Solaris 11 SPARC Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Access to a logical domain console must be restricted to authorized users.
<VulnDiscussion>A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single compu...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The nobody access for RPC encryption key storage service must be disabled.
<VulnDiscussion>If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a ...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
X11 forwarding for SSH must be disabled.
<VulnDiscussion>As enabling X11 Forwarding on the host can permit a malicious user to secretly open another X11 connection to another remote ...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Consecutive login attempts for SSH must be limited to 3.
<VulnDiscussion>Setting the authentication login limit to a low value will disconnect the attacker and force a reconnect, which severely limi...Rule Low Severity -
The operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity.
<VulnDiscussion>This requirement applies to both internal and external networks. Terminating network connections associated with communicat...Rule Low Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Host-based authentication for login-based services must be disabled.
<VulnDiscussion>The use of .rhosts authentication is an insecure protocol and can be replaced with public-key authentication using Secure She...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The use of FTP must be restricted.
<VulnDiscussion>FTP is an insecure protocol that transfers files and credentials in clear text, and can be replaced by using SFTP. However, i...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
The system must not allow autologin capabilities from the GNOME desktop.
<VulnDiscussion>As automatic logins are a known security risk for other than "kiosk" types of systems, GNOME automatic login should be disabl...Rule High Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Unauthorized use of the at or cron capabilities must not be permitted.
<VulnDiscussion>On many systems, only the system administrator needs the ability to schedule jobs. Even though a given user is not listed in...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Logins to the root account must be restricted to the system console only.
<VulnDiscussion>Use an authorized mechanism such as RBAC and the "su" command to provide administrative access to unprivileged accounts. Thes...Rule Medium Severity -
SRG-OS-000025
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.