General Guidelines

When working on any UNIX based system, be sure to check the following:

• Patching is your first line of defence. Start by installing any patches that your vendor may have. For Solaris, WSG provides superglue.
• Only essential services should be started out of inetd.conf. This should be determined on a per-machine basis, but a good rule of thumb is to turn off anything you can and run everything else through tcp wrappers.
• OpenSSH should be installed to replace telnet and older versions of SSH as the preferred means of remote access.
• Sendmail can, and should be turned off if there is no need for it on a particular system.
• Avoid using the root account when you don't have to.
• SuperUser accounts should be created for everyone who needs to operate as root. The permissions are the same, but SU accounts create an extra record of who did what.
• Netstat is a useful tool in checking for unwanted daemons. Look mainly at the tcp and udp lines.