STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The hosts.lpd file (or equivalent) must not contain a "+" character.

DISA Rule

SV-226923r603265_rule

Vulnerability Number

V-226923

Group Title

SRG-OS-000480

Rule Version

GEN003900

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure IPP to use only the localhost or specified remote hosts.

Procedure:
Modify the /etc/apache/httpd-standalone-ipp.conf file to "Listen" only to the local machine or a known set of hosts (i.e., Listen localhost:631).
Modify the /etc/apache/httpd-standalone-ipp.conf file "<Location />" element to "Deny From All" and "Allow from 127.0.0.1" or allowed host addresses.

Restart the IPP service:
# svcadm restart ipp-listener

Check Contents

Solaris uses the "IPP" print service and can also use the Samba print service. Verify remote host access is limited.

Procedure:
# grep -i Listen /etc/apache/httpd-standalone-ipp.conf
The /etc/apache/httpd-standalone-ipp.conf file must not contain a Listen *:<port> or equivalent line.
If the network address of the "Listen" line is unrestricted, this is a finding.

# grep -i "Allow From" /etc/apache/httpd-standalone-ipp.conf
The "Allow From" line within the "<Location />" element should limit access to the printers to @LOCAL and specific hosts.
If the "Allow From" line contains "All", this is a finding.

Verify guest access to printers shared via Samba is restricted according to GEN006235.

The hosts.lpd file (or equivalent) must not contain a "+" character.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments