STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Host-based authentication for login-based services must be disabled.

DISA Rule

SV-216120r603268_rule

Vulnerability Number

V-216120

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-040390

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Note: This is the location for Solaris 11.1. For earlier versions, the information is in /etc/pam.conf.

The root role is required.

# ls -l /etc/pam.d
to identify the various configuration files used by PAM.

Search each file for the pam_rhosts_auth.so.1 entry.

# grep pam_rhosts_auth.so.1 [filename]

Identify the file with the line pam_hosts_auth.so.1 in it.

# pfedit [filename]

Insert a comment character (#) at the beginning of the line containing "pam_hosts_auth.so.1".

Check Contents

Note: This is the location for Solaris 11.1. For earlier versions, the information is in /etc/pam.conf.

Determine if host-based authentication services are enabled.

# grep 'pam_rhosts_auth.so.1' /etc/pam.conf /etc/pam.d/*| grep -vc '^#'

If the returned result is not 0 (zero), this is a finding.

Vulnerability Number

V-216120

Documentable

False

Rule Version

SOL-11.1-040390

Severity Override Guidance

Note: This is the location for Solaris 11.1. For earlier versions, the information is in /etc/pam.conf.

Determine if host-based authentication services are enabled.

# grep 'pam_rhosts_auth.so.1' /etc/pam.conf /etc/pam.d/*| grep -vc '^#'

If the returned result is not 0 (zero), this is a finding.

Check Content Reference

M

Target Key

4021

Comments