Look at how to use checkpoint reinforcement solaris

To harden the system, go through the following steps: 1. Install the latest OS version supported by Check Point. 2. Be sure root has a umask setting of 077 or 027 after you have fully configured the system. 3. Be sure root has a safe search path, as in / Usr / bin: / sbin: / usr / sbin It helps avoid Trojan horses in the current working directory. 4. Generally, examine all "S" files in / etc/rc2.d and / etc/rc3.d.Any files that start unneeded facilities should be renamed (be sure the new names don't start with "S." Test all boot file changes by rebooting, examining / var / adm / messages, and checking for extraneous processes in ps-elf output. 5. Make sure the to enable the "CONSOLE" line in / etc / default / login. To disable use of ftp by root, and add the "root" to / etc / ftpusers. 6. Remove / etc / hosts.equiv, /. Rhosts, and all of the "r" commands from the / etc / inetd.conf. Do a kill-HUP of the inetd process. 7. Remove, lock, or comment out unnecessary accounts, including "sys", "uucp", "nuucp", and "listen." The cleanest way to shut them down is to put "NP" in the password field of the / etc / shadow file. Also consider using the noshell program to log attempts to use secured accounts. 8. The file / etc / logindevperm contains configuration information to tell the system the permissions to set on devices associated with login (console, keyboard, etc). Check the values in this file and modify them to give different permissions. 9. No file in / etc needs to be group writeable. Remove group write permission via the command chmod-R gw / etc 10. By default, if a Solaris machine has more than one network interface, Solaris will route packets between the multiple interfaces. This behavior is controlled by / etc / init.d / inetinit. To turn of routing on a Solaris 2.4 (or lesser ) machine, add "set-ndd / dev / ip ip_forwarding 0" at the end of / 156-815etc / init.d / inetinit. For Solaris 2.5, simply "touch / etc / notrouter." Be aware that there is a small window of vulnerability during startup when the machine may route, before the routing is turned off. 11. Automounter is controlled by the / etc / auto_ * configuration files. To disable automounter, remove those files, and / or disable the / etc/rc2.d/S74autofs. 12. NFS exports are controlled by the / etc / dfs / dfstab file. Remove this file. To disable the NFS server daemon, rename / etc/rc3.d/S15nfs.server. To prevent a machine from being an NFS client, rename / etc/rc2.d/S73nfs.client. When renaming startup files, be sure to name them with a starting letter other than "S." 13. Review all the cron jobs by reading the cron file of every system account in / var / spool / cron / crontabs. Consider logging all cron activities by setting "CRONLOG = yes" in / etc / default / cron. 14. Machines using a dynamic route-receiving daemon like in.routed and in.rdisc are vulnerable to receiving incorrect routes. These routes can disable some or all connectivity to other networks. When possible, use static routes (routes added via the route commands in startup files, rather than the routing daemons. 15. ARP is the protocol used to associate IP and Ethernet addresses. Machines that share a wire (and have no routers between them) know each other's ARP addresses. If one machine is replaced with another, the ARP addresses are usually different. By default , Solaris machines dynamically determine ARP addresses. The arp command can be used to statically set ARP table entries and flush all other entries. This facility is best used when there are few, unchanging systems on a network and the machines need to be assured of each other's identities. 16. Rpcbind is the program that allows rpc callers and rpc service provides to find each other. Unfortunately, the standard rpc is insecure. It uses "AUTH_UNIX" authentication, which means it depends on the remote system's IP address and the remote user's UID for identification . Both of these forms of identification can be easily forged or changed. General-purpose systems usually need rpc running to keep users happy. Special purpose systems (web servers, ftp servers, mail servers, etc) can usually have rpc disabled. Be sure to test all the facilities that you depend on to be sure they aren't affected if you turn off rpc. To disable rpc, rename / etc/rc2.d/S71RPC. 17 / etc / utmp can be set to mode 644 without disrupting any service. 18. Many of the setuid and setgid programs on Solaris are used only by root, or by the user or group-id to which they are set. They can have setuid and setgid removed without diminishing user's abilities to get their work done. Consider each of these programs individually as to their use on your system. Should they be run by someone other than 156-815root, their owner, or a user (running with that user's UID)?