Detections
Analytics

CIS Solaris 11.2 L1 v1.1.0

Audit Details

Name: CIS Solaris 11.2 L1 v1.1.0

Updated: 9/19/2023

Authority: CIS

Plugin: Unix

Revision: 1.30

Estimated Item Count: 210

File Details

Filename: CIS_Solaris_11.2_L1_v1.1.0.audit

Size: 419 kB

MD5: 973f87f3021acb6e7088000ffd92f613
SHA256: 3439036bae813ea938bb8ae7be0b671b3eb6bbd438adbcf15c2f2626eaf0c7fa

Audit Items

DescriptionCategories
1.1 Use the Latest Package Updates

SYSTEM AND INFORMATION INTEGRITY

2.1 Disable Local-only Graphical Login Environment

CONFIGURATION MANAGEMENT

2.2 Configure sendmail Service for Local-Only Mode
2.3 Disable RPC Encryption Key
2.4 Disable NIS Server Services - domain
2.4 Disable NIS Server Services - server
2.5 Disable NIS Client Services - client
2.5 Disable NIS Client Services - domain
2.6 Disable Kerberos TGT Expiration Warning
2.7 Disable Generic Security Services (GSS)
2.8 Disable Removable Volume Manager - rmvolmgr
2.8 Disable Removable Volume Manager - smserver
2.9 Disable automount Service
2.10 Disable Apache Service
2.11 Configure TCP Wrappers - hosts.allow

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - hosts.deny

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - inetadm tcp_wrapers = true

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - svcprop tcp_wrappers true

SYSTEM AND COMMUNICATIONS PROTECTION

2.12 Disable Telnet Service
3.1 Restrict Core Dumps to Protected Directory - /var/share/cores
3.1 Restrict Core Dumps to Protected Directory - global core dump logging = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core dumps = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core file content

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global core file pattern

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - init core file content

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - init core file pattern

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - per-process core dumps = disabled

ACCESS CONTROL

3.1 Restrict Core Dumps to Protected Directory - per-process setid core dumps = disabled

ACCESS CONTROL

3.2 Enable Stack Protection - noexec_user_stack

SYSTEM AND INFORMATION INTEGRITY

3.2 Enable Stack Protection - noexec_user_stack_log

AUDIT AND ACCOUNTABILITY

3.3 Enable Strong TCP Sequence Number Generation - TCP_STRONG_ISS = 2

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - persistent ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - current ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - current ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Disable Source Packet Forwarding - persistent ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Directed Broadcast Packet Forwarding - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable Directed Broadcast Packet Forwarding - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Disable Response to ICMP Timestamp Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Disable Response to ICMP Timestamp Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Disable Response to ICMP Broadcast Timestamp Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Disable Response to ICMP Broadcast Timestamp Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Disable Response to ICMP Broadcast Netmask Requests - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Disable Response to ICMP Broadcast Netmask Requests - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Disable Response to Broadcast ICMPv4 Echo Request - current ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Disable Response to Broadcast ICMPv4 Echo Request - persistent ip = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - current ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - current ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - persistent ipv4 = 0

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Disable Response to Multicast Echo Request - persistent ipv6 = 0

SYSTEM AND COMMUNICATIONS PROTECTION