STIGQter STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The operating system must monitor for unauthorized connections of mobile devices to organizational information systems.

DISA Rule

SV-216479r603267_rule

Vulnerability Number

V-216479

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-120410

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The root role is required.

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global" this check applies.

Modify the /etc/system file.

Determine the OS version you are currently securing.
# uname –v
For Solaris 11GA and 11.1
# pfedit /etc/system

Add a line containing:

exclude: scsa2usb

Note that the global zone will need to be rebooted for this change to take effect.

For Solaris 11.2 or newer

Modify an /etc/system.d file.
# pfedit /etc/system.d/USB:MassStorage

Add a line containing:
exclude: scsa2usb

Note that the global zone will need to be rebooted for this change to take effect.

Check Contents

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global" this check applies.

Determine if USB mass storage devices are locked out by the kernel.

# grep -h "exclude: scsa2usb" /etc/system /etc/system.d/*

If the output of this command is not:

exclude: scsa2usb

this is a finding.

Vulnerability Number

V-216479

Documentable

False

Rule Version

SOL-11.1-120410

Severity Override Guidance

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global" this check applies.

Determine if USB mass storage devices are locked out by the kernel.

# grep -h "exclude: scsa2usb" /etc/system /etc/system.d/*

If the output of this command is not:

exclude: scsa2usb

this is a finding.

Check Content Reference

M

Target Key

4022

Comments