UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The physical devices must not be assigned to non-global zones.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22609 GEN000000-SOL00660 SV-27024r2_rule Medium
Description
Solaris non-global zones can be assigned physical hardware devices. This increases the risk of such a non-global zone having the capability to compromise the global zone.
STIG Date
SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2017-01-05

Details

Check Text ( C-27955r1_chk )
If the system is not a global zone, this vulnerability is not applicable.
List the non-global zones on the system.
# zoneadm list -vi
List the configuration for each zone.
# zonecfg -z info
Check for device lines. If such a line exists, this is a finding.
Fix Text (F-24291r2_fix)
Remove all device assignments from the non-global zone.
# zonecfg -z remove device