Navigate

Check: GEN005280

Solaris 10 X86 STIG: GEN005280 (in versions v2 r4 through v1 r17)

Title

The system must not have the UUCP service active. (Cat II impact)

Discussion

The UUCP utility is designed to assist in transferring files, executing remote commands, and sending email between UNIX systems over phone lines and direct connections between systems. The UUCP utility is a primitive and arcane system with many security issues. There are alternate data transfer utilities/products that can be configured to more securely transfer data by providing for authentication, as well as encryption.

Check Content

# svcs uucp If UUCP is found enabled and its use is not justified and documented with the ISSO, this is a finding.

Fix Text

# svcadm disable uucp # svcadm refresh inetd

Additional Identifiers

Rule ID: SV-227875r603266_rule

Vulnerability ID: V-227875

Group Title: SRG-OS-000095

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality