STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-226573r603265_rule
V-226573
SRG-OS-000480
GEN002280
CAT II
10
Remove the world-writable permission from the device file(s).
Procedure:
# chmod o-w <device file>
Document all changes.
Find all device files existing anywhere on the system.
Procedure:
# find / -type b -print > devicelist
# find / -type c -print >> devicelist
Check the permissions on the directories above subdirectories containing device files.
The following list of device files are intended to be world-writable and if present are not a finding.
/dev/arp
/dev/conslog
/dev/crypto
/dev/dtrace/dtrace
/dev/dtrace/helper
/dev/dtrace/provider/fasttrap
/dev/fd/*
/dev/kstat
/dev/null
/dev/poll
/dev/pool
/dev/ptmx
/dev/sad/user
/dev/tcp
/dev/tcp6
/dev/ticlts
/dev/ticots
/dev/ticotsord
/dev/tty
/dev/udp
/dev/udp6
/dev/zero
/dev/zfs
If any device file or their parent directory is world-writable and it is not intended to be world-writable, this is a finding.
V-226573
False
GEN002280
Find all device files existing anywhere on the system.
Procedure:
# find / -type b -print > devicelist
# find / -type c -print >> devicelist
Check the permissions on the directories above subdirectories containing device files.
The following list of device files are intended to be world-writable and if present are not a finding.
/dev/arp
/dev/conslog
/dev/crypto
/dev/dtrace/dtrace
/dev/dtrace/helper
/dev/dtrace/provider/fasttrap
/dev/fd/*
/dev/kstat
/dev/null
/dev/poll
/dev/pool
/dev/ptmx
/dev/sad/user
/dev/tcp
/dev/tcp6
/dev/ticlts
/dev/ticots
/dev/ticotsord
/dev/tty
/dev/udp
/dev/udp6
/dev/zero
/dev/zfs
If any device file or their parent directory is world-writable and it is not intended to be world-writable, this is a finding.
M
4060