| 1.1 Use the Latest Package Updates | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/xfr is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.2.8 Disable Volume Manager - Make sure that system/filesystem/volfs is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.2.9 Disable Samba Support - Make sure that /etc/sfw/smb.conf does not exist. Note this check is only applicable for Solaris 10 >= 11/06 | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Establish a Secure Baseline - Make sure that application/x11/x11-server only allows local connections (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/finger:default is disabled (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/login:rlogin is disabled (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/rpc/metamed:default is disabled (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that system/system-log only allows local connections (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.8 Disable Removable Volume Manager - smserver | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 3.1 Restrict Core Dumps to Protected Directory - global core dumps = enabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1.2 Disable Source Packet Forwarding - Check ip_forward_src_routed value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.5 Disable Response to ICMP Broadcast Timestamp Requests - Check ip_respond_to_timestamp_broadcast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.8 Disable Response to Broadcast ICMPv4 Echo Request - Check ip_respond_to_echo_broadcast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.10 Set Interval for Scanning IRE_CACHE - Check ip_ire_arp_interval value. Expected value: 60000. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.11 Ignore ICMP Redirect Messages - Check ip_ignore_redirect value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.12 Set Strict Multihoming - Check ip6_strict_dst_multihoming value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_PROC_ENABLED is set to no | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 3.5 Disable Network Routing - Make sure that ipv4-routing is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 4.5 Enable Login Records - Check if loginlog in /etc/logadm.conf is appropiately set | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.6 Capture All Failed Login Attempts - Check if SYSLOG_FAILED_LOGINS is set to 0 in /etc/default/login. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Enable cron Logging - Check if permissions for /var/cron/log are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Enable System Accounting - Check for files in /var/adm/sa | CIS Solaris 10 L1 v5.2 | Unix | |
| 4.8 Enable System Accounting - Check if contents of /var/spool/cron/crontabs/sys (/usr/lib/sa/sa2) are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 Set Sticky Bit on World Writable Directories | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.1.6 Set SSH IgnoreRhosts to yes - Check if IgnoreRhosts is set to yes and not commented for the server. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.4 Disable .rhosts Support in /etc/pam.conf | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.7 Set Default Screen Lock for CDE Users - Check if file permissions for files under /etc/dt/config/*/sys.resources are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.8 Set Default Screen Lock for GNOME Users - Check if lock is set to true in /usr/openwin/lib/app-defaults/XScreenSaver. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.8 Set Default Screen Lock for GNOME Users - Check if lockTimeout is set to 0:00:00 in /usr/openwin/lib/app-defaults/XScreenSaver. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.9 Restrict at/cron To Authorized Users - should pass if /etc/cron.d/cron.allow permissions are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - Ensure account 'noaccess' is locked. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - Ensure account 'uucp' disallows password login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'adm' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'bin' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'nobody4' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'smmsp' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.1 Create warnings for Standard Login Services - Check if /etc/issue is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.4 Create warnings for FTP daemon - Check if /etc/ftpd/banner.msg is set appropriately. Applicable only for Solaris 2.6 or later | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.4 Create warnings for FTP daemon - Check if permissions for /etc/ftpd/banner.msg are OK. Applicable only for Solaris 2.6 or later | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.1 Check for Remote Consoles using 'consadm' command line utility | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.6 Ensure root PATH Integrity, No '.' In root's $PATH | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 9.10 Check for Presence of User .rhosts Files | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 9.13 Check That Defined Home Directories Exist | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 10.3 Restrict access to power management functions - CPRCHANGEPERM | CIS Solaris 10 L2 v5.2 | Unix | ACCESS CONTROL |
| 10.5 Create symlinks for dangerous files - /.rhosts | CIS Solaris 10 L2 v5.2 | Unix | |
| 11.3 Samba: Set Group Ownership of smb.conf File | CIS Solaris 10 L2 v5.2 | Unix | |
| 11.5 Samba: Set Group Ownership of smbpasswd File | CIS Solaris 10 L2 v5.2 | Unix | |
| 11.6 Samba: Set Secure smb.conf File Options - owner | CIS Solaris 10 L2 v5.2 | Unix | |
| 11.8 sendmail: Set Secure Permissions on Log File | CIS Solaris 10 L2 v5.2 | Unix | |
