Access to a logical domain console must be restricted to authorized users.

An XCCDF Rule

Description

<VulnDiscussion>A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216349r959010_rule
Severity: Medium
References: CCI-000366
Updated: 18 days ago

The root role is required. This action applies only to the control domain. 

Determine the domain that you are currently securing.

# virtinfo 
Domain role: LDoms control I/O service rootThe current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.

If the current domain is not the control domain, this action does not apply.

Configure the vntsd service to require authorization.

# svccfg -s vntsd setprop vntsd/authorization = true

The vntsd service must be restarted for the changes to take effect.

# svcadm restart vntsd

Access to a logical domain console must be restricted to authorized users.

Description

Remediation - Manual Procedure