CIS Solaris 10 v5.2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Solaris 10 v5.2

Updated: 6/10/2016

Authority: CIS

Plugin: Unix

Revision: 1.6

Estimated Item Count: 281

File Details

Filename: CIS_Solaris_10_v5.2.0.audit

Size: 360 kB

MD5: 9638e098b27b5e976a31ba007ddd2416
SHA256: 60eb14b93aaa2b147932e23f1e9dbaeb057d730c20a5596ae5de8ef68d041cd7

Audit Items

DescriptionCategories
1.1 Use the Latest OS Release - Check if Solaris 10 10/09 release is installed

CONFIGURATION MANAGEMENT

1.2 Apply Latest OS Patches
1.3 Install Solaris Encryption Kit - Check if Package SUNWcrman is installed

CONFIGURATION MANAGEMENT

1.3 Install Solaris Encryption Kit - Check if Package SUNWcry is installed

CONFIGURATION MANAGEMENT

1.3 Install Solaris Encryption Kit - Check if Package SUNWcryr is installed

CONFIGURATION MANAGEMENT

2.1.1 Disable Local CDE ToolTalk Database Server - Make sure that /network/rpc/cde-ttdbserver:tcp is disabled

CONFIGURATION MANAGEMENT

2.1.2 Disable Local CDE Calendar Manager - Make sure that /network/rpc/cde-calendar-manager is disabled

CONFIGURATION MANAGEMENT

2.1.3 Disable Local Graphical Login Environment - Make sure that /application/graphical-login/cde-login is disabled

CONFIGURATION MANAGEMENT

2.1.3 Disable Local Graphical Login Environment - Make sure that /application/graphical-login/gdm2-login is disabled

CONFIGURATION MANAGEMENT

2.1.4 Disable Local sendmail Service - Make sure that /network/smtp:sendmail is disabled

CONFIGURATION MANAGEMENT

2.1.5 Disable Local Web Console - Make sure that /system/webconsole:console is disabled

CONFIGURATION MANAGEMENT

2.1.6 Disable Local WBEM - Make sure that application/management/wbem is disabled

CONFIGURATION MANAGEMENT

2.1.7 Disable Local BSD Print Protocol Adapter - Make sure that /application/print/rfc1179 is disabled

CONFIGURATION MANAGEMENT

2.2.1 Disable RPC Encryption Key - Make sure that /network/rpc/keyserv is disabled

CONFIGURATION MANAGEMENT

2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/passwd is disabled

CONFIGURATION MANAGEMENT

2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/server is disabled

CONFIGURATION MANAGEMENT

2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/update is disabled

CONFIGURATION MANAGEMENT

2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/xfr is disabled

CONFIGURATION MANAGEMENT

2.2.3 Disable NIS Client Daemons - Make sure that /network/nis/client is disabled

CONFIGURATION MANAGEMENT

2.2.4 Disable NIS+ daemons - Make sure that /network/rpc/nisplus is disabled

CONFIGURATION MANAGEMENT

2.2.5 Disable LDAP Cache Manager - Make sure that /network/ldap/client is disabled

CONFIGURATION MANAGEMENT

2.2.6 Disable Kerberos TGT Expiration Warning - Make sure that /network/security/ktkt_warn is disabled

CONFIGURATION MANAGEMENT

2.2.7 Disable Generic Security Services (GSS) daemons - Make sure that /network/rpc/gss is disabled

CONFIGURATION MANAGEMENT

2.2.8 Disable Volume Manager - Make sure that network/rpc/smserver is disabled

CONFIGURATION MANAGEMENT

2.2.8 Disable Volume Manager - Make sure that system/filesystem/volfs is disabled

CONFIGURATION MANAGEMENT

2.2.9 Disable Samba Support - Make sure that /etc/sfw/smb.conf does not exist. Note this check is only applicable for Solaris 10 >= 11/06

CONFIGURATION MANAGEMENT

2.2.9 Disable Samba Support - Make sure that /network/samba is disabled. Note this check is only applicable for Solaris 10 >= 8/07

CONFIGURATION MANAGEMENT

2.2.10 Disable automount daemon - Make sure that /system/filesystem/autofs is disabled.

CONFIGURATION MANAGEMENT

2.2.11 Disable Apache services - Make sure that /etc/apache/httpd.conf does not exist. Note this check is only applicable for Apache 1.x

CONFIGURATION MANAGEMENT

2.2.11 Disable Apache services - Make sure that network/http:apache2 is disabled.

CONFIGURATION MANAGEMENT

2.2.12 Disable Solaris Volume Manager Services - Make sure that /platform/sun4u/mpxio-upgrade is disabled

CONFIGURATION MANAGEMENT

2.2.12 Disable Solaris Volume Manager Services - Make sure that /system/device/mpxio-upgrade is disabled

CONFIGURATION MANAGEMENT

2.2.12 Disable Solaris Volume Manager Services - Make sure that /system/metainit is disabled - Solaris 10 <= 11/06

CONFIGURATION MANAGEMENT

2.2.12 Disable Solaris Volume Manager Services - Make sure that /system/metainit is disabled - Solaris 10 >= 8/07

CONFIGURATION MANAGEMENT

2.2.12 Disable Solaris Volume Manager Services - Make sure that system/mdmonitor is disabled - Solaris 10 <= 11/06

CONFIGURATION MANAGEMENT

2.2.12 Disable Solaris Volume Manager Services - Make sure that system/mdmonitor is disabled - Solaris 10 >= 8/07

CONFIGURATION MANAGEMENT

2.2.13 Disable Solaris Volume Manager GUI - Make sure that /network/rpc/mdcomm is disabled.

CONFIGURATION MANAGEMENT

2.2.13 Disable Solaris Volume Manager GUI - Make sure that network/rpc/meta is disabled.

CONFIGURATION MANAGEMENT

2.2.13 Disable Solaris Volume Manager GUI - Make sure that network/rpc/metamed is disabled.

CONFIGURATION MANAGEMENT

2.2.13 Disable Solaris Volume Manager GUI - Make sure that network/rpc/metamh is disabled.

CONFIGURATION MANAGEMENT

2.2.14 Disable Local RPC Port Mapping Service - Make sure that network/rpc/bind is disabled.

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that /network/rpc/bind only allows local connections (netservices limited)

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that /network/smtp:sendmail only allows local connections (netservices limited)

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that application/cde-printinfo:default is disabled (netservices limited)

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that application/graphical-login/cde-login is only limited to local connections

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that application/management/dmi:default is disabled (netservices limited)

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that application/management/seaport:default is disabled (netservices limited)

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that application/management/sma:default is disabled (netservices limited)

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that application/management/snmpdx:default is disabled (netservices limited)

CONFIGURATION MANAGEMENT

2.3 Establish a Secure Baseline - Make sure that application/management/wbem only allows local connections (netservices limited)

CONFIGURATION MANAGEMENT