Solaris 11 SPARC Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication.
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity, and ...Rule Medium Severity -
The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet)....Rule Medium Severity -
The operating system must use cryptographic mechanisms to protect and restrict access to information on portable digital media.
When data is written to portable digital media, such as thumb drives, floppy diskettes, compact disks, and magnetic tape, etc., there is risk of data loss. An organizational assessment of risk gu...Rule Medium Severity -
The operating system must protect the confidentiality and integrity of information at rest.
When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and d...Rule Low Severity -
There must be no user .rhosts files.
Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf, they may have been brought over from other systems and could contain information useful to an attacker for tho...Rule High Severity -
Reserved UIDs 0-99 must only be used by system accounts.
If a user is assigned a UID that is in the reserved range, even if it is not presently in use, security exposures can arise if a subsequently installed application uses the same UID.Rule Medium Severity -
The operating system must have no unowned files.
A new user who is assigned a deleted user's user ID or group ID may then end up owning these files, and thus have more access on the system than was intended.Rule Medium Severity -
The system must implement non-executable program stacks.
A common type of exploit is the stack buffer overflow. An application receives, from an attacker, more data than it is prepared for and stores this information on its stack, writing beyond the spac...Rule Medium Severity -
The system must be configured to store any process core dumps in a specific, centralized directory.
Specifying a centralized location for core file creation allows for the centralized protection of core files. Process core dumps contain the memory in use by the process when it crashed. Any data t...Rule Medium Severity -
The centralized process core dump data directory must have mode 0700 or less permissive.
Process core dumps contain the memory in use by the process when it crashed. Any data the process was handling may be contained in the core file, and it must be protected accordingly. If the proces...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.