STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The sticky bit must be set on all world writable directories.

DISA Rule

SV-216180r603268_rule

Vulnerability Number

V-216180

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-070010

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The root role is required.

Ensure that the "sticky bit" is set on any directories identified during the check steps.

# chmod +t [directory name]

Check Contents

The root role is required.

Identify all world-writable directories without the "sticky bit" set.

# find / \( -fstype nfs -o -fstype cachefs -o -fstype autofs \
-o -fstype ctfs -o -fstype mntfs -o -fstype objfs \
-o -fstype proc \) -prune -o -type d \( -perm -0002 \
-a ! -perm -1000 \) -ls

Output of this command identifies world-writable directories without the "sticky bit" set. If output is created, this is a finding.

Vulnerability Number

V-216180

Documentable

False

Rule Version

SOL-11.1-070010

Severity Override Guidance

The root role is required.

Identify all world-writable directories without the "sticky bit" set.

# find / \( -fstype nfs -o -fstype cachefs -o -fstype autofs \
-o -fstype ctfs -o -fstype mntfs -o -fstype objfs \
-o -fstype proc \) -prune -o -type d \( -perm -0002 \
-a ! -perm -1000 \) -ls

Output of this command identifies world-writable directories without the "sticky bit" set. If output is created, this is a finding.

Check Content Reference

M

Target Key

4021

Comments