Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-216348 | SOL-11.1-040315 | SV-216348r603267_rule | Medium |
Description |
---|
Telnet is an insecure protocol. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2021-11-23 |
Check Text ( C-17584r371132_chk ) |
---|
This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this check does not apply. Determine if vnsd is in use. # svcs vntsd STATE STIME FMRI online Oct_08 svc:/ldoms/vntsd:default If the state is not "online", this is not applicable. Determine if a role has been created for domain console access. # cat /etc/user_attr | grep solaris.vntsd.consoles rolename::::type=role;auths=solaris.vntsd.consoles;profiles=All;roleauth=role If a role for "vntsd.consoles" is not established, this is a finding. |
Fix Text (F-17582r371133_fix) |
---|
The root role is required. This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this action does not apply. Create a password-controlled role that has the solaris.vntsd.consoles authorization, which permits access to all domain consoles. # roleadd -A solaris.vntsd.consoles [role-name] # passwd [role-name] Assign the new role to a user. # usermod -R [role-name] [username] |