STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Root passwords must never be passed over a network in clear text form.

DISA Rule

SV-227608r603266_rule

Vulnerability Number

V-227608

Group Title

SRG-OS-000074

Rule Version

GEN001100

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Enable SSH on the system and use it for all remote connections used to attain root access.

Check Contents

Determine if root has logged in over an unencrypted network connection.

First, determine if root has logged in over a network.
Procedure:
# last | grep "^root " | egrep -v "reboot|console" | more

Next, determine if the SSH daemon is running.
Procedure:
# ps -ef |grep sshd

If root has logged in over the network and SSHD is not running, this is a finding.

Vulnerability Number

V-227608

Documentable

False

Rule Version

GEN001100

Severity Override Guidance

Determine if root has logged in over an unencrypted network connection.

First, determine if root has logged in over a network.
Procedure:
# last | grep "^root " | egrep -v "reboot|console" | more

Next, determine if the SSH daemon is running.
Procedure:
# ps -ef |grep sshd

If root has logged in over the network and SSHD is not running, this is a finding.

Check Content Reference

M

Target Key

4061

Comments