Navigate

Check: SOL-11.1-050120

Solaris 11 x86 STIG: SOL-11.1-050120 (in versions v2 r10 through v1 r10)

Title

The system must set maximum number of incoming connections to 1024. (Cat III impact)

Discussion

This setting controls the maximum number of incoming connections that can be accepted on a TCP port limiting exposure to denial of service attacks.

Check Content

Determine if the maximum number of incoming connections is set to 1024. # ipadm show-prop -p _conn_req_max_q -co current tcp If the value returned is smaller than "1024", this is a finding. In environments where connection numbers are high, such as a busy web server, this value may need to be increased.

Fix Text

The Network Management profile is required. Configure maximum number of incoming connections. # pfexec ipadm set-prop -p _conn_req_max_q=1024 tcp

Additional Identifiers

Rule ID: SV-216142r603268_rule

Vulnerability ID: V-216142

Group Title: SRG-OS-000480

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings