Return to Sensors

Solaris Sensors

Cat
Sensor
Name
Audit
Countermeasure
App
app_custom.sh
Application Custom Sensor
Definable
Definable
Disk disk_ckspace.sh Filesystem Space Sensor Adequate free blocks/inodes on local filesystems. None
  disk_ckmounts.sh Filesystem Mount Table Sensor No change in filesystems mount table. Definable
File
file_grp_fields.sh
Group Fields Sensor There are 4 fields in every record in /etc/group. None
  file_grp_uniq_gid.sh
Unique Group GIDs Sensor All GIDs in /etc/group are unique. Ignore previously reported.
  file_grp_uniq_name.sh
Unique Group Names Sensor All Group Names in /etc/group are unique. Ignore previously reported.
  file_grp_users.sh
Valid Group Users Sensor Every user in /etc/group is a valid user. Ignore previously reported.
  file_hugedir.sh
Huge Directory Sensor There are no new huge directories. Ignore previously reported.
  file_large.sh
Large File Sensor There are no new large files. Ignore previously reported.
  file_orphans.sh
Orphan Files Sensor All files are owned by valid users. Reset ownership of orphan files.
  file_pwd_fields.sh
Passwd Fields Sensor There are 7 fields in every record in /etc/passwd. None
file_pwd_gid.sh
Valid Passwd GIDs Sensor Every /etc/passwd GID is a valid group. None
file_pwd_home.sh
Valid Passwd Home Dirs Sensor Every /etc/passwd home directory is valid. Create directory or ignore if previously reported.
file_pwd_shell.sh
Valid Passwd Shells Sensor Every /etc/passwd shell is an expected value. Ignore previously reported.
file_unwanted.sh
Unwanted File Sensor Verify that certain files do not exist. None
file_wanted.sh
Wanted File Sensor Verify that certain files do exist. None
file_watchlog.sh Log Content Sensor There is nothing unusual about the contents of a log. None
Me
me_autoupdate.sh
Auto Update Sensor OSsonar is up-to-date. None
me_ckconfig.sh
OSsonar Configuration Sensor No problems with config file. None
me_ckfilemaster.sh
Verify Master File Table Sensor Master File Table is being created. None
me_cksum.sh
OSsonar Intrusion Sensor Application is secure. None
me_mkfilemaster.sh
Create File Master Table Sensor Create a new File Master Table. None
me_ruthere.sh
Remote Watchdog Sensor

All remotes are up None
me_syslog.sh
Syslog Facility Sensor No messages of concern in the syslog facility. None
Network
net_ckroutetab.sh
Network Routing Tables Sensor No change in the network routing tables. Accept new table.
net_cksvcs.sh
Network Port Services Sensor No change in the network port services. None
net_no_netrc.sh
Home Dir .netrc Sensor No users have .netrc in their home directory. Ignore previously reported.
net_no_rhosts.sh
Home Dir .rhosts Sensor No user has .rhosts in their home directory. Ignore previously reported.
net_ping.sh
Host Ping Sensor All defined hosts can be pinged. None
net_untrusted_svcs.sh
Untrusted Network Services Sensor Untrusted network services are disabled. None
Perf
perf_alrttest.sh
Test Alert Sensor The Alert Manager is working. None
perf_ckmailq.sh
Mail Queue Size Sensor
The size of the mail queue is nominal. None
perf_ckmysql.sh
MySQL Response Sensor MySQL is responding. Definable
perf_cknetints.sh
Network Interfaces Sensor No performance problems with network interface cards. None
perf_ckswap.sh
Swap Space Sensor No problems with swap space usage. None
perf_loadavg.sh
System Load Average Sensor System load average is less than a defined  threshold. Definable
perf_webpages.sh
Web Pages Up Sensor All defined URLs are responding. None
Process
proc_all_up.sh
Daemons Up Sensor All daemons are up. Restart failed daemons.
proc_killstalled.sh
Stalled Processes Sensor There are no stalled processes. Kill stalled processes.
proc_orphans.sh
Orphan Processes Sensor All processes are owned by a current user. Kill all orphan processes.
proc_runaway.sh
Runaway Processes Sensor There are no runaway processes. Kill runaway process.
proc_unwanted.sh
Unwanted Processes Sensor There are no unwanted processes. Kill unwanted processes.
Security
sec_ckintrusion.sh
Intrusion Detection Sensor No change to secured directories/files. None
sec_ckrootkit.sh
Rootkit Sensor
There are no rootkits installed. Accept new checksums.
sec_clamscan.sh
Virus Sensor
Clamscan reports no viruses.
Empty scan list when completed.
  sec_failedlogins.sh   Failed Logins Sensor There are no patterns of failed logins of concern. None
sec_failedsu.sh   Failed SU Sensor There are no patterns of failed su attempts of concern. None
sec_nfsdirs.sh   Secure NFS Sensor All NFS exported dirs are configured to be secure. None
sec_rogue_dev.sh   Rogue Devices Sensor There are no rogue device files. Ignore previously reported.
sec_sshapf.sh   SSH Attack Sensor No one is using ssh to attack this system. Put the attacker in /etc/apf/deny_hosts.rules
sec_stickybit.sh   Sticky Bit Directories Sensor No sticky bit directory has lost the sticky bit. None
sec_suid_sgid.sh   SUID/SGID Files Sensor There are no new SUID/SGID files. Ignore previously reported.
sec_webpages.sh   Web Page Change Sensor All defined URLs have not changed. None
sec_world_writable.sh  World Writable Files Sensor There are no new world writable files. Ignore previously reported.
System
sys_ckboot.sh   System Rebooted Sensor No recent system reboot. None
sys_ckhostname.sh   Hostname Changed Sensor The hostname has not changed. None
sys_ckmailbox.sh Mail Box Sensor Mail is being delivered. Definable
sys_cktime.sh   System Time Sensor System time is reasonable. None
sys_rmtrash.sh   Trash Files Sensor There are no trash files on the system. Remove trash files.
sys_maildelivery.sh Mail Delivery Sensor Mail is being delivered. Definable
sys_tarbkup.sh   System Backup Sensor This is the system backup manager. None
sys_trimlogs.sh   Trim System Logs Sensor Audit size of system logs. Trim the System Logs.
User
usr_cons_login.sh   Root Only On Console Sensor Root can only log in from console. None
usr_mailbox.sh   Secure Mailboxes Sensor All mailboxes are owned and permissioned correctly. Fix owner and/or permissions.
usr_noage.sh   Password Aging Sensor All users have password aging. Ignore previously reported.
usr_nologin.sh
New Login Sensor
There are no new users logged in.
None
usr_nopwd.sh   Password Sensor Every user has a password. None
usr_pwd_no_acct.sh   Unwanted Users Sensor Certain logins are not in /etc/passwd. None
usr_pwd_shadowed.sh  Shadowed Passwords Sensor All passwords are shadowed. Ignore previously reported.
usr_suid_shell.sh   SUID/SGID Login Shells Sensor There are no SUID/SGID login shells. Ignore previously reported.
usr_uniq_home.sh   Unique Home Directories Sensor Every user has a unique home directory. Ignore previously reported.
usr_uniq_uid.sh   Unique Login UIDs Sensor All UIDs in /etc/passwd are unique. Ignore previously reported.
usr_uniq_usrname.sh   Unique Login Names Sensor All /etc/passwd login names are unique. None

­

Permanent link to this article: https://www.ossonar.com/sensors/solaris/