DISA_STIG_Solaris_10_SPARC_v2r2.audit from DISA Solaris 10 SPARC v2r2 STIG

GEN000000-SOL00020 - The nosuid option must be configured in the /etc/rmmount.conf file.

800-53|AC-6(10)

CAT|II

CCI|CCI-000366

Rule-ID|SV-226405r603265_rule

STIG-ID|GEN000000-SOL00020

STIG-Legacy|SV-12532

STIG-Legacy|V-12031

Vuln-ID|V-226405

GEN000000-SOL00040 - The /etc/security/audit_user file must not define a different auditing level for specific users.

800-53|AU-3(1)

CCI|CCI-000172

CSCv6|6.2

Rule-ID|SV-226406r603265_rule

STIG-ID|GEN000000-SOL00040

STIG-Legacy|SV-4353

STIG-Legacy|V-4353

Vuln-ID|V-226406

GEN000000-SOL00060 - The /etc/security/audit_user file must be owned by root.

800-53|CM-6

CSCv6|3.1

Rule-ID|SV-226407r603265_rule

STIG-ID|GEN000000-SOL00060

STIG-Legacy|SV-4352

STIG-Legacy|V-4352

Vuln-ID|V-226407

GEN000000-SOL00080 - The /etc/security/audit_user file must be group-owned by root, sys, or bin.

Rule-ID|SV-226408r603265_rule

STIG-ID|GEN000000-SOL00080

STIG-Legacy|SV-4351

STIG-Legacy|V-4351

Vuln-ID|V-226408

GEN000000-SOL00100 - The /etc/security/audit_user file must have mode 0640 or less permissive.

CCI|CCI-000162

Rule-ID|SV-226409r603265_rule

STIG-ID|GEN000000-SOL00100

STIG-Legacy|SV-4245

STIG-Legacy|V-4245

Vuln-ID|V-226409

GEN000000-SOL00110 - The /etc/security/audit_user file must not have an extended ACL.

800-53|AC-3(4)

Rule-ID|SV-226410r603265_rule

STIG-ID|GEN000000-SOL00110

STIG-Legacy|SV-27004

STIG-Legacy|V-22599

Vuln-ID|V-226410

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.high

CCI|CCI-000032

CCI|CCI-000225

Rule-ID|SV-220017r603265_rule

STIG-ID|GEN000000-SOL00120

STIG-Legacy|SV-36751

STIG-Legacy|V-4313

Vuln-ID|V-220017

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.low

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliases

GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.

Rule-ID|SV-226411r603265_rule

STIG-ID|GEN000000-SOL00140

STIG-Legacy|SV-4312

STIG-Legacy|V-4312

Vuln-ID|V-226411

GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.

800-53|SC-7(12)

CSCv6|9.2

Rule-ID|SV-226412r603265_rule

STIG-ID|GEN000000-SOL00160

STIG-Legacy|SV-4309

STIG-Legacy|V-4309

Vuln-ID|V-226412

GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.

800-53|SI-7(1)

Rule-ID|SV-226413r603265_rule

STIG-ID|GEN000000-SOL00180

STIG-Legacy|SV-953

STIG-Legacy|V-953

Vuln-ID|V-226413

GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.

Rule-ID|SV-220018r603265_rule

STIG-ID|GEN000000-SOL00200

STIG-Legacy|SV-36750

STIG-Legacy|V-954

Vuln-ID|V-220018

GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlist

Rule-ID|SV-226414r603265_rule

STIG-ID|GEN000000-SOL00220

STIG-Legacy|SV-955

STIG-Legacy|V-955

Vuln-ID|V-226414

GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlist

GEN000000-SOL00240 - The /usr/aset/userlist file must be owned by root.

Rule-ID|SV-226415r603265_rule

STIG-ID|GEN000000-SOL00240

STIG-Legacy|SV-956

STIG-Legacy|V-956

Vuln-ID|V-226415

GEN000000-SOL00250 - The /usr/aset/userlist file must be group-owned by root.

Rule-ID|SV-226416r603265_rule

STIG-ID|GEN000000-SOL00250

STIG-Legacy|SV-27013

STIG-Legacy|V-22600

Vuln-ID|V-226416

GEN000000-SOL00260 - The /usr/aset/userlist file must have mode 0600 or less permissive.

Rule-ID|SV-226417r603265_rule

STIG-ID|GEN000000-SOL00260

STIG-Legacy|SV-957

STIG-Legacy|V-957

Vuln-ID|V-226417

GEN000000-SOL00270 - The /usr/aset/userlist file must not have an extended ACL.

Rule-ID|SV-226418r603265_rule

STIG-ID|GEN000000-SOL00270

STIG-Legacy|SV-27015

STIG-Legacy|V-22601

Vuln-ID|V-226418

GEN000000-SOL00300 - The Solaris system EEPROM security-mode parameter must be set to full or command mode.

800-53|SI-7(9)

Rule-ID|SV-226419r603265_rule

STIG-ID|GEN000000-SOL00300

STIG-Legacy|SV-958

STIG-Legacy|V-958

Vuln-ID|V-226419

GEN000000-SOL00400 - The NFS server must have logging implemented - NFS_SERVER_VERSMAX

800-53|AU-12

Rule-ID|SV-226420r603265_rule

STIG-ID|GEN000000-SOL00400

STIG-Legacy|SV-40041

STIG-Legacy|V-4300

Vuln-ID|V-226420

GEN000000-SOL00400 - The NFS server must have logging implemented.

GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system.

Rule-ID|SV-226421r603265_rule

STIG-ID|GEN000000-SOL00420

STIG-Legacy|SV-12533

STIG-Legacy|V-12032

Vuln-ID|V-226421

GEN000000-SOL00440 - The root account must be the only account with GID of 0.

800-53|AC-6(5)

CAT|I

CSCv6|5.1

Rule-ID|SV-226422r603265_rule

STIG-ID|GEN000000-SOL00440

STIG-Legacy|SV-12534

STIG-Legacy|V-12033

Vuln-ID|V-226422

GEN000000-SOL00540 - The /etc/zones directory, and its contents, must be owned by root - /etc/zones

Rule-ID|SV-226423r603265_rule

STIG-ID|GEN000000-SOL00540

STIG-Legacy|SV-27016

STIG-Legacy|V-22603

Vuln-ID|V-226423

GEN000000-SOL00540 - The /etc/zones directory, and its contents, must be owned by root - /etc/zones/*

GEN000000-SOL00560 - The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin - /etc/zones

Rule-ID|SV-226424r603265_rule

STIG-ID|GEN000000-SOL00560

STIG-Legacy|SV-27018

STIG-Legacy|V-22604

Vuln-ID|V-226424

GEN000000-SOL00560 - The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin - /etc/zones/*

GEN000000-SOL00580 - The /etc/zones directory, and its contents, must not be group- or world-writable - /etc/zones

Rule-ID|SV-226425r603265_rule

STIG-ID|GEN000000-SOL00580

STIG-Legacy|SV-27019

STIG-Legacy|V-22605

Vuln-ID|V-226425

GEN000000-SOL00580 - The /etc/zones directory, and its contents, must not be group- or world-writable - /etc/zones/*

GEN000000-SOL00600 - The /etc/zones directory, and its contents, must not have an extended ACL.

Rule-ID|SV-226426r603265_rule

STIG-ID|GEN000000-SOL00600

STIG-Legacy|SV-27020

STIG-Legacy|V-22606

Vuln-ID|V-226426

GEN000000-SOL00620 - The inherit-pkg-dir zone option must be set to none or the system default list defined for sparse root zones.

800-53|AC-6(4)

Rule-ID|SV-226427r603265_rule

STIG-ID|GEN000000-SOL00620

STIG-Legacy|SV-27022

STIG-Legacy|V-22607

Vuln-ID|V-226427

GEN000000-SOL00640 - The limitpriv zone option must be set to the vendor default or less permissive.

Rule-ID|SV-226428r603265_rule

STIG-ID|GEN000000-SOL00640

STIG-Legacy|SV-27023

STIG-Legacy|V-22608

Vuln-ID|V-226428

GEN000000-SOL00660 - The physical devices must not be assigned to non-global zones.

Rule-ID|SV-226429r603265_rule

STIG-ID|GEN000000-SOL00660

STIG-Legacy|SV-27024

STIG-Legacy|V-22609

Vuln-ID|V-226429

GEN000020 - The system must require authentication upon booting into single-user and maintenance modes.

Detections

Analytics

Revision 1.4

Apr 12, 2023

Functional Update

Miscellaneous