[BBLISA] Hardening Solaris

Dean Anderson dean at av8.com
Wed Jun 9 14:54:44 EDT 2004


There have been several remote exploit bugs in sendmail (yet again, thanks
to ISC for such competency), so you really should upgrade to 8.12.11 or
better.  ISC has also broken the CF files in 8.12, so that by default they
try to resolve reverse DNS and rejects sites that either don't have
reverse DNS, or don't have reverse DNS set in the way ISC thinks it should
be. [the in-addr config check is an invalid assumption--Reverse DNS is
optional, and can be _properly_ configured even though the
reverse/forward/reverse again check fails] But the CF problem is trivial
and can be fixed directly in the CF file or by changing the M4 files that
are used to generate the CF files.

These are relatively recent, so I doubt that Sun has kept up on that...

		--Dean

On Wed, 9 Jun 2004, Edward Ned Harvey wrote:

> I've got to configure an outward facing Solaris box for smtp.
> 
> Of course I have sunsolve, and have looked through there to look up
> their recommendations for hardening the box, but I wonder if any of
> you's can suggest some documentation for me to keep this solaris box
> secure.
> 
> Thanks in advance.
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
> 




More information about the bblisa mailing list