Solaris 11 X86 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The system must set maximum number of half-open TCP connections to 4096.
This setting controls how many half-open connections can exist for a TCP port. It is necessary to control the number of completed connections to the system to provide some protection against denia...Rule Medium Severity -
The system must set maximum number of incoming connections to 1024.
This setting controls the maximum number of incoming connections that can be accepted on a TCP port limiting exposure to denial of service attacks.Rule Low Severity -
The FTP service must display the DoD approved system use notification message or banner before granting access to the system.
Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monito...Rule Low Severity -
The operating system must terminate all sessions and network connections when nonlocal maintenance is completed.
Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the internet) or an internal network....Rule Medium Severity -
The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication.
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity, and ...Rule Medium Severity -
The operating system must protect the confidentiality and integrity of information at rest.
When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and d...Rule Low Severity -
Groups assigned to users must exist in the /etc/group file.
Groups defined in passwd but not in group file pose a threat to system security since group permissions are not properly managed.Rule Medium Severity -
World-writable files must not exist.
Data in world-writable files can be read, modified, and potentially compromised by any user on the system. World-writable files may also indicate an incorrectly written script or program that could...Rule Medium Severity -
All valid SUID/SGID files must be documented.
There are valid reasons for SUID/SGID programs, but it is important to identify and review such programs to ensure they are legitimate.Rule Low Severity -
The operating system must have no unowned files.
A new user who is assigned a deleted user's user ID or group ID may then end up owning these files, and thus have more access on the system than was intended.Rule Medium Severity -
Address Space Layout Randomization (ASLR) must be enabled.
Modification of memory area can result in executable code vulnerabilities. ASLR can reduce the likelihood of these attacks. ASLR activates the randomization of key areas of the process such as stac...Rule Low Severity -
The system must be configured to store any process core dumps in a specific, centralized directory.
Specifying a centralized location for core file creation allows for the centralized protection of core files. Process core dumps contain the memory in use by the process when it crashed. Any data t...Rule Medium Severity -
The kernel core dump data directory must be group-owned by root.
Kernel core dumps may contain the full contents of system memory at the time of the crash. As the system memory may contain sensitive information, it must be protected accordingly. If the kernel co...Rule Medium Severity -
The operating system must implement transaction recovery for transaction-based systems.
Recovery and reconstitution constitutes executing an operating system contingency plan comprised of activities to restore essential missions and business functions. Transaction rollback and trans...Rule Medium Severity -
A file integrity baseline must be created, maintained, and reviewed at least weekly to determine if unauthorized changes have been made to important system files located in the root file system.
A file integrity baseline is a collection of file metadata used to evaluate the integrity of the system. A minimal baseline must contain metadata for all device files, setuid files, setgid files, s...Rule Medium Severity -
Direct logins must not be permitted to shared, default, application, or utility accounts.
Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or indi...Rule Medium Severity -
The system must not have any unnecessary accounts.
Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and a...Rule Low Severity -
The operating system must conduct backups of system-level information contained in the information system per organization-defined frequency to conduct backups that are consistent with recovery time and recovery point objectives.
Operating system backup is a critical step in maintaining data assurance and availability. System-level information is data generated for/by the host (such as configuration settings) and/or admin...Rule Medium Severity -
The operating system must conduct backups of operating system documentation including security-related documentation per organization-defined frequency to conduct backups that is consistent with recovery time and recovery point objectives.
Operating system backup is a critical step in maintaining data assurance and availability. System documentation is data generated for/by the host (such as logs) and/or administrative users. Back...Rule Medium Severity -
The operating system must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means.
In order to minimize potential negative impact to the organization caused by malicious code, it is imperative that malicious code is identified and eradicated prior to entering protected enclaves v...Rule Medium Severity -
All manual editing of system-relevant files shall be done using the pfedit command, which logs changes made to the files.
Editing a system file with common tools such as vi, emacs, or gedit does not allow the auditing of changes made by an operator. This reduces the capability of determining which operator made securi...Rule Low Severity -
The operating system must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.
In the case of denial of service attacks, care must be taken when designing the operating system so as to ensure that the operating system makes the best use of system resources.Rule Medium Severity -
The audit system must identify in which zone an event occurred.
Tracking the specific Solaris zones in the audit trail reduces the time required to determine the cause of a security event.Rule Low Severity -
The operating system must monitor for unauthorized connections of mobile devices to organizational information systems.
Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., noteb...Rule Medium Severity -
The audit system must alert the System Administrator (SA) if there is any type of audit failure.
Proper alerts to system administrators and Information Assurance (IA) officials of audit failures ensure a timely response to critical system issues.Rule High Severity -
The operating system must employ automated mechanisms, per organization-defined frequency, to detect the addition of unauthorized components/devices into the operating system.
Addition of unauthorized code or packages may result in data corruption or theft.Rule Medium Severity -
The operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.
Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., noteb...Rule Medium Severity -
The operating system must employ cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures.
Ensuring that transmitted information is not altered during transmission requires the operating system take feasible measures to employ transmission layer security. This requirement applies to comm...Rule Medium Severity -
The operating system must protect the confidentiality of transmitted information.
Ensuring the confidentiality of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across...Rule Medium Severity -
The operating system must employ cryptographic mechanisms to protect information in storage.
When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and d...Rule Low Severity -
The operating system must protect the integrity of transmitted information.
Ensuring the integrity of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across inter...Rule Medium Severity -
The operating system must identify potentially security-relevant error conditions.
Security functional testing involves testing the operating system for conformance to the operating system security function specifications, as well as for the underlying security model. The need to...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.