UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to a logical domain console must be restricted to authorized users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-71497 SOL-11.1-040316 SV-86121r1_rule Medium
Description
A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2017-03-02

Details

Check Text ( C-71955r1_chk )
The root role is required. This action applies only to the control domain.

Determine the domain that you are currently securing.

# virtinfo
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.

If the current domain is not the control domain, this check does not apply.

Determine if the vntsd service is online.

# pfexec svcs vntsd

If the service is not "online", this is not applicable.

Check the status of the vntsd authorization property.

# svcprop -p vntsd/authorization vntsd

If the state is not true, this is a finding.
Fix Text (F-77901r1_fix)
The root role is required. This action applies only to the control domain.

Determine the domain that you are currently securing.

# virtinfo
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.

If the current domain is not the control domain, this action does not apply.

Configure the vntsd service to require authorization.

# svccfg -s vntsd setprop vntsd/authorization = true

The vntsd service must be restarted for the changes to take effect.

# svcadm restart vntsd