Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16379 | SUN0330 | SV-17372r1_rule | ECSC-1 | Medium |
Description |
---|
There are programs that have setuid and setgid flags set within the Sun Ray server. Setuid is a flag that allows an application to temporarily change the permissions of the user running the application by setting the effective user ID to the program owner’s user ID. Setgid is a flag that allows an application to temporarily change the permissions of the group running the application by setting the effective group ID to the program owner’s group ID. aseline of these applications will ensure that any unauthorized modifications to these files will detected. Several programs on the Sun Ray server have setuid and setgid flags installed by default. Disabling any of the setgid or setuid applications will result in problems with the Sun Ray system. Furthermore, having a documented baseline of these applications will ensure that any unauthorized modifications to these files will be detected. |
STIG | Date |
---|---|
Sun Ray 4 STIG | 2015-04-02 |
Check Text ( C-17267r1_chk ) |
---|
On the Sun Ray server perform the following: # find /opt –perm -4000 If the result does not return the following output only, this is a finding. /opt/SUNWut/lib/utrcmd /opt/SUNWut/lib/utguiauth /opt/SUNWut/lib/utprefs-helper /opt/SUNWut/lib/utdomount /opt/SUNWut/bin/utaudio /opt/SUNWut/bin/utxconfig # find /opt –perm -2000 If the result does not return the following output only, this is a finding. /opt/SUNuttsc/lib/uttsc-bin Ensure the documented setuid and setgid match the output above. If not, this is a finding. |
Fix Text (F-16415r1_fix) |
---|
Document the setuid and setgid files on the Sun Ray system. |