Hello all,
My original post is listed below, I only got 1 reply (thanks Robert
Rose!!) and it gave me a few general pointers regarding the size and
maintaenance partitions and management scripts. No one addressed the pkgchk
errors I received.
Thanks,
Michael
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hello all,
I have a group of Sun Ultra 2's running Solaris 2.5.1 with recommended
patches. I would like to enable auditing on these boxes and have read all
the related man pages and the Answerbook on the Basic Security Module.
One problem I see is when I did a pkgchk on the packages that the
Answerbook said were required I received a bunch of errors (pasted below).
These are the steps as I understand them, please feel free to comment,
recommend, etc.
1) Create a dedicated audit file system on 1 server to serve as the primary
NFS-shared audit filesystem for each client. This filesystem should be
shared as /etc/security/audit.
2) Create a local secondary audit file system for each machine in case the
NFS-shared file system is unavailable.
3) Boot into single user mode
4) Run bsmconv
5) Configure the system wide auditing levels, user auditing levels,
warnings, etc.
6) Reboot
If anyone who has done this has any helpful pointers or even copies of
configs to share, I would greatly appreciate it!!!
Thanks in advance, and I will summarize,
Michael Cook
pkgchk errors:
# ~ > pkgchk SUNWcar
ERROR: /platform
permissions <0755> expected <2755> actual
# ~ > pkgchk SUNWcsr
ERROR: /dev
permissions <0775> expected <2775> actual
ERROR: /etc
permissions <0775> expected <2755> actual
ERROR: /etc/auto_master
file size <94> expected <117> actual
file cksum <7917> expected <9685> actual
ERROR: /etc/default/init
file size <459> expected <462> actual
file cksum <38298> expected <38702> actual
ERROR: /etc/default/login
file size <1136> expected <1124> actual
file cksum <26706> expected <25538> actual
ERROR: /etc/device.tab
file size <1207> expected <2251> actual
file cksum <37074> expected <59343> actual
ERROR: /etc/dgroup.tab
file size <360> expected <396> actual
file cksum <28641> expected <31230> actual
ERROR: /etc/dumpdates
file size <0> expected <1260> actual
file cksum <0> expected <8945> actual
ERROR: /etc/group
file size <278> expected <284> actual
file cksum <23586> expected <24243> actual
ERROR: /etc/inet/hosts
file size <46> expected <239> actual
file cksum <3463> expected <15003> actual
ERROR: /etc/inet/inetd.conf
group name <sys> expected <other> actual
file size <4615> expected <4870> actual
file cksum <11707> expected <31373> actual
ERROR: /etc/inet/netmasks
file size <567> expected <620> actual
file cksum <48879> expected <51422> actual
ERROR: /etc/lib
permissions <0775> expected <2775> actual
ERROR: /etc/mnttab
file size <0> expected <930> actual
file cksum <0> expected <5375> actual
ERROR: /etc/net/ticlts/hosts
file size <65> expected <10> actual
file cksum <3929> expected <849> actual
ERROR: /etc/net/ticots/hosts
file size <65> expected <10> actual
file cksum <3929> expected <849> actual
ERROR: /etc/net/ticotsord/hosts
file size <65> expected <10> actual
file cksum <3929> expected <849> actual
ERROR: /etc/nsswitch.conf
file size <779> expected <581> actual
file cksum <884> expected <49384> actual
ERROR: /etc/passwd
file size <445> expected <565> actual
file cksum <36774> expected <47402> actual
ERROR: /etc/path_to_inst
permissions <0644> expected <0444> actual
file size <26> expected <1748> actual
file cksum <2566> expected <55542> actual
ERROR: /etc/profile
file cksum <50375> expected <50385> actual
ERROR: /etc/rc0.d
permissions <0775> expected <2775> actual
ERROR: /etc/rc1.d
permissions <0775> expected <2775> actual
ERROR: /etc/rc2.d
permissions <0775> expected <2775> actual
ERROR: /etc/rc2.d/S82mkdtab
pathname does not exist
pathname not properly linked to <../../etc/init.d/mkdtab>
ERROR: /etc/rc3.d
permissions <0775> expected <2775> actual
ERROR: /etc/rcS.d
permissions <0775> expected <2775> actual
ERROR: /etc/security
permissions <0755> expected <2755> actual
ERROR: /etc/shadow
file size <252> expected <324> actual
file cksum <17245> expected <23330> actual
ERROR: /etc/vfstab
permissions <0664> expected <0644> actual
file size <235> expected <656> actual
file cksum <17390> expected <50435> actual
ERROR: /proc
permissions <0755> expected <0555> actual
group name <sys> expected <root> actual
ERROR: /sbin
permissions <0775> expected <2775> actual
ERROR: /var
permissions <0775> expected <2775> actual
ERROR: /var/adm/utmp
file size <0> expected <324> actual
file cksum <0> expected <14362> actual
ERROR: /var/adm/utmpx
file size <0> expected <3348> actual
file cksum <0> expected <15135> actual
ERROR: /var/adm/wtmp
file size <0> expected <29448> actual
file cksum <0> expected <6736> actual
ERROR: /var/adm/wtmpx
file size <0> expected <304296> actual
file cksum <0> expected <33767> actual
ERROR: /var/log/syslog
permissions <0664> expected <0644> actual
group name <sys> expected <other> actual
file size <0> expected <941> actual
file cksum <0> expected <8188> actual
ERROR: /var/saf/zsmon/log
file size <0> expected <19594> actual
file cksum <0> expected <27081> actual
ERROR: /var/spool/cron/crontabs/root
permissions <0644> expected <0400> actual
group name <sys> expected <other> actual
file size <405> expected <949> actual
file cksum <31347> expected <10408> actual
ERROR: /var/tmp
permissions <1777> expected <3777> actual
# ~ > pkgchk SUNWcsu
ERROR: /usr
permissions <0775> expected <2775> actual
ERROR: /usr/bin
permissions <0775> expected <2755> actual
ERROR: /usr/demo
permissions <0775> expected <2755> actual
ERROR: /usr/games
permissions <0775> expected <2755> actual
ERROR: /usr/kvm
permissions <0775> expected <2775> actual
ERROR: /usr/lib
permissions <0775> expected <2755> actual
owner name <root> expected <bin> actual
ERROR: /usr/lib/security
permissions <0755> expected <2755> actual
ERROR: /usr/old
permissions <0775> expected <2775> actual
ERROR: /usr/sbin
permissions <0775> expected <2775> actual
ERROR: /usr/share
permissions <0755> expected <2755> actual
ERROR: /usr/share/lib
permissions <0755> expected <2755> actual
ERROR: /usr/share/lib/tabset
permissions <0775> expected <0755> actual
ERROR: /usr/share/lib/terminfo
permissions <0775> expected <2755> actual
ERROR: /usr/share/src
permissions <0755> expected <2755> actual
# ~ > pkgchk SUNWhea
WARNING: no pathnames were associated with <SUNWhea>
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:50 CDT