Check: GEN003920
Solaris 10 SPARC STIG:
GEN003920
(in versions v2 r4 through v1 r19)
Title
The hosts.lpd (or equivalent) file must be owned by root. (Cat II impact)
Discussion
Failure to give ownership of the hosts.lpd file to root provides the designated owner, and possible unauthorized users, with the potential to modify the hosts.lpd file. Unauthorized modifications could disrupt access to local printers from authorized remote hosts or permit unauthorized remote access to local printers.
Check Content
Check the owner of the print service configuration files. Procedure: # ls -lL /etc/apache/httpd-standalone-ipp.conf /etc/printers.conf /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf /etc/sfw/samba/smb.conf If the owner of any of the print service configuration files is not root, this is a finding.
Fix Text
Change the owner of the print service configuration files. Procedure: # chown root /etc/apache/httpd-standalone-ipp.conf /etc/printers.conf /etc/sfw/smb.conf
Additional Identifiers
Rule ID: SV-227079r854456_rule
Vulnerability ID: V-227079
Group Title: SRG-OS-000312
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002165 |
The information system enforces organization-defined discretionary access control policies over defined subjects and objects. |
Controls
Number | Title |
---|---|
AC-3 (4) |
Discretionary Access Control |