Unix Administration GuideA Quick Reference Guide for Clustering, Security, Virtualization andGeneral Administration for So...
Unix Administration Guide: A Quick Reference Guide for Clustering,Security, Virtualization and General Administration for ...
Table of Contents1. Security Overview .......................................................................................
Unix Administration Guide              Non-Global Zone Commands .............................................................
Unix Administration Guide10. VMWare ESX 3 ...................................................................................
Unix Administration Guide     SCSI3 PGR Registration vs Reservation .........................................................
List of Tables1.1. Identifying Threats ......................................................................................
Chapter 1. Security OverviewDefinitions and Concepts    1. Vulnerability      Is a software, hardware, or procedural weakn...
Security Overview   Threat Agent                   Can Exploit This                  Resulting in This Threat             ...
Security OverviewThe Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical gradeassigne...
Security OverviewAssurance Levels                             Description                                             on t...
Security OverviewAssurance Levels                                Description                                              ...
Security Overview   Acronym                                                  Description   CAPP                           ...
Chapter 2. Project Live CycleGeneral Project Overview    Projects typically are manifested through either a self initiated...
Project Live Cycle      5. How long is the project expected to last?      6. What metrics will be needed and collected for...
Project Live Cycle    • Use logger to mark manual tasks and milestones    • If possible, run VXexplorer or SUNexplorer and...
Project Live Cycle  </screen>  </stepxmp>  </step>  <step><cmd>Create Directories on both $Node0; and $Node1;</cmd>  <step...
Project Live Cycle  </certification>• Execution Code for tasks/procedures should be able to pass back a return code for ea...
Chapter 3. RAID OverviewPurpose and basics        Note        Information collected from wiki    Redundancy is a way that ...
RAID Overview    RAID is not a good alternative to backing up data. Data may become damaged or destroyed without harm    t...
RAID Overview      that RAID 1+0 creates a striped set from a series of mirrored drives. In a failed disk situation, RAID ...
Chapter 4. Solaris SecurityBSM C2 Auditing    1. Fundamentals      The fundamental reason for implementing C2 auditing is ...
Solaris Securityahlt                halt machine if it can not record an async eventall                 all policiesarge  ...
Solaris Security      #      #      # username:always:never # root:lo:no      Individual users can have their audit trail ...
Solaris Security         /etc/security/lib/audio_clean   fd0;fd;reserved;reserved;solaris.device.allocate;         /etc/se...
Solaris Security      When combined a user with the RBAC role of solaris.device.allocate, can allocate fd0, sr0, and audit...
Solaris Security    syscall::uname:entry    {            self->addr = arg0;    }    syscall::uname:return    {            ...
Solaris Security   table role = ipf type = tree number = 5   {      219.0.0.0/8;      220.0.0.0/8;      222.0.0.0/8;      ...
Solaris Security# IP Filter rules syntax.## Public Network.   Block everything not explicity allowed.block in log on bge0 ...
Solaris Security       Command Line                                          Description       ipfstat                    ...
Solaris Security74686973206973206d79206c6f6e6720626c6f77666973682065737020706173Configuring IPsec PoliciesIPsec policies a...
Solaris SecurityTo load the new policy file you can refresh the ipsec/policy SMF service like so: svcadm refresh ipsec/pol...
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Unixadmin 1.4-pub.
Upcoming SlideShare
Loading in …5
×

Unixadmin 1.4-pub.

2,234 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,234
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Unixadmin 1.4-pub.

  1. 1. Unix Administration GuideA Quick Reference Guide for Clustering, Security, Virtualization andGeneral Administration for Solaris and Linux Operating Systems;Private Version.Robert Bailey
  2. 2. Unix Administration Guide: A Quick Reference Guide for Clustering,Security, Virtualization and General Administration for Solaris andLinux Operating Systems; Private Version.Robert BaileyVersion 1.4 - In Progress Abstract: Obscure UNIX Procedures and TasksThis document covers Solaris 10, RHEL 5.3, and some AIX when using advanced topics such as LDOMs, LiveUpgrades with SVM Mirror Splitting, FLAR Booting, Security Hardening, VCS Application Agent for Non-GlobalZones, and IO Fencing. Many procedures are my own, some from scattered internet sites, some from the Vendorsdocumentation.You are welcome to use this document, however be advised that several sections are copied from vendor documentationand various web sites, and therefore there is a high possibility for plagiarism. In general, this document is a collectionof notes collected from a number of sources and experiences, in most cases it is accurate, however you should notethat typos should be expected along with some issues with command line and file output that extends beyond theformat of this document.<legalnotice>THE MATERIALS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUTNOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE ANDNON-INFRINGEMENT. FURTHERMORE YOU MAY NOT USE THIS DOCUMENT AS A MEANS OF PROFIT, OR FOR CORPORATEUSAGE, WITHOUT THE EXPLICIT CONCENT FROM THE AUTHOR.</legalnotice>
  3. 3. Table of Contents1. Security Overview .......................................................................................................... 1 Definitions and Concepts ............................................................................................. 12. Project Live Cycle .......................................................................................................... 7 General Project Overview ............................................................................................ 7 Pre Test Data Collection .............................................................................................. 8 Scripting Test Cases ................................................................................................... 93. RAID Overview ............................................................................................................ 12 Purpose and basics .................................................................................................... 12 Principles ................................................................................................................ 13 Nested levels ............................................................................................................ 13 Non-standard levels ................................................................................................... 144. Solaris Security ............................................................................................................. 15 BSM C2 Auditing ..................................................................................................... 15 BSM Secure Device Control ....................................................................................... 17 General Hardening .................................................................................................... 19 Destructive DTrace Examples ..................................................................................... 19 IPFilter Overview ..................................................................................................... 20 IPSec with Shared Keys ............................................................................................. 23 IPSec With 509 Certs ................................................................................................ 26 Apache2 SSL Configuration with Self-Signed Certs ........................................................ 29 RBAC and Root As a ROLE ...................................................................................... 31 Secure Non-Global Zone FTP Server ........................................................................... 32 Trusted Extensions .................................................................................................... 355. Solaris Virtualization ..................................................................................................... 39 Logical Domains ...................................................................................................... 39 Socket, Core and Thread Distribution ................................................................... 39 Install Domain Manager Software ........................................................................ 39 Configure Primary Domain ................................................................................. 40 Create DOM1 .................................................................................................. 40 Adding RAW Disks and ISO Images to DOM1 ...................................................... 40 Bind DOM1 and set up for booting ...................................................................... 40 Install OS Image and Clean up DOM1 ................................................................. 41 Create LDOM #2 .............................................................................................. 41 Backup or Template LDOM Configurations ........................................................... 41 Add one virtual disk to two LDOMs .................................................................... 41 Grouping VCC Console ..................................................................................... 43 LDOM Automation Script .................................................................................. 43 VCS and LDOM Failover, Features and Start and Stop ............................................ 45 VCS LDOM with ZPool Configuration ................................................................. 47 Manual LDOM and Zpool Migration .................................................................... 48 xVM (XEN) Usage on OpenSolaris 2009.06 .................................................................. 49 Quick Create for Solaris 10 HVM ....................................................................... 49 Solaris 10 Non-Global Zones ...................................................................................... 49 Comments on Zones and Live Upgrade ................................................................ 49 Comments on Zones and Veritas Control .............................................................. 51 Basic Non-Global Zone Creation SPARSE ............................................................ 52 Scripting Basic Non-Global Zone Creation SPARSE ............................................... 53 Using Dtrace to monitor non-global zones ............................................................. 54 Setup a Non-Global Zone for running Dtrace ......................................................... 55 Using Dtrace to trace an applincation in a non-global zones ...................................... 55 Using Dtrace to monitor non-global zones ............................................................. 55 iii
  4. 4. Unix Administration Guide Non-Global Zone Commands .............................................................................. 56 Non-Global Zones and Stock VCS Zone Agent ...................................................... 59 Non-Global Zones and Custom VCS Application Agent ........................................... 606. Solaris WANBoot ......................................................................................................... 64 General Overview for Dynamic Wanboot POC .............................................................. 64 POC Goals .............................................................................................................. 64 POC Out of Scope .................................................................................................... 64 Current challanges with wanboot marked for resolution ................................................... 65 POC Wanboot Configuration Highlights ....................................................................... 65 Next Steps .............................................................................................................. 65 Configuration Steps .................................................................................................. 657. Solaris 10 Live Upgrade ................................................................................................. 69 Solaris 8 to Solaris 10 U6 Work A Round ..................................................................... 69 Review current root disk and mirror ............................................................................. 70 Create Alternate Boot Device - ZFS ............................................................................. 71 Create Alternate Boot Device - SVM ........................................................................... 71 Patch, Adding Packages, setting boot environment and Installation examples ........................ 728. Solaris and Linux General Information .............................................................................. 75 Patch Database Information ........................................................................................ 75 SSH Keys ................................................................................................................ 76 RHEL 5.2 NIS Client ................................................................................................ 76 Redhat Proc FS Tricks ............................................................................................... 76 Force a panic on RHEL ..................................................................................... 76 Adjust swap of processes ................................................................................... 76 iSCSI Notes - RHEL 53 Target SOL 10U6 Initiator ........................................................ 77 Setup Linux NIC Bonding .......................................................................................... 78 Linux TCP sysctl settings .......................................................................................... 79 Linux Dynamic SAN HBA Scan ................................................................................ 80 Solaris 10 - Mapping a process to a port ....................................................................... 81 Network and Services Tasks for Linux ......................................................................... 82 Hardening Linux ....................................................................................................... 839. Solaris 10 Notes ........................................................................................................... 88 Link Aggregation ...................................................................................................... 88 Link Aggregation ...................................................................................................... 89 IPMP Overview ........................................................................................................ 90 IPMP Probe Based Target System Configuration ............................................................ 91 Using Service Management Facility (SMF) in the Solaris 10 OS ........................................ 92 MPXIO ................................................................................................................... 98 USB Wireless Setup WUSB54GC .............................................................................. 100 VCS MultiNICB without probe address - link only ........................................................ 101 Network IO in/out per interface ................................................................................. 101 Register Solaris CLI ................................................................................................ 102 NFS Performance .................................................................................................... 102 iSCSI Software Target Initiator .................................................................................. 103 iSCSI Target using TPGT Restrictions ........................................................................ 105 iSCSI Software Initiator ........................................................................................... 106 SVM Root Disk Mirror ............................................................................................ 106 Replace Failed SVM Mirror Drive ............................................................................. 110 ZFS Root adding a Mirror ........................................................................................ 113 Create Flar Images .................................................................................................. 114 FLAR Boot Installation ............................................................................................ 114 ZFS Notes ............................................................................................................. 121 ZFS ACLs ............................................................................................................. 123 ZFS and ARC Cache ............................................................................................... 125 iv
  5. 5. Unix Administration Guide10. VMWare ESX 3 ........................................................................................................ 128 Enable iSCSI Software Initiators ................................................................................ 128 General esxcfg commands ........................................................................................ 128 General vmware-cmd commands ................................................................................ 131 Common Tasks ....................................................................................................... 132 Shared Disks with out RAW Access ........................................................................... 133 Using vmclone.pl clone script ................................................................................... 134 Clone VMWare Virtual Guests .................................................................................. 137 Clone VMWare Disks .............................................................................................. 138 LUN Path Information ............................................................................................. 13911. AIX Notes ................................................................................................................ 141 Etherchannel ........................................................................................................... 14112. Oracle 10g with RAC ................................................................................................. 143 Oracle General SQL Quick Reference ......................................................................... 143 Oracle 10g RAC Solaris Quick Reference ................................................................... 143 Oracle 10g R2 RAC ASM Reference .......................................................................... 145 Oracle 10g R2 RAC CRS Reference ........................................................................... 146 Oracle RAC SQL .................................................................................................... 14713. EMC Storage ............................................................................................................ 152 PowerPath Commands ............................................................................................. 152 PowerPath Command Examples ................................................................................. 152 Disable PowerPath .................................................................................................. 153 INQ Syminq Notes .................................................................................................. 154 Brocade Switches .................................................................................................... 15514. Dtrace ...................................................................................................................... 158 Track time on each I/O ............................................................................................ 158 Track directories where writes are occurring ................................................................ 15915. Disaster Recovery ...................................................................................................... 160 VVR 5.0 ................................................................................................................ 160 VVR Configuration ......................................................................................... 160 General VVR Tasks using 5.0MP3 ..................................................................... 163 VVR and GCO v5.x Made Easy ...................................................................... 166 VVR 4.X ............................................................................................................... 175 Heres now to resynchronize the old Primary once you bring it back up 4.x: .............. 175 Failing Over from a Primary 4.x ....................................................................... 176 Setting Up VVR 4.x - the hard way ................................................................... 178 Growing/Shrinking a Volume or SRL 4.x ........................................................... 179 Removing a VVR volume 4.x .......................................................................... 18016. VxVM and Storage Troubleshooting ............................................................................. 181 How to disable and re-enable VERITAS Volume Manager at boot time when the boot disk is encapsulated ........................................................................................................ 181 Replacing a failed drive ........................................................................................... 183 Storage Volume Growth and Relayout ........................................................................ 183 UDID_MISMATCH ................................................................................................ 185 VxVM Disk Group Recovery .................................................................................... 186 Resize VxFS Volume and Filesystem ......................................................................... 187 Incorrect DMP or Disk Identification .......................................................................... 187 Data Migration out of rootdg .................................................................................... 188 Recover vx Plex ..................................................................................................... 188 Shell code to get solaris disk size in GB ..................................................................... 188 Split Root Mirror vxvm ............................................................................................ 189 If VxVM Split Mirror needs post split recovery ............................................................ 19017. Advanced VCS for IO Fencing and Various Commands .................................................... 192 General Information ................................................................................................. 192 v
  6. 6. Unix Administration Guide SCSI3 PGR Registration vs Reservation ...................................................................... 193 SCSI3 PGR FAQ .................................................................................................... 194 IO Fencing / CFS Information ................................................................................... 195 ISCSI Solaris software Target and Initiator Veritas Cluster Configuration with Zones ........... 203 Heart Beat Testing .................................................................................................. 206 Software Testing Heart Beats - unsupported ......................................................... 206 Heart Beat Validation ...................................................................................... 206 Using Mirroring for Storage Migration ........................................................................ 20718. OpenSolaris 2009.06 COMSTAR ................................................................................. 213 Installation ............................................................................................................. 213 Simple Setup An iSCSI LUN .................................................................................... 213 Walkthrough of Simple iSCSI LUN Example ............................................................... 214 Setup iSCSI with ACLs ........................................................................................... 21419. Sun Cluster 3.2 .......................................................................................................... 217 Preperation ............................................................................................................. 217 Installation ............................................................................................................. 218 Basic Configuration ................................................................................................. 220 General Commands ................................................................................................. 224 Create a Failover Apache Resource Group ................................................................... 225 Create a Failover NGZ Resource Group ...................................................................... 227 Create a Parallel NGZ Configuration ......................................................................... 227 Oracle 10g RAC for Containers ................................................................................ 229 Zone and QFS Creation and Configuration .......................................................... 229 Sun Cluster RAC Framework ............................................................................ 23320. Hardware Notes ......................................................................................................... 234 SunFire X2200 eLOM Management ........................................................................... 234 SP General Commands ..................................................................................... 234 Connection via Serial Port ................................................................................ 234 System console ............................................................................................... 234 To Set Up Serial Over LAN With the Solaris OS .................................................. 235 Configure ELOM/SP ....................................................................................... 235 5120 iLOM Management .......................................................................................... 236 vi
  7. 7. List of Tables1.1. Identifying Threats ....................................................................................................... 11.2. Orange Book NIST Security Levels ................................................................................. 21.3. EAL Security Levels ..................................................................................................... 31.4. EAL Security Component Acronyms ............................................................................... 54.1. Common IPFilter Commands ........................................................................................ 225.1. Coolthreads Systems ................................................................................................... 395.2. Incomplete IO Domain Distribution ............................................................................... 395.3. VCS Command Line Access - Global vs. Non-Global Zones .............................................. 596.1. Wanboot Server Client Details ...................................................................................... 6510.1. esxcfg-commands .................................................................................................... 12812.1. ASM View Table .................................................................................................... 14613.1. PowerPath CLI Commands ....................................................................................... 15213.2. PowerPath powermt commands .................................................................................. 15217.1. Summary of SCSI3-PGR Keys .................................................................................. 19619.1. Sun Cluster Filesystem Requirements .......................................................................... 217 vii
  8. 8. Chapter 1. Security OverviewDefinitions and Concepts 1. Vulnerability Is a software, hardware, or procedural weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment. Vulnerability characterizes the absence or weakness of a safeguard that could be exploited. 2. Threat Is any potential danger to information or systems. The threat is that someone or something will identify a specific vulnerability and use it against the company or individual. The entity that takes advantage of a vulnerability is referred to as a threat agent. A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a files integrity. 3. Risk Is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact. If a firewall has several ports opened there is a higher likelihood that an intruder will use one to access the network in an unauthorized method. Risk ties the vulnerability, threat, and likelihood of an exploitation to the resulting business impact. 4. Exposure Is an instance of being exposed to losses from a threat agent. A vulnerability exposes an organization to possible damages. If a company does not have its wiring inspected it exposes , and dose not put proactive fire prevention steps into place, its self to a potentially devastating fire. 5. Countermeasures or Safeguards Is risk mitigation. A countermeasure may be a software configuration, hardware device, or a procedure that eliminates a vulnerability or reduces the likelihood a threat agent will be able to exploit a vulnerability. Examples include strong password management, BIOS password, and security awareness training. 6. Putting the concepts together Table 1.1. Identifying Threats Threat Agent Can Exploit This Resulting in This Threat Vulnerability Virus Lack of antivirus software / not Virus infection up to date definitions Hacker Powerful services running on a Unauthorized access to server confidential information Users Misconfigured parameter in the System malfunction operating system 1
  9. 9. Security Overview Threat Agent Can Exploit This Resulting in This Threat Vulnerability Fire Lack of fire extinguishers Facility and computer damage, and possible loss of life Employee Lack of training or standards Sharing mission-critical enforcement; Lack of auditing information; Altering data inputs and outputs from data processing applications Contractor Lax access control mechanisms Stealing trade secrets Attacker Poorly written application; Lack Conducting buffer-overflow; of stringent firewall settings Conducting a Denial-of-Service attack Intruder Lack of security guard Breaking windows and stealing computers and devices7. Orange Book Security Levels <security, standard> A standard from the US Government National Computer Security Council (an arm of the U.S. National Security Agency), "Trusted Computer System Evaluation Criteria, DOD standard 5200.28-STD, December 1985" which defines criteria for trusted computer products. There are four levels, A, B, C, and D. Each level adds more features and requirements. Levels B and A provide mandatory control. Access is based on standard Department of Defense clearances. Orange Book n. The U.S. Governments (now obsolete) standards document "Trusted Computer System Evaluation Criteria, DOD standard 5200.28-STD, December, 1985" which characterize secure computing architectures and defines levels A1 (most secure) through D (least). Modern Unixes are roughly C2. Table 1.2. Orange Book NIST Security Levels NIST Level Description D is a non-secure system. C1 Requires user log-on, but allows group ID. C2 Requires individual log-on with password and an audit mechanism. (Most Unix implementations are roughly C1, and can be upgraded to about C2 without excessive pain). B1 Requires DOD clearance levels. B2 Guarantees the path between the user and the security system and provides assurances that the system can be tested and clearances cannot be downgraded. B3 Requires that the system is characterised by a mathematical model that must be viable. A1 Requires a system characterized by a mathematical model that can be proven.8. Evaluation Assurance Levels 2
  10. 10. Security OverviewThe Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical gradeassigned following the completion of a Common Criteria security evaluation, an international standardin effect since 1999. The increasing assurance levels reflect added assurance requirements that mustbe met to achieve Common Criteria certification. The intent of the higher levels is to provide higherconfidence that the systems principal security features are reliably implemented. The EAL level doesnot measure the security of the system itself, it simply states at what level the system was tested to see ifit meets all the requirements of its Protection Profile. The National Information Assurance Partnership(NIAP) is a U.S. Government initiative by the National Institute of Standards and Technology (NIST)and the National Security Agency (NSA).To achieve a particular EAL, the computer system must meet specific assurance requirements. Mostof these requirements involve design documentation, design analysis, functional testing, or penetrationtesting. The higher EALs involve more detailed documentation, analysis, and testing than the lowerones. Achieving a higher EAL certification generally costs more money and takes more time thanachieving a lower one. The EAL number assigned to a certified system indicates that the systemcompleted all requirements for that level.Although every product and system must fulfill the same assurance requirements to achieve a particularlevel, they do not have to fulfill the same functional requirements. The functional features for eachcertified product are established in the Security Target document tailored for that products evaluation.Therefore, a product with a higher EAL is not necessarily "more secure" in a particular application thanone with a lower EAL, since they may have very different lists of functional features in their SecurityTargets. A products fitness for a particular security application depends on how well the features listedin the products Security Target fulfill the applications security requirements. If the Security Targetsfor two products both contain the necessary security features, then the higher EAL should indicate themore trustworthy product for that application.Table 1.3. EAL Security LevelsAssurance Levels DescriptionEAL1: Functionally Tested EAL1 is applicable where some confidence in correct operation is required, but the threats to security are not viewed as serious. It will be of value where independent assurance is required to support the contention that due care has been exercised with respect to the protection of personal or similar information. EAL1 provides an evaluation of the TOE (Target of Evaluation) as made available to the customer, including independent testing against a specification, and an examination of the guidance documentation provided. It is intended that an EAL1 evaluation could be successfully conducted without assistance from the developer of the TOE, and for minimal cost. An evaluation at this level should provide evidence that the TOE functions in a manner consistent with its documentation, and that it provides useful protection against identified threats.EAL2: Structurally Tested EAL2 requires the cooperation of the developer in terms of the delivery of design information and test results, but should not demand more effort 3
  11. 11. Security OverviewAssurance Levels Description on the part of the developer than is consistent with good commercial practice. As such it should not require a substantially increased investment of cost or time. EAL2 is therefore applicable in those circumstances where developers or users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record. Such a situation may arise when securing legacy systems.EAL3: Methodically Tested and Checked EAL3 permits a conscientious developer to gain maximum assurance from positive security engineering at the design stage without substantial alteration of existing sound development practices. EAL3 is applicable in those circumstances where developers or users require a moderate level of independently assured security, and require a thorough investigation of the TOE and its development without substantial re-engineering.EAL4: Methodically Designed, Tested, and EAL4 permits a developer to gain maximumReviewed assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs. Commercial operating systems that provide conventional, user-based security features are typically evaluated at EAL4. Examples of such operating systems are AIX[1], HP-UX[1], FreeBSD, Novell NetWare, Solaris[1], SUSE Linux Enterprise Server 9[1][2], SUSE Linux Enterprise Server 10[3], Red Hat Enterprise Linux 5[4], Windows 2000 Service Pack 3, Windows 2003[1][5], Windows XP[1][5], Windows 2008[1], and Windows Vista[1]. Operating systems that provide multilevel security are evaluated at a minimum of EAL4. Examples include Trusted Solaris, Solaris 10 Release 11/06 Trusted Extensions,[6] an early version of the XTS-400, and VMware ESX version 3.0.2[7].EAL5: Semiformally Designed and Tested EAL5 permits a developer to gain maximum assurance from security engineering based upon 4
  12. 12. Security OverviewAssurance Levels Description rigorous commercial development practices supported by moderate application of specialist security engineering techniques. Such a TOE will probably be designed and developed with the intent of achieving EAL5 assurance. It is likely that the additional costs attributable to the EAL5 requirements, relative to rigorous development without the application of specialized techniques, will not be large. EAL5 is therefore applicable in those circumstances where developers or users require a high level of independently assured security in a planned development and require a rigorous development approach without incurring unreasonable costs attributable to specialist security engineering techniques. Numerous smart card devices have been evaluated at EAL5, as have multilevel secure devices such as the Tenix Interactive Link. XTS-400 (STOP 6) is a general-purpose operating system which has been evaluated at EAL5 augmented. LPAR on IBM System z is EAL5 Certified.[8]EAL6: Semiformally Verified Design and Tested EAL6 permits developers to gain high assurance from application of security engineering techniques to a rigorous development environment in order to produce a premium TOE for protecting high value assets against significant risks. EAL6 is therefore applicable to the development of security TOEs for application in high risk situations where the value of the protected assets justifies the additional costs. An example of an EAL6 certified system is the Green Hills Software INTEGRITY-178B operating system, the only operating system to achieve EAL6 thus far.[9]EAL7: Formally Verified Design and Tested EAL7 is applicable to the development of security TOEs for application in extremely high risk situations and/or where the high value of the assets justifies the higher costs. Practical application of EAL7 is currently limited to TOEs with tightly focused security functionality that is amenable to extensive formal analysis. The Tenix Interactive Link Data Diode Device has been evaluated at EAL7 augmented, the only product to do so.Table 1.4. EAL Security Component AcronymsAcronym DescriptionTCSEC Trusted Computer System Evaluation CriteriaLSPP Labelled Security Protection Profile 5
  13. 13. Security Overview Acronym Description CAPP Controlled Access Protection Profile RBAC Role Based Access Control Protection Profile9. Bell-Lapadula model a. A security level is a (c, s) pair: - c = classification – E.g., unclassified, secret, top secret - s = category- set – E.g., Nuclear, Crypto b. (c1, s1) dominates (c2, s2) iff c1 ¸ c2 and s2 µ s1 c. Subjects and objects are assigned security levels - level(S), level(O) – security level of subject/object - current-level(S) – subject may operate at lower level - f = (level, level, current-level)10.DAC vs. MAC • Most people familiar with discretionary access control (DAC); - Example: Unix user-group-other permission bits - Might set a file private so only group friends can read it • Discretionary means anyone with access can propagate information: - Mail sigint@enemy.gov < private • Mandatory access control - Security administrator can restrict propagation 6
  14. 14. Chapter 2. Project Live CycleGeneral Project Overview Projects typically are manifested through either a self initiated, top down or bottom up direction. In a Top Down project, there is a pre-stated goal and problem identified - details on solution typically get resolved at lower levels so long as the overal stated goal is met. Bottom Up is operations driven and generally as an end result goal in mind. The solution may need additional approval, however the general project already has management backing. Bottom Up can also come from general meetings with operational groups personnel and therefore need review by their management. Should the project be the result of a self initiated direction several additional steps are needed; including getting management and operations buyin; identifying budget and time allocation; and budget approval - including vendor negotiations where needed. The most important parts of any project are getting management/group buyin, and defining components such as scope, success, and timelines. • Identify demand - documentation of the problem. 1. What problem needs to be resolved 2. Who does the problem impact? 3. What is the priority of the problem? 4. Are there existing solutions in place that need to be adapted, or is this a new problem? • Collect statistics on current issue 1. Audit problem 2. Identify timelines for current actions 3. Identify groups involved • Identify preliminary options to solve the problem 1. Brainstorming sessions 2. Are there known vendor solutions - if so, who are the major players? 3. If internal solution - possible test case examples (minimal time invested) 4. Pre-project POC - if internal solution • Project initiation proposal 1. Outline Demand - what problem is to be solved 2. Identify key management players for buyin 3. Expected results from solution - will time be saved? will a major problem be avoided? 4. Overview of who will be involded - initial key technology players 7
  15. 15. Project Live Cycle 5. How long is the project expected to last? 6. What metrics will be needed and collected for the pre/post project analysis? 7. How is success defined? • Kickoff meeting 1. Define scope - what options and solutions are needed, what are the priorities, what items are must vs. nice to have. Also identify what is related but out of scope. If project is to be broken down into phases, that should be identified and the second phase and greater needs to be "adapted for" but not part of the success of the initial phase. It is good, when multiple groups are involded, to have each report back with their weighted options list (RFE/RFC). 2. Define ownership - including contact information 3. Milestones and Goals; including dependencies and serialized processes 4. Setup timelines and re-occuring meetings 5. Make sure there are next steps and meeting notes posted. • Handling RFE/RFC Metrics and Weighted Items 1. Should vendor solutions be needed create a weighted requirments list. Should a vendor not be needed the same items should be identified for cross-team participation; or with the impacted group. 2. Define what vendors will be sent the weighted list 3. Develop the weighted list; usually 1-10 plus N/A. Information about a feature that is only included in the next release may be presented seperatly however it should have no weight. 4. Define expected completion date of the RFC by the vendor 5. Corelate answers based on weight and identify the optimal product for evaluation. Should more than one be close in score; there is a potential for a bake-off between products. • Post Project Review and Presentation 1. Comparison of Pre/Post Project Metrics 2. Credits to all involved 3. Examples of Success - feedback from operationsPre Test Data Collection Define standard method of collecting data; this defines the audit trail of the pre-test server. Recommend new build for testing whenever possible. • Define and document baseline system • BART Manifest to track changed files • BSM Audit Enabled to track commands • Manual Documentation of Tasks with timelines 8
  16. 16. Project Live Cycle • Use logger to mark manual tasks and milestones • If possible, run VXexplorer or SUNexplorer and save a copy remote • Write a script to copy off key files - should be written based on test type • Define rollback method - snapshot / LU Alternate Boot Example BART Data Collection ; run copy against all necessary directories; in this example that would include /etc and /zone; if milestones are involved then frequest collections of bart may be necessary to track overall changes within different enviironment stages. Just name the manifest based on the stage. # mkdir /bart-files # bart create -R /etc > /bart-files/etc.control.manifestScripting Test Cases Break down large tests into sub tests; such as Certifying VCS would amount to certifying each resource creation, execution, and failover response then the results are grouped together by function then product; if done well, then you only have to certify the new add-ons when expanding the test, example below: • Define Agents used on all clusters and expected response • Seperate tests unique to a specific cluster type - RAC, Oracle DB Failover, Apache, etc • Break down tasks such as Storage Allocation and Control • Adding VCS Disk Group • Adding Filesystem Mounts • Max projected number of Disk Groups and Filesystems • Include any special details such as ownership changes; largefiles; qio; ufs • Recommend scripting templates using XML into minor tasks - example shows using DITA to define a task to create a vote volume for RAC <task id = "vote_vol_reation" xmlns:ditaarch = "http://dita.oasis-open.org/architecture/2005/"> <title>Create a CFS Vote Filesystem for CRS</title> <shortdesc>Describes how to make a CFS volume for the vote filesystem for SFRAC deployments</shortdesc> <taskbody> <prereq><p>The cvm_CVMVolDg_scrsdg resource needs to be online. And all volume creation commands for CVM run on the CVM master: &CVMMaster;</p></prereq> <steps> <step><cmd>Create Vote Volume on scrsdg disk group </cmd> <stepxmp> <screen> ssh &CVMMaster; vxassist -g scrsdg make vote 1G group=dba user=oracle mode=664 mkfs -V vxfs -o largefiles /dev/vx/rdsk/scrsdg/vote 9
  17. 17. Project Live Cycle </screen> </stepxmp> </step> <step><cmd>Create Directories on both $Node0; and $Node1;</cmd> <stepxmp> <screen> # On &Node0; and &Node1; mkdir -p /oracle/dbdata/vote chown -R oracle:dba /oracle/dbdata chmod 774 /oracle/dbdata chmod 774 /oracle/dbdata/vote </screen> </stepxmp> </step> </steps> </taskbody> </task>• This could be broken down even further with the right processing script <task id= "T11001"> <title>Volume Creation</title> <comments>Template Creates a Veritas Volume when passed an ENTITY value for the following: Disk Group: &DG Volume Name: &VOL Volume Size: &SIZE User Owner: &USER Volume Permission Mode: &MODE </comments> <command>/usr/sbin/vxassist -g &DG; make &VOL; &SIZE; user=&USER; mode=&MODE; </command> <return>1</return> </task>• Tasks could be templated to execute as a sequence as a procedure- DITA Map is good for this, but example is just off-the-cuff xml <procedure id = "P001"> <title>Create Volume, Filesystem and add into VCS</title> <task id = "T1001"/> <task id = "T1002"/> <task id = "T1003"/> <return>1</return> </procedure>• Procedures could be grouped together as part of a certification <certification id="C001"> <title>SFRAC 5.0 MP3 Certification</title> <procedure id= "P001"/> <procedure id= "P002"/> <procedure id= "P003"/> <return>1</return> 10
  18. 18. Project Live Cycle </certification>• Execution Code for tasks/procedures should be able to pass back a return code for each task; probably best to return time to execute also. These numeric return codes and times would be best placed into a database with a table simular in concept to cert ( id, procedure, task , results) and cross link to a cert_info (id, description, owner, participants, BU, justification)• If all is done well, then the certification tasks are re-usable for many certifications and only need to be written once, the process is defined and can be reproduced, and every command executed is logged and could be used to generate operational procedures. 11
  19. 19. Chapter 3. RAID OverviewPurpose and basics Note Information collected from wiki Redundancy is a way that extra data is written across the array, which are organized so that the failure of one (sometimes more) disks in the array will not result in loss of data. A failed disk may be replaced by a new one, and the data on it reconstructed from the remaining data and the extra data. A redundant array allows less data to be stored. For instance, a 2-disk RAID 1 array loses half of the total capacity that would have otherwise been available using both disks independently, and a RAID 5 array with several disks loses the capacity of one disk. Other RAID level arrays are arranged so that they are faster to write to and read from than a single disk. There are various combinations of these approaches giving different trade-offs of protection against data loss, capacity, and speed. RAID levels 0, 1, and 5 are the most commonly found, and cover most requirements. • RAID 0 (striped disks) distributes data across several disks in a way that gives improved speed and full capacity, but all data on all disks will be lost if any one disk fails. • RAID 1 (mirrored settings/disks) duplicates data across every disk in the array, providing full redundancy. Two (or more) disks each store exactly the same data, at the same time, and at all times. Data is not lost as long as one disk survives. Total capacity of the array is simply the capacity of one disk. At any given instant, each disk in the array is simply identical to every other disk in the array. • RAID 5 (striped disks with parity) combines three or more disks in a way that protects data against loss of any one disk; the storage capacity of the array is reduced by one disk. • RAID 6 (striped disks with dual parity) (less common) can recover from the loss of two disks. • RAID 10 (or 1+0) uses both striping and mirroring. "01" or "0+1" is sometimes distinguished from "10" or "1+0": a striped set of mirrored subsets and a mirrored set of striped subsets are both valid, but distinct, configurations. • RAID 53 Merges the features of RAID level 0 and RAID level 3. (Raid level 3 and Raid level 4 differs in the size of each drive.) This uses byte striping with parity merged with block striping. RAID can involve significant computation when reading and writing information. With traditional "real" RAID hardware, a separate controller does this computation. In other cases the operating system or simpler and less expensive controllers require the host computers processor to do the computing, which reduces the computers performance on processor-intensive tasks (see "Software RAID" and "Fake RAID" below). Simpler RAID controllers may provide only levels 0 and 1, which require less processing. RAID systems with redundancy continue working without interruption when one, or sometimes more, disks of the array fail, although they are then vulnerable to further failures. When the bad disk is replaced by a new one the array is rebuilt while the system continues to operate normally. Some systems have to be shut down when removing or adding a drive; others support hot swapping, allowing drives to be replaced without powering down. RAID with hot-swap drives is often used in high availability systems, where it is important that the system keeps running as much of the time as possible. 12
  20. 20. RAID Overview RAID is not a good alternative to backing up data. Data may become damaged or destroyed without harm to the drive(s) on which they are stored. For example, part of the data may be overwritten by a system malfunction; a file may be damaged or deleted by user error or malice and not noticed for days or weeks; and of course the entire array is at risk of physical damage.Principles RAID combines two or more physical hard disks into a single logical unit by using either special hardware or software. Hardware solutions often are designed to present themselves to the attached system as a single hard drive, so that the operating system would be unaware of the technical workings. For example, you might configure a 1TB RAID 5 array using three 500GB hard drives in hardware RAID, the operating system would simply be presented with a "single" 1TB disk. Software solutions are typically implemented in the operating system and would present the RAID drive as a single drive to applications running upon the operating system. There are three key concepts in RAID: mirroring, the copying of data to more than one disk; striping, the splitting of data across more than one disk; and error correction, where redundant data is stored to allow problems to be detected and possibly fixed (known as fault tolerance). Different RAID levels use one or more of these techniques, depending on the system requirements. RAIDs main aim can be either to improve reliability and availability of data, ensuring that important data is available more often than not (e.g. a database of customer orders), or merely to improve the access speed to files (e.g. for a system that delivers video on demand TV programs to many viewers). The configuration affects reliability and performance in different ways. The problem with using more disks is that it is more likely that one will go wrong, but by using error checking the total system can be made more reliable by being able to survive and repair the failure. Basic mirroring can speed up reading data as a system can read different data from both the disks, but it may be slow for writing if the configuration requires that both disks must confirm that the data is correctly written. Striping is often used for performance, where it allows sequences of data to be read from multiple disks at the same time. Error checking typically will slow the system down as data needs to be read from several places and compared. The design of RAID systems is therefore a compromise and understanding the requirements of a system is important. Modern disk arrays typically provide the facility to select the appropriate RAID configuration.Nested levels Many storage controllers allow RAID levels to be nested: the elements of a RAID may be either individual disks or RAIDs themselves. Nesting more than two deep is unusual. As there is no basic RAID level numbered larger than 10, nested RAIDs are usually unambiguously described by concatenating the numbers indicating the RAID levels, sometimes with a "+" in between. For example, RAID 10 (or RAID 1+0) consists of several level 1 arrays of physical drives, each of which is one of the "drives" of a level 0 array striped over the level 1 arrays. It is not called RAID 01, to avoid confusion with RAID 1, or indeed, RAID 01. When the top array is a RAID 0 (such as in RAID 10 and RAID 50) most vendors omit the "+", though RAID 5+0 is clearer. • RAID 0+1: striped sets in a mirrored set (minimum four disks; even number of disks) provides fault tolerance and improved performance but increases complexity. The key difference from RAID 1+0 is that RAID 0+1 creates a second striped set to mirror a primary striped set. The array continues to operate with one or more drives failed in the same mirror set, but if drives fail on both sides of the mirror the data on the RAID system is lost. • RAID 1+0: mirrored sets in a striped set (minimum four disks; even number of disks) provides fault tolerance and improved performance but increases complexity. The key difference from RAID 0+1 is 13
  21. 21. RAID Overview that RAID 1+0 creates a striped set from a series of mirrored drives. In a failed disk situation, RAID 1+0 performs better because all the remaining disks continue to be used. The array can sustain multiple drive losses so long as no mirror loses all its drives. • RAID 5+0: stripe across distributed parity RAID systems. • RAID 5+1: mirror striped set with distributed parity (some manufacturers label this as RAID 53).Non-standard levels Many configurations other than the basic numbered RAID levels are possible, and many companies, organizations, and groups have created their own non-standard configurations, in many cases designed to meet the specialised needs of a small niche group. Most of these non-standard RAID levels are proprietary. Some of the more prominent modifications are: • Storage Computer Corporation uses RAID 7, which adds caching to RAID 3 and RAID 4 to improve I/O performance. • EMC Corporation offered RAID S as an alternative to RAID 5 on their Symmetrix systems (which is no longer supported on the latest releases of Enginuity, the Symmetrixs operating system). • The ZFS filesystem, available in Solaris, OpenSolaris, FreeBSD and Mac OS X, offers RAID-Z, which solves RAID 5s write hole problem. • NetApps Data ONTAP uses RAID-DP (also referred to as "double", "dual" or "diagonal" parity), which is a form of RAID 6, but unlike many RAID 6 implementations, does not use distributed parity as in RAID 5. Instead, two unique parity disks with separate parity calculations are used. This is a modification of RAID 4 with an extra parity disk. • Accusys Triple Parity (RAID TP) implements three independent parities by extending RAID 6 algorithms on its FC-SATA and SCSI-SATA RAID controllers to tolerate three-disk failure. • Linux MD RAID10 (RAID10) implements a general RAID driver that defaults to a standard RAID 1+0 with 4 drives, but can have any number of drives. MD RAID10 can run striped and mirrored with only 2 drives with the f2 layout (mirroring with striped reads, normal Linux software RAID 1 does not stripe reads, but can read in parallel).[4] • Infrant (Now part of Netgear) X-RAID offers dynamic expansion of a RAID5 volume without having to backup/restore the existing content. Just add larger drives one at a time, let it resync, then add the next drive until all drives are installed. The resulting volume capacity is increased without user downtime. (It should be noted that this is also possible in Linux, when utilizing Mdadm utility. It has also been possible in the EMC Clariion for several years.) • BeyondRAID created by Data Robotics and used in the Drobo series of products, implements both mirroring and striping simultaneously or individually dependent on disk and data context. BeyondRAID is more automated and easier to use than many standard RAID levels. It also offers instant expandability without reconfiguration, the ability to mix and match drive sizes and the ability to reorder disks. It is a block-level system and thus file system agnostic although today support is limited to NTFS, HFS+, FAT32, and EXT3. It also utilizes Thin provisioning to allow for single volumes up to 16TB depending on the host operating system support. 14
  22. 22. Chapter 4. Solaris SecurityBSM C2 Auditing 1. Fundamentals The fundamental reason for implementing C2 auditing is as a response to potential security violations such as NIMDA, Satan, or other attempts to compromise the integrity of a system. Secondary to that reason, it can be used to log changes to a system, and tracking down questionable actions. BSM C2 will not prevent the server from being compromised, however it does provide a significant resource in determining if a server has been breached. Standard utilities such as “acct” cannot, nor are they intended, to identify modifications, or connections to a server. Through the limited examples described within this document it should be clear that the C2 module is capable of allowing Fidelity Investments to clearly and quickly identify any potential compromise. 2. Tradeoffs One tradeoff with running C2 as a consistent and active process is disk space consumption. The audit trail it’s self contains status, date and time, and server within the filename, and the auditreduce command allows for specifying a server name, which can be based on filename, or directory structure. This identification within the file it’s self allows for placing a rotating copy of all audit trails on a central repository server and for historical queries to be run which would not require logging in to a system, except for currently written data. Properly deployed this can aid in meeting certain S.E.C. security requirements by historically keeping audit trails on read only media once moved off of a system. Unlike “acct” which tracks a process with some arguments, CPU cycles used per user, and logged in accounts, C2 is designed to log all arguments, processes, connections, but not CPU % cycles – although this information can be gathered through auditing. In addition to login information c2 can be used to track user commands. 3. Audit Classes In order to reduce the amount of logging not all classes are automatically enabled. The current C2 build module logs all users for lo, ex, and ad. However, the audit trail can be changed. Settings are configured in the audit configuration file: /etc/security/audit_control and include success & failure, success only, and failure only setting options. Each class, however, does not include, by default, arguments or environmental variables. Environmental and argument settings are configured in /etc/system/audit_startup through the following commands: #!/bin/sh auditconfig –conf # change runtime kernel # event-to-class mappings. auditconfig -setpolicy argv # add command line arguments auditconfig –setpolicy arge # add environmental variables auditconfig -setpolicy +cnt # count how many audit records # are dropped if > 20% free Current Available Policies are as follows: # auditconfig -lspolicy policy string description: 15
  23. 23. Solaris Securityahlt halt machine if it can not record an async eventall all policiesarge include exec environment args in audit recsargv include exec command line args in audit recscnt when no more space, drop recs and keep a cntgroup include supplementary groups in audit recsnone no policiespath allow multiple paths per eventperzone use a separate queue and auditd per zonepublic audit public filesseq include a sequence number in audit recstrail include trailer token in audit recswindata_down include downgraded window information in audit recswindata_up include upgraded window information in audit recszonename generate zonename tokenClass settings are located in /etc/security/audit_control and are in the followingformat:#!/bin/shdir:/fisc/bsm # location of audit trailflags:lo,ex,ad # classes being audited for success and # failure.minfree:20 # Do not grow audit trails if less than # 20% freenaflags:lo,ad # events that cannot be attributed to a # particular user.You can add the following as class attributes – be ware that more logging is more file system spaceused. In many cases this should be custom setup depending on the server function, such as database,application, or firewall.Class Alias Descriptionno: nvalid classfr: file read w file writefa: file attribute accessfm: file attribute modifyfc: file createfd: file deletecl: file closepc: processnt: networkip: pc na non-attribute ad administrativelo: login or logout ap applicationio: octlex: execot: otherall: all classesIn addition each user can have their own audit trails custom fit. This is handled through the /etc/security/audit_user file and has the following format:# User Level Audit User File 16
  24. 24. Solaris Security # # # username:always:never # root:lo:no Individual users can have their audit trail adjusted to collect all possible data, but testing on each change is vital. Any typo in /etc/security/audit_user can, and will, result in that users’ inability to login. Each user can have their own audit trails custom fit. This is handled through the /etc/security/audit_user file and has the following format: # User Level Audit User File # # # username:always:never # root:lo:no myuser:lo:no Individual users can have their audit trail adjusted to collect all possible data, but testing on each change is vital. Any typo in /etc/security/audit_user can, and will, result in that users’ inability to login.BSM Secure Device Control 1. Fundamentals Integrated within the BSM auditing module is the ability to allocate and restrict specific, user definable, devices. The purpose of this level of restriction is to the following: a. Prevent simultaneous access to a device. b. Prevent a user from reading a tape just written to by another user, before the first user has removed the tape from the tape drive. c. Prevent a user from gleaning any information from the device’s or the driver’s internal storage after another user is finished with the device All descriptions below are with the default configuration. The devices configured by default can be added to or removed from control via the device_allocate and device_maps file, however adding new devices is a bit more complicated and will not be covered here. 2. Related files and commands Files: /etc/security/device_allocate /etc/security/device_maps, /etc/security/dev/* /etc/security/lib/* Commands: list_devices, dminfo, allocate, and deallocate 3. File descriptions and control features /etc/security/device_allocate is used to associate specific devices, like st0 to RBAC roles and cleanup scripts run at boot time. audio;audio;reserved;reserved;solaris.device.allocate; 17
  25. 25. Solaris Security /etc/security/lib/audio_clean fd0;fd;reserved;reserved;solaris.device.allocate; /etc/security/lib/fd_clean sr0;sr;reserved;reserved;solaris.device.allocate; /etc/security/lib/sr_clean /etc/security/device_maps is a listing of devices with alias names such as: audio: audio: /dev/audio /dev/audioctl /dev/sound/0 /dev/sound/0ctl: fd0: fd: /dev/diskette /dev/rdiskette /dev/fd0a /dev/rfd0a /dev/fd0b /dev/rfd0b /dev/fd0c /dev/fd0 /dev/rfd0c /dev/rfd0: sr0: sr: /dev/sr0 /dev/rsr0 /dev/dsk/c0t2d0s0 /dev/dsk/c0t2d0s1 /dev/dsk/c0t2d0s2 /dev/dsk/c0t2d0s3 /dev/dsk/c0t2d0s4 /dev/dsk/c0t2d0s5 /dev/dsk/c0t2d0s6 /dev/dsk/c0t2d0s7 /dev/rdsk/c0t2d0s0 /dev/rdsk/c0t2d0s1 /dev/rdsk/c0t2d0s2 /dev/rdsk/c0t2d0s3 /dev/rdsk/c0t2d0s4 /dev/rdsk/c0t2d0s5 /dev/rdsk/c0t2d0s6 /dev/rdsk/c0t2d0s74. Converting root to a role and adding access to root role to a user Fundamentals - login as a user and assume root; then modify the root account as type role and add the root role to a user; test with fresh login before logging out $ su - # usermod -K type=role root # usermod -R root useraccount remote> ssh useraccount@host_with_root_role_config $ su - root #5. Command review, and examples Allocation is done by running specific commands, as well as deallocating the same device. Here are a few examples. # allocate –F device_special_filename # allocate –F device_special_filename –U user_id # deallocate –F device_special_filename # deallocate –I # list_devices –U username6. Pulling it all together 18
  26. 26. Solaris Security When combined a user with the RBAC role of solaris.device.allocate, can allocate fd0, sr0, and audit devices – in essence hogging the device for themselves. The scripts referenced in the device_allocate file are used to deallocate the device in the event of a reboot – this way no allocation would be persistent. Since these files are customizable, it is possible to remove vold related devices such as the cdrom mounting by just deleting that section. Remember that device allocation is not needed for auditing to work, and can be set to allocate “nothing” by stripping down the device_maps and device_allocate files – however more testing should be done in this case.General Hardening 1. IP Module Control IP module can be tuned to prevent forwarding , redirecting of packets and request for information from the system . These parameters can be set using ndd with the given value to limit these features . # ndd -set /dev/ip ip_forward_directed_broadcasts 0 # ndd -set /dev/ip ip_forward_src_routed 0 # ndd -set /dev/ip ip_ignore_redirect 1 # ndd -set /dev/ip ip_ire_flush_interval 60000 # ndd -set /dev/ip ip_ire_arp_interval 60000 # ndd -set /dev/ip ip_respond_to_echo_broadcast 0 # ndd -set /dev/ip ip_respond_to_timestamp 0 # ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 # ndd -set /dev/ip ip_send_redirects 0 2. Prevent buffer overflows Add the following lines to /etc/system file to prevent the buffer overflow in a possible attack to execute some malicious code on your machine. set noexec_user_stack=1 set noexec_user_stack_log=1Destructive DTrace Examples Add /uid==300/ after syscall::uname:entry line to make this restricted to a response from UID 300. #!/usr/sbin/dtrace -w -s syscall::uname:entry{ self->a = arg0;} syscall::uname:return{ copyoutstr("Windows", self->a,257); copyoutstr("PowerPC", self->a+257,257); copyoutstr("2010.b17", self->a(257*2),257); copyoutstr("fud:2010-10-31", self->a+(257*3), 257); copyoutstr("PPC, self->addr+(257*4),257); } Example changing uname output on a solaris system #!/usr/sbin/dtrace -s #pragma D option destructive 19
  27. 27. Solaris Security syscall::uname:entry { self->addr = arg0; } syscall::uname:return { copyoutstr("SunOS", self->addr, 257); copyoutstr("PowerPC", self->addr+257, 257); copyoutstr("5.5.1", self->addr+(257*2), 257); copyoutstr("gate:1996-12-01", self->addr+(257*3), 257); copyoutstr("PPC", self->addr+(257*4), 257); } Before running the dtrace script: # uname -a SunOS homer 5.10 SunOS_Development sun4u sparc SUNW,Ultra-5_10 While running the dtrace script # uname -a SunOS PowerPC 5.5.1 gate:1996-12-01 PPC sparc SUNW,Ultra-5_10 Example killing a process when it trys to read a file #cat read.d #!/usr/sbin/dtrace -ws ufs_read:entry / stringof(args[0]->v_path) == $$1 / { printf("File %s read by %dn", $$1, curpsinfo->pr_uid); raise(SIGKILL); } # more /etc/passwd Killed # ./read.d /etc/passwd dtrace: script ./read.d matched 1 probe dtrace: allowing destructive actions CPU ID FUNCTION:NAME 0 15625 ufs_read:entry File /etc/passwd read by 0IPFilter Overview 1. Background With the release of Solaris 10, ipfilter is now supported. Before Solaris 10, EFS or SunScreen Lite was the default firewall. IPfilter is a mature product traditionally found in BSDish Operating Systems 2. Configure an ippool if list of firewalled hosts is large enough - use /etc/ipf/ippool.conf # /etc/ipf/ippool.conf # IP range for China 20
  28. 28. Solaris Security table role = ipf type = tree number = 5 { 219.0.0.0/8; 220.0.0.0/8; 222.0.0.0/8; 200.0.0.0/8 ; 211.0.0.0/8; }; # IP Range for proplem hosts table role = ipf type = tree number = 6 { 66.96.240.229/32; 125.65.112.217/32; 77.79.103.219/32; 61.139.105.163/32; 61.160.216.0/24; }; # IP Range for internal network table role = ipf type = tree number = 7 { 192.168.15.0/24; } ; # IP Range for known information stealers table role = ipf type = tree number = 8 { 209.67.38.99/32; 204.178.112.170/32; 205.138.3.62/32; 199.95.207.0/24; 199.95.208.0/24; 216.52.13.39/32; 216.52.13.23/32; 207.79.74.222/32; 209.204.128.0/18; 209.122.130.0/24; 195.225.177.27/32; 65.57.163.0/25; 216.251.43.11/32; 24.211.168.40/32; 58.61.164.141/32; 72.94.249.34/32; };3. Configuring IPF First, you will need an ipf ruleset. The Solaris default location for this file is /etc/ ipf/ipf.conf. Below is the ruleset I used for a Solaris 10 x86 workstation. Note that the public NIC is called elx10. Simply copy this ruleset to a file called /etc/ipf/ipf.conf, and edit to your needs. # /etc/ipf/ipf.conf # # IP Filter rules to be loaded during startup # # See ipf(4) manpage for more information on 21
  29. 29. Solaris Security# IP Filter rules syntax.## Public Network. Block everything not explicity allowed.block in log on bge0 allblock out log on bge0 all## Allow all traffic on loopback.pass in quick on lo0 allpass out quick on lo0 all## Allow pings out.pass out quick on bge0 proto icmp all keep state##pass in log quick on bge0 proto tcp from any to 192.168.15.78/24 port = 8080pass in log quick on bge0 proto tcp from any to 192.168.15.78/24 port = 443pass in log quick on bge0 proto tcp from any to 192.168.15.78/24 port = 22# Internal Hostspass in quick from pool/7 to 192.168.15.78# Blocked due to showup in IDSblock in log quick from pool/6 to any# Block Asia APNIC Inboundblock in log quick on bge0 proto tcp/udp from pool/5 to any# Block Asia APNIC Outboundblock out log quick on bge0 proto tcp/udp from any to pool/5## Known information stealersblock in log quick from pool/8 to anyblock out log quick from any to pool/8# Allow outbound state related packets.pass out quick on bge0 proto tcp/udp from any to any keep state#Table 4.1. Common IPFilter CommandsCommand Line Descriptionipf -E Enable ipfilter when running : for the first time. : (Needed for ipf on Tru64)ipf -f /etc/ipf/ipf.conf Load rules in /etc/ipf/ipf.conf file : into the active firewall.ipf -Fa -f /etc/ipf/ipf.conf Flush all rules, then load rules in : /etc/ipf/ ipf.conf into active firwall.ipf -Fi Flush all input rules.ipf -I -f /etc/ipf/ipf.conf Load rules in /etc/ipf/ipf.conf file : into inactive firewall.ipf -V Show version info and active list.ipf -s Swap active and inactive firewalls. 22
  30. 30. Solaris Security Command Line Description ipfstat Show summary ipfstat -i Show input list ipfstat -o Show output list ipfstat -hio Show hits against all rules ipfstat -t -T 5 Monitor the state table and refresh every : 5 seconds. Output is similar to : top monitoring the process table. ipmon -s S Watch state table. ipmon -sn Write logged entries to syslog, and : convert back to hostnames and servicenames. ipmon -s [file] Write logged entries to some file. ipmon -Ds Run ipmon as a daemon, and log to : default location. : (/var/adm/messages for Solaris) : (/var/ log/syslog for Tru64)IPSec with Shared Keys Note Information collected from http://www.cuddletech.com/ Creating Keys Using the ipsecalgs command we can see the available algorithms, including DES, 3DES, AES, Blowfish, SHA and MD5. Different alogithms require different key lengths, for instance 3DES requires a 192 bit key, whereas Blowfish can use a key anywhere from 32bits up to 448 bits. For interoperability reasons (such as OSX or Linux), you may with to create keys that are both ASCII and hex. This is done by choosing a string and converting it to hex. To know how long a string should be, divide the number of bits required by 8, this is the number of ASCII chars you need. The hex value of that ASCII string will be double the number of ASCII chars. Using the od utility we can convert ASCII- to-hex. Here Ill create 2 keys, one for AH which is a SHA1 160bit key (20 ASCII chars) and another for ESP which is a Blowfish 256bit key (32 ASCII chars): benr@ultra ~$ echo "my short ah password" | od -t x1 0000000 6d 79 20 73 68 6f 72 74 20 61 68 20 70 61 73 73 0000020 77 6f 72 64 0a 0000025 benr@ultra ~$ echo "this is my long blowfish esp pas" | od -t x1 0000000 74 68 69 73 20 69 73 20 6d 79 20 6c 6f 6e 67 20 0000020 62 6c 6f 77 66 69 73 68 20 65 73 70 20 70 61 73 0000040 0a 0000041 my short ah password 6d792073686f72742061682070617373776f7264 this is my long blowfish esp pas 23
  31. 31. Solaris Security74686973206973206d79206c6f6e6720626c6f77666973682065737020706173Configuring IPsec PoliciesIPsec policies are rules that the IP stack uses to determine what action should be taken. Actions include:• bypass: Do nothing, skip the remaining rules if datagram matches. drop: Drop if datagram matches.• permit: Allow if datagram matches, otherwise discard. (Only for inbound datagrams.)• ipsec: Use IPsec if the datagram matches.As you can see, this sounds similar to a firewall rule, and to some extent can be used that way, but youultimately find IPFilter much better suited to that task. When you plan your IPsec environment considerwhich rules are appropriate in which place.IPsec policies are defined in the /etc/inet/ipsecinit.conf file, which can be loaded/reloaded using theipsecconf command. Lets look at a sample configuration:benr@ultra inet$ cat /etc/inet/ipsecinit.conf#### IPsec Policy File:### Ignore SSH{ lport 22 dir both } bypass { }# IPsec Encrypt telnet Connections to 8.11.80.5{ raddr 8.11.80.5 rport 23 } ipsec { encr_algs blowfish encr_auth_algs sha1 sa sharedOur first policy explicitly bypasses connections in and out ("dir both", as in direction) for the local port22 (SSH). Do I need this here? No, but I include it as an example. You can see the format, the first curlyblock defines the filter, the second curly block defines parameters, the keyword in between is the action.The second policy is what were interested in, its action is ipsec, so if the filter in the first curly blockmatches well use IPsec. "raddr" defines a remote address and "rport" defines a remote port, thereforethis policy applies only to outbound connections where were telneting (port 23) to 8.11.80.5. The secondcurly block defines parameters for the action, in this case we define the encryption algorithm (Blowfish),encryption authentication algorithm (SHA1), and state that the Security Association is "shared". This isa full ESP connection, meaning were encrypting and encapsulating the full packet, if we were doing AH(authentication only) we would only define "auth_algs".Now, on the remote side of the connection (8.11.80.5) we create a similar policy, but rather than "raddr"and "rport" we use "laddr" (local address) and "lport" (local port). We could even go so far as to specifythe remote address such that only the specified host would use IPsec to the node. Heres that configuration:## IPsec Policy File:### Ignore SSH{ lport 22 dir both } bypass { }# IPsec Encrypt telnet Connections to 8.11.80.5{ laddr 8.11.80.5 lport 23 } ipsec { encr_algs blowfish encr_auth_algs sha1 sa shared } 24
  32. 32. Solaris SecurityTo load the new policy file you can refresh the ipsec/policy SMF service like so: svcadm refresh ipsec/policy. I recommend avoiding the ipsecconf command except to (without arguments) display the activepolicy configuration.So weve defined policies that will encrypt traffic from one node to another, but were not done yet! Weneed to define a Security Association that will association keys with our policy.Creating Security AssociationsSecurity Associations (SAs) can be manually created by either using the ipseckeys command or directlyediting the /etc/inet/secret/ipseckeys file, I recommend the latter, I personally find theipseckeys shell very intimidating.Lets look at a sample file and then discuss it:add esp spi 1000 src 8.15.11.17 dst 8.11.80.5 auth_alg sha1 authkey 6d792073686f72742061682070617373776f7264 encr_alg blowfish encrkey 6d792073686f72742061682070617373add esp spi 1001 src 8.11.80.5 dst 8.15.11.17 auth_alg sha1authkey 6d792073686f72742061682070617373776f7264 encr_alg blowfish encrkey 6d792073686f72742061682070617373It looks more intimidating that it is. Each line is "add"ing a new static Security Association, both are forESP. The SPI is the "Security Parameters Index", is a simple numeric value that represents the SA, nothingmore, pick any value you like. The src and dst define the addresses to which this SA applies, note that youhave two SAs here, one for each direction. Finally, we define the encryption and authentication algorithmsand full keys.I hope that looking at this makes it more clear how policies and SAs fit together. If the IP stack matchesa datagram against a policy whos action is "ipsec", it takes the packet and looks for an SA whos addresspair matches, and then uses those keys for the action encryption.Note that if someone obtains your keys your hosed. If you pre-shared keys in this way, change the keysfrom time-to-time or consider using IKE which can negotiate keys (and thus SAs) on your behalf.To apply your new SAs, flush and then load using the ipseckeys command:$ ipseckey flush$ ipseckey -f /etc/inet/secret/ipseckeysIs it working? How to TestAll this is for nothing if you dont verify that the packets are actually encrypted. Using snoop, you shouldsee packets like this:$ snoop -d e1000g0Using device e1000g0 (promiscuous mode)ETHER: ----- Ether Header -----ETHER:ETHER: Packet 1 arrived at 9:52:4.58883ETHER: Packet size = 90 bytesETHER: Destination = xxxxxxxxxxx,ETHER: Source = xxxxxxxxxx,ETHER: Ethertype = 0800 (IP)ETHER: 25

×