CIS Oracle Solaris 11.4 L1 v1.0.0

Audit Details

Name: CIS Oracle Solaris 11.4 L1 v1.0.0

Updated: 11/18/2022

Authority: CIS

Plugin: Unix

Revision: 1.7

Estimated Item Count: 179

File Details

Filename: CIS_Oracle_Solaris_11.4_L1_v1.0.0.audit

Size: 353 kB

MD5: c244c6fbb899e63681a8c83448295313
SHA256: 01c5b39d5a7076bf0b0f7639ac853712eb823766023fc6419c1b3f95c7801801

Audit Items

DescriptionCategories
1.1 Use the Latest Package Updates

SYSTEM AND INFORMATION INTEGRITY

2.1 Configure TCP Wrappers - hosts.allow

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Configure TCP Wrappers - hosts.deny

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Configure TCP Wrappers - inetadm

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Configure TCP Wrappers - rpc/bind

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Disable Local-only Graphical Login Environment

SYSTEM AND INFORMATION INTEGRITY

2.3 Configure sendmail Service for Local-Only Mode

SYSTEM AND INFORMATION INTEGRITY

2.4 Disable RPC Encryption Key

SYSTEM AND INFORMATION INTEGRITY

2.5 Disable Generic Security Services (GSS)

SYSTEM AND INFORMATION INTEGRITY

2.6 Disable Apache Service

SYSTEM AND INFORMATION INTEGRITY

2.7 Disable Kerberos TGT Expiration Warning

SYSTEM AND INFORMATION INTEGRITY

2.8 Disable NIS Client Services - nis client

SYSTEM AND INFORMATION INTEGRITY

2.8 Disable NIS Client Services - nis domain

SYSTEM AND INFORMATION INTEGRITY

2.9 Disable NIS Server Services - nis domain

SYSTEM AND INFORMATION INTEGRITY

2.9 Disable NIS Server Services - nis server

SYSTEM AND INFORMATION INTEGRITY

2.10 Disable Removable Volume Manager - rmvolmgr

SYSTEM AND INFORMATION INTEGRITY

2.10 Disable Removable Volume Manager - smserver

SYSTEM AND INFORMATION INTEGRITY

2.11 Disable automount Service

SYSTEM AND INFORMATION INTEGRITY

2.12 Disable Telnet Service

SYSTEM AND INFORMATION INTEGRITY

3.1 Disable Response to Broadcast ICMPv4 Echo Request

SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Disable Response to ICMP Broadcast Netmask Requests

SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Enable Strong TCP Sequence Number Generation - /etc/default/inetinit

SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Enable Strong TCP Sequence Number Generation - ipadm

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Response to ICMP Broadcast Timestamp Requests

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Source Packet Forwarding - ipv4

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Source Packet Forwarding - ipv6

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Disable Directed Broadcast Packet Forwarding

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Enable Stack Protection - nxheap

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Enable Stack Protection - nxstack

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Restrict Core Dumps to Protected Directory - /var/share/cores

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - core diagnostic alert

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - diagnostic core dumps

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - global core dump logging

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - global core dumps

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - global core file content

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - global core file pattern

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - global setid core dumps

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - init core file content

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - init core file pattern

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - kernel zone core dumps

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - kernel zone core file pattern

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - per-process core dumps

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - per-process setid core dumps

CONFIGURATION MANAGEMENT

3.8 Restrict Core Dumps to Protected Directory - retention policy

CONFIGURATION MANAGEMENT

3.9 Disable Response to ICMP Timestamp Requests

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - ipv4

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - ipv6

SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ignore ICMP Redirect Messages - ipv4

SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ignore ICMP Redirect Messages - ipv6

SYSTEM AND COMMUNICATIONS PROTECTION

3.12 Set Strict Multihoming - ipv4

SYSTEM AND COMMUNICATIONS PROTECTION