In comp.unix.solaris com wrote:
Endless ones. First of all, make sure you realise that 'hardened' isn't
a binary function: a computer isn't either hardened or not, but rather
is going to be harder than some arbitrary watermark. If you have a standard
in place, then hardened means hardened to that standard. If you don't, then
who knows what's meant by the term?
At any rate, grep for running services in /etc/inetd.conf. nmap the box
from another machine on the same subnet, and see what ports are open.
Look for .rhosts files, check for root console login in /etc/default/login,
see if random packet numbers are enabled. Are unnecessary /etc/rcX.d
services getting started? Is tripwire or aide installed? How about logging--
is stuff being forwarded to a central log server?
You can keep hardening a box until a live network connection isn't even an
access point, but it's probably not a lot of use. The real key to hardening
a box successfully is twofold: (a) define what constitutes hardened, and
(b) defining (and running) the tests against that standard.