Skip to content
Log In

Solaris 11 X86 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The operating system must prevent the execution of prohibited mobile code.

    Decisions regarding the employment of mobile code within operating systems are based on the potential for the code to cause damage to the system if used maliciously. Mobile code technologies incl...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must employ PKI solutions at workstations, servers, or mobile computing devices on the network to create, manage, distribute, use, store, and revoke digital certificates.

    Without the use of PKI systems to manage digital certificates, the operating system or other system components may be unable to securely communicate on a network or reliably verify the identity of ...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • Wireless network adapters must be disabled.

    The use of wireless networking can introduce many different attack vectors into the organization’s network. Common attack vectors such as malicious association and ad hoc networks will allow an att...
    Rule Medium Severity
    Show

  • SRG-OS-000481

    Group
    Show

  • SRG-OS-000033

    Group
    Show

  • SRG-OS-000215

    Group
    Show

  • The operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

    Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an orga...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • SRG-OS-000142

    Group
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.

    Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet)....
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The /etc/zones directory, and its contents, must have the vendor default owner, group, and permissions.

    Incorrect ownership can result in unauthorized changes or theft of data.
    Rule Low Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The limitpriv zone option must be set to the vendor default or less permissive.

    Solaris zones can be assigned privileges generally reserved for the global zone using the "limitpriv" zone option. Any privilege assignments in excess of the vendor defaults may provide the ability...
    Rule Low Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The systems physical devices must not be assigned to non-global zones.

    Solaris non-global zones can be assigned physical hardware devices. This increases the risk of such a non-global zone having the capability to compromise the global zone.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • SRG-OS-000480

    Group
    Show

  • The audit system must maintain a central audit trail for all zones.

    Centralized auditing simplifies the investigative process to determine the cause of a security event.
    Rule Low Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The operating system must use cryptographic mechanisms to protect and restrict access to information on portable digital media.

    When data is written to portable digital media, such as thumb drives, floppy diskettes, compact disks, and magnetic tape, etc., there is risk of data loss. An organizational assessment of risk gu...
    Rule Medium Severity
    Show

  • SRG-OS-000185

    Group
    Show

  • SRG-OS-000216

    Group
    Show

  • The operating system must use cryptographic mechanisms to protect the integrity of audit information.

    Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data.
    Rule Low Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • The sticky bit must be set on all world writable directories.

    Files in directories that have had the "sticky bit" enabled can only be deleted by users that have both write permissions for the directory in which the file resides, as well as ownership of the fi...
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • Permissions on user home directories must be 750 or less permissive.

    Group-writable or world-writable user home directories may enable malicious users to steal or modify other users' data or to gain another user's system privileges.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • Permissions on user . (hidden) files must be 750 or less permissive.

    Group-writable or world-writable user configuration files may enable malicious users to steal or modify other users' data or to gain another user's system privileges.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • Permissions on user .netrc files must be 750 or less permissive.

    .netrc files may contain unencrypted passwords that can be used to attack other systems.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • There must be no user .rhosts files.

    Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf, they may have been brought over from other systems and could contain information useful to an attacker for tho...
    Rule High Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • SRG-OS-000480

    Group
    Show

  • Users must have a valid home directory assignment.

    All users must be assigned a home directory in the passwd file. Failure to have a home directory may result in the user being put in the root directory.
    Rule Low Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • All user accounts must be configured to use a home directory that exists.

    If the user's home directory does not exist, the user will be placed in "/" and will not be able to write any files or have local environment variables set.
    Rule Low Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • All home directories must be owned by the respective user assigned to it in /etc/passwd.

    Since the user is accountable for files stored in the user's home directory, the user must be the owner of the directory.
    Rule Medium Severity
    Show

  • SRG-OS-000104

    Group
    Show

  • Duplicate User IDs (UIDs) must not exist for users within the organization.

    Users within the organization must be assigned unique UIDs for accountability and to ensure appropriate access protections.
    Rule Medium Severity
    Show

  • SRG-OS-000121

    Group
    Show

  • Duplicate UIDs must not exist for multiple non-organizational users.

    Non-organizational users must be assigned unique UIDs for accountability and to ensure appropriate access protections.
    Rule Medium Severity
    Show

  • SRG-OS-000480

    Group
    Show

  • Duplicate Group IDs (GIDs) must not exist for multiple groups.

    User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules