Solaris 9 Student Handouts And Lab Material
Past students may download the material used for the lab exercises.
Handout instructions are for use with Solaris 9.
Note that all software and instructions are provided
"AS IS" for use only for educational purposes.
For installation in a trusted environment, software should be obtained directly
from the original, secure source. These instructions are useful to investigate
the features of the software, but are insufficient to configure the software
to minimize security risks in your individual environment.
Student Setup Handout - instructions to configure /.profile, compiler etc. for the labs
MISCELLANEOUS
Script to create chroot() environment with restricted shell (ksh script 4.7K)
File Permissions, Umask and ACLs handout
Setuid and device shell script example
Interesting Security Tips handout
Setup of A Hardened Solaris Workstation handout
References for security exam handout
GNU C++
Installation notes:
rm /usr/ucb/cc
ln -s /usr/local/bin/gcc /usr/local/bin/cc
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/gcc-3.2.2-sol9-sparc-local.gz
ftp://sunfreeware.secsup.org/pub/freeware/sparc/8/binutils-2.11.2-sol8-sparc-local.gz
MAKE
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/make-3.80-sol9-sparc-local.gz
BERKLEY DB
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/db-3.2.9-sol8-sparc-local.gz
LIBPCAP
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/libpcap-0.7.2-sol9-sparc-local.gz
TCPDUMP
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/tcpdump-3.7.2-sol9-sparc-local.gz
PERL 5.8
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/perl-5.8.0-sol9-sparc-local.gz
PERL MODULES
Go to www.perl.com
Select the CPAN link from the list at the left of the page.
Select modules from this page and then all modules from the CPAN modules page.
Resulting URL: www.perl.com/CPAN-local/modules/01modules.index.html
DSNIFF
Sniffing Lab Handout
ftp://sunfreeware.secsup.org/pub/freeware/sparc/8/dsniff-2.3-sol8-sparc-local.gz
NMAP
Sniffing Lab Handout
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/nmap-3.20-sol9-sparc-local.gz
OPEN SSH
OpenSSH web site
Lab handout
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/openssh-3.6.1p1-sol9-sparc-local.gz
OPEN SSL
OpenSSL web site
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/openssl-0.9.7a-sol9-sparc-local.gz
ftp://sunfreeware.secsup.org/pub/freeware/sparc/8/openssl-0.9.6a-sol8-sparc-local.gz
SKIP - Encrypted and authenticated IP datagrams
Skip 1.5.1 for Solaris 8 can be found on the SunScreen 3.1 CD
Skip can be downloaded from
Sun although
they are charging for it now.
Lab handout
IP Sec - Encrypted and authenticated IP datagrams
IP Sec Lab Handout (instructions suitable for Solaris
8)
RBAC / SUDO - Restrictions on root privledges
RBAC Lab Handout
SUDO Lab Handout
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/sudo-1.6.7p3-sol9-sparc-local.gz
TCP WRAPPERS
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/tcp_wrappers-7.6-sol9-sparc-local.gz
Lab handout
Solaris 8,9 notes:
Tcp_Wrappers 7.6 does not support IPv6 addresses.
Try the hacked
version instead if you require IPv6 support.
On Sparc, unless you use GCC 2.95.2 and GLIB 1.2.8 or later, you will get "connected
from 0.0.0.0" and the access rules will fail to work. I haven't tested which
version of GLIB is necessary for Intel.
Also, you must change "tcp6" to "tcp" for the wrapped services
in /etc/inet/inetd.conf
TOP
ftp://sunfreeware.secsup.org/pub/freeware/sparc/9/top-3.5beta12-sol9-sparc3264-local.gz
COURTNEY
ftp://ciac.llnl.gov/pub/ciac/sectools/unix/courtney/courtney-1.3.tar.Z
CRACK
Lab handout
ftp://ftp.cerias.purdue.edu/pub/tools/unix/pwdutils/crack/crack5.0.tar.gz
SYSLOG / SWATCH - Centralized error message logging and filtering
ftp://ftp.stanford.edu/general/security-tools/swatch/swatch-3.0.2.tar
Syslog / Swatch Lab Handout
BSM - Basic Security Module
BSM Lab Handout
TRIPWIRE
Tripwire web site
http://www.dsinet.org/tools/ids/tripwire
ftp://ftp.cerias.purdue.edu/pub/tools/unix/ids/tripwire/Tripwire-1.3.1-1.tar.gz
ftp://ftp.cerias.purdue.edu/pub/tools/unix/ids/tripwire/Tripwire-1.30-docs.pdf
Lab handout
WHISKER
http://www.wiretrip.net/rfp/bins/whisker/whisker.tar.gz
TITAN
http://www.fish.com/~brad/titan/Titan,v4.0BETA6.tar.gz
Titan Lab Handout
ASET
Aset file permissions handout
MD5
ftp://sunfreeware.secsup.org/pub/freeware/sparc/8/md5-6142000-sol8-sparc-local.gz
Solaris Fingerprint Database
http://wwws.sun.com/software/security/downloads.html
http://lwp.linpro.no/lwp/libwww-perl-5.64.tar.gz
Fingerprint Lab Handout
PAM Account Locking Module
http://www.comsmiths.com.au/pam/sparc/5.7/COMSpamll.5.7.pkg.gz
Nessus - Network Vulnerability Scanner
Nessus Installation Instructions
nessus-2.0.9-sol9-sparc-local.gz
Requires also:
bison-1.75-sol9-sparc-local.gz
flex-2.5.4a-sol9-sparc-local.gz
nmap-3.48-sol9-sparc-local.gz
openssl-0.9.7c-sol9-sparc-local.gz
glib-1.2.10-sol9-sparc-local.gz
gtk+-1.2.10-sol9-sparc-local.gz
libgcc-3.3-sol9-sparc-local.gz
or cc_small-3.3.2-sol9-sparc-local.gz
Apache
Notes on Apache security
IP Filter - Stateful Firewall Packet Filter
http://www.ipfilter.org
IP Filter Sample Ruleset
Solaris Security Toolkit (JASS)
http://wwws.sun.com/software/security/jass
SST Lab Handout
SOLARIS SECURITY ENHANCEMENTS (required for Solaris 8)
http://www.sun.com/software/solaris/encryption/download.html
Individual Solaris Sparc Downloads
Solaris 8 Supplemental Encryption Packages (complete)
Download to filename: Sol8_encryption_sparc.tar
(Optional - create a new package with only the encryption stuff
needed)
tar xvf Sol8_encryption_sparc.tar
pkgtrans -s sparc/Packages /opt/pkgs/encryption-11.8.0-sol8-sparc