporation SunOS 5.11 11.3 March 2017 -bash-4.4$ su Password: Sep 20 17:16:55 g0086 su: 'su root' succeeded for marcel on /dev/console
  • 8. 8 Solaris 11 – Secure by Default (2/7) No direct root Login -bash-4.4$ id uid=501(larry) gid=10(staff) -bash-4.4$ su Password: Roles can only be assumed by authorized users su: Sorry -bash-4.4$ grep roles=root /etc/user_attr admin::::lock_after_retries=no;profiles=System Administrator;roles=root marcel::::profiles=VDCF Logger,VDCF admin Module;roles=root
  • 9. 9 Solaris 11 – Secure by Default (3/7) Auditing is activated (for Logins) # auditreduce -c lo | praudit -l | tail -4 header,69,2,login - ssh,fe,g0087,2017-09-01 15:37:32.707 +02:00,subject,root,root,root,root,root,6021,3233957173,15531 196630 g0069.jomasoft-lab.ch,return,failure,Permission denied header,69,2,login - ssh,na:fe,g0087,2017-09-01 15:37:38.864 +02:00,subject,- 1,-1,-1,-1,-1,6023,3999938775,12434 196630 g0069.jomasoft- lab.ch,return,failure,No account present for user header,69,2,login - ssh,,g0087,2017-09-01 15:37:42.013 +02:00,subject,marcel,marcel,staff,marcel,staff,6026,3889292888,15007 65558 g0069.jomasoft-lab.ch,return,success,0 file,2017-09-01 15:37:42.000 +02:00,
  • 10. 10 Solaris 11 – Secure by Default (4/7) Unsafe Services are not running or not installed -bash-4.4$ telnet g0086 Trying 192.168.100.86... telnet: Unable to connect to remote host: Connection refused -bash-4.4$ ftp g0086 ftp: connect: Connection refused -bash-4.4$ ssh g0086 Last login: Wed Sep 20 17:18:35 2017 from g0069.jomasoft- Oracle Corporation SunOS 5.11 11.3 March 2017 -bash-4.4$
  • 11. 11 Solaris 11 – Secure by Default (5/7) Daemons as non-root with Privileges # ps -f -u netadm,daemon,smmsp,dladm UID PID PPID C STIME TTY TIME CMD daemon 75 1 0 Aug 28 ? 0:00 /lib/crypto/kcfd netadm 46 1 0 Aug 28 ? 0:00 /usr/sbin/ibmgmtd netadm 66 1 0 Aug 28 ? 0:02 /lib/inet/ipmgmtd dladm 52 1 0 Aug 28 ? 0:02 /usr/sbin/dlmgmtd daemon 448 1 0 Aug 28 ? 0:00 /usr/sbin/rpcbind -w daemon 204 1 0 Aug 28 ? 0:00 /usr/lib/utmpd netadm 315 1 0 Aug 28 ? 0:02 /lib/inet/nwamd smmsp 644 1 0 Aug 28 ? 0:00 /usr/lib/inet/sendmail -Ac-q15m
  • 12. 12 Solaris 11 – Secure by Default (6/7) Restrictive umask -bash-4.4$ umask 0022 -bash-4.4$ touch /tmp/test -bash-4.4$ ls -l /tmp/test -rw-r--r-- 1 marcel staff 0 Sep 1 15:53 /tmp/test
  • 13. 13 Solaris 11 – Secure by Default (7/7) Role-based access control (RBAC) -bash-4.4$ profiles -a | grep ZFS ZFS File System Management ZFS Storage Management # usermod -P+"ZFS File System Management" marcel -bash-4.4$ zfs create rpool/test1 cannot create 'rpool/test1': permission denied -bash-4.4$ pfbash bash-4.4$ zfs create rpool/test1
  • 14. 14 Solaris 11 – pkg verify Detect changes -# ls -l /etc/shadow -r-------- 1 root sys 807 May 8 2017 /etc/shadow # chmod o+r /etc/shadow # ls -l /etc/shadow -r-----r-- 1 root sys 807 May 8 2017 /etc/shadow # pkg verify PACKAGE STATUS pkg://solaris/system/core-os ERROR file: etc/shadow ERROR: Mode: 0404 should be 0400
  • 15. 15 Solaris 11 – pkg fix Revert changes # pkg fix core-os Packages to fix: 1 Create boot environment: No Create backup boot environment: Yes Repairing: pkg://solaris/system/core-os@0.5.11,5.11- 0.175.3.14.0.5.0:20161105T004625Z PACKAGE STATUS pkg://solaris/system/core-os ERROR file: etc/shadow ERROR: Mode: 0404 should be 0400 PHASE ITEMS Updating modified actions 1/1 Updating package state database Done Updating package cache 0/0 Updating image state Done Creating fast lookup database Done Updating package cache 2/2 # ls -l /etc/shadow -r-------- 1 root sys 807 May 8 2017 /etc/shadow
  • 16. 16 CVE Common Vulnerabilities and Exposures Industrie Standard Namingconvention for Security Bugs Format: CVE-<jahr>-<nr> Sample: CVE-2014-7187 (Bash/Shellshock) Scoring: Common Vulnerability Scoring System (CVSS) Medium 4 – 6.9 / High 7 – 8.9 / Critical 9 – 10 Search u.v.a. https://www.cvedetails.com/ Oracle Solaris 376 Redhat Enterprise Linux 426 Windows 7 820
  • 17. 17 Solaris 11.3 – CVE Metadata Required: Metadata Package installed # pkg install solaris-11-cpu Analysis Is Fix installed for CVE-2014-7187 (Bash/Shellshock)? -bash-4.4$ pkg search -l CVE-2014-7187 INDEX ACTION VALUE PACKAGE info.cve set CVE-2014-7187 pkg:/support/critical-patch-update/solaris-11- cpu@2017.6-1 Is CVE-2017-3629 (Local Privilege Escalation) installed? -bash-4.4$ pkg search -l CVE-2017-3629 -bash-4.4$ Which Update is required for CVE-2017-3629? -bash-4.4$ pkg search CVE-2017-3629: | head -2 INDEX ACTION VALUE PACKAGE CVE-2017-3629 set pkg://solaris/network/legacy-remote-utilities@0.5.11,5.11- 0.175.3.22.0.3.0 pkg:/support/critical-patch-update/solaris-11-cpu@2017.7-1
  • 18. 18 SPARC-Virtualization: LDoms / Zonen Oracle & Fujitsu SPARC Server Systeme: T4-x, T5-x, M5, M6, M10, T7-x, M7-x, S7-2, M12, T8-x,M8-x Multiple, separated Solaris Instances on the same HW Combine with Zones Dedicated Memory Hacker on one Zone or LDom has limited Impact
  • 19. 19 Solaris – Virtualization using Zones Immutable (Read-Only) Zones A) file-mac-profile=flexible-configuration # touch /bla touch: cannot change times on /bla: Read-only file system # pkg install apache-22 pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem. # touch /etc/test # touch /var/myfile
  • 20. 20 Solaris – Virtualization using Zones Immutable (Read-Only) Zones B) file-mac-profile=fixed-configuration # touch /bla touch: cannot change times on /bla: Read-only file system # pkg install apache-22 pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem. # touch /etc/test touch: cannot change times on /etc/test: Read-only file system # touch /var/myfile
  • 21. 21 Solaris – Virtualization using Zones Immutable (Read-Only) Zones C) file-mac-profile=strict Completely Read-Only / Only Remote Logging # touch /bla touch: cannot change times on /bla: Read-only file system # pkg install apache-22 pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem. # touch /etc/test touch: cannot change times on /etc/test: Read-only file system # touch /var/myfile touch: cannot change times on /var/myfile: Read-only file system
  • 22. 22 Solaris – Virtualization using Zones Trusted Path for Immutable (Read-Only) Zones Beispiel mit file-mac-profile=strict -bash-4.1$ touch /etc/test touch: cannot change times on /etc/test: Permission denied On the global Zone / No RW Reboot required # zlogin -T v0128 [Connected to zone 'v0128' pts/3] Oracle Corporation SunOS 5.11 11.2 August 2014 root@v0128:~# touch /etc/test
  • 23. 23 Solaris 11.3 – Compliance tool Based on OpenSCAP Checks Systems against predefined Rules Allows to detect changes on the System Produces detailed HTML Report Execution: compliance assess -b solaris -p Baseline compliance assess -b solaris -p Recommended compliance assess -b pci-dss
  • 24. 24 Solaris 11.3 – Compliance tool
  • 25. 25 Solaris 11.3 – Compliance tool compliance Output # compliance assess -b solaris -p Baseline Assessment will be named 'solaris.Baseline.2017-09-01,16:37' Package integrity is verified OSC-54005 pass The OS version is current OSC-53005 pass Service svc:/network/ftp:default is in disabled state OSC-17510 pass Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured OSC-63005 fail
  • 26. 26 SPARC – Silicon Secured Memory Integrated in SPARC CPU M7/M8 and S7 You detect and prevent - Memory Reference Errors - Buffer Overruns - Memory Usage after free Alternatives in Software are expensive and 30x – 70x slower Oracle Developer Studio Compiler includes Support for Discovery at Development Demo Video about OpenSSL Heartbleed https://swisdev.oracle.com/_files/ADI-Demo.html
  • 27. 27 SPARC – Silicon Secured Memory void main(int argc, char *argv[]) { char *buffer = malloc( sizeof(char) * 10); strcpy(buffer, "Test-Text"); for (int i = 0; i < 20; ++i) printf( "%c ", buffer[i] ); printf("|n"); free(buffer); } /opt/solarisstudio12.4/bin/cc -m64 -g -o buffer_overrun buffer_overrun.c -bash-4.4$ ./buffer_overrun T e s t - T e x t | - X TTTST E E ? P W D
  • 28. 28 SPARC – Silicon Secured Memory With SSM (ADI) activated the Program is stopped and can't access foreign Memory. -bash-4.4$ LD_PRELOAD_64=/lib/64/libadimalloc.so.1 ./buffer_overrun Segmentation Fault (core dumped) -bash-4.4$ echo ::status | mdb core debugging core file of buffer_overrun (64-bit) from g0072 file: /export/home/marcel/buffer_overrun initial argv: ./buffer_overrun threading model: native threads status: process terminated by SIGSEGV (Segmentation Fault), pc=100000bb0 , ADI version d mismatch for VA ffffffff7e93ffc0
  • 29. 29 SPARC – Silicon Secured Memory Detailed Results when using the Compiler Libraries LD_PRELOAD_64=/opt/developerstudio12.5/lib/compilers/sparcv9/libdiscoverADI.so ./ buffer_overrun T e s t - T e x t |
  • 30. 30 VDCF – Virtual Datacenter Cloud Framework Management Tool for Zones and LDOMs Installation, Operation, Migration, Monitoring, Security and Failover/DR Supports Solaris 10 + 11 on SPARC/x86 In productive use since 2006 Dynamic Virtualization Live / Cold Migration and Failover Resource Configuration and Monitoring Agility for your Enterprise Private Cloud Implemented by Admins for Admins
  • 32. 32 VDCF – Compliance Assess 3 Standard Benchmarks: baseline, recommended, pci-dss VDCF Benchmarks: default & cdom -bash-4.4$ more /var/opt/jomasoft/vdcf/conf/compliance/cdom.tailor ..... # ------------------------------- # commented, activate if required # ------------------------------- .... # OSC-53005: The OS version is current #exclude OSC-53005 ... # -------------------------- # disabled to avoid failures # -------------------------- # OSC-55010: The r-protocols services are disabled in PAM exclude OSC-55010 # OSC-73505: ssh(1) is the only service binding a listener to non-loopback addresses exclude OSC-73505 # -------------------------------------- # added to detect more than the baseline # -------------------------------------- ..... # OSC-47500: Passwords require at least 1 digits include OSC-47500 # OSC-49500: Passwords require at least 1 upper-case characters include OSC-49500 # OSC-93005: User home directories have appropriate permissions include OSC-93005 .... Individual Benchmarks for Customers and Servers
  • 33. 33 VDCF – Compliance Assess Fully automated Compliance check over the Datacenter osmon -c assess all all_vserver Compliance Report
  • 34. 34 VDCF – Hardening Individual Hardening Profiles -bash-4.4$ more /var/opt/jomasoft/vdcf/conf/compliance/baseline.hardening OSC-12510: Service svc:/network/nfs/fedfs-client:default is in disabled state OSC-63005: Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured OSC-93005: User home directories have appropriate permissions OSC-34010: Service svc:/application/cups/in-lpd:default is in disabled state OSC-85000: The maximum number of waiting TCP connections is set to at least 1024 OSC-99011: Service svc:/system/rad:remote is in enabled state Hardening -bash-4.4$ node -c harden name=g0087 profile=baseline Hardening started ... OSC-12510: Service svc:/network/nfs/fedfs-client:default is in disabled state - DONE OSC-34010: Service svc:/application/cups/in-lpd:default is in disabled state - DONE OSC-63005: Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured - DONE OSC-85000: The maximum number of waiting TCP connections is set to at least 1024 - DONE (Changed from 128 to 1024) OSC-93005: User home directories have appropriate permissions - DONE OSC-99011: Service svc:/system/rad:remote is in enabled state - DONE Hardening of 6 items on Node g0087 was successful
  • 35. 35 VDCF – Online Ressources Produkt Documentation Online Complete Documentation and Videos on Webpage available Free Edition No-Cost Test Version with limited number of managable Servers. Test using combined POC Install and test together with JomaSoft on-site in your Test environment. Webpage https://www.jomasoft.ch/vdcf
  • 36. 36 Ending Slide Marcel Hofstetter hofstetter@jomasoft.ch http://www.jomasoftmarcel.blogspot.ch CEO / Enterprise Consultant JomaSoft GmbH Oracle ACE „Solaris“ Questions?