Sun Security Toolkit
The Sun™ Security Toolkit (SST), formerly known as both the Solaris Security Toolkit and the JumpStart Architecture and Security Scripts (JASS) Toolkit, provides a flexible and extensible mechanism to harden and audit Solaris and OpenSolaris Operating Systems (OSs). SST simplifies and automates the process of OS hardening and is based on proven security best practices and practical customer site experience gathered over many years. This toolkit can be used to secure SPARC-based and x86/x64-based systems.
The Sun Security Toolkit has transitioned to the OpenSolaris community where it will have two distinct branches:
- Sun Security Toolkit: Legacy Version (SST:LV)
The Legacy Version of SST supports Solaris 10 SPARC and x86/x64. It is an evolutionary release, so anyone familiar with SST 4.2 will find transitioning to SST:LV to be easy.
To reflect SST:LV's relationship with SST 4.2, the first release will be numbered 5. All 5.0.x releases are beta, see the Support Matrix for details.
SST:LV 5.0.x is being actively developed; 5.1 is to be the stable release.
hg clone ssh://hg.opensolaris.org/hg/sst/sst-lv
- Sun Security Toolkit: Community Edition (SST:CE)
The Community Edition of SST will support OpenSolaris, Solaris 10, and any other OS in which the community has interest.
Since SST:CE stands to deviate quite a bit from SST 4.2, so version numbering will begin at 1.0.
This project is open-ended -- it will include community-driven functionality such as integration with LDAP and SMF.
hg clone ssh://hg.opensolaris.org/hg/sst/sst-ce
Service Support
The Sun Security Toolkit: Legacy Version 5 release is in development. When released, the toolkit will be supported by the OpenSolaris community. However, Solaris 10 systems that have been hardened by SST:LV will be supported as part of the Solaris Software Support Service Plans or the SunSpectrum Service Plan contracts. (UPDATE 11/25/09: The details of this agreement need to be verified.)
SST:LV 5.0.x Support Matrix
Since the number of driver/environment permutations is large, SST:LV 5.0.x support will be tracked by driver. When all drivers and their associated .fin and .aud scripts have been tested, fixed (if necessary), and validated, SST:LV 5.1 will be considered stable and generally available. Until then, SST:LV 5.0.x will be re-bundled whenever a cell in the matrix is validated.
| Driver | s10u8 SPARC | s10u8 x86 | s10u7 SPARC | s10u7 x86 | s10u6 SPARC | s10u6 x86 | s10u5 SPARC | s10u5 x86 |
|---|---|---|---|---|---|---|---|---|
| cis-secure | Untested | Untested | Untested | Untested | Untested | Untested | Untested | Untested |
| ldom_control-secure | Tested, works with expected warnings, need to write test report and build new pkg | Untested | Untested | Untested | Untested | Untested | Untested | Untested |
| server-secure | Untested | Untested | Untested | Untested | Untested | Untested | Untested | Untested |
| suncluster3x-secure | Untested | Untested | Untested | Untested | Untested | Untested | Untested | Untested |
| sunfire_15k_sc-secure | Untested | Untested | Untested | Untested | Untested | Untested | Untested | Untested |
SST 4.2
SST version 4.2 fully supports SPARC and x86/x64 Solaris Operating System releases:
- Solaris 10 Updates 0 - 4
- Solaris 9
- Solaris 8
You can download SST 4.2 at sun.com.
SST:CE 1.0
SST Community Edition is under development, but targeted to support:
- OpenSolaris 2009.6
- Solaris 10 Update 8 (10/09)
- Other *nix OSes
- CentOS will probably be first
- If you're interested in contributing to this effort, email jason.callaway@sun.com.
