Solaris armoring is used to disable non-essential system services to improve security. It also makes modifications to system parameters to increase the security of the system. Solaris armoring is enabled automatically as part of the IMPAX 6.5.1 AS3000 installation.
 | Note: For systems that use HSM, the nfs.client is manually re-enabled on all systems that mount the HSM server file system. |
Solaris armoring installation makes the following modifications to a standard Solaris install.
Removes all unnecessary services from /etc/inetd.conf
Disables FTP, Telnet rsh access (to be replaced by SCP and SSH)
Disables a number of unnecessary services in the rc scripts
Locks down .rhosts, .netrc, and hosts.equiv files (rsh no longer functions, replaced by SSH)
Enables sulogging, tcpdlogging, inetlogging, and login log, which improve the system’s IDS capabilities
Modifies the /etc/default/inetinit to set TCP_STRONG_ISS = 2
Randomizes all initial sequence number for all TCP connection, guarding against IP spoofing and hijacking
Secures the kernel parameters for /dev/ip by restricting IP querying
Modifies the /etc/system to help protect against buffer overflow attacks