Jan 122010

Have you ever had the following error popup on your /var/adm/messages:

Oct  8 12:26:14 myserver sshd[29288]: [ID 800047 auth.error] error: Could not get shadow information for NOUSER

It would look like a security incident with the “nouser” system account but not so to be. The error gets written to /var/adm/messages when a user tries to SSH to the server using a user account which doesn’t exist on the system (a typo error can contribute) or on your NIS/NIS+ systems.

So no panic!!!!

Mar 192008

Solaris Operating Environment by default is configured to both accept and send  the ICMP Redirect messages. According to RFCs, only a router or a gateway device should send an ICMP Redirect message and any other hosts should only be able to receive the ICMP Redirects. If the Solaris server is not acting as a Router or a Gateway then sending ICMP Redirect message should be disabled. The same applies to accepting ICMP Redirect messages if the solaris server is not required to receive ICMP Redirect messages (say a single Router/Gateway network/subnets scenario) as a malicous hacker could send fake ICMP redirect messages to modify the routing table on the host and potentialy cause a Denial of Service attack.

Continue reading »