YASSP

What's new

Common tasks
  OS Installation

YASSP installation
  Introduction
  Express Installation

MAN pages
  yassp(1)
  yassp.conf(4)
  clean_passwd(1)

Installation logs
  Express installation logs

What's inside?
  SECclean internals
  Daily script

YASSP download page

Others
  After the installation
  TODO list
  Credit, References & links

Known problems, FAQ

PGP key


How to install Solaris and have a good host security.
All comments welcome!
Jean Chouanard
November 18 2000
VERSION= yassp v0 beta#15

Release candidate#2

What's new

YASSP is "Yet Another Solaris Security package" and this is a short "how to" article for those responsible for host security on Solaris 2.6, 2.7 and Solaris 8, intel or sparc architecture. The goal is to help you install a version of Solaris with good host security without having you spend a great deal of time hardening the sytem by hand -- the manual steps which you should perform have been automated. According to Alan Paller, director of research at the SANS Institute, "When these scripts have been field tested, they will become the recommended solution for hardening Solaris systems and we will promote them widely.".

The default behavior of the YASSP package is to harden the system with a configuration that's suitable for an external (exposed) server like a firewall, a web server or an ftp server where you should limit your security exposure. The configuration should also be adequate for an internal "back-room" server -- e.g. a database engine. The package establishes several security settings: network services are disabled, file ownership and protection weakness are resolved, system logging is enabled, the network stack is tuned and several system parameters are set. The resulting configuration is the consenus of a large working group. However, if you need a different configuration you can control most of the settings from a single configuration file (/etc/yassp.conf). The result is a coherent default environment where you know what to expect and where.

The YASSP package and a set of recommended packages have been bundled as a Unix tar file with an installation script which you can download and quickly install --- see the Express Installation.

Finally, please send us your comments and concerns!

If you'd like to receive updates on new releases/beta-versions or would like to participate in the evolution of this package you can join our mailing list -- send an E-mail with "subscribe" in the Subject line or the message body. The mailing list is also available as a public archive for those who are interested.

$Id: index.html,v 1.61 2000/11/19 01:24:41 jean Exp jean $; Jean Chouanard, YASSP team and The SANS institute