Check: GEN000000-SOL00020
Solaris 9 X86 STIG:
GEN000000-SOL00020
(in version v1 r9)
Title
The nosuid option must be configured in the /etc/rmmount.conf file. (Cat II impact)
Discussion
The rmmount.conf file controls the mounting of removable media on a Solaris system. Removable media is not to be trusted with privileged access, and therefore the filesystems must be mounted with the nosuid option, which prevents any executables with the setuid bit set on this filesystem from running with owner privileges.
Check Content
# grep mount /etc/rmmount.conf Confirm the nosuid option is configured. mount * hsgs udgs ufs -o nosuid If the nosuid option is not configured in the /etc/rmmount.conf file, this is a finding.
Fix Text
Edit /etc/rmmount.conf and add the nosuid mount option to the configuration.
Additional Identifiers
Rule ID: SV-12532r2_rule
Vulnerability ID: V-12031
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned organizational tasks. |
| CCI-000366 |
Implement the security configuration settings. |