STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Root passwords must never be passed over a network in clear text form.

DISA Rule

SV-226482r603265_rule

Vulnerability Number

V-226482

Group Title

SRG-OS-000074

Rule Version

GEN001100

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Enable SSH on the system and use it for all remote connections used to attain root access.

Check Contents

Determine if root has logged in over an unencrypted network connection.

First, determine if root has logged in over a network.
Procedure:
# last | grep "^root " | egrep -v "reboot|console" | more

Next, determine if the SSH daemon is running.
Procedure:
# ps -ef |grep sshd

If root has logged in over the network and SSHD is not running, this is a finding.

Vulnerability Number

V-226482

Documentable

False

Rule Version

GEN001100

Severity Override Guidance

Determine if root has logged in over an unencrypted network connection.

First, determine if root has logged in over a network.
Procedure:
# last | grep "^root " | egrep -v "reboot|console" | more

Next, determine if the SSH daemon is running.
Procedure:
# ps -ef |grep sshd

If root has logged in over the network and SSHD is not running, this is a finding.

Check Content Reference

M

Target Key

4060

Comments