The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-226424 | GEN000000-SOL00560 | SV-226424r603265_rule | Medium |
| Description |
|---|
| Solaris zones configuration files must be protected against illicit creation, modification, and deletion. |
| STIG | Date |
|---|---|
| Solaris 10 SPARC Security Technical Implementation Guide | 2022-09-07 |
Details
| Check Text ( C-28585r482633_chk ) |
|---|
| Check the group ownership of the files and directories. # ls -lLRa /etc/zones If the group owner of the directory and all files is not root, sys, or bin, this is a finding. If zones are not installed on the system, this is not a finding. |
| Fix Text (F-28573r482634_fix) |
|---|
| Change the group ownership of the files and directories. # chgrp -R sys /etc/zones # chgrp root /etc/zones/*.xml # chgrp bin /etc/zones/SUN*.xml |