UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

There is no documented baseline of the default setuid and setgid files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16379 SUN0330 SV-17372r1_rule ECSC-1 Medium
Description
There are programs that have setuid and setgid flags set within the Sun Ray server. Setuid is a flag that allows an application to temporarily change the permissions of the user running the application by setting the effective user ID to the program owner’s user ID. Setgid is a flag that allows an application to temporarily change the permissions of the group running the application by setting the effective group ID to the program owner’s group ID. aseline of these applications will ensure that any unauthorized modifications to these files will detected. Several programs on the Sun Ray server have setuid and setgid flags installed by default. Disabling any of the setgid or setuid applications will result in problems with the Sun Ray system. Furthermore, having a documented baseline of these applications will ensure that any unauthorized modifications to these files will be detected.
STIG Date
Sun Ray 4 STIG 2015-04-02

Details

Check Text ( C-17267r1_chk )
On the Sun Ray server perform the following:
# find /opt –perm -4000

If the result does not return the following output only, this is a finding.

/opt/SUNWut/lib/utrcmd
/opt/SUNWut/lib/utguiauth
/opt/SUNWut/lib/utprefs-helper
/opt/SUNWut/lib/utdomount
/opt/SUNWut/bin/utaudio
/opt/SUNWut/bin/utxconfig

# find /opt –perm -2000

If the result does not return the following output only, this is a finding.

/opt/SUNuttsc/lib/uttsc-bin

Ensure the documented setuid and setgid match the output above. If not, this is a finding.

Fix Text (F-16415r1_fix)
Document the setuid and setgid files on the Sun Ray system.