STIGQter STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All user accounts must be configured to use a home directory that exists.

DISA Rule

SV-216187r603268_rule

Vulnerability Number

V-216187

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-070080

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The root role is required.

Work with users identified in the check step to determine the best course of action in accordance with site policy. This generally means deleting the user account or creating a valid home directory.

Check Contents

The root role is required.

Check if a GUI is installed.

Determine the OS version you are currently securing:.
# uname –v

For Solaris 11, 11.1, 11.2, and 11.3:
# pkg info gdm
# pkg info coherence-26
# pkg info coherence-27

If none of these packages are installed on the system, then no GUI is present.
For Solaris 11.4 or newer:
# pkg info gdm

If gdm is not installed on the system, then no GUI is present.

# pkg info uucp

uucp is no longer installed by default starting in 11.4 and is deprecated.

For all versions, check that all users' home directories exist.

# pwck

Accounts with no home directory will output "Login directory not found".

If no GUI is present, then "gdm" and "upnp" accounts should generate errors. On all systems, with uucp package installed, the "uucp" and "nuucp" accounts should generate errors.

If users' home directories do not exist, this is a finding.

Vulnerability Number

V-216187

Documentable

False

Rule Version

SOL-11.1-070080

Severity Override Guidance

The root role is required.

Check if a GUI is installed.

Determine the OS version you are currently securing:.
# uname –v

For Solaris 11, 11.1, 11.2, and 11.3:
# pkg info gdm
# pkg info coherence-26
# pkg info coherence-27

If none of these packages are installed on the system, then no GUI is present.
For Solaris 11.4 or newer:
# pkg info gdm

If gdm is not installed on the system, then no GUI is present.

# pkg info uucp

uucp is no longer installed by default starting in 11.4 and is deprecated.

For all versions, check that all users' home directories exist.

# pwck

Accounts with no home directory will output "Login directory not found".

If no GUI is present, then "gdm" and "upnp" accounts should generate errors. On all systems, with uucp package installed, the "uucp" and "nuucp" accounts should generate errors.

If users' home directories do not exist, this is a finding.

Check Content Reference

M

Target Key

4021

Comments