Twitter | Search | |
Alan Coopersmith
For those who want more info on what we talked about in the Solaris Security & Compliance talk, the following tweets will have some further references...
Reply Retweet Like More
Alan Coopersmith Sep 25
Replying to @alanc
For the more generic security extensions offered by sxadm (non-executable heap/stack, ASLR, etc.) see and the sxadm(8) man page:
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @alanc
For the ADI extensions on SPARC (part of the Silicon Secured Memory feature set), see:
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @OracleSolaris
For the mitigations for speculative execution issues, see: Support Customers can also see the recently published deep dive for sysadmins, developers, and auditors at:
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @OracleSolaris
To learn more about the different types of virtualization for Solaris, you can start at: Best practices guides are available for OVM SPARC (LDOMs) at and for kernel zones at
Reply Retweet Like
Alan Coopersmith Sep 25
Immutable Zones are covered in the 11.4 docs at has also blogged about them at which is great, since he designed & implemented them.
Reply Retweet Like
Alan Coopersmith Sep 25
Using an extended policy to specify exactly which objects a program can use with specific privileges in Solaris is documented at and an example of using it with MySQL is covered in a blog from at
Reply Retweet Like
Alan Coopersmith Sep 25
The sandbox framework was added in 11.4. You can find an intro in the docs at or in the blog from & at
Reply Retweet Like
Alan Coopersmith Sep 25
The 11.4 Compliance Guide covers your options for reporting how close your system configuration comes to complying with various policies (either canned ones we provide or one you've customized for your particular policy requirements):
Reply Retweet Like
Alan Coopersmith Sep 25
The checks in the compliance reports for whether or not you've applied all the available patches for known CVEs are documented in and rely on the CVE metadata published in our package repository, which is covered in the blog at
Reply Retweet Like
Alan Coopersmith Sep 25
To learn how to start making session annotations to record why you made changes to the system for future reference, you can follow the docs at or the blog at
Reply Retweet Like
Alan Coopersmith Sep 25
For the simplified auditing of specific files, there's again both docs and a blog you can follow.
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @alanc
To see a history of administrative commands run on the system (always useful for answering the "What's changed recently?" question when calling support), read about the admhist(8) command in and
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @alanc
Using SMF to configure policies for accounts in the system/account-policy service (instead of editing text files on every machine after installation) is covered in
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @alanc
Both the terminal based and browser based versions of the User Account Manager are documented in And since both operate completely through RAD, anything you can do in them, you can script through RAD on your own.
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @OracleSolaris
Dealing with TLS certificates is rarely fun, so when we added the web dashboard to 11.4, we made the system generate a cert for you and had it keep an eye on the expiration date, while allowing you to drop in a CA-signed cert if you have one.
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @OracleSolaris
To read about the services behind the curtains of this certificate management in 11.4, see:
Reply Retweet Like
Alan Coopersmith Sep 25
Replying to @alanc
And that was enough to fill the 45 minute time slot, leaving many more features to explore later. If you have time, you can explore them in the docs at and the blogs at: and others.
Reply Retweet Like