Solaris 11 SPARC Security Technical Implementation Guide

Developed by Oracle in coordination with DISA for the DoD. The Solaris 11 (SPARC) Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]

Details

Version / Release: V1R20

Published: 2019-12-18

Updated At: 2020-01-27 23:31:28

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-60657r1_rule SOL-11.1-010040 CCI-001487 MEDIUM The audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event. Enabling the audit system will produce records with accurate time stamps, source, user, and activity information. Without this information malicious activity cannot be accurately tracked.
    SV-60659r1_rule SOL-11.1-010060 CCI-000156 MEDIUM The audit system must support an audit reduction capability. Using the audit system will utilize the audit reduction capability. Without an audit reduction capability, users find it difficult to identify specific patterns of attack.
    SV-60661r1_rule SOL-11.1-010070 CCI-000157 MEDIUM The audit system records must be able to be used by a report generation capability. Enabling the audit system will produce records for use in report generation. Without an audit reporting capability, users find it difficult to identify specific patterns of attack.
    SV-60663r1_rule SOL-11.1-010080 CCI-000158 MEDIUM The operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria. Without an audit reporting capability, users find it difficult to identify specific patterns of attack.
    SV-60665r1_rule SOL-11.1-010100 CCI-000169 MEDIUM The audit records must provide data for all auditable events defined at the organizational level for the organization-defined information system components. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account. Without accurate time stamps, source, user, and activity information, malicious activity cannot be accurat
    SV-60667r1_rule SOL-11.1-010120 CCI-000172 MEDIUM The operating system must generate audit records for the selected list of auditable events as defined in DoD list of events. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account. Without accurate time stamps, source, user, and activity information, malicious activity cannot be accurat
    SV-60669r1_rule SOL-11.1-010130 CCI-000174 MEDIUM The operating system must support the capability to compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within organization-defined level of tolerance. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account. Without accurate time stamps, source, user, and activity information, malicious activity cannot be accurat
    SV-60671r1_rule SOL-11.1-010140 CCI-000130 MEDIUM Audit records must include what type of events occurred. Without proper system auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.
    SV-60673r1_rule SOL-11.1-010150 CCI-000131 MEDIUM Audit records must include when (date and time) the events occurred. Without accurate time stamps malicious activity cannot be accurately tracked.
    SV-60675r1_rule SOL-11.1-010160 CCI-000132 MEDIUM Audit records must include where the events occurred. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account. Without accurate time stamps, source, user, and activity information, malicious activity cannot be accurat
    SV-60677r1_rule SOL-11.1-010170 CCI-000133 MEDIUM Audit records must include the sources of the events that occurred. Without accurate source information malicious activity cannot be accurately tracked.
    SV-60679r1_rule SOL-11.1-010180 CCI-000134 MEDIUM Audit records must include the outcome (success or failure) of the events that occurred. Tracking both the successful and unsuccessful attempts aids in identifying threats to the system.
    SV-60681r2_rule SOL-11.1-010220 CCI-000366 MEDIUM The audit system must be configured to audit file deletions. Without auditing, malicious activity cannot be detected.
    SV-60683r2_rule SOL-11.1-010230 CCI-000018 MEDIUM The audit system must be configured to audit account creation. Without auditing, malicious activity cannot be detected.
    SV-60685r2_rule SOL-11.1-010250 CCI-001403 MEDIUM The audit system must be configured to audit account modification. Without auditing, malicious activity cannot be detected.
    SV-60687r2_rule SOL-11.1-010260 CCI-001404 MEDIUM The operating system must automatically audit account disabling actions. Without auditing, malicious activity cannot be detected.
    SV-60689r2_rule SOL-11.1-010270 CCI-001405 MEDIUM The operating system must automatically audit account termination. Without auditing, malicious activity cannot be detected.
    SV-60691r2_rule SOL-11.1-010290 CCI-001589 MEDIUM The operating system must ensure unauthorized, security-relevant configuration changes detected are tracked. Without auditing, malicious activity cannot be detected.
    SV-60693r2_rule SOL-11.1-010300 CCI-000040 MEDIUM The audit system must be configured to audit all administrative, privileged, and security actions. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.
    SV-60695r2_rule SOL-11.1-010310 CCI-000067 LOW The audit system must be configured to audit login, logout, and session initiation. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.
    SV-60697r2_rule SOL-11.1-010320 CCI-001589 MEDIUM The audit system must be configured to audit all discretionary access control permission modifications. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.
    SV-60699r2_rule SOL-11.1-010330 CCI-001589 MEDIUM The audit system must be configured to audit the loading and unloading of dynamic kernel modules. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.
    SV-60701r2_rule SOL-11.1-010340 CCI-000366 LOW The audit system must be configured to audit failed attempts to access files and programs. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.
    SV-60703r2_rule SOL-11.1-010350 CCI-000166 LOW The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server. Keeping audit records on a remote system reduces the likelihood of audit records being changed or corrupted. Duplicating and protecting the audit trail on a separate system reduces the likelihood of an individual being able to deny performing an action.
    SV-60705r1_rule SOL-11.1-010360 CCI-000366 LOW The auditing system must not define a different auditing level for specific users. Without auditing, individual system accesses cannot be tracked, and malicious activity cannot be detected and traced back to an individual account.
    SV-60709r1_rule SOL-11.1-010370 CCI-000143 MEDIUM The audit system must alert the SA when the audit storage volume approaches its capacity. Filling the audit storage area can result in a denial of service or system outage and can lead to events going undetected.
    SV-60711r1_rule SOL-11.1-100050 CCI-000366 LOW The audit system must maintain a central audit trail for all zones. Centralized auditing simplifies the investigative process to determine the cause of a security event.
    SV-60713r1_rule SOL-11.1-100040 CCI-000366 LOW The audit system must identify in which zone an event occurred. Tracking the specific Solaris zones in the audit trail reduces the time required to determine the cause of a security event.
    SV-60715r1_rule SOL-11.1-100030 CCI-000366 MEDIUM The systems physical devices must not be assigned to non-global zones. Solaris non-global zones can be assigned physical hardware devices. This increases the risk of such a non-global zone having the capability to compromise the global zone.
    SV-60717r1_rule SOL-11.1-010380 CCI-000144 HIGH The audit system must alert the System Administrator (SA) if there is any type of audit failure. Proper alerts to system administrators and Information Assurance (IA) officials of audit failures ensure a timely response to critical system issues.
    SV-60719r1_rule SOL-11.1-010390 CCI-000139 HIGH The operating system must alert designated organizational officials in the event of an audit processing failure. Proper alerts to system administrators and IA officials of audit failures ensure a timely response to critical system issues.
    SV-60731r2_rule SOL-11.1-010400 CCI-000137 MEDIUM The operating system must allocate audit record storage capacity. Proper audit storage capacity is crucial to ensuring the ongoing logging of critical events.
    SV-60737r2_rule SOL-11.1-010420 CCI-000140 MEDIUM The operating system must shut down by default upon audit failure (unless availability is an overriding concern). Continuing to operate a system without auditing working properly can result in undocumented access or system changes.
    SV-60741r1_rule SOL-11.1-010440 CCI-000162 MEDIUM The operating system must protect audit information from unauthorized read access. If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. To ensure the veracity of audit data, the operating system
    SV-60747r1_rule SOL-11.1-010450 CCI-000163 HIGH The operating system must protect audit information from unauthorized modification. If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. To ensure the veracity of audit data, the operating system
    SV-60751r1_rule SOL-11.1-010460 CCI-000164 HIGH The operating system must protect audit information from unauthorized deletion. If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. To ensure the veracity of audit data, the operating system
    SV-60753r2_rule SOL-11.1-020010 CCI-000366 MEDIUM The System packages must be up to date with the most recent vendor updates and security fixes. Failure to install security updates can provide openings for attack.
    SV-60755r1_rule SOL-11.1-020020 CCI-000352 MEDIUM The system must verify that package updates are digitally signed. Digitally signed packages ensure that the source of the package can be identified.
    SV-60757r1_rule SOL-11.1-020030 CCI-001493 MEDIUM The operating system must protect audit tools from unauthorized access. Failure to maintain system configurations may result in privilege escalation.
    SV-60759r1_rule SOL-11.1-020040 CCI-001494 MEDIUM The operating system must protect audit tools from unauthorized modification. Failure to maintain system configurations may result in privilege escalation.
    SV-60761r1_rule SOL-11.1-020050 CCI-001495 MEDIUM The operating system must protect audit tools from unauthorized deletion. Failure to maintain system configurations may result in privilege escalation.
    SV-60763r1_rule SOL-11.1-020080 CCI-001496 MEDIUM System packages must be configured with the vendor-provided files, permissions, and ownerships. Failure to maintain system configurations may result in privilege escalation.
    SV-60765r1_rule SOL-11.1-020090 CCI-000366 LOW The finger daemon package must not be installed. Finger is an insecure protocol.
    SV-60767r3_rule SOL-11.1-100020 CCI-000366 LOW The limitpriv zone option must be set to the vendor default or less permissive. Solaris zones can be assigned privileges generally reserved for the global zone using the "limitpriv" zone option. Any privilege assignments in excess of the vendor defaults may provide the ability for a non-global zone to compromise the global zone.
    SV-60769r1_rule SOL-11.1-100010 CCI-000366 LOW The /etc/zones directory, and its contents, must have the vendor default owner, group, and permissions. Incorrect ownership can result in unauthorized changes or theft of data.
    SV-60771r1_rule SOL-11.1-090280 CCI-001095 MEDIUM The operating system must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks. In the case of denial of service attacks, care must be taken when designing the operating system so as to ensure that the operating system makes the best use of system resources.
    SV-60773r1_rule SOL-11.1-020100 CCI-000366 MEDIUM The legacy remote network access utilities daemons must not be installed. Legacy remote access utilities allow remote control of a system without proper authentication.
    SV-60775r1_rule SOL-11.1-090270 CCI-001311 MEDIUM The operating system must identify potentially security-relevant error conditions. Security functional testing involves testing the operating system for conformance to the operating system security function specifications, as well as for the underlying security model. The need to verify security functionality applies to all security fun
    SV-60777r1_rule SOL-11.1-020110 CCI-000366 HIGH The NIS package must not be installed. NIS is an insecure protocol.
    SV-60779r1_rule SOL-11.1-090250 CCI-001291 MEDIUM The operating system must verify the correct operation of security functions in accordance with organization-defined conditions and in accordance with organization-defined frequency (if periodic verification). Security functional testing involves testing the operating system for conformance to the operating system security function specifications, as well as for the underlying security model. The need to verify security functionality applies to all security fun
    SV-60781r1_rule SOL-11.1-020120 CCI-000366 LOW The pidgin IM client package must not be installed. Instant messaging is an insecure protocol.
    SV-60783r1_rule SOL-11.1-020130 CCI-000366 HIGH The FTP daemon must not be installed unless required. FTP is an insecure protocol.
    SV-60785r2_rule SOL-11.1-020140 CCI-000366 HIGH The TFTP service daemon must not be installed unless required. TFTP is an insecure protocol.
    SV-60787r2_rule SOL-11.1-020150 CCI-000366 HIGH The telnet service daemon must not be installed unless required. Telnet is an insecure protocol.
    SV-60789r2_rule SOL-11.1-020160 CCI-000366 LOW The UUCP service daemon must not be installed unless required. UUCP is an insecure protocol.
    SV-60791r2_rule SOL-11.1-020170 CCI-000366 MEDIUM The rpcbind service must be configured for local only services unless organizationally defined. The portmap and rpcbind services increase the attack surface of the system and should only be used when needed. The portmap or rpcbind services are used by a variety of services using remote procedure calls (RPCs). The organization may define and documen
    SV-60793r1_rule SOL-11.1-020180 CCI-000366 MEDIUM The VNC server package must not be installed unless required. The VNC service uses weak authentication capabilities and provides the user complete graphical system access.
    SV-60795r1_rule SOL-11.1-020190 CCI-000416 MEDIUM The operating system must employ automated mechanisms, per organization-defined frequency, to detect the addition of unauthorized components/devices into the operating system. Addition of unauthorized code or packages may result in data corruption or theft.
    SV-60797r1_rule SOL-11.1-020220 CCI-000381 MEDIUM The operating system must be configured to provide essential capabilities. Operating systems are capable of providing a wide variety of functions and services. Execution must be disabled based on organization-defined specifications.
    SV-60799r1_rule SOL-11.1-020230 CCI-000386 MEDIUM The operating system must employ automated mechanisms to prevent program execution in accordance with the organization-defined specifications. Operating systems are capable of providing a wide variety of functions and services. Execution must be disabled based on organization-defined specifications.
    SV-60801r1_rule SOL-11.1-030010 CCI-000366 MEDIUM The graphical login service provides the capability of logging into the system using an X-Windows type interface from the console. If graphical login access for the console is required, the service must be in local-only mode. Externally accessible graphical desktop software may open the system to remote attacks.
    SV-60803r1_rule SOL-11.1-030030 CCI-000366 LOW Generic Security Services (GSS) must be disabled. This service should be disabled if it is not required.
    SV-60805r1_rule SOL-11.1-030040 CCI-000366 LOW Systems services that are not required must be disabled. Services that are enabled but not required by the mission may provide excessive access or additional attack vectors to penetrate the system.
    SV-60807r2_rule SOL-11.1-030050 CCI-000366 MEDIUM TCP Wrappers must be enabled and configured per site policy to only allow access by approved hosts and services. TCP Wrappers are a host-based access control system that allows administrators to control who has access to various network services based on the IP address of the remote end of the connection. TCP Wrappers also provide logging information via syslog abou
    SV-60809r1_rule SOL-11.1-090240 CCI-000366 LOW All manual editing of system-relevant files shall be done using the pfedit command, which logs changes made to the files. Editing a system file with common tools such as vi, emacs, or gedit does not allow the auditing of changes made by an operator. This reduces the capability of determining which operator made security-relevant changes to the system.
    SV-60811r1_rule SOL-11.1-030060 CCI-000087 MEDIUM The operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction. Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellula
    SV-60813r1_rule SOL-11.1-090220 CCI-001348 MEDIUM The operating system must back up audit records at least every seven days onto a different system or system component than the system or component being audited. Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the even
    SV-60815r2_rule SOL-11.1-040010 CCI-000199 MEDIUM User passwords must be changed at least every 56 days. Limiting the lifespan of authenticators limits the period of time an unauthorized user has access to the system while using compromised credentials and reduces the period of time available for password-guessing attacks to run against a single password.
    SV-60817r1_rule SOL-11.1-090200 CCI-001274 LOW The operating system must employ automated mechanisms to alert security personnel of any organization-defined inappropriate or unusual activities with security implications. Intrusion detection and prevention capabilities must be architected and implemented to prevent non-privileged users from circumventing such protections. This can be accomplished through the use of user roles, use of proper systems permissions, auditing, l
    SV-60821r1_rule SOL-11.1-040020 CCI-000016 LOW The operating system must automatically terminate temporary accounts within 72 hours. If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.
    SV-60823r1_rule SOL-11.1-090170 CCI-001265 LOW Intrusion detection and prevention capabilities must be architected and implemented to prevent non-privileged users from circumventing such protections. Non-privileged users must not be able to alter intrusion detection and prevention systems to ensure these systems work properly. This can be accomplished through the use of user roles, use of proper systems permissions, auditing, logging, etc.
    SV-60825r2_rule SOL-11.1-040030 CCI-000198 MEDIUM The operating system must enforce minimum password lifetime restrictions. Passwords need to be changed at specific policy-based intervals; however, if the information system or application allows the user to immediately and continually change their password, then the password could be repeatedly changed in a short period of tim
    SV-60827r3_rule SOL-11.1-090140 CCI-001239 MEDIUM The operating system must have malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means. This requirement applies to email servers only. In order to minimize potential negative impact to the organization caused by malicious code, it is imperative that malicious code is identified and eradicated prior to entering protected enclaves via opera
    SV-60829r1_rule SOL-11.1-040040 CCI-000205 MEDIUM User passwords must be at least 15 characters in length. Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The sho
    SV-60831r3_rule SOL-11.1-090130 CCI-001668 MEDIUM The operating system must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means. In order to minimize potential negative impact to the organization caused by malicious code, it is imperative that malicious code is identified and eradicated prior to entering protected enclaves via operating system entry and exit points. The requireme
    SV-60833r1_rule SOL-11.1-040050 CCI-000200 MEDIUM Users must not reuse the last 5 passwords. Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. To meet password policy requirements, passwords need to be changed at specific policy-based intervals. If the operating sy
    SV-60835r3_rule SOL-11.1-090120 CCI-001248 MEDIUM The operating system must prevent non-privileged users from circumventing malicious code protection capabilities. In order to minimize potential negative impact to the organization caused by malicious code, it is imperative that malicious code is identified and eradicated prior to entering protected enclaves via operating system entry and exit points. The requireme
    SV-60839r2_rule SOL-11.1-040060 CCI-000195 MEDIUM The system must require at least eight characters be changed between the old and new passwords during a password change. To ensure password changes are effective in their goals, the system must ensure old and new passwords have significant differences. Without significant changes, new passwords may be easily guessed based on the value of a previously compromised password.
    SV-60841r2_rule SOL-11.1-090100 CCI-001695 MEDIUM The operating system must prevent the execution of prohibited mobile code. Decisions regarding the employment of mobile code within operating systems are based on the potential for the code to cause damage to the system if used maliciously. Mobile code technologies include Java, JavaScript, ActiveX, PDF, Postscript, Shockwave
    SV-60843r1_rule SOL-11.1-040070 CCI-000192 MEDIUM The system must require passwords to contain at least one uppercase alphabetic character. Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
    SV-60845r1_rule SOL-11.1-090070 CCI-000539 MEDIUM The operating system must conduct backups of operating system documentation including security-related documentation per organization-defined frequency to conduct backups that is consistent with recovery time and recovery point objectives. Operating system backup is a critical step in maintaining data assurance and availability. System documentation is data generated for/by the host (such as logs) and/or administrative users. Backups shall be consistent with organizational recovery time
    SV-60847r1_rule SOL-11.1-090060 CCI-000537 MEDIUM The operating system must conduct backups of system-level information contained in the information system per organization-defined frequency to conduct backups that are consistent with recovery time and recovery point objectives. Operating system backup is a critical step in maintaining data assurance and availability. System-level information is data generated for/by the host (such as configuration settings) and/or administrative users. Backups shall be consistent with organiz
    SV-60849r1_rule SOL-11.1-090050 CCI-000535 MEDIUM The operating system must conduct backups of user-level information contained in the operating system per organization-defined frequency to conduct backups consistent with recovery time and recovery point objectives. Operating system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. Backups shall be consistent with organizational recovery time and recove
    SV-60851r1_rule SOL-11.1-090040 CCI-000366 LOW The system must not have any unnecessary accounts. Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and application accounts for applications not installed on the
    SV-60853r1_rule SOL-11.1-040080 CCI-000193 MEDIUM The operating system must enforce password complexity requiring that at least one lowercase character is used. Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
    SV-60855r2_rule SOL-11.1-090030 CCI-000366 MEDIUM Direct logins must not be permitted to shared, default, application, or utility accounts. Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or individual accountability.
    SV-60857r2_rule SOL-11.1-090020 CCI-000160 MEDIUM The operating system must synchronize internal information system clocks with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS). To assure the accuracy of the system clock, it must be synchronized with an authoritative time source within DoD. Many system functions, including time-based login and activity restrictions, automated reports, system logs, and audit records depend on an a
    SV-60859r1_rule SOL-11.1-090010 CCI-001297 MEDIUM A file integrity baseline must be created, maintained, and reviewed on at least weekly to determine if unauthorized changes have been made to important system files located in the root file system. A file integrity baseline is a collection of file metadata which is to evaluate the integrity of the system. A minimal baseline must contain metadata for all device files, setuid files, setgid files, system libraries, system binaries, and system configura
    SV-60861r1_rule SOL-11.1-040090 CCI-000194 MEDIUM The system must require passwords to contain at least one numeric character. Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
    SV-60863r1_rule SOL-11.1-040100 CCI-001619 MEDIUM The system must require passwords to contain at least one special character. Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
    SV-60865r1_rule SOL-11.1-040110 CCI-000366 LOW The system must require passwords to contain no more than three consecutive repeating characters. Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
    SV-60867r2_rule SOL-11.1-080160 CCI-000366 HIGH SNMP communities, users, and passphrases must be changed from the default. Whether active or not, default SNMP passwords, users, and passphrases must be changed to maintain security. If the service is running with the default authenticators, then anyone can gather data about the system and the network and use the information to
    SV-60869r1_rule SOL-11.1-080150 CCI-000553 MEDIUM The operating system must implement transaction recovery for transaction-based systems. Recovery and reconstitution constitutes executing an operating system contingency plan comprised of activities to restore essential missions and business functions. Transaction rollback and transaction journaling are examples of mechanisms supporting tr
    SV-60871r1_rule SOL-11.1-040120 CCI-000366 MEDIUM The system must not have accounts configured with blank or null passwords. Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
    SV-60875r1_rule SOL-11.1-080130 CCI-000366 LOW The system must require passwords to change the boot device settings. (SPARC) Setting the EEPROM password helps prevent attackers who gain physical access to the system console from booting from an external device (such as a CD-ROM or floppy).
    SV-60879r1_rule SOL-11.1-080110 CCI-000366 MEDIUM The kernel core dump data directory must have mode 0700 or less permissive. Kernel core dumps may contain the full contents of system memory at the time of the crash. As the system memory may contain sensitive information, it must be protected accordingly. If the mode of the kernel core dump data directory is more permissive than
    SV-60881r1_rule SOL-11.1-080100 CCI-000366 MEDIUM The kernel core dump data directory must be group-owned by root. Kernel core dumps may contain the full contents of system memory at the time of the crash. As the system memory may contain sensitive information, it must be protected accordingly. If the kernel core dump data directory is not group-owned by a system grou
    SV-60883r1_rule SOL-11.1-080090 CCI-000366 MEDIUM The kernel core dump data directory must be owned by root. Kernel core dumps may contain the full contents of system memory at the time of the crash. As the system memory may contain sensitive information, it must be protected accordingly. If the kernel core dump data directory is not owned by root, the core dump
    SV-60885r1_rule SOL-11.1-080080 CCI-000366 MEDIUM Kernel core dumps must be disabled unless needed. Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system. T
    SV-60887r1_rule SOL-11.1-080070 CCI-000366 MEDIUM The centralized process core dump data directory must have mode 0700 or less permissive. Process core dumps contain the memory in use by the process when it crashed. Any data the process was handling may be contained in the core file, and it must be protected accordingly. If the process core dump data directory has a mode more permissive than
    SV-60889r2_rule SOL-11.1-080060 CCI-000366 MEDIUM The centralized process core dump data directory must be group-owned by root. Process core dumps contain the memory in use by the process when it crashed. Any data the process was handling may be contained in the core file, and it must be protected accordingly. If the centralized process core dump data directory is not group-owned
    SV-60891r1_rule SOL-11.1-080050 CCI-000366 MEDIUM The centralized process core dump data directory must be owned by root. Process core dumps contain the memory in use by the process when it crashed. Any data the process was handling may be contained in the core file, and it must be protected accordingly. If the centralized process core dump data directory is not owned by roo
    SV-60893r2_rule SOL-11.1-080040 CCI-000366 MEDIUM Process core dumps must be disabled unless needed. Process core dumps contain the memory in use by the process when it crashed. Process core dump files can be of significant size and their use can result in file systems filling to capacity, which may result in denial of service. Process core dumps can be
    SV-60895r3_rule SOL-11.1-080030 CCI-000366 LOW Address Space Layout Randomization (ASLR) must be enabled. Modification of memory area can result in executable code vulnerabilities. ASLR can reduce the likelihood of these attacks. ASLR activates the randomization of key areas of the process such as stack, brk-based heap, memory mappings, and so forth.
    SV-60897r2_rule SOL-11.1-080020 CCI-000366 MEDIUM The system must implement non-executable program stacks. A common type of exploit is the stack buffer overflow. An application receives, from an attacker, more data than it is prepared for and stores this information on its stack, writing beyond the space reserved for it. This can be designed to cause execution
    SV-60899r1_rule SOL-11.1-080010 CCI-000366 HIGH The operating system must be a supported release. An operating system release is considered supported if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
    SV-60901r1_rule SOL-11.1-070260 CCI-000366 MEDIUM The operator must document all file system objects that have non-standard access control list settings. Access Control Lists allow an object owner to expand permissions on an object to specific users and groups in addition to the standard permission model. Non-standard Access Control List settings can allow unauthorized users to modify critical files.
    SV-60903r2_rule SOL-11.1-070250 CCI-001352 MEDIUM The operating system must protect the audit records resulting from non-local accesses to privileged accounts and the execution of privileged functions. Protection of audit records and audit data is of critical importance. Care must be taken to ensure privileged users cannot circumvent audit protections put in place. Auditing might not be reliable when performed by an operating system which the user being
    SV-60905r2_rule SOL-11.1-070240 CCI-001314 LOW The operating system must reveal error messages only to authorized personnel. Proper file permissions and ownership ensures that only designated personnel in the organization can access error messages.
    SV-60907r1_rule SOL-11.1-070220 CCI-000366 MEDIUM The root account must be the only account with GID of 0. All accounts with a GID of 0 have root group privileges and must be limited to the group account only.
    SV-60909r2_rule SOL-11.1-070210 CCI-000366 LOW The operating system must have no files with extended attributes. Attackers or malicious users could hide information, exploits, etc. in extended attribute areas. Since extended attributes are rarely used, it is important to find files with extended attributes set and correct these attributes.
    SV-60911r1_rule SOL-11.1-070200 CCI-000366 MEDIUM The operating system must have no unowned files. A new user who is assigned a deleted user's user ID or group ID may then end up owning these files, and thus have more access on the system than was intended.
    SV-60915r1_rule SOL-11.1-040160 CCI-000366 MEDIUM The delay between login prompts following a failed login attempt must be at least 4 seconds. As an immediate return of an error message, coupled with the capability to try again, may facilitate automatic and rapid-fire brute-force password attacks by a malicious user.
    SV-60917r4_rule SOL-11.1-040170 CCI-000056 MEDIUM The system must require users to re-authenticate to unlock a graphical desktop environment. Allowing access to a graphical environment when the user is not attending the system can allow unauthorized users access to the system.
    SV-60919r3_rule SOL-11.1-040180 CCI-000057 MEDIUM Graphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity. Allowing access to a graphical environment when the user is not attending the system can allow unauthorized users access to the system.
    SV-60925r1_rule SOL-11.1-040190 CCI-000366 MEDIUM The system must prevent the use of dictionary words for passwords. The use of common words in passwords simplifies password-cracking attacks.
    SV-60927r2_rule SOL-11.1-040200 CCI-000345 MEDIUM The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools. Allowing any user to elevate their privileges can allow them excessive control of the system tools.
    SV-60929r2_rule SOL-11.1-040230 CCI-000770 MEDIUM The operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. Allowing any user to elevate their privileges can allow them excessive control of the system tools.
    SV-60931r2_rule SOL-11.1-070190 CCI-000366 LOW All valid SUID/SGID files must be documented. There are valid reasons for SUID/SGID programs, but it is important to identify and review such programs to ensure they are legitimate.
    SV-60933r2_rule SOL-11.1-040250 CCI-000366 MEDIUM The default umask for system and users must be 077. Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions.
    SV-60935r1_rule SOL-11.1-070180 CCI-000366 MEDIUM World-writable files must not exist. Data in world-writable files can be read, modified, and potentially compromised by any user on the system. World-writable files may also indicate an incorrectly written script or program that could potentially be the cause of a larger compromise to the sy
    SV-60937r1_rule SOL-11.1-070170 CCI-000366 MEDIUM The system must not allow users to configure .forward files. Use of the .forward file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. The .forward file also poses a secondary risk as it can be used to execute commands that may perform unintended actions.
    SV-60939r2_rule SOL-11.1-070160 CCI-000366 MEDIUM User .netrc files must not exist. The .netrc file presents a significant security risk since it stores passwords in unencrypted form.
    SV-60941r2_rule SOL-11.1-070150 CCI-000366 MEDIUM Duplicate group names must not exist. If a group is assigned a duplicate group name, it will create and have access to files with the first GID for that group in group. Effectively, the GID is shared, which is a security risk.
    SV-60943r1_rule SOL-11.1-040260 CCI-000366 LOW The default umask for FTP users must be 077. Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions.
    SV-60945r1_rule SOL-11.1-070140 CCI-000366 MEDIUM Duplicate user names must not exist. If a user is assigned a duplicate user name, it will create and have access to files with the first UID for that username in passwd.
    SV-60947r2_rule SOL-11.1-040270 CCI-000366 LOW The value mesg n must be configured as the default setting for all users. The "mesg n" command blocks attempts to use the "write" or "talk" commands to contact users at their terminals, but has the side effect of slightly strengthening permissions on the user's TTY device.
    SV-60949r6_rule SOL-11.1-070130 CCI-000366 MEDIUM Reserved UIDs 0-99 must only be used by system accounts. If a user is assigned a UID that is in the reserved range, even if it is not presently in use, security exposures can arise if a subsequently installed application uses the same UID.
    SV-60951r1_rule SOL-11.1-040280 CCI-000017 MEDIUM User accounts must be locked after 35 days of inactivity. Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.
    SV-60953r1_rule SOL-11.1-070120 CCI-000366 MEDIUM Duplicate Group IDs (GIDs) must not exist for multiple groups. User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.
    SV-60955r1_rule SOL-11.1-040290 CCI-000795 MEDIUM The operating system must manage information system identifiers for users and devices by disabling the user identifier after 35 days of inactivity. Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.
    SV-60957r1_rule SOL-11.1-040300 CCI-001682 MEDIUM Emergency accounts must be locked after 35 days of inactivity. Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.
    SV-60959r1_rule SOL-11.1-040310 CCI-000366 MEDIUM Login services for serial ports must be disabled. Login services should not be enabled on any serial ports that are not strictly required to support the mission of the system. This action can be safely performed even when console access is provided using a serial port.
    SV-60961r1_rule SOL-11.1-040320 CCI-000366 MEDIUM The nobody access for RPC encryption key storage service must be disabled. If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered b
    SV-60963r1_rule SOL-11.1-070110 CCI-000804 MEDIUM Duplicate UIDs must not exist for multiple non-organizational users. Non-organizational users must be assigned unique UIDs for accountability and to ensure appropriate access protections.
    SV-60965r1_rule SOL-11.1-040330 CCI-000366 MEDIUM X11 forwarding for SSH must be disabled. As enabling X11 Forwarding on the host can permit a malicious user to secretly open another X11 connection to another remote client during the session and perform unobtrusive activities such as keystroke monitoring, if the X11 services are not required fo
    SV-60967r1_rule SOL-11.1-070100 CCI-000764 MEDIUM Duplicate User IDs (UIDs) must not exist for users within the organization. Users within the organization must be assigned unique UIDs for accountability and to ensure appropriate access protections.
    SV-60969r2_rule SOL-11.1-070090 CCI-000366 MEDIUM All home directories must be owned by the respective user assigned to it in /etc/passwd. Since the user is accountable for files stored in the user's home directory, the user must be the owner of the directory.
    SV-60971r3_rule SOL-11.1-040340 CCI-000366 LOW Consecutive login attempts for SSH must be limited to 3. Setting the authentication login limit to a low value will disconnect the attacker and force a reconnect, which severely limits the speed of such brute-force attacks.
    SV-60973r1_rule SOL-11.1-040350 CCI-000366 MEDIUM The rhost-based authentication for SSH must be disabled. Setting this parameter forces users to enter a password when authenticating with SSH.
    SV-60975r1_rule SOL-11.1-040360 CCI-000366 MEDIUM Direct root account login must not be permitted for SSH access. The system should not allow users to log in as the root user directly, as audited actions would be non-attributable to a specific user.
    SV-60977r3_rule SOL-11.1-070080 CCI-000366 LOW All user accounts must be configured to use a home directory that exists. If the user's home directory does not exist, the user will be placed in "/" and will not be able to write any files or have local environment variables set.
    SV-60979r2_rule SOL-11.1-040370 CCI-000366 HIGH Login must not be permitted with empty/null passwords for SSH. Permitting login without a password is inherently risky.
    SV-60981r1_rule SOL-11.1-070070 CCI-000366 LOW Users must have a valid home directory assignment. All users must be assigned a home directory in the passwd file. Failure to have a home directory may result in the user being put in the root directory.
    SV-60983r2_rule SOL-11.1-040380 CCI-001133 LOW The operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity. This requirement applies to both internal and external networks. Terminating network connections associated with communications sessions means de-allocating associated TCP/IP address/port pairs at the operating system level. The time period of inactivi
    SV-60985r4_rule SOL-11.1-040390 CCI-000366 MEDIUM Host-based authentication for login-based services must be disabled. The use of .rhosts authentication is an insecure protocol and can be replaced with public-key authentication using Secure Shell. As automatic authentication settings in the .rhosts files can provide a malicious user with sensitive system credentials, the
    SV-60987r1_rule SOL-11.1-070060 CCI-000366 MEDIUM Groups assigned to users must exist in the /etc/group file. Groups defined in passwd but not in group file pose a threat to system security since group permissions are not properly managed.
    SV-60989r1_rule SOL-11.1-040400 CCI-000366 MEDIUM The use of FTP must be restricted. FTP is an insecure protocol that transfers files and credentials in clear text, and can be replaced by using SFTP. However, if FTP is permitted for use in the environment, it is important to ensure that the default "system" accounts are not permitted to t
    SV-60991r1_rule SOL-11.1-070050 CCI-000366 HIGH There must be no user .rhosts files. Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf, they may have been brought over from other systems and could contain information useful to an attacker for those other systems.
    SV-60993r1_rule SOL-11.1-040410 CCI-000366 HIGH The system must not allow autologin capabilities from the GNOME desktop. As automatic logins are a known security risk for other than "kiosk" types of systems, GNOME automatic login should be disabled in pam.conf.
    SV-60995r1_rule SOL-11.1-070040 CCI-000366 MEDIUM Permissions on user .netrc files must be 750 or less permissive. .netrc files may contain unencrypted passwords that can be used to attack other systems.
    SV-60997r3_rule SOL-11.1-040420 CCI-000366 MEDIUM Unauthorized use of the at or cron capabilities must not be permitted. On many systems, only the system administrator needs the ability to schedule jobs. Even though a given user is not listed in the "cron.allow" file, cron jobs can still be run as that user. The "cron.allow" file only controls administrative access to the
    SV-60999r1_rule SOL-11.1-040430 CCI-000366 MEDIUM Logins to the root account must be restricted to the system console only. Use an authorized mechanism such as RBAC and the "su" command to provide administrative access to unprivileged accounts. These mechanisms provide an audit trail in the event of problems.
    SV-61001r1_rule SOL-11.1-070030 CCI-000366 MEDIUM Permissions on user . (hidden) files must be 750 or less permissive. Group-writable or world-writable user configuration files may enable malicious users to steal or modify other users' data or to gain another user's system privileges.
    SV-61003r1_rule SOL-11.1-040450 CCI-000052 LOW The operating system, upon successful logon, must display to the user the date and time of the last logon (access). Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an op
    SV-61005r1_rule SOL-11.1-070020 CCI-000366 MEDIUM Permissions on user home directories must be 750 or less permissive. Group-writable or world-writable user home directories may enable malicious users to steal or modify other users' data or to gain another user's system privileges.
    SV-61007r2_rule SOL-11.1-040460 CCI-000058 MEDIUM The operating system must provide the capability for users to directly initiate session lock mechanisms. A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the system but does not want to log out because of the temporary nature of the absence. Rather than be forced to wait for a period o
    SV-61009r1_rule SOL-11.1-070010 CCI-000366 MEDIUM The sticky bit must be set on all world writable directories. Files in directories that have had the "sticky bit" enabled can only be deleted by users that have both write permissions for the directory in which the file resides, as well as ownership of the file or directory, or have sufficient privileges. As this pr
    SV-61011r2_rule SOL-11.1-040470 CCI-000060 MEDIUM The operating system session lock mechanism, when activated on a device with a display screen, must place a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen. A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the system but does not log out because of the temporary nature of the absence. The session lock will also include an obfus
    SV-61013r1_rule SOL-11.1-060190 CCI-001127 MEDIUM The operating system must protect the integrity of transmitted information. Ensuring the integrity of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across internal and external networks.
    SV-61015r1_rule SOL-11.1-040480 CCI-000366 HIGH The operating system must not allow logins for users with blank passwords. If the password field is blank and the system does not enforce a policy that passwords are required, it could allow login without proper authentication of a user.
    SV-61017r1_rule SOL-11.1-060180 CCI-001350 LOW The operating system must use cryptographic mechanisms to protect the integrity of audit information. Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data.
    SV-61019r1_rule SOL-11.1-040490 CCI-001111 MEDIUM The operating system must prevent remote devices that have established a non-remote connection with the system from communicating outside of the communication path with resources in external networks. This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings not configurable by the user of the device. An example of a non-remote communications path from a remote device is a virtual priva
    SV-61021r1_rule SOL-11.1-060170 CCI-001200 LOW The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures. When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and data compromise. An organizational assessment of risk gui
    SV-61023r2_rule SOL-11.1-040500 CCI-000054 LOW The operating system must limit the number of concurrent sessions for each account to an organization-defined number of sessions. Limiting the number of allowed users and sessions per user can limit risks related to denial of service attacks. The organization may define the maximum number of concurrent sessions for an information system account globally, by account type, by account,
    SV-61025r1_rule SOL-11.1-060160 CCI-001199 LOW The operating system must protect the confidentiality and integrity of information at rest. When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and data compromise. An organizational assessment of risk gui
    SV-61027r1_rule SOL-11.1-060150 CCI-001019 LOW The operating system must employ cryptographic mechanisms to protect information in storage. When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and data compromise. An organizational assessment of risk gui
    SV-61029r1_rule SOL-11.1-060140 CCI-001009 MEDIUM The operating system must use cryptographic mechanisms to protect and restrict access to information on portable digital media. When data is written to portable digital media, such as thumb drives, floppy diskettes, compact disks, and magnetic tape, etc., there is risk of data loss. An organizational assessment of risk guides the selection of media and associated information con
    SV-61031r1_rule SOL-11.1-060130 CCI-000068 MEDIUM The operating system must use cryptography to protect the confidentiality of remote access sessions. Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). Examples of remote access methods include dial-up, broadb
    SV-61033r1_rule SOL-11.1-060120 CCI-001132 MEDIUM The operating system must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. Ensuring that transmitted information remains confidential during aggregation, packaging, and transformation requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across inte
    SV-61035r1_rule SOL-11.1-060110 CCI-001131 MEDIUM The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures. Ensuring that transmitted information does not become disclosed to unauthorized entities requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across internal and external ne
    SV-61037r1_rule SOL-11.1-050010 CCI-000366 LOW The system must disable directed broadcast packet forwarding. This parameter must be disabled to reduce the risk of denial of service attacks.
    SV-61039r1_rule SOL-11.1-060100 CCI-001130 MEDIUM The operating system must protect the confidentiality of transmitted information. Ensuring the confidentiality of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across internal and external networks.
    SV-61041r1_rule SOL-11.1-050020 CCI-000366 LOW The system must not respond to ICMP timestamp requests. By accurately determining the system's clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.
    SV-61043r1_rule SOL-11.1-060090 CCI-001129 MEDIUM The operating system must maintain the integrity of information during aggregation, packaging, and transformation in preparation for transmission. Ensuring the integrity of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across internal and external networks.
    SV-61045r1_rule SOL-11.1-050030 CCI-000366 LOW The system must not respond to ICMP broadcast timestamp requests. By accurately determining the system's clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.
    SV-61047r1_rule SOL-11.1-060080 CCI-001128 MEDIUM The operating system must employ cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures. Ensuring that transmitted information is not altered during transmission requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across internal and external networks.
    SV-61049r1_rule SOL-11.1-050040 CCI-000366 LOW The system must not respond to ICMP broadcast netmask requests. By determining the netmasks of various computers in your network, an attacker can better map your subnet structure and infer trust relationships.
    SV-61051r1_rule SOL-11.1-060070 CCI-001127 MEDIUM The operating system must protect the integrity of transmitted information. Ensuring the integrity of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across internal and external networks.
    SV-61053r1_rule SOL-11.1-050050 CCI-000366 MEDIUM The system must not respond to broadcast ICMP echo requests. ICMP echo requests can be useful for reconnaissance of systems and for denial of service attacks.
    SV-61055r1_rule SOL-11.1-060060 CCI-001148 MEDIUM The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures. FIPS 140-2 is the current standard for validating cryptographic modules, and NSA Type-X (where X=1, 2, 3, 4) products are NSA-certified hardware based encryption modules.
    SV-61057r1_rule SOL-11.1-050060 CCI-000366 LOW The system must not respond to multicast echo requests. Multicast echo requests can be useful for reconnaissance of systems and for denial of service attacks.
    SV-61059r3_rule SOL-11.1-060010 CCI-000803 MEDIUM The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised due to weak algorithms. Appl
    SV-61061r1_rule SOL-11.1-050070 CCI-000366 LOW The system must ignore ICMP redirect messages. Ignoring ICMP redirect messages reduces the likelihood of denial of service attacks.
    SV-61063r2_rule SOL-11.1-050470 CCI-000366 MEDIUM The operating system must prevent internal users from sending out packets which attempt to manipulate or spoof invalid IP addresses. Manipulation of IP addresses can allow untrusted systems to appear as trusted hosts, bypassing firewall and other security mechanism and resulting in system penetration.
    SV-61065r1_rule SOL-11.1-050080 CCI-000366 MEDIUM The system must set strict multihoming. These settings control whether a packet arriving on a non-forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. This rule is NA for documented systems that have interfaces that cross strict networking
    SV-61067r1_rule SOL-11.1-050460 CCI-000879 MEDIUM The operating system must terminate all sessions and network connections when non-local maintenance is completed. Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. The operating system needs to ensure all sessions and
    SV-75425r2_rule SOL-11.1-050090 CCI-000366 LOW The system must disable ICMP redirect messages. A malicious user can exploit the ability of the system to send ICMP redirects by continually sending packets to the system, forcing the system to respond with ICMP redirect messages, resulting in an adverse impact on the CPU performance of the system.
    SV-61071r1_rule SOL-11.1-050430 CCI-000048 LOW The FTP service must display the DoD approved system use notification message or banner before granting access to the system. Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. As implementing a logon b
    SV-61073r1_rule SOL-11.1-050100 CCI-000366 LOW The system must disable TCP reverse IP source routing. If enabled, reverse IP source routing would allow an attacker to more easily complete a three-way TCP handshake and spoof new connections.
    SV-61075r1_rule SOL-11.1-050410 CCI-000048 LOW The GNOME service must display the DoD approved system use notification message or banner before granting access to the system. Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. As implementing a logon b
    SV-61077r1_rule SOL-11.1-050390 CCI-000048 LOW The operating system must display the DoD approved system use notification message or banner for SSH connections. Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. As implementing a logon b
    SV-61079r1_rule SOL-11.1-050110 CCI-000366 MEDIUM The system must set maximum number of half-open TCP connections to 4096. This setting controls how many half-open connections can exist for a TCP port. It is necessary to control the number of completed connections to the system to provide some protection against denial of service attacks.
    SV-61081r1_rule SOL-11.1-050380 CCI-000048 LOW The operating system must display the DoD approved system use notification message or banner before granting access to the system for general system logons. Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. As implementing a logon b
    SV-61083r1_rule SOL-11.1-050120 CCI-000366 LOW The system must set maximum number of incoming connections to 1024. This setting controls the maximum number of incoming connections that can be accepted on a TCP port limiting exposure to denial of service attacks.
    SV-61085r4_rule SOL-11.1-050370 CCI-000366 LOW The system must prevent local applications from generating source-routed packets. Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.
    SV-61087r2_rule SOL-11.1-050360 CCI-000066 MEDIUM The operating system must enforce requirements for remote connections to the information system. Remote access to the system can be limited through the use of the host-based firewall.
    SV-61089r1_rule SOL-11.1-050130 CCI-000366 MEDIUM The system must disable network routing unless required. The network routing daemon, in.routed, manages network routing tables. If enabled, it periodically supplies copies of the system's routing tables to any directly connected hosts and networks and picks up routes supplied to it from other networks and hosts
    SV-61091r2_rule SOL-11.1-050350 CCI-001154 MEDIUM The operating system must block both inbound and outbound traffic between instant messaging clients, independently configured by end users and external service providers. Proper configuration of the firewall will deny instant messaging clients which will reduce a user's ability to relay sensitive information.
    SV-61093r2_rule SOL-11.1-050140 CCI-000366 LOW The system must implement TCP Wrappers. TCP Wrappers is a host-based access control system that allows administrators to control who has access to various network services based on the IP address of the remote end of the connection. TCP Wrappers also provides logging information via syslog abou
    SV-61095r2_rule SOL-11.1-050330 CCI-001453 MEDIUM The operating system must use cryptography to protect the integrity of remote access sessions. Proper configuration of the firewall will only allow encrypted, authenticated protocols such as SSHv2 to ensure the integrity of remote access sessions.
    SV-61097r2_rule SOL-11.1-050150 CCI-000382 MEDIUM The operating system must configure the information system to specifically prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. Proper configuration of the firewall will only allow encrypted, authenticated protocols such as SSHv2. Stateful packet filtering and logging shall be enabled.
    SV-61099r2_rule SOL-11.1-050320 CCI-001436 MEDIUM The operating system must disable the use of organization-defined networking protocols within the operating system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. Organization-defined networking protocols can be limited through the use of the host-based firewall.
    SV-61101r2_rule SOL-11.1-050290 CCI-001118 MEDIUM The operating system must implement host-based boundary protection mechanisms for servers, workstations, and mobile devices. A host-based boundary protection mechanism is a host-based firewall.
    SV-61103r2_rule SOL-11.1-050160 CCI-000774 MEDIUM The operating system must use organization-defined replay-resistant authentication mechanisms for network access to privileged accounts. Non-local maintenance and diagnostic communications often contain sensitive information and must be protected. The security of these remote accesses can be ensured by sending non-local maintenance and diagnostic communications through encrypted channels e
    SV-61105r2_rule SOL-11.1-050270 CCI-000197 MEDIUM The boundary protection system (firewall) must be configured to only allow encrypted protocols to ensure that passwords are transmitted via encryption. Proper configuration of the firewall will only allow encrypted, authenticated protocols such as SSHv2. Stateful packet filtering and logging must also be enabled.
    SV-61107r2_rule SOL-11.1-050240 CCI-001109 MEDIUM The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception). A firewall that relies on a deny all, permit by exception strategy requires all traffic to have explicit permission before traversing an interface on the host.
    SV-61109r2_rule SOL-11.1-050170 CCI-000776 MEDIUM The operating system must use organization-defined replay-resistant authentication mechanisms for network access to non-privileged accounts. Non-local maintenance and diagnostic communications often contain sensitive information and must be protected. The security of these remote accesses can be ensured by sending non-local maintenance and diagnostic communications through encrypted channels e
    SV-61111r2_rule SOL-11.1-050180 CCI-000877 MEDIUM The operating system must employ strong identification and authentication techniques in the establishment of non-local maintenance and diagnostic sessions. Non-local maintenance and diagnostic communications often contain sensitive information and must be protected. The security of these remote accesses can be ensured by sending non-local maintenance and diagnostic communications through encrypted channels e
    SV-61113r2_rule SOL-11.1-050190 CCI-000888 MEDIUM The operating system must employ cryptographic mechanisms to protect the integrity and confidentiality of non-local maintenance and diagnostic communications. Non-local maintenance and diagnostic communications often contain sensitive information and must be protected. This data's integrity and confidentiality can be ensured by sending non-local maintenance and diagnostic communications through encrypted channe
    SV-61115r4_rule SOL-11.1-040130 CCI-000196 MEDIUM Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. Cryptographic hashes provide quick password authentication while not actually storing the password.
    SV-61117r1_rule SOL-11.1-040140 CCI-000044 MEDIUM The system must disable accounts after three consecutive unsuccessful login attempts. Allowing continued access to accounts on the system exposes them to brute-force password-guessing attacks.
    SV-62545r1_rule SOL-11.1-010410 CCI-000138 HIGH The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded. Overflowing the audit storage area can result in a denial of service or system outage.
    SV-62549r1_rule SOL-11.1-090115 CCI-000366 MEDIUM The operating system must employ PKI solutions at workstations, servers, or mobile computing devices on the network to create, manage, distribute, use, store, and revoke digital certificates. Without the use of PKI systems to manage digital certificates, the operating system or other system components may be unable to securely communicate on a network or reliably verify the identity of a user via digital signatures.
    SV-62559r2_rule SOL-11.1-120410 CCI-000085 MEDIUM The operating system must monitor for unauthorized connections of mobile devices to organizational information systems. Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellula
    SV-74257r1_rule SOL-11.1-020300 CCI-000366 MEDIUM All run control scripts must have mode 0755 or less permissive. If the startup files are writable by other users, these users could modify the startup files to insert malicious commands into the startup files.
    SV-74259r1_rule SOL-11.1-020310 CCI-000366 MEDIUM All run control scripts must have no extended ACLs. If the startup files are writable by other users, these users could modify the startup files to insert malicious commands into the startup files.
    SV-74261r3_rule SOL-11.1-020320 CCI-000366 MEDIUM Run control scripts executable search paths must contain only authorized paths. The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory or other relative paths, executables in these directories
    SV-74263r2_rule SOL-11.1-020330 CCI-000366 MEDIUM Run control scripts library search paths must contain only authorized paths. The library search path environment variable(s) contain a list of directories for the dynamic linker to search to find libraries. If this path includes the current working directory or other relative paths, libraries in these directories may be loaded ins
    SV-74265r2_rule SOL-11.1-020340 CCI-000366 MEDIUM Run control scripts lists of preloaded libraries must contain only authorized paths. The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the libraries required by the binary. If this list contains paths to libraries to the current working directory that have not been aut
    SV-74267r3_rule SOL-11.1-020350 CCI-000366 MEDIUM Run control scripts must not execute world writable programs or scripts. World writable files could be modified accidentally or maliciously to compromise system integrity.
    SV-74269r1_rule SOL-11.1-020360 CCI-000366 MEDIUM All system start-up files must be owned by root. System start-up files not owned by root could lead to system compromise by allowing malicious users or applications to modify them for unauthorized purposes. This could lead to system and network compromise.
    SV-74271r1_rule SOL-11.1-020370 CCI-000366 MEDIUM All system start-up files must be group-owned by root, sys, or bin. If system start-up files do not have a group owner of root or a system group, the files may be modified by malicious users or intruders.
    SV-74273r1_rule SOL-11.1-020380 CCI-000366 MEDIUM System start-up files must only execute programs owned by a privileged UID or an application. System start-up files executing programs owned by other than root (or another privileged user) or an application indicates the system may have been compromised.
    SV-75471r2_rule SOL-11.1-020500 CCI-000297 MEDIUM Any X Windows host must write .Xauthority files. .Xauthority files ensure the user is authorized to access the specific X Windows host. If .Xauthority files are not used, it may be possible to obtain unauthorized access to the X Windows host.
    SV-75473r2_rule SOL-11.1-020510 CCI-000225 MEDIUM All .Xauthority files must have mode 0600 or less permissive. .Xauthority files ensure the user is authorized to access the specific X Windows host. Excessive permissions may permit unauthorized modification of these files, which could lead to Denial of Service to authorized access or allow unauthorized access to be
    SV-75491r2_rule SOL-11.1-020520 CCI-000225 MEDIUM The .Xauthority files must not have extended ACLs. .Xauthority files ensure the user is authorized to access the specific X Windows host. Extended ACLs may permit unauthorized modification of these files, which could lead to Denial of Service to authorized access or allow unauthorized access to be obtaine
    SV-75493r1_rule SOL-11.1-020530 CCI-000225 HIGH X displays must not be exported to the world. Open X displays allow an attacker to capture keystrokes and to execute commands remotely. Many users have their X Server set to xhost +, permitting access to the X Server by anyone, from anywhere.
    SV-75495r2_rule SOL-11.1-020540 CCI-000297 MEDIUM .Xauthority or X*.hosts (or equivalent) file(s) must be used to restrict access to the X server. If access to the X server is not restricted, a user's X session may be compromised.
    SV-75497r2_rule SOL-11.1-020550 CCI-000225 MEDIUM The .Xauthority utility must only permit access to authorized hosts. If unauthorized clients are permitted access to the X server, a user's X session may be compromised.
    SV-75499r1_rule SOL-11.1-020560 CCI-001436 MEDIUM X Window System connections that are not required must be disabled. If unauthorized clients are permitted access to the X server, a user's X session may be compromised.
    SV-86119r1_rule SOL-11.1-040315 CCI-000366 MEDIUM Access to a domain console via telnet must be restricted to the local host. Telnet is an insecure protocol.
    SV-86121r1_rule SOL-11.1-040316 CCI-000366 MEDIUM Access to a logical domain console must be restricted to authorized users. A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain.
    SV-87479r2_rule SOL-11.1-050480 CCI-001443 MEDIUM Wireless network adapters must be disabled. The use of wireless networking can introduce many different attack vectors into the organization’s network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing va
    SV-101309r1_rule SOL-11.1-030055 CCI-000366 MEDIUM Systems using OpenSSH must be configured per site policy to only allow access by approved networks or hosts. If ssh’s configuration file does not contain the appropriate rules for allowing and denying access to the system’s network resources, the system may be accessible to unauthorized hosts.
    SV-104855r1_rule SOL-11.1-080045 CCI-000366 MEDIUM The system must be configured to store any process core dumps in a specific, centralized directory. Specifying a centralized location for core file creation allows for the centralized protection of core files. Process core dumps contain the memory in use by the process when it crashed. Any data the process was handling may be contained in the core file,