UCF STIG Viewer Logo

The physical devices must not be assigned to non-global zones.


Overview

Finding ID Version Rule ID IA Controls Severity
V-227555 GEN000000-SOL00660 SV-227555r603266_rule Medium
Description
Solaris non-global zones can be assigned physical hardware devices. This increases the risk of such a non-global zone having the capability to compromise the global zone.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-29717r488198_chk )
If the system is not a global zone, this vulnerability is not applicable.
List the non-global zones on the system.
# zoneadm list -vi
List the configuration for each zone.
# zonecfg -z info
Check for device lines. If such a line exists, this is a finding.
Fix Text (F-29705r488199_fix)
Remove all device assignments from the non-global zone.
# zonecfg -z remove device