SV-220012r603268_rule
V-220012
SRG-OS-000423
SOL-11.1-060190
CAT II
10
The Service Management profile is required.
Configure IPsec encrypted tunneling between two systems.
On both systems review the file /etc/inet/ipsecinit.conf. Ensure that connections between hosts are configured properly in this file per the Solaris 11 documentation.
Ensure that the IPsec policy service is online:
Enable the IPsec service:
# svcadm enable svc:/network/ipsec/policy:default
The operator shall determine if IPsec is being used to encrypt data for activities such as cluster interconnects or other non-SSH, SFTP data connections.
On both systems review the file /etc/inet/ipsecinit.conf. Ensure that connections between hosts are configured properly in this file per the Solaris 11 documentation.
Check that the IPsec policy service is online:
# svcs svc:/network/ipsec/policy:default
If the IPsec service is not online, this is a finding.
If encrypted protocols are not used between systems, this is a finding.
V-220012
False
SOL-11.1-060190
The operator shall determine if IPsec is being used to encrypt data for activities such as cluster interconnects or other non-SSH, SFTP data connections.
On both systems review the file /etc/inet/ipsecinit.conf. Ensure that connections between hosts are configured properly in this file per the Solaris 11 documentation.
Check that the IPsec policy service is online:
# svcs svc:/network/ipsec/policy:default
If the IPsec service is not online, this is a finding.
If encrypted protocols are not used between systems, this is a finding.
M
4021