STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Administrative accounts must not run a web browser, except as needed for local service administration.

DISA Rule

SV-227836r603266_rule

Vulnerability Number

V-227836

Group Title

SRG-OS-000480

Rule Version

GEN004220

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Enforce policy requiring administrative accounts use web browsers only for local service administration.

Check Contents

Look in the root account home directory for a .netscape or a .mozilla directory. If none exists, this is not a finding. If there is one, verify with the root users and the IAO what the intent of the browsing is. Some evidence may be obtained by using the browser to view cached pages under the .netscape directory.

Vulnerability Number

V-227836

Documentable

False

Rule Version

GEN004220

Severity Override Guidance

Look in the root account home directory for a .netscape or a .mozilla directory. If none exists, this is not a finding. If there is one, verify with the root users and the IAO what the intent of the browsing is. Some evidence may be obtained by using the browser to view cached pages under the .netscape directory.

Check Content Reference

M

Target Key

4061

Comments