Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-827 | GEN003900 | SV-40457r1_rule | ECCD-1 ECCD-2 | Medium |
Description |
---|
Having the "+" character in the hosts.lpd (or equivalent) file allows all hosts to use local system print resources. |
STIG | Date |
---|---|
Solaris 10 SPARC Security Technical Implementation Guide | 2019-06-24 |
Check Text ( C-39287r1_chk ) |
---|
Solaris uses the "IPP" print service and can also use the Samba print service. Verify remote host access is limited. Procedure: # grep -i Listen /etc/apache/httpd-standalone-ipp.conf The /etc/apache/httpd-standalone-ipp.conf file must not contain a Listen *: If the network address of the "Listen" line is unrestricted, this is a finding. # grep -i "Allow From" /etc/apache/httpd-standalone-ipp.conf The "Allow From" line within the " If the "Allow From" line contains "All", this is a finding. Verify guest access to printers shared via Samba is restricted according to GEN006235. |
Fix Text (F-34391r1_fix) |
---|
Configure IPP to use only the localhost or specified remote hosts. Procedure: Modify the /etc/apache/httpd-standalone-ipp.conf file to "Listen" only to the local machine or a known set of hosts (i.e., Listen localhost:631). Modify the /etc/apache/httpd-standalone-ipp.conf file " Restart the IPP service: # svcadm restart ipp-listener |