UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to a domain console via telnet must be restricted to the local host.


Overview

Finding ID Version Rule ID IA Controls Severity
V-71495 SOL-11.1-040315 SV-86119r1_rule Medium
Description
Telnet is an insecure protocol.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2017-09-20

Details

Check Text ( C-71885r1_chk )
This action applies only to the control domain.

Determine the domain that you are currently securing.

# virtinfo
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.

If the current domain is not the control domain, this check does not apply.

Determine if vnsd is in use.

# svcs vntsd
STATE STIME FMRI
online Oct_08 svc:/ldoms/vntsd:default

If the state is not "online", this is not applicable.

Determine if a role has been created for domain console access.

# cat /etc/user_attr | grep solaris.vntsd.consoles
rolename::::type=role;auths=solaris.vntsd.consoles;profiles=All;roleauth=role

If a role for "vntsd.consoles" is not established, this is a finding.
Fix Text (F-77815r1_fix)
The root role is required. This action applies only to the control domain.

Determine the domain that you are currently securing.

# virtinfo
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.

If the current domain is not the control domain, this action does not apply.

Create a password-controlled role that has the solaris.vntsd.consoles authorization, which permits access to all domain consoles.

# roleadd -A solaris.vntsd.consoles [role-name]
# passwd [role-name]

Assign the new role to a user.
# usermod -R [role-name] [username]