Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-216349 | SOL-11.1-040316 | SV-216349r603267_rule | Medium |
Description |
---|
A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2021-05-28 |
Check Text ( C-17585r371135_chk ) |
---|
The root role is required. This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this check does not apply. Determine if the vntsd service is online. # pfexec svcs vntsd If the service is not "online", this is not applicable. Check the status of the vntsd authorization property. # svcprop -p vntsd/authorization vntsd If the state is not true, this is a finding. |
Fix Text (F-17583r371136_fix) |
---|
The root role is required. This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this action does not apply. Configure the vntsd service to require authorization. # svccfg -s vntsd setprop vntsd/authorization = true The vntsd service must be restarted for the changes to take effect. # svcadm restart vntsd |