Check: GEN001700
Solaris 9 X86 STIG:
GEN001700
(in version v1 r9)
Title
System start-up files must only execute programs owned by a privileged UID or an application. (Cat II impact)
Discussion
System start-up files executing programs owned by other than root (or another privileged user) or an application indicates the system may have been compromised.
Check Content
Determine the programs executed by system start-up files. Determine the ownership of the executed programs. # cat /etc/rc* /etc/init.d/* | more Check the ownership of every program executed by the system start-up files. # ls -l <executed program> If any executed program is not owned by root, sys, bin, or in rare cases, an application account, this is a finding.
Fix Text
Change the ownership of the file executed from system startup scripts to root, bin, or sys. # chown root <executed file>
Additional Identifiers
Rule ID: SV-27219r1_rule
Vulnerability ID: V-4091
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
| Number | Title |
|---|---|
| AC-6 |
Least Privilege |