Solaris Kernel Tuning for Security
需积分: 3 197 浏览量
2011-12-13
15:56:42
上传
评论
收藏 112KB PDF 举报
Solaris Kernel Tuning for Security
by By Ido Dubrawsky (idubraws@cisco.com)
last updated Dec. 20, 2000
Introduction
The Solaris kernel provides a great deal of user-configurable control over the system
TCP/IP stack. Everything from cache table lifetimes to the number of TCP connections
that the system can address are controllable. However, without understanding the
underlying need for tuning these kernel parameters many system administrators
choose to ignore them - thereby leaving their systems vulnerable to a resourceful
assailant.
Solaris Kernel Tools
The only tool available to Solaris system administrators for tuning kernel parameters is
ndd. Currently, ndd only supports the TCP/IP kernel drivers. It can be used to both
show and set the values of parameters for these drivers.
Solaris Kernel Parameters
In general to show a particular parameter the command format is:
# ndd /dev/<driver> <parameter>
where <driver> is one of the following: ARP, IP, TCP, and UDP. To view all
parameters for a particular driver the command is:
# ndd /dev/<driver> \?
To set a kernel parameter using ndd, the format of the command is:
# ndd -set /dev/<driver> <parameter> <value>
Unfortunately, changes to the Solaris kernel parameter values using ndd are not
permanent. The values for these parameters return to default upon system reboot. To
make these changes more permanent a system administrator needs to put these
changes into a shell script that is run at system boot (one possible location would be
/etc/init.d/inetinit or in a separate shell script). One of the primary problems with setting
these parameters into a shell script is that the parameters are implementation-specific
and may change from one Solaris release to another.
ARP
ARP (Address Resolution Protocol) is used to dynamically map layer-3 network
addresses to data-link addresses. When one system wants to communicate with
another system on a network it first sends an ARP packet to the broadcast address,
FF:FF:FF:FF:FF:FF. The packet asks the simple question: "who has network address
A?...tell network address B". Since all hosts on a network receive these broadcast
packets, system A receives the ARP request and sends back a response. The
originating host then uses the responses to its ARP broadcasts to build a table, or
cache, mapping the 32-bit IP addresses to Layer-2 hardware, or MAC, addresses. A
second table is maintained by the network layer. This table is built from information
provided by the data-link layer and contains network-routing information for active
connections. The network layer requests MAC addresses from the data-link layer and
inserts these addresses into a network routing table. Network routing entries expire
after 20 minutes.
When a network host prepares to communicate with another the IP layer checks the
ARP cache first. If an entry for the network peer does not exist in the cache, an ARP
request is broadcasted. ARP cache entries expire after five minutes.
资源评论
