STIGQter STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The operating system must protect the integrity of transmitted information.

DISA Rule

SV-220012r603268_rule

Vulnerability Number

V-220012

Group Title

SRG-OS-000423

Rule Version

SOL-11.1-060190

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The Service Management profile is required.

Configure IPsec encrypted tunneling between two systems.

On both systems review the file /etc/inet/ipsecinit.conf. Ensure that connections between hosts are configured properly in this file per the Solaris 11 documentation.

Ensure that the IPsec policy service is online:

Enable the IPsec service:

# svcadm enable svc:/network/ipsec/policy:default

Check Contents

The operator shall determine if IPsec is being used to encrypt data for activities such as cluster interconnects or other non-SSH, SFTP data connections.

On both systems review the file /etc/inet/ipsecinit.conf. Ensure that connections between hosts are configured properly in this file per the Solaris 11 documentation.

Check that the IPsec policy service is online:

# svcs svc:/network/ipsec/policy:default

If the IPsec service is not online, this is a finding.

If encrypted protocols are not used between systems, this is a finding.

Vulnerability Number

V-220012

Documentable

False

Rule Version

SOL-11.1-060190

Severity Override Guidance

The operator shall determine if IPsec is being used to encrypt data for activities such as cluster interconnects or other non-SSH, SFTP data connections.

On both systems review the file /etc/inet/ipsecinit.conf. Ensure that connections between hosts are configured properly in this file per the Solaris 11 documentation.

Check that the IPsec policy service is online:

# svcs svc:/network/ipsec/policy:default

If the IPsec service is not online, this is a finding.

If encrypted protocols are not used between systems, this is a finding.

Check Content Reference

M

Target Key

4021

Comments