Access to a logical domain console must be restricted to authorized users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216349 | SOL-11.1-040316 | SV-216349r603267_rule | Medium |
| Description |
|---|
| A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain. |
| STIG | Date |
|---|---|
| Solaris 11 SPARC Security Technical Implementation Guide | 2021-11-23 |
Details
| Check Text ( C-17585r371135_chk ) |
|---|
| The root role is required. This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this check does not apply. Determine if the vntsd service is online. # pfexec svcs vntsd If the service is not "online", this is not applicable. Check the status of the vntsd authorization property. # svcprop -p vntsd/authorization vntsd If the state is not true, this is a finding. |
| Fix Text (F-17583r371136_fix) |
|---|
| The root role is required. This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this action does not apply. Configure the vntsd service to require authorization. # svccfg -s vntsd setprop vntsd/authorization = true The vntsd service must be restarted for the changes to take effect. # svcadm restart vntsd |