Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The hosts.lpd file (or equivalent) must not contain a "+" character.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-827 | GEN003900 | SV-40457r1_rule | ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| Having the "+" character in the hosts.lpd (or equivalent) file allows all hosts to use local system print resources. |
| STIG | Date |
|---|---|
| Solaris 10 SPARC Security Technical Implementation Guide | 2020-02-26 |
Details
| Check Text ( C-39287r1_chk ) |
|---|
| Solaris uses the "IPP" print service and can also use the Samba print service. Verify remote host access is limited. Procedure: # grep -i Listen /etc/apache/httpd-standalone-ipp.conf The /etc/apache/httpd-standalone-ipp.conf file must not contain a Listen *: If the network address of the "Listen" line is unrestricted, this is a finding. # grep -i "Allow From" /etc/apache/httpd-standalone-ipp.conf The "Allow From" line within the " If the "Allow From" line contains "All", this is a finding. Verify guest access to printers shared via Samba is restricted according to GEN006235. |
| Fix Text (F-34391r1_fix) |
|---|
| Configure IPP to use only the localhost or specified remote hosts. Procedure: Modify the /etc/apache/httpd-standalone-ipp.conf file to "Listen" only to the local machine or a known set of hosts (i.e., Listen localhost:631). Modify the /etc/apache/httpd-standalone-ipp.conf file " Restart the IPP service: # svcadm restart ipp-listener |