STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-216475r603267_rule
V-216475
SRG-OS-000480
SOL-11.1-100020
CAT III
10
This check applies to the global zone only. Determine the zone that you are currently securing.
# zonename
If the command output is "global", this check applies.
The Zone Security profile is required:
Change the "limitpriv" setting to default.
# pfexec zonecfg -z [zone] set limitpriv=default
This check applies to the global zone only. Determine the zone that you are currently securing.
# zonename
If the command output is "global", this check applies.
List the non-global zones on the system.
# zoneadm list -vi | grep -v global
From the output list of non-global zones found, determine if any are Kernel zones.
# zoneadm list -cv | grep [zonename] | grep solaris-kz
Exclude any Kernel zones found from the list of local zones.
List the configuration for each zone.
# zonecfg -z [zonename] info |grep limitpriv
If the output of this command has a setting for limitpriv and it is not:
limitpriv: default
this is a finding.
V-216475
False
SOL-11.1-100020
This check applies to the global zone only. Determine the zone that you are currently securing.
# zonename
If the command output is "global", this check applies.
List the non-global zones on the system.
# zoneadm list -vi | grep -v global
From the output list of non-global zones found, determine if any are Kernel zones.
# zoneadm list -cv | grep [zonename] | grep solaris-kz
Exclude any Kernel zones found from the list of local zones.
List the configuration for each zone.
# zonecfg -z [zonename] info |grep limitpriv
If the output of this command has a setting for limitpriv and it is not:
limitpriv: default
this is a finding.
M
4022