STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-216129r603268_rule
V-216129
SRG-OS-000480
SOL-11.1-040490
CAT II
10
The root Role is required.
Remove net_access privilege from users who may be accessing the systems externally.
1. Create an RBAC Profile with net_access restriction
# profiles -p RestrictOutbound
profiles:RestrictOutbound> set desc="Restrict Outbound Connections"
profiles:RestrictOutbound> set limitpriv=zone,!net_access
profiles:RestrictOutbound> exit
2. Assign the RBAC Profile to a user
# usermod -P +RestrictOutbound [username]
This prevents the user from initiating any outbound network connections.
Determine if the "RestrictOutbound" profile is configured properly:
# profiles -p RestrictOutbound info
If the output is not:
name=RestrictOutbound
desc=Restrict Outbound Connections
limitpriv=zone,!net_access
this is a finding.
For users who are not allowed external network access, determine if a user is configured with the "RestrictOutbound" profile.
# profiles -l [username]
If the output does not include:
[username]:
RestrictOutbound
this is a finding.
V-216129
False
SOL-11.1-040490
Determine if the "RestrictOutbound" profile is configured properly:
# profiles -p RestrictOutbound info
If the output is not:
name=RestrictOutbound
desc=Restrict Outbound Connections
limitpriv=zone,!net_access
this is a finding.
For users who are not allowed external network access, determine if a user is configured with the "RestrictOutbound" profile.
# profiles -l [username]
If the output does not include:
[username]:
RestrictOutbound
this is a finding.
M
4021