|
Replies:
10
-
Last Post:
Mar 29, 2009 8:11 PM
by: ivank213
|
Threads:
[
Previous
|
Next
]
|
|
Posts:
122
From:
US
Registered:
3/9/05
|
|
|
|
Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Jan 17, 2006 10:11 PM
|
|
Just wanted to ping the community to see if there was any interest in Solaris Security Toolkit add-ons. In the past, we have developed a number of extensions to JASS (primarily for assessment purposes) that we may be able to post if there is sufficent interest. We could even make a project of it if people would like to collaborate on auditing/assessment extensions to JASS.
What do you think?
Glenn
|
|
|
Posts:
39
From:
Stockholm, SWE
Registered:
6/14/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Jan 18, 2006 11:14 AM
in response to: gbrunett
|
|
I might be interested in this! And I've fiddled quite alot with JASS/SST.. Me and a co-worker looked into security benchmarking a couple of years ago.. Actually I think I have some old mail's sent to you or some other people working with JASS at the time regarding the auditing features of JASS :) I'd sign up for the project!
|
|
|
|
|
Posts:
34
From:
Frankfurt
Registered:
6/14/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Jan 26, 2006 4:28 AM
in response to: gbrunett
|
|
it's a good idea. I know a lot of deployements where JASS framework is used and expanded. Some kind of repository a la DTraceToolkit is a good thing. I think of auditing fonctions and support for standard applications.
benjamin
|
|
|
|
|
Posts:
39
From:
Stockholm, SWE
Registered:
6/14/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Jan 30, 2006 10:55 AM
in response to: gbrunett
|
|
So Glenn,
What did you have in mind? This sounds like one of few projects around here that i could actually contribute to ;)
|
|
|
|
|
Posts:
122
From:
US
Registered:
3/9/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Jan 30, 2006 12:05 PM
in response to: gintonic
|
|
My original thought was to share some of the work that we have done, discuss where and how it may be improved to be more useful to the general community and then work on some code updates (as needed) to fix any of the gaps.
I apologize for being a bit quiet since my last posting. I have been busy with some publishing activities and getting ready for a few upcoming conferences. I should have some time to get the material cleaned up and posted in the next week so that we can get started.
Thank you for your interest! I think that this will be a lot of fun.
g
|
|
|
|
|
Posts:
23
From:
IT
Registered:
1/5/06
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Feb 1, 2006 7:59 AM
in response to: gbrunett
|
|
Hi Glenn,
i am interested in the project, too.
thanks/gs
|
|
|
|
|
Posts:
39
From:
Stockholm, SWE
Registered:
6/14/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Feb 21, 2006 1:42 PM
in response to: gbrunett
|
|
Hi Glenn,
Any updates?
|
|
|
|
|
Posts:
122
From:
US
Registered:
3/9/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Feb 21, 2006 1:48 PM
in response to: gintonic
|
|
First please accept my apologies for the delay. I have been out of the office for two weeks at
an internal security conference and later at RSA. As far as an update... Yes! I am just now
catching up on things. If all goes as planned I should be able to upload the first batch of code
by tomorrow.
Glenn
|
|
|
|
|
Posts:
122
From:
US
Registered:
3/9/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Feb 22, 2006 2:39 PM
in response to: gbrunett
|
|
Ok, so it took me long enough, but we now have some sample code to look at. This code should be considered alpha quality at this point. I had to make some changes before it could be released and I did not have a chance to test this code on anything but Nevada. The code was originally developed for JASS 4.1 but it should only really be used with JASS 4.2 as this point. You can get the latest JASS code from http://www.sun.com/security/jass/
Please feel free to download the code and send back your feedback. You can get the code from:
http://mediacast.sun.com/details.jsp?id=1200
The code is currently only available as a tarball. To use, simply extract the code into the JASS home directory (typically /opt/SUNWjass) and it will install the following files in:
./Audit/sunw-modules/*
./Documentation/sunw-modules/*
./Drivers/sunw-modules.*
./Packages/md5/*
There is some basic documentation available (in the Documentation/sunw-modules directory) to give you an ideas of what is going on.
I am working on setting up an alias and project page that we can use going forward as well so that we can store future versions of the code, track ideas, submissions, etc. Thank you for your interest and I am very much looking forward to your feedback and ideas.
I would like to use this forum to identify gaps not only in this code but in the general case of assessing the security of Solaris platforms so that we can also log bug reports and RFEs against Solaris to make Solaris easier to secure, assess and manage.
Take care,
Glenn[/b][b][/b]
|
|
|
|
|
Posts:
278
From:
US
Registered:
10/19/05
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Dec 21, 2007 3:56 PM
in response to: gbrunett
To: Communities » security » discuss
|
|
See also this thread for a possible Solaris Security Toolkit (JASS) project under OpenSolaris:
http://www.opensolaris.org/jive/thread.jspa?messageID=171141
I only mention it here, because this thread but not the other, shows up in the website search engine.
|
|
|
|
|
Posts:
1
From:
US
Registered:
8/8/08
|
|
|
|
Re: Solaris Security Toolkit (aka JASS) Add-Ons
Posted:
Mar 29, 2009 8:11 PM
in response to: gbrunett
To: Communities » security » discuss
|
|
I would like to register my interest as well. The latest news regarding the Snooping Dragon and some other items seem to point to an increasing need for more effective security. for example given the HIPPA requirements would anyone really run a Health Care service on Windows machines? Seems to me the better security afforded by OpenSolaris would make it an attractive if not compelling alternative.
|
|
|
|
|
