STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The operating system must reveal error messages only to authorized personnel.

DISA Rule

SV-216202r603268_rule

Vulnerability Number

V-216202

Group Title

SRG-OS-000206

Rule Version

SOL-11.1-070240

Severity

CAT III

CCI(s)

• CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

10

Fix Recommendation

The root role is required.

Change the permissions and owner on the /var/adm/messages file:

# chmod 640 /var/adm/messages
# chown root /var/adm/messages
# chgrp root /var/adm/messages

Change the permissions and owner on the /var/adm directory:

# chmod 750 /var/adm
# chown root /var/adm
# chgrp sys /var/adm

Check Contents

Check the permissions of the /var/adm/messages file:
# ls -l /var/adm/messages

Check the permissions of the /var/adm directory:
# ls -ld /var/adm

If the owner and group of /var/adm/messages is not root and the permissions are not 640, this is a finding.

If the owner of /var/adm is not root, group is not sys, and the permissions are not 750, this is a finding.

Vulnerability Number

V-216202

Documentable

False

Rule Version

SOL-11.1-070240

Severity Override Guidance

Check the permissions of the /var/adm/messages file:
# ls -l /var/adm/messages

Check the permissions of the /var/adm directory:
# ls -ld /var/adm

If the owner and group of /var/adm/messages is not root and the permissions are not 640, this is a finding.

If the owner of /var/adm is not root, group is not sys, and the permissions are not 750, this is a finding.

Check Content Reference

M

Target Key

4021

Comments