Check: GEN005810
Solaris 10 X86 STIG:
GEN005810
(in versions v2 r4 through v1 r17)
Title
All NFS exported system files and system directories must be group-owned by root, bin, or sys. (Cat II impact)
Discussion
Failure to give group ownership of sensitive files or directories to root provides the members of the owning group with the potential to access sensitive information or change system configuration which could weaken the system's security posture.
Check Content
List the exports. # cat /etc/dfs/dfstab OR # more /etc/dfs/sharetab For each export, check the ownership information. # ls -ldL <export> If the directory is not group-owned by root, sys, or bin this is a finding.
Fix Text
Change the group owner of the export directory. # chgrp root <export>
Additional Identifiers
Rule ID: SV-227918r603266_rule
Vulnerability ID: V-227918
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |