CIS Solaris 11.2 L1 v1.1.0

Audit Details

Name: CIS Solaris 11.2 L1 v1.1.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.24

Estimated Item Count: 210

File Details

Filename: CIS_Solaris_11.2_L1_v1.1.0.audit

Size: 407 kB

MD5: d717d001843c0f499ea5aed8eee03841
SHA256: bf40d56a22e3bf87614ad9ba947addfe40bb4f36e349516d6d37b3589968278e

Audit Items

DescriptionCategories
1.1 Use the Latest Package Updates

SYSTEM AND INFORMATION INTEGRITY

2.1 Disable Local-only Graphical Login Environment

CONFIGURATION MANAGEMENT

2.2 Configure sendmail Service for Local-Only Mode
2.3 Disable RPC Encryption Key
2.4 Disable NIS Server Services - domain
2.4 Disable NIS Server Services - server
2.5 Disable NIS Client Services - client
2.5 Disable NIS Client Services - domain
2.6 Disable Kerberos TGT Expiration Warning
2.7 Disable Generic Security Services (GSS)
2.8 Disable Removable Volume Manager - rmvolmgr
2.8 Disable Removable Volume Manager - smserver
2.9 Disable automount Service
2.10 Disable Apache Service
2.11 Configure TCP Wrappers - hosts.allow

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - hosts.deny

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - inetadm tcp_wrapers = true

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - svcprop tcp_wrappers true

SYSTEM AND COMMUNICATIONS PROTECTION

2.12 Disable Telnet Service
3.1 Restrict Core Dumps to Protected Directory - /var/share/cores
3.1 Restrict Core Dumps to Protected Directory - global core dump logging = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core dumps = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core file content

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core file pattern

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - init core file content

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - init core file pattern

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - per-process core dumps = disabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - per-process setid core dumps = disabled

ACCESS CONTROL

3.2 Enable Stack Protection - noexec_user_stack

SYSTEM AND INFORMATION INTEGRITY

3.2 Enable Stack Protection - noexec_user_stack_log

AUDIT AND ACCOUNTABILITY

3.3 Enable Strong TCP Sequence Number Generation - TCP_STRONG_ISS = 2

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - persistent ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - current ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - current ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - persistent ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Directed Broadcast Packet Forwarding - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Directed Broadcast Packet Forwarding - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Disable Response to ICMP Timestamp Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Disable Response to ICMP Timestamp Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Disable Response to ICMP Broadcast Timestamp Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Disable Response to ICMP Broadcast Timestamp Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Disable Response to ICMP Broadcast Netmask Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Disable Response to ICMP Broadcast Netmask Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Disable Response to Broadcast ICMPv4 Echo Request - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Disable Response to Broadcast ICMPv4 Echo Request - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - current ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - current ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - persistent ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - persistent ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION