Solaris 11 SPARC Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Audit records must include what type of events occurred.
Without proper system auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.Rule Medium Severity -
SRG-OS-000038
Group -
SRG-OS-000039
Group -
Audit records must include where the events occurred.
Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account. Without accurate time stamps, source, user, and ...Rule Medium Severity -
SRG-OS-000040
Group -
SRG-OS-000041
Group -
Audit records must include the outcome (success or failure) of the events that occurred.
Tracking both the successful and unsuccessful attempts aids in identifying threats to the system.Rule Medium Severity -
SRG-OS-000480
Group -
The audit system must be configured to audit file deletions.
Without auditing, malicious activity cannot be detected.Rule Medium Severity -
SRG-OS-000004
Group -
The audit system must be configured to audit account creation.
Without auditing, malicious activity cannot be detected.Rule Medium Severity -
SRG-OS-000239
Group -
SRG-OS-000240
Group -
The operating system must automatically audit account disabling actions.
Without auditing, malicious activity cannot be detected.Rule Medium Severity -
SRG-OS-000241
Group -
The operating system must automatically audit account termination.
Without auditing, malicious activity cannot be detected.Rule Medium Severity -
SRG-OS-000480
Group -
The operating system must ensure unauthorized, security-relevant configuration changes detected are tracked.
Without auditing, malicious activity cannot be detected.Rule Medium Severity -
SRG-OS-000480
Group -
SRG-OS-000032
Group -
SRG-OS-000480
Group -
The audit system must be configured to audit failed attempts to access files and programs.
Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.Rule Low Severity -
SRG-OS-000061
Group -
SRG-OS-000027
Group -
The operating system must limit the number of concurrent sessions for each account to an organization-defined number of sessions.
Limiting the number of allowed users and sessions per user can limit risks related to denial of service attacks. The organization may define the maximum number of concurrent sessions for an informa...Rule Low Severity -
SRG-OS-000480
Group -
The system must disable directed broadcast packet forwarding.
This parameter must be disabled to reduce the risk of denial of service attacks.Rule Low Severity -
SRG-OS-000480
Group -
The system must not respond to ICMP timestamp requests.
By accurately determining the system's clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.Rule Low Severity -
SRG-OS-000480
Group -
The system must not respond to ICMP broadcast timestamp requests.
By accurately determining the system's clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.Rule Low Severity -
SRG-OS-000480
Group -
The system must not respond to ICMP broadcast netmask requests.
By determining the netmasks of various computers in your network, an attacker can better map your subnet structure and infer trust relationships.Rule Low Severity -
SRG-OS-000480
Group -
The system must not respond to broadcast ICMP echo requests.
ICMP echo requests can be useful for reconnaissance of systems and for denial of service attacks.Rule Medium Severity -
SRG-OS-000480
Group -
The system must not respond to multicast echo requests.
Multicast echo requests can be useful for reconnaissance of systems and for denial of service attacks.Rule Low Severity -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
The system must set strict multihoming.
These settings control whether a packet arriving on a non-forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. This rule is NA for documented...Rule Medium Severity -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
The system must set maximum number of incoming connections to 1024.
This setting controls the maximum number of incoming connections that can be accepted on a TCP port limiting exposure to denial of service attacks.Rule Low Severity -
SRG-OS-000480
Group -
The system must disable network routing unless required.
The network routing daemon, in.routed, manages network routing tables. If enabled, it periodically supplies copies of the system's routing tables to any directly connected hosts and networks and pi...Rule Medium Severity -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception).
A firewall that relies on a deny all, permit by exception strategy requires all traffic to have explicit permission before traversing an interface on the host. The firewall must incorporate statefu...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.