STIGQter STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.

DISA Rule

SV-216333r603267_rule

Vulnerability Number

V-216333

Group Title

SRG-OS-000073

Rule Version

SOL-11.1-040130

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The root role is required.

Configure the system to disallow the use of UNIX encryption and enable SHA256 as the default encryption hash.

# pfedit /etc/security/policy.conf

Check that the lines:
CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6

exist and are not commented out.

Check Contents

Determine which cryptographic algorithms are configured.

# grep ^CRYPT /etc/security/policy.conf

If the command output does not include the lines:

CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6

this is a finding.

Vulnerability Number

V-216333

Documentable

False

Rule Version

SOL-11.1-040130

Severity Override Guidance

Determine which cryptographic algorithms are configured.

# grep ^CRYPT /etc/security/policy.conf

If the command output does not include the lines:

CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6

this is a finding.

Check Content Reference

M

Target Key

4022

Comments