| GEN000000-SOL00060 - The /etc/security/audit_user file must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000000-SOL00250 - The /usr/aset/userlist file must be group-owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002740 - The audit system must be configured to audit file deletions - +fd and -fd | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002752 - The audit system must be configured to audit account disabling - naflags +ua and -ua | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN002760 - The audit system must be configured to audit all administrative, privileged, and security actions - flags am | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002800 - The audit system must be configured to audit login, logout, and session initiation - flags lo | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003160 - Cron logging must be implemented - configured | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003210 - The cron.deny file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003460 - The at.allow file must be owned by root, bin, or sys. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003740 - The inetd.conf file must have mode 0440 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN003940 - The hosts.lpd (or equivalent) must have mode 0644 or less permissive - httpd-standalone-ipp.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN003940 - The hosts.lpd (or equivalent) must have mode 0644 or less permissive - SMB_CONF | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN004460 - The system syslog service must log informational and more severe SMTP service messages. | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN004480 - The SMTP service log file must be owned by root - MAIL_LOG | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN004950 - The ftpusers file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005120 - The TFTP daemon must be configured to vendor specifications, including a dedicated TFTP user account, a non-login shell, such as /bin/false, and a home directory owned by the TFTP user - a non-login shell | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005120 - The TFTP daemon must be configured to vendor specifications, including a dedicated TFTP user account, a non-login shell, such as /bin/false, and a home directory owned by the TFTP user - home directory | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005320 - The snmpd.conf file must have mode 0600 or less permissive - /etc/snmp/conf/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN005360 - The snmpd.conf files must be owned by root - /etc/sma/snmp/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005365 - The snmpd.conf file must be group-owned by root, sys, or bin - /etc/sma/snmp/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005365 - The snmpd.conf file must be group-owned by root, sys, or bin - /etc/snmp/conf/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005395 - The /etc/syslog.conf file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005440 - The system must not be used as a syslog server (log host) for systems external to the enclave. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005510 - The SSH client must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN005511 - The SSH client must be configured to not use CBC-based ciphers. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005522 - The SSH public host key files must have mode 0644 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005538 - The SSH daemon must not allow rhosts RSA authentication. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005540 - The SSH daemon must be configured for IP filtering - hosts.allow | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005560 - The system must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005860 - The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none - nfssec.conf default | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006120 - The smb.conf file must be group-owned by root, bin, or sys. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006210 - The smbpasswd file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006230 - Samba must be configured to use encrypted passwords. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006235 - Samba must be configured to not allow guest access to shares. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006260 - The /etc/news/hosts.nntp (or equivalent) must have mode 0600 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN006300 - The /etc/news/nnrp.access (or equivalent) must have mode 0600 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN006360 - The files in /etc/news must be group-owned by root - /etc/news/* | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents - used | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - default deny | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - host.allow | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN007980 - If the system is using LDAP for authentication or account information, the system must use a TLS connection using FIPS 140-2 approved cryptographic algorithms - configured | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN008140 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be owned by root - key3.db | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008160 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be group-owned by root, bin, or sys - key3.db | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008180 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must have mode 0644 (0755 for directories) or less permissive - cert8.db | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008200 - If the system is using LDAP for authentication or account information, the LDAP TLS certificate authority file and/or directory (as appropriate) must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008500 - The system must have IEEE 1394 (Firewire) disabled unless needed. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008660 - For systems capable of using GRUB, the system must be configured with GRUB as the default boot loader unless another boot loader has been authorized, justified, and documented using site-defined procedures. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008720 - The system's boot loader configuration file(s) must have mode 0600 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
