STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The systems physical devices must not be assigned to non-global zones.

DISA Rule

SV-216476r603267_rule

Vulnerability Number

V-216476

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-100030

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

The Zone Security profile is required:

Remove all device assignments from the non-global zone.

# pfexec zonecfg -z [zone] delete device [device]

Check Contents

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

List the non-global zones on the system.

# zoneadm list -vi | grep -v global

List the configuration for each zone.

# zonecfg -z [zonename] info | grep dev

Check for device lines. If such a line exists and is not approved by security, this is a finding.

Vulnerability Number

V-216476

Documentable

False

Rule Version

SOL-11.1-100030

Severity Override Guidance

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

List the non-global zones on the system.

# zoneadm list -vi | grep -v global

List the configuration for each zone.

# zonecfg -z [zonename] info | grep dev

Check for device lines. If such a line exists and is not approved by security, this is a finding.

Check Content Reference

M

Target Key

4022

Comments