Detections
Analytics
SOL-11.1-090280 - The operating system must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.
Information
In the case of denial of service attacks, care must be taken when designing the operating system so as to ensure that the operating system makes the best use of system resources.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
The Network Management profile is required.Set each link's speed-duplex protection to an appropriate value based on each configured network interface's POSSIBLE settings.
Determine the OS version that is being secured:
# uname -a
For Solaris 11, 11.1, 11.2, and 11.3:
# pfexec dladm set-linkprop -p en_1000fdx_cap=1 net0
Verify EFFECTIVE column
# dladm show-linkprop net0 | egrep 'LINK|en_' | sort|uniq
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
net0 en_1000fdx_cap rw 1 1 1 1,0
net0 en_1000hdx_cap r- 0 0 0 1,0
net0 en_100fdx_cap rw 1 1 1 1,0
net0 en_100hdx_cap rw 1 1 1 1,0
net0 en_10fdx_cap rw 1 1 1 1,0
net0 en_10gfdx_cap -- -- -- 0 1,0
net0 en_10hdx_cap rw 1 1 1 1,0
Do the above for all available/connected network adapters.
For Solaris 11.4.x or newer:
# pfexec dladm set-linkprop -p speed-duplex=1g-f,100m-f net0
Verify EFFECTIVE column
# dladm show-linkprop -p speed-duplex net0
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
net0 speed-duplex rw 1g-f,100m-f 1g-f,100m-f 1g-f, 1g-f,100m-f,
100m-f, 100m-h,10m-f,
100m-h, 10m-h
10m-f,
10m-h
Do the above for all available/connected network adapters.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_11_x86_V2R9_STIG.zip
Item Details
Audit Name: DISA STIG Solaris 11 X86 v2r9
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-5(2), CAT|II, CCI|CCI-001095, Rule-ID|SV-216237r940018_rule, STIG-ID|SOL-11.1-090280, STIG-Legacy|SV-60771, STIG-Legacy|V-47899, Vuln-ID|V-216237
Plugin: Unix
Control ID: 3551c2f55dc444916c0b69bd8869f4658717d3a4c00bfbcbcf069d6de995bfa3