Check: SOL-11.1-040320
Solaris 11 SPARC STIG:
SOL-11.1-040320
(in versions v2 r10 through v1 r22)
Title
The nobody access for RPC encryption key storage service must be disabled. (Cat II impact)
Discussion
If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user.
Check Content
Determine if the rpc-authdes package is installed: # pkg list solaris/legacy/security/rpc-authdes If the output of this command is: pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed no further action is required. Determine if "nobody" access for keyserv is enabled. # grep "^ENABLE_NOBODY_KEYS=" /etc/default/keyserv If the output of the command is not: ENABLE_NOBODY_KEYS=NO this is a finding.
Fix Text
Determine if the rpc-authdes package is installed: # pkg list solaris/legacy/security/rpc-authdes If the output of this command is: pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed no further action is required. The root role is required. Modify the /etc/default/keyserv file. # pfedit /etc/default/keyserv Locate the line: #ENABLE_NOBODY_KEYS=YES Change it to: ENABLE_NOBODY_KEYS=NO
Additional Identifiers
Rule ID: SV-216350r603267_rule
Vulnerability ID: V-216350
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |