Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PLEASE DISREGARD FOUND THE PROBLEM-amcheck error on local server

2009-05-21 11:29:22
Subject: Re: PLEASE DISREGARD FOUND THE PROBLEM-amcheck error on local server
From: Chris Hoogendyk <hoogendyk AT bio.umass DOT edu>
To: Brian Cuttler <brian AT wadsworth DOT org>
Date: Thu, 21 May 2009 10:08:55 -0400 


Brian Cuttler wrote:

Gene, et al,
Brian, for those of us who have not heard of JASS, and for the lists enlightenment, could you discuss what it is and does without having to write a new War & Peace? 

JASS is a set of scripts provided by SUN to harden systems.
There are several different driver choices, for desktops, servers,
etc which will enable/disable different services. I believe all
check system passwords, set password expiration and length, etc.
>From the look of it hundreds of items are checked/altered.

JASS can be run independently or can be specified as an option
during install or as an adjunct to creation of non-global zones.

JASS itself installs as a package from SUN.
Another alternative is to go through the NSA security guide for Solaris (see http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml). They also have guides for Mac OS X, Linux, Windows, and various applications. I prefer locking down what I want to the degree I want, reading through the guide step by step and making a decision at each step. Then I feel like I understand what I have done (and I have documented it).
I've also gone the route of starting with the minimal Solaris install and then adding specifically what I want, chasing dependencies when necessary (so on a lot of the steps of the NSA guide, what they want secured or disabled, I don't even have installed). So my servers have an extremely lean OS with no GUI elements, no Java elements, etc. (my management interface is serial ILOM -- http://blogs.umass.edu/choogend/2008/05/23/ammonoidea/). After an install, I do the latest recommended and security patches, and then go through the NSA security guide before installing and configuring applications. When setting up a bunch of servers, I'll set up one and then clone the basic setup to the others. 


--
---------------

Chris Hoogendyk

-
  O__  ---- Systems Administrator
 c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 
<hoogendyk AT bio.umass DOT edu>
--------------- 
Erdös 4
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PLEASE DISREGARD FOUND THE PROBLEM-amcheck error on local server, McGraw, Robert P
Next by Date:  Re: PLEASE DISREGARD FOUND THE PROBLEM-amcheck error on local server, Abilio Carvalho
Previous by Thread:  Re: PLEASE DISREGARD FOUND THE PROBLEM-amcheck error on local server, Brian Cuttler
Next by Thread:  Re: PLEASE DISREGARD FOUND THE PROBLEM-amcheck error on local server, Gene Heskett
Indexes:  [Date] [Thread] [Top] [All Lists]