STIGQter STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All valid SUID/SGID files must be documented.

DISA Rule

SV-216435r603267_rule

Vulnerability Number

V-216435

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-070190

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The root role is required.

Determine the existence of any set-UID programs that do not belong on the system, and work with the owners (or system administrator) to determine the best course of action in accordance with site policy.

Check Contents

The root role is required.

# find / \( -fstype nfs -o -fstype cachefs -o -fstype autofs \
-o -fstype ctfs -o -fstype mntfs -o -fstype objfs \
-o -fstype proc \) -prune -o -type f -perm -4000 -o \
-perm -2000 -print

Output should only be Solaris-provided files and approved customer files.

Solaris-provided SUID/SGID files can be listed using the command:

# pkg contents -a mode=4??? -a mode=2??? -t file -o pkg.name,path,mode

Digital signatures on the Solaris Set-UID binaries can be verified with the elfsign utility, such as this example:

# elfsign verify -e /usr/bin/su
elfsign: verification of /usr/bin/su passed.

This message indicates that the binary is properly signed.

If non-vendor provided or non-approved files are included in the list, this is a finding.

Vulnerability Number

V-216435

Documentable

False

Rule Version

SOL-11.1-070190

Severity Override Guidance

The root role is required.

# find / \( -fstype nfs -o -fstype cachefs -o -fstype autofs \
-o -fstype ctfs -o -fstype mntfs -o -fstype objfs \
-o -fstype proc \) -prune -o -type f -perm -4000 -o \
-perm -2000 -print

Output should only be Solaris-provided files and approved customer files.

Solaris-provided SUID/SGID files can be listed using the command:

# pkg contents -a mode=4??? -a mode=2??? -t file -o pkg.name,path,mode

Digital signatures on the Solaris Set-UID binaries can be verified with the elfsign utility, such as this example:

# elfsign verify -e /usr/bin/su
elfsign: verification of /usr/bin/su passed.

This message indicates that the binary is properly signed.

If non-vendor provided or non-approved files are included in the list, this is a finding.

Check Content Reference

M

Target Key

4022

Comments