Solaris:

Pretty decent admin scripts/help/FAQ's: www.sun.com/bigadmin
Good place for precompiled packages (and sources): www.sunfreeware.com
Decent documenation: docs.sun.com

There is a program called 'yassp' that you should run that automatically locks
down the box. WARNING! IT DOES A VERY VERY VERY GOOD JOB OF TIGHTENING DOWN,
and you may have to adjust things afterwards to make them work.

Big things:

Install the latest patch cluster. Make sure you check file permissions and daemons afterwards, patch clusters tend to turn things back on that were off.

Turn off everything in /etc/inetd.conf (ESPECIALLY SADMIND, major vulnerability right now). You don't need any of it to run Solaris of XWindows properly. If you think you need telnet, think again, download and install OpenSSH. If you aren't
running services, it is much more difficult to attack.

Use tcpwrappers to limit access to services you absolutely must do with out.

Turn off as much as you can under /etc/rc2.d and /etc/rc3.d as you can. Minimally:

S00set-tmp-permissions -> ../init.d/set-tmp-permissions
S01MOUNTFSYS
S05RMTMPFILES
set-tmp-permissions -> ../init.d/set-tmp-permissions
S20sysetup
S22acct -> ../init.d/acct
S69inet
S72inetsvc
S74syslog
S75cron
S75savecore
S88utmpd

You don't need anything under rc3.d. In case you do, rather than deleting these files, move them do a directory under where you are like no.

Tweak your TCP/IP stack for much improved performance. Look for 'tweaking the tcp/ip stack for fun and profit'.

Check all your files and turn off the setuid and setguid files where possible (there are lists floating around the internet to tell you what you need).

Use sudo to control access with a well written policy (ALL : ALL is not a good one).




Solaris is more than capable of running all those services, I recommend against running too many in the same place. After all, if someone hacks your web server, do you really want them having access to DHCP assignments, DNS, etc?

If you need more info, let me know.

/nebulus