STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools.

DISA Rule

SV-219973r603267_rule

Vulnerability Number

V-219973

Group Title

SRG-OS-000324

Rule Version

SOL-11.1-040200

Severity

CAT II

CCI(s)

CCI-001170 - The information system prevents the automatic execution of mobile code in organization-defined software applications.

Weight

Fix Recommendation

The root role is required.

Convert the root user into a role.

# usermod -K type=role root

Add the root role to authorized users' logins.

# usermod -R +root [username]

Remove the root role from users who should not be authorized to assume it.

# usermod -R -root [username]

Check Contents

Verify the root user is configured as a role, rather than a normal user.

# userattr type root

If the command does not return the word "role", this is a finding.

Verify at least one local user has been assigned the root role.

# grep '[:;]roles=root[^;]*' /etc/user_attr

If no lines are returned, or no users are permitted to assume the root role, this is a finding.

Vulnerability Number

V-219973

Documentable

False

Rule Version

SOL-11.1-040200

Severity Override Guidance

Check Content Reference

Target Key

4022

The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments