DISA_STIG_Solaris_10_x86_v2r4.audit from DISA Solaris 10 X86 v2r4 STIG

GEN000000-SOL00020 - The nosuid option must be configured in the /etc/rmmount.conf file.

800-53|CM-6b.

CAT|II

CCI|CCI-000366

Rule-ID|SV-227532r603266_rule

STIG-ID|GEN000000-SOL00020

STIG-Legacy|SV-12532

STIG-Legacy|V-12031

Vuln-ID|V-227532

GEN000000-SOL00040 - The /etc/security/audit_user file must not define a different auditing level for specific users.

800-53|AU-12c.

CCI|CCI-000172

Rule-ID|SV-227533r603266_rule

STIG-ID|GEN000000-SOL00040

STIG-Legacy|SV-4353

STIG-Legacy|V-4353

Vuln-ID|V-227533

GEN000000-SOL00060 - The /etc/security/audit_user file must be owned by root.

Rule-ID|SV-227534r603266_rule

STIG-ID|GEN000000-SOL00060

STIG-Legacy|SV-4352

STIG-Legacy|V-4352

Vuln-ID|V-227534

GEN000000-SOL00080 - The /etc/security/audit_user file must be group-owned by root, sys, or bin.

Rule-ID|SV-227535r603266_rule

STIG-ID|GEN000000-SOL00080

STIG-Legacy|SV-4351

STIG-Legacy|V-4351

Vuln-ID|V-227535

GEN000000-SOL00100 - The /etc/security/audit_user file must have mode 0640 or less permissive.

800-53|AU-9

CCI|CCI-000162

Rule-ID|SV-227536r603266_rule

STIG-ID|GEN000000-SOL00100

STIG-Legacy|SV-4245

STIG-Legacy|V-4245

Vuln-ID|V-227536

GEN000000-SOL00110 - The /etc/security/audit_user file must not have an extended ACL.

Rule-ID|SV-227537r603266_rule

STIG-ID|GEN000000-SOL00110

STIG-Legacy|SV-27004

STIG-Legacy|V-22599

Vuln-ID|V-227537

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.high

800-53|AC-4(8)

800-53|AC-6

CCI|CCI-000032

CCI|CCI-000225

Rule-ID|SV-220070r603266_rule

STIG-ID|GEN000000-SOL00120

STIG-Legacy|SV-36751

STIG-Legacy|V-4313

Vuln-ID|V-220070

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.low

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med

GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliases

GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.

Rule-ID|SV-227538r603266_rule

STIG-ID|GEN000000-SOL00140

STIG-Legacy|SV-4312

STIG-Legacy|V-4312

Vuln-ID|V-227538

GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.

Rule-ID|SV-227539r603266_rule

STIG-ID|GEN000000-SOL00160

STIG-Legacy|SV-4309

STIG-Legacy|V-4309

Vuln-ID|V-227539

GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.

Rule-ID|SV-227540r603266_rule

STIG-ID|GEN000000-SOL00180

STIG-Legacy|SV-953

STIG-Legacy|V-953

Vuln-ID|V-227540

GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.

Rule-ID|SV-220071r603266_rule

STIG-ID|GEN000000-SOL00200

STIG-Legacy|SV-36750

STIG-Legacy|V-954

Vuln-ID|V-220071

GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlist

Rule-ID|SV-227541r603266_rule

STIG-ID|GEN000000-SOL00220

STIG-Legacy|SV-955

STIG-Legacy|V-955

Vuln-ID|V-227541

GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlist

GEN000000-SOL00240 - The /usr/aset/userlist file must be owned by root.

Rule-ID|SV-227542r603266_rule

STIG-ID|GEN000000-SOL00240

STIG-Legacy|SV-956

STIG-Legacy|V-956

Vuln-ID|V-227542

GEN000000-SOL00250 - The /usr/aset/userlist file must be group-owned by root.

Rule-ID|SV-227543r603266_rule

STIG-ID|GEN000000-SOL00250

STIG-Legacy|SV-27013

STIG-Legacy|V-22600

Vuln-ID|V-227543

GEN000000-SOL00260 - The /usr/aset/userlist file must have mode 0600 or less permissive.

Rule-ID|SV-227544r603266_rule

STIG-ID|GEN000000-SOL00260

STIG-Legacy|SV-957

STIG-Legacy|V-957

Vuln-ID|V-227544

GEN000000-SOL00270 - The /usr/aset/userlist file must not have an extended ACL.

Rule-ID|SV-227545r603266_rule

STIG-ID|GEN000000-SOL00270

STIG-Legacy|SV-27015

STIG-Legacy|V-22601

Vuln-ID|V-227545

GEN000000-SOL00400 - The NFS server must have logging implemented - NFS_SERVER_VERSMAX

Rule-ID|SV-227546r603266_rule

STIG-ID|GEN000000-SOL00400

STIG-Legacy|SV-40041

STIG-Legacy|V-4300

Vuln-ID|V-227546

GEN000000-SOL00400 - The NFS server must have logging implemented.

GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system.

Rule-ID|SV-227547r603266_rule

STIG-ID|GEN000000-SOL00420

STIG-Legacy|SV-12533

STIG-Legacy|V-12032

Vuln-ID|V-227547

GEN000000-SOL00440 - The root account must be the only account with GID of 0.

CAT|I

Rule-ID|SV-227548r603266_rule

STIG-ID|GEN000000-SOL00440

STIG-Legacy|SV-12534

STIG-Legacy|V-12033

Vuln-ID|V-227548

GEN000000-SOL00540 - The /etc/zones directory, and its contents, must be owned by root - /etc/zones

Rule-ID|SV-227549r603266_rule

STIG-ID|GEN000000-SOL00540

STIG-Legacy|SV-27016

STIG-Legacy|V-22603

Vuln-ID|V-227549

GEN000000-SOL00540 - The /etc/zones directory, and its contents, must be owned by root - /etc/zones/*

GEN000000-SOL00560 - The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin - /etc/zones

Rule-ID|SV-227550r603266_rule

STIG-ID|GEN000000-SOL00560

STIG-Legacy|SV-27018

STIG-Legacy|V-22604

Vuln-ID|V-227550

GEN000000-SOL00560 - The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin - /etc/zones/*

GEN000000-SOL00580 - The /etc/zones directory, and its contents, must not be group- or world-writable - /etc/zones

Rule-ID|SV-227551r603266_rule

STIG-ID|GEN000000-SOL00580

STIG-Legacy|SV-27019

STIG-Legacy|V-22605

Vuln-ID|V-227551

GEN000000-SOL00580 - The /etc/zones directory, and its contents, must not be group- or world-writable - /etc/zones/*

GEN000000-SOL00600 - The /etc/zones directory, and its contents, must not have an extended ACL.

Rule-ID|SV-227552r603266_rule

STIG-ID|GEN000000-SOL00600

STIG-Legacy|SV-27020

STIG-Legacy|V-22606

Vuln-ID|V-227552

GEN000000-SOL00620 - The inherit-pkg-dir zone option must be set to none or the system default list defined for sparse root zones.

Rule-ID|SV-227553r603266_rule

STIG-ID|GEN000000-SOL00620

STIG-Legacy|SV-27022

STIG-Legacy|V-22607

Vuln-ID|V-227553

GEN000000-SOL00640 - The limitpriv zone option must be set to the vendor default or less permissive.

Rule-ID|SV-227554r603266_rule

STIG-ID|GEN000000-SOL00640

STIG-Legacy|SV-27023

STIG-Legacy|V-22608

Vuln-ID|V-227554

GEN000000-SOL00660 - The physical devices must not be assigned to non-global zones.

Rule-ID|SV-227555r603266_rule

STIG-ID|GEN000000-SOL00660

STIG-Legacy|SV-27024

STIG-Legacy|V-22609

Vuln-ID|V-227555

GEN000020 - The system must require authentication upon booting into single-user and maintenance modes.

800-53|AC-3

CCI|CCI-000213

Rule-ID|SV-220072r603266_rule

STIG-ID|GEN000020

STIG-Legacy|SV-36752

STIG-Legacy|V-756

Vuln-ID|V-220072

GEN000100 - The operating system must be a supported release.

Rule-ID|SV-227556r877415_rule

STIG-ID|GEN000100

STIG-Legacy|SV-27051

STIG-Legacy|V-11940

Vuln-ID|V-227556

GEN000120 - System security patches and updates must be installed and up-to-date.

Detections

Analytics

DISA STIG Solaris 10 X86 v2r4

Audit Details

File Details

Audit Changelog

Revision 1.2

Miscellaneous

Revision 1.1

Functional Update

Miscellaneous


Revision 1.2 Jun 17, 2024 Miscellaneous Metadata updated.
Revision 1.1 Sep 19, 2023 Functional Update GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system. GEN000000-SOL00600 - The /etc/zones directory, and its contents, must not have an extended ACL. GEN001160 - All files and directories must have a valid owner. GEN001170 - All files and directories must have a valid group-owner. GEN001290 - All manual page files must not have extended ACLs. GEN001361 - NIS/NIS+/yp command files must not have extended ACLs. GEN001590 - All run control scripts must have no extended ACLs. GEN001810 - Skeleton files must not have extended ACLs. GEN002380 - The owner, group owner, mode, ACL, and location of files with the setuid bit set must be documented using site-defined procedures. GEN002440 - The owner, group-owner, mode, ACL, and location of files with the setgid bit set must be documented using site-defined procedures. GEN002480 - Public directories must be the only world-writable directories and world-writable files must be located only in public directories - directories GEN002480 - Public directories must be the only world-writable directories and world-writable files must be located only in public directories - files GEN002500 - The sticky bit must be set on all public directories. GEN002520 - All public directories must be owned by root or an application account. GEN002540 - All public directories must be group-owned by root or an application group. GEN003865 - Network analysis tools must not be installed. GEN005340 - Management Information Base (MIB) files must have mode 0640 or less permissive. GEN005350 - Management Information Base (MIB) files must not have extended ACLs. GEN006640 - The system must use a virus scan program. Miscellaneous Metadata updated. Variables updated.

Detections

Analytics

DISA STIG Solaris 10 X86 v2r4 Download File

Audit Details

File Details

Audit Changelog

Revision 1.2

Miscellaneous

Revision 1.1

Functional Update

Miscellaneous

DISA STIG Solaris 10 X86 v2r4