STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.

DISA Rule

SV-216098r603268_rule

Vulnerability Number

V-216098

Group Title

SRG-OS-000073

Rule Version

SOL-11.1-040130

Severity

CAT II

CCI(s)

CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

Fix Recommendation

The root role is required.

Configure the system to disallow the use of UNIX encryption and enable SHA256 as the default encryption hash.

# pfedit /etc/security/policy.conf

Check that the lines:
CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6

exist and are not commented out.

Check Contents

Determine which cryptographic algorithms are configured.

# grep ^CRYPT /etc/security/policy.conf

If the command output does not include the lines:

CRYPT_DEFAULT=6
CRYPT_ALGORITHMS_ALLOW=5,6

this is a finding.

Vulnerability Number

V-216098

Documentable

False

Rule Version

SOL-11.1-040130

Severity Override Guidance

Check Content Reference

Target Key

4021

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments