STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-216243r603268_rule
V-216243
SRG-OS-000480
SOL-11.1-120410
CAT II
10
The root role is required.
This check applies to the global zone only. Determine the zone that you are currently securing.
# zonename
If the command output is "global" this check applies.
Modify the /etc/system file.
Determine the OS version you are currently securing.
# uname –v
For Solaris 11GA and 11.1
# pfedit /etc/system
Add a line containing:
exclude: scsa2usb
Note that the global zone will need to be rebooted for this change to take effect.
For Solaris 11.2 or newer
Modify an /etc/system.d file.
# pfedit /etc/system.d/USB:MassStorage
Add a line containing:
exclude: scsa2usb
Note that the global zone will need to be rebooted for this change to take effect.
This check applies to the global zone only. Determine the zone that you are currently securing.
# zonename
If the command output is "global" this check applies.
Determine if USB mass storage devices are locked out by the kernel.
# grep -h "exclude: scsa2usb" /etc/system /etc/system.d/*
If the output of this command is not:
exclude: scsa2usb
this is a finding.
V-216243
False
SOL-11.1-120410
This check applies to the global zone only. Determine the zone that you are currently securing.
# zonename
If the command output is "global" this check applies.
Determine if USB mass storage devices are locked out by the kernel.
# grep -h "exclude: scsa2usb" /etc/system /etc/system.d/*
If the output of this command is not:
exclude: scsa2usb
this is a finding.
M
4021