UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22604 GEN000000-SOL00560 SV-27018r2_rule ECLP-1 Medium
Description
Solaris zones configuration files must be protected against illicit creation, modification, and deletion.
STIG Date
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2017-06-21

Details

Check Text ( C-27950r2_chk )
Check the group ownership of the files and directories.

# ls -lLRa /etc/zones

If the group owner of the directory and all files is not root, sys, or bin, this is a finding.

If zones are not installed on the system, this is not a finding.
Fix Text (F-24284r1_fix)
Change the group ownership of the files and directories.
# chgrp -R sys /etc/zones
# chgrp root /etc/zones/*.xml
# chgrp bin /etc/zones/SUN*.xml