Detections
Analytics

CIS Solaris 11 L1 v1.1.0

Audit Details

Name: CIS Solaris 11 L1 v1.1.0

Updated: 9/19/2023

Authority: CIS

Plugin: Unix

Revision: 1.33

Estimated Item Count: 210

File Details

Filename: CIS_Solaris_11_L1_v1.1.0.audit

Size: 372 kB

MD5: 24e5c94f0b34d20092b5f2d557b3f4fa
SHA256: 54defe5c350921b4f9875fe9f5460a2c85019a0506c20beac4bc1bd6307036bc

Audit Changelog

 
Revision 1.33

Sep 19, 2023

Functional Update
  • 5.2 Set Sticky Bit on World Writable Directories
  • 9.14 Check User Home Directory Ownership
  • 9.22 Find World Writable Files
  • 9.23 Find SUID/SGID System Executables
  • 9.24 Find Un-owned Files and Directories
  • 9.25 Find Files and Directories with Extended Attributes
  • 9.7 Check Permissions on User Home Directories
  • 9.8 Check Permissions on User '.' (Hidden) Files
Miscellaneous
  • Metadata updated.
  • References updated.
  • Variables updated.
Revision 1.32

Apr 12, 2023

Functional Update
  • 7.1 Set Password Expiration Parameters on Active Accounts - MAXWEEKS = 13
  • 7.1 Set Password Expiration Parameters on Active Accounts - MINWEEKS = 1
  • 7.1 Set Password Expiration Parameters on Active Accounts - WARNWEEKS = 4
  • 7.2 Set Strong Password Creation Policies - DICTIONDBDIR = /var/passwd
  • 7.2 Set Strong Password Creation Policies - DICTIONLIST = /usr/share/lib/dict/words
  • 7.2 Set Strong Password Creation Policies - HISTORY = 10
  • 7.2 Set Strong Password Creation Policies - MAXREPEATS = 0
  • 7.2 Set Strong Password Creation Policies - MINALPHA = 2
  • 7.2 Set Strong Password Creation Policies - MINDIFF = 3
  • 7.2 Set Strong Password Creation Policies - MINLOWER = 1
  • 7.2 Set Strong Password Creation Policies - MINNONALPHA = 1
  • 7.2 Set Strong Password Creation Policies - MINUPPER = 1
  • 7.2 Set Strong Password Creation Policies - NAMECHECK = yes
  • 7.2 Set Strong Password Creation Policies - PASSLENGTH = 8
  • 7.2 Set Strong Password Creation Policies - WHITESPACE = yes
Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Revision 1.31

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.30

Jan 4, 2023

Miscellaneous
  • Metadata updated.
Revision 1.29

Dec 7, 2022

Functional Update
  • 2.12 Configure TCP Wrappers - inetadm tcp_wrapers = true
  • 3.10 Disable Response to Multicast Echo Request - current ipv4 = 0
  • 3.10 Disable Response to Multicast Echo Request - current ipv6 = 0
  • 3.10 Disable Response to Multicast Echo Request - persistent ipv4 = 0
  • 3.10 Disable Response to Multicast Echo Request - persistent ipv6 = 0
  • 3.11 Ignore ICMP Redirect Messages - current ipv4 = 1
  • 3.11 Ignore ICMP Redirect Messages - current ipv6 = 1
  • 3.11 Ignore ICMP Redirect Messages - persistent ipv4 = 1
  • 3.11 Ignore ICMP Redirect Messages - persistent ipv6 = 1
  • 3.12 Set Strict Multihoming - current ipv4 = 0
  • 3.12 Set Strict Multihoming - current ipv6 = 0
  • 3.12 Set Strict Multihoming - persistent ipv4 = 0
  • 3.12 Set Strict Multihoming - persistent ipv6 = 0
  • 3.13 Disable ICMP Redirect Messages - current ipv4 = 0
  • 3.13 Disable ICMP Redirect Messages - current ipv6 = 0
  • 3.13 Disable ICMP Redirect Messages - persistent ipv4 = 0
  • 3.13 Disable ICMP Redirect Messages - persistent ipv6 = 0
  • 3.14 Disable TCP Reverse IP Source Routing - current tcp = 0
  • 3.14 Disable TCP Reverse IP Source Routing - persistent tcp = 0
  • 3.15 Set Maximum Number of Half-open TCP Connections - current tcp = 4096
  • 3.15 Set Maximum Number of Half-open TCP Connections - persistent tcp = 4096
  • 3.16 Set Maximum Number of Incoming Connections - current tcp = 1024
  • 3.16 Set Maximum Number of Incoming Connections - persistent tcp = 1024
  • 3.4 Disable Source Packet Forwarding - current ipv4 = 0
  • 3.4 Disable Source Packet Forwarding - current ipv6 = 0
  • 3.4 Disable Source Packet Forwarding - persistent ipv4 = 0
  • 3.4 Disable Source Packet Forwarding - persistent ipv6 = 0
  • 3.5 Disable Directed Broadcast Packet Forwarding - current ip = 0
  • 3.5 Disable Directed Broadcast Packet Forwarding - persistent ip = 0
  • 3.6 Disable Response to ICMP Timestamp Requests - current ip = 0
  • 3.6 Disable Response to ICMP Timestamp Requests - persistent ip = 0
  • 3.7 Disable Response to ICMP Broadcast Timestamp Requests - current ip = 0
  • 3.7 Disable Response to ICMP Broadcast Timestamp Requests - persistent ip = 0
  • 3.8 Disable Response to ICMP Broadcast Netmask Requests - current ip = 0
  • 3.8 Disable Response to ICMP Broadcast Netmask Requests - persistent ip = 0
  • 3.9 Disable Response to Broadcast ICMPv4 Echo Request - current ip = 0
  • 3.9 Disable Response to Broadcast ICMPv4 Echo Request - persistent ip = 0
  • 4.1 Create CIS Audit Class
  • 4.5 Configure Solaris Auditing - audit condition = auditing
  • 4.5 Configure Solaris Auditing - audit_binfile (active)
  • 6.11 Remove Autologin Capabilities from the GNOME desktop
  • 6.12 Set Default Screen Lock for GNOME Users
  • 6.12 Set Default Screen Lock for GNOME Users - lock = true
  • 6.12 Set Default Screen Lock for GNOME Users - lockTimeout = 0
  • 6.12 Set Default Screen Lock for GNOME Users - timeout = 10
  • 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC)
  • 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-#badlogins = 0
  • 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-mode = command
  • 6.17 Secure the GRUB Menu (Intel)
  • 6.17 Secure the GRUB Menu (Intel) - lock
  • 6.17 Secure the GRUB Menu (Intel) - menu.lst perms
  • 6.17 Secure the GRUB Menu (Intel) - password --md5
  • 7.6 Lock Inactive User Accounts - useradd -D, 35
  • 8.3 Enable a Warning Banner for the GNOME Service
Miscellaneous
  • Variables updated.
Revision 1.28

Apr 25, 2022

Miscellaneous
  • Metadata updated.
Revision 1.27

Mar 29, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.26

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.25

Feb 1, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.24

Oct 5, 2020

Functional Update
  • 2.1 Disable Local-only Graphical Login Environment
  • 6.11 Remove Autologin Capabilities from the GNOME desktop
  • 6.12 Set Default Screen Lock for GNOME Users
  • 6.12 Set Default Screen Lock for GNOME Users - lock = true
  • 6.12 Set Default Screen Lock for GNOME Users - lockTimeout = 0
  • 6.12 Set Default Screen Lock for GNOME Users - timeout = 10
  • 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC)
  • 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-#badlogins = 0
  • 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-mode = command
  • 6.17 Secure the GRUB Menu (Intel)
  • 6.17 Secure the GRUB Menu (Intel) - lock
  • 6.17 Secure the GRUB Menu (Intel) - menu.lst perms
  • 6.17 Secure the GRUB Menu (Intel) - password --md5
  • 6.9 Restrict FTP Use
  • 6.9 Restrict FTP Use - /etc/ftpd/ftpusers file does not exist
  • 6.9 Restrict FTP Use - ftp service disabled
  • 7.4 Set Default File Creation Mask for FTP Users
  • 8.3 Enable a Warning Banner for the GNOME Service
  • 8.4 Enable a Warning Banner for the FTP service
  • 8.4 Enable a Warning Banner for the FTP service - DisplayConnect /etc/issue
Miscellaneous
  • Platform check updated.