STIGQter STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools.

DISA Rule

SV-220001r603268_rule

Vulnerability Number

V-220001

Group Title

SRG-OS-000324

Rule Version

SOL-11.1-040200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The root role is required.

Convert the root user into a role.

# usermod -K type=role root

Add the root role to authorized users' logins.

# usermod -R +root [username]

Remove the root role from users who should not be authorized to assume it.

# usermod -R -root [username]

Check Contents

Verify the root user is configured as a role, rather than a normal user.

# userattr type root

If the command does not return the word "role", this is a finding.

Verify at least one local user has been assigned the root role.

# grep '[:;]roles=root[^;]*' /etc/user_attr

If no lines are returned, or no users are permitted to assume the root role, this is a finding.

Vulnerability Number

V-220001

Documentable

False

Rule Version

SOL-11.1-040200

Severity Override Guidance

Verify the root user is configured as a role, rather than a normal user.

# userattr type root

If the command does not return the word "role", this is a finding.

Verify at least one local user has been assigned the root role.

# grep '[:;]roles=root[^;]*' /etc/user_attr

If no lines are returned, or no users are permitted to assume the root role, this is a finding.

Check Content Reference

M

Target Key

4021

Comments