CIS Solaris 11.1 L1 v1.0.0

Audit Details

Name: CIS Solaris 11.1 L1 v1.0.0

Updated: 11/6/2024

Authority: CIS

Plugin: Unix

Revision: 1.37

Estimated Item Count: 215

File Details

Filename: CIS_Solaris_11.1_L1_v1.0.0.audit

Size: 392 kB

MD5: 42e252c68b685657765586f963cbd064
SHA256: dab43889bc94efdc7ba12ab4aa75341a7e216714778e63c1d0466ca909d56d44

Audit Items

DescriptionCategories
1.1 Use the Latest Package Updates

SYSTEM AND INFORMATION INTEGRITY

2.1 Disable Local-only Graphical Login Environment

CONFIGURATION MANAGEMENT

2.2 Configure sendmail Service for Local-Only Mode
2.3 Disable RPC Encryption Key
2.4 Disable NIS Server Services - domain
2.4 Disable NIS Server Services - server
2.5 Disable NIS Client Services - client
2.5 Disable NIS Client Services - domain
2.6 Disable Kerberos TGT Expiration Warning
2.7 Disable Generic Security Services (GSS)
2.8 Disable Removable Volume Manager - rmvolmgr
2.8 Disable Removable Volume Manager - smserver
2.9 Disable automount Service
2.10 Disable Apache Service
2.11 Configure TCP Wrappers - hosts.allow

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - hosts.deny

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - inetadm tcp_wrapers = true

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - svcprop tcp_wrappers false

SYSTEM AND COMMUNICATIONS PROTECTION

2.12 Disable Telnet Service
3.1 Restrict Core Dumps to Protected Directory - /var/share/cores
3.1 Restrict Core Dumps to Protected Directory - global core dump logging = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core dumps = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core file content

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core file pattern

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - init core file content

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - init core file pattern

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - per-process core dumps = disabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - per-process setid core dumps = disabled

ACCESS CONTROL

3.2 Enable Stack Protection - set noexec_user_stack = 1

SYSTEM AND INFORMATION INTEGRITY

3.2 Enable Stack Protection - set noexec_user_stack_log = 1

AUDIT AND ACCOUNTABILITY

3.3 Enable Strong TCP Sequence Number Generation - TCP_STRONG_ISS = 2

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - current ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - current ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - persistent ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - persistent ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Directed Broadcast Packet Forwarding - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Directed Broadcast Packet Forwarding - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Disable Response to ICMP Timestamp Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Disable Response to ICMP Timestamp Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Disable Response to ICMP Broadcast Timestamp Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Disable Response to ICMP Broadcast Timestamp Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Disable Response to ICMP Broadcast Netmask Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Disable Response to ICMP Broadcast Netmask Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Disable Response to Broadcast ICMPv4 Echo Request - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Disable Response to Broadcast ICMPv4 Echo Request - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - current ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - current ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - persistent ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - persistent ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION