STIGQter STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The rpcbind service must be configured for local only services unless organizationally defined.

DISA Rule

SV-216059r603268_rule

Vulnerability Number

V-216059

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-020170

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The Service Management profile is required.

If services such as portmap or rpcbind are required for system operations, the operator must document the services used and obtain approval from their Authorizing Official. They should also document the method(s) of blocking all other remote accesses through tools like a firewall or tcp_wrappers.
Otherwise, configure the rpc/bind service for local only access.

# svccfg -s network/rpc/bind setprop config/local_only=true

Check Contents

Check the status of the rpcbind service local_only property.
# svcprop -p config/local_only network/rpc/bind

If the state is not "true", this is a finding, unless it is required for system operations, then this is not a finding.

Vulnerability Number

V-216059

Documentable

False

Rule Version

SOL-11.1-020170

Severity Override Guidance

Check the status of the rpcbind service local_only property.
# svcprop -p config/local_only network/rpc/bind

If the state is not "true", this is a finding, unless it is required for system operations, then this is not a finding.

Check Content Reference

M

Target Key

4021

Comments