| GEN001880 - All local initialization files must have mode 0740 or less permissive - .env | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN001940 - User start-up files must not execute world-writable programs. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN001980 - The .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups - /etc/hosts.equiv | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002020 - All .rhosts, .shosts, or host.equiv files must only contain trusted host-user pairs. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002060 - All .rhosts, .shosts, .netrc, or hosts.equiv files must be accessible by only root or the owner - .rhosts perms | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002210 - All shell files must be group-owned by root, bin, or sys. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002500 - The sticky bit must be set on all public directories. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003210 - The cron.deny file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003460 - The at.allow file must be owned by root, bin, or sys. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003790 - The services file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003900 - The hosts.lpd file (or equivalent) must not contain a '+' character - Allow from | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003980 - The traceroute command must be group-owned by sys, bin, or root. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN004010 - The traceroute file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN004660 - The SMTP service must not have the EXPN feature active. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN004710 - Mail relaying must be restricted - Sendmail | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN004950 - The ftpusers file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005120 - The TFTP daemon must be configured to vendor specifications, including a dedicated TFTP user account, a non-login shell, such as /bin/false, and a home directory owned by the TFTP user - a non-login shell | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005120 - The TFTP daemon must be configured to vendor specifications, including a dedicated TFTP user account, a non-login shell, such as /bin/false, and a home directory owned by the TFTP user - home directory | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005190 - The .Xauthority files must not have extended ACLs. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005300 - SNMP communities, users, and passphrases must be changed from the default - /usr/sfw/lib/sma_snmp/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005360 - The snmpd.conf files must be owned by root - /etc/sma/snmp/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005365 - The snmpd.conf file must be group-owned by root, sys, or bin - /etc/sma/snmp/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005365 - The snmpd.conf file must be group-owned by root, sys, or bin - /etc/snmp/conf/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005395 - The /etc/syslog.conf file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005440 - The system must not be used as a syslog server (log host) for systems external to the enclave. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005460 - The system must only use remote syslog servers (log hosts) justified and documented using site-defined procedures. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005480 - The syslog daemon must not accept remote messages unless it is a syslog server documented using site-defined procedures. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005504 - The SSH daemon must only listen on management network addresses unless authorized for uses other than management. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005511 - The SSH client must be configured to not use CBC-based ciphers. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005522 - The SSH public host key files must have mode 0644 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005538 - The SSH daemon must not allow rhosts RSA authentication. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005540 - The SSH daemon must be configured for IP filtering - hosts.allow | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005560 - The system must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005770 - The NFS exports configuration file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005800 - All NFS-exported system files and system directories must be owned by root. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005860 - The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none - nfssec.conf default | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006120 - The smb.conf file must be group-owned by root, bin, or sys. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006210 - The smbpasswd file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006230 - Samba must be configured to use encrypted passwords. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006235 - Samba must be configured to not allow guest access to shares. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006360 - The files in /etc/news must be group-owned by root - /etc/news/* | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - default deny | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - host.allow | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN007900 - The system must use an appropriate reverse-path filter for IPv6 network traffic, if the system uses IPv6. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN007920 - The system must not forward IPv6 source-routed packets - dladm show-link | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008140 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be owned by root - key3.db | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008160 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be group-owned by root, bin, or sys - key3.db | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008180 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must have mode 0644 (0755 for directories) or less permissive - cert8.db | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008200 - If the system is using LDAP for authentication or account information, the LDAP TLS certificate authority file and/or directory (as appropriate) must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
