Skip to content

Solaris 11 X86 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Users must have a valid home directory assignment.

    &lt;VulnDiscussion&gt;All users must be assigned a home directory in the passwd file. Failure to have a home directory may result in the user being...
    Rule Low Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • All user accounts must be configured to use a home directory that exists.

    &lt;VulnDiscussion&gt;If the user's home directory does not exist, the user will be placed in "/" and will not be able to write any files or have l...
    Rule Low Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • All home directories must be owned by the respective user assigned to it in /etc/passwd.

    &lt;VulnDiscussion&gt;Since the user is accountable for files stored in the user's home directory, the user must be the owner of the directory.&lt;...
    Rule Medium Severity
  • SRG-OS-000104

    <GroupDescription></GroupDescription>
    Group
  • Duplicate User IDs (UIDs) must not exist for users within the organization.

    &lt;VulnDiscussion&gt;Users within the organization must be assigned unique UIDs for accountability and to ensure appropriate access protections.&l...
    Rule Medium Severity
  • SRG-OS-000121

    <GroupDescription></GroupDescription>
    Group
  • Duplicate UIDs must not exist for multiple non-organizational users.

    &lt;VulnDiscussion&gt;Non-organizational users must be assigned unique UIDs for accountability and to ensure appropriate access protections.&lt;/Vu...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Duplicate Group IDs (GIDs) must not exist for multiple groups.

    &lt;VulnDiscussion&gt;User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.&lt;/VulnDiscussion&...
    Rule Medium Severity
  • The audit system must alert the SA when the audit storage volume approaches its capacity.

    &lt;VulnDiscussion&gt;Filling the audit storage area can result in a denial of service or system outage and can lead to events going undetected.&lt...
    Rule Medium Severity
  • Duplicate group names must not exist.

    &lt;VulnDiscussion&gt;If a group is assigned a duplicate group name, it will create and have access to files with the first GID for that group in g...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • User .netrc files must not exist.

    &lt;VulnDiscussion&gt;The .netrc file presents a significant security risk since it stores passwords in unencrypted form.&lt;/VulnDiscussion&gt;&lt...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • The system must not allow users to configure .forward files.

    &lt;VulnDiscussion&gt;Use of the .forward file poses a security risk in that sensitive data may be inadvertently transferred outside the organizati...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • World-writable files must not exist.

    &lt;VulnDiscussion&gt;Data in world-writable files can be read, modified, and potentially compromised by any user on the system. World-writable fil...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules