Solaris 11 SPARC Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480
Group -
The system must prevent local applications from generating source-routed packets.
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security me...Rule Low Severity -
SRG-OS-000023
Group -
The operating system must display the DoD approved system use notification message or banner before granting access to the system for general system logons.
Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monito...Rule Low Severity -
SRG-OS-000023
Group -
The operating system must display the DoD approved system use notification message or banner for SSH connections.
Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monito...Rule Low Severity -
SRG-OS-000023
Group -
The GNOME service must display the DoD approved system use notification message or banner before granting access to the system.
Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monito...Rule Low Severity -
SRG-OS-000023
Group -
The FTP service must display the DoD approved system use notification message or banner before granting access to the system.
Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monito...Rule Low Severity -
SRG-OS-000126
Group -
The operating system must terminate all sessions and network connections when nonlocal maintenance is completed.
Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the internet) or an internal network....Rule Medium Severity -
SRG-OS-000480
Group -
The operating system must prevent internal users from sending out packets which attempt to manipulate or spoof invalid IP addresses.
Manipulation of IP addresses can allow untrusted systems to appear as trusted hosts, bypassing firewall and other security mechanism and resulting in system penetration.Rule Medium Severity -
SRG-OS-000481
Group -
Wireless network adapters must be disabled.
The use of wireless networking can introduce many different attack vectors into the organization’s network. Common attack vectors such as malicious association and ad hoc networks will allow an att...Rule Medium Severity -
SRG-OS-000481
Group -
SRG-OS-000033
Group -
SRG-OS-000480
Group -
SRG-OS-000185
Group -
SRG-OS-000480
Group -
The auditing system must not define a different auditing level for specific users.
Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.Rule Low Severity -
SRG-OS-000046
Group -
The operating system must alert designated organizational officials in the event of an audit processing failure.
Proper alerts to system administrators and IA officials of audit failures ensure a timely response to critical system issues.Rule High Severity -
SRG-OS-000047
Group -
SRG-OS-000057
Group -
The operating system must protect audit information from unauthorized access.
If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. T...Rule Medium Severity -
SRG-OS-000480
Group -
The System packages must be up to date with the most recent vendor updates and security fixes.
Failure to install security updates can provide openings for attack.Rule Medium Severity -
SRG-OS-000256
Group -
SRG-OS-000257
Group -
SRG-OS-000258
Group -
The operating system must protect audit tools from unauthorized deletion.
Failure to maintain system configurations may result in privilege escalation.Rule Medium Severity -
SRG-OS-000278
Group -
System packages must be configured with the vendor-provided files, permissions, and ownerships.
Failure to maintain system configurations may result in privilege escalation.Rule Medium Severity -
SRG-OS-000480
Group -
The finger daemon package must not be installed.
Finger is an insecure protocol.Rule Low Severity -
SRG-OS-000480
Group -
The legacy remote network access utilities daemons must not be installed.
Legacy remote access utilities allow remote control of a system without proper authentication.Rule Medium Severity -
SRG-OS-000480
Group -
The NIS package must not be installed.
NIS is an insecure protocol.Rule High Severity -
SRG-OS-000480
Group -
The pidgin IM client package must not be installed.
Instant messaging is an insecure protocol.Rule Low Severity -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
The TFTP service daemon must not be installed unless required.
TFTP is an insecure protocol.Rule High Severity -
SRG-OS-000480
Group -
The telnet service daemon must not be installed unless required.
Telnet is an insecure protocol.Rule High Severity -
SRG-OS-000480
Group -
The UUCP service daemon must not be installed unless required.
UUCP is an insecure protocol.Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.