1 # OSSEC Linux Audit - (C) 2017 OSSEC Project
3 # Released under the same license as OSSEC.
4 # More details at the LICENSE file included with OSSEC or online
5 # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE
7 # [Application name] [any or all] [reference]
11 # - f (for file or directory)
12 # - p (process running)
13 # - d (any file inside the directory)
16 # For the registry , use "->" to look for a specific entry and another
17 # "->" to look for the value.
18 # For files, use "->" to look for a specific value in the file.
20 # Values can be preceeded by: =: (for equal) - default
21 # r: (for ossec regexes)
22 # >: (for strcmp greater)
23 # <: (for strcmp lower)
24 # Multiple patterns can be specified by using " && " between them.
25 # (All of them must match for it to return true).
27 # CIS Checks for Solaris 11
28 # Based on Center for Internet Security Benchmark for Solaris 11 Benchmark v1.1.0 https://workbench.cisecurity.org/benchmarks/410
30 $home_dirs=/usr2/home/*,/home/*,/home,/*/home/*,/*/home,/;
33 #2.1 Disable Local-only Graphical Login Environment
34 [CIS - Solaris 11 Configuration - 2.1 Disable Local-only Graphical Login Environment] [any] [https://workbench.cisecurity.org/benchmarks/410]
39 #2.2 Configure sendmail Service for Local-Only Mode
40 [CIS - Solaris 11 Configuration - 2.2 Configure sendmail Service for Local-Only Mode] [any] [https://workbench.cisecurity.org/benchmarks/410]
41 p:!/etc/mail/local.cf;
44 #2.3 Disable RPC Encryption Key
45 [CIS - Solaris 11 Configuration - 2.3 Disable RPC Encryption Key] [any] [https://workbench.cisecurity.org/benchmarks/410]
49 #2.4 Disable NIS Server Services
50 [CIS - Solaris 11 Configuration - 2.4 Disable NIS Server Services] [any] [https://workbench.cisecurity.org/benchmarks/410]
59 #2.5 Disable NIS Client Services
60 [CIS - Solaris 11 Configuration - 2.5 Disable NIS Client Services] [any] [https://workbench.cisecurity.org/benchmarks/410]
69 #2.6 Disable Kerberos TGT Expiration Warning
70 [CIS - Solaris 11 Configuration - 2.6 Disable Kerberos TGT Expiration Warning] [any] [https://workbench.cisecurity.org/benchmarks/410]
74 #2.7 Disable Generic Security Services (GSS)
75 [CIS - Solaris 11 Configuration - 2.7 Disable Generic Security Services (GSS)] [any] [https://workbench.cisecurity.org/benchmarks/410]
79 #2.8 Disable Removable Volume Manager
80 [CIS - Solaris 11 Configuration - 2.8 Disable Removable Volume Manager] [any] [https://workbench.cisecurity.org/benchmarks/410]
84 #2.9 Disable automount Service
85 [CIS - Solaris 11 Configuration - 2.9 Disable automount Service] [any] [https://workbench.cisecurity.org/benchmarks/410]
89 #2.10 Disable Apache Service
90 [CIS - Solaris 11 Configuration - 2.10 Disable Apache Service] [any] [https://workbench.cisecurity.org/benchmarks/410]
95 #2.11 Disable Local-only RPC Port Mapping Service
96 [CIS - Solaris 11 Configuration - 2.11 Disable Local-only RPC Port Mapping Service] [any] [https://workbench.cisecurity.org/benchmarks/410]
100 #2.12 Configure TCP Wrappers
101 [CIS - Solaris 11 Configuration - 2.12 Configure TCP Wrappers] [any] [https://workbench.cisecurity.org/benchmarks/410]
106 #2.13 Disable Telnet Service
107 [CIS - Solaris 11 Configuration - 2.13 Disable Telnet Service] [any] [https://workbench.cisecurity.org/benchmarks/410]
111 #3.1 Restrict Core Dumps to Protected Directory
112 [CIS - Solaris 11 Configuration - 3.1 Restrict Core Dumps to Protected Directory] [any] [https://workbench.cisecurity.org/benchmarks/410]
113 f:/etc/coreadm.conf -> !r:^COREADM_GLOB_PATTERN\p\.+;
114 f:/etc/coreadm.conf -> !r:^COREADM_GLOB_CONTENT\pdefault;
115 f:/etc/coreadm.conf -> !r:^COREADM_INIT_PATTERN\pcore;
116 f:/etc/coreadm.conf -> !r:^COREADM_INIT_CONTENT\pdefault;
117 f:/etc/coreadm.conf -> !r:^COREADM_GLOB_ENABLED\pyes|^COREADM_GLOB_ENABLED\pno;
118 f:/etc/coreadm.conf -> !r:^COREADM_PROC_ENABLED\pno;
119 f:/etc/coreadm.conf -> !r:^COREADM_GLOB_SETID_ENABLED\pyes|^COREADM_GLOB_SETID_ENABLED\pno;
120 f:/etc/coreadm.conf -> !r:^COREADM_PROC_SETID_ENABLED\pno;
121 f:/etc/coreadm.conf -> !r:^COREADM_GLOB_LOG_ENABLED\pyes;
124 #3.2 Enable Stack Protection
125 [CIS - Solaris 11 Configuration - 3.2 Enable Stack Protection] [any] [https://workbench.cisecurity.org/benchmarks/410]
127 f:/etc/system -> !r:^\s*\t*noexec_user_stack\p1;
128 f:/etc/system -> !r:^# && r:\s*\t*noexec_user_stack\p0;
129 f:/etc/system -> !r:^\s*\t*noexec_user_stack_log\p1;
130 f:/etc/system -> !r:^# && r:\s*\t*noexec_user_stack_log\p0;
133 #3.3 Enable Strong TCP Sequence Number Generation
134 [CIS - Solaris 11 Configuration - 3.3 Enable Strong TCP Sequence Number Generation] [any] [https://workbench.cisecurity.org/benchmarks/410]
135 f:/etc/default/inetinit -> !r:^TCP_STRONG_ISS\p2;
136 f:/etc/default/inetinit -> !r:^# && r:TCP_STRONG_ISS\p1;
139 #4.1 Create CIS Audit Class
140 [CIS - Solaris 11 Configuration - 4.1 Create CIS Audit Class] [any] [https://workbench.cisecurity.org/benchmarks/410]
141 f:/etc/security/audit_class -> !r:0x\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d:cis:\.+;
144 #4.2 Enable Auditing of Incoming Network Connections
145 [CIS - Solaris 11 Configuration - 4.2 Enable Auditing of Incoming Network Connections] [any] [https://workbench.cisecurity.org/benchmarks/410]
146 f:/etc/security/audit_event -> !r:^\d+:AUE_ACCEPT:\.+cis\.*;
147 f:/etc/security/audit_event -> !r:^\d+:AUE_CONNECT:\.+cis\.*;
148 f:/etc/security/audit_event -> !r:^\d+:AUE_SOCKACCEPT:\.+cis\.*;
149 f:/etc/security/audit_event -> !r:^\d+:AUE_SOCKCONNECT:\.+cis\.*;
150 f:/etc/security/audit_event -> !r:^\d+:AUE_inetd_connect:\.+cis\.*;
153 #4.3 Enable Auditing of File Metadata Modification Events
154 [CIS - Solaris 11 Configuration - 4.3 Enable Auditing of File Metadata Modification Events] [any] [https://workbench.cisecurity.org/benchmarks/410]
155 f:/etc/security/audit_event -> !r:^\d+:AUE_CHMOD:\.+cis\.*;
156 f:/etc/security/audit_event -> !r:^\d+:AUE_CHOWN:\.+cis\.*;
157 f:/etc/security/audit_event -> !r:^\d+:AUE_FCHOWN:\.+cis\.*;
158 f:/etc/security/audit_event -> !r:^\d+:AUE_FCHMOD:\.+cis\.*;
159 f:/etc/security/audit_event -> !r:^\d+:AUE_LCHOWN:\.+cis\.*;
160 f:/etc/security/audit_event -> !r:^\d+:AUE_ACLSET:\.+cis\.*;
161 f:/etc/security/audit_event -> !r:^\d+:AUE_FACLSET:\.+cis\.*;
164 #4.4 Enable Auditing of Process and Privilege Events
165 [CIS - Solaris 11 Configuration - 4.4 Enable Auditing of Process and Privilege Events] [any] [https://workbench.cisecurity.org/benchmarks/410]
166 f:/etc/security/audit_event -> !r:^\d+:AUE_CHROOT:\.+cis\.*;
167 f:/etc/security/audit_event -> !r:^\d+:AUE_SETREUID:\.+cis\.*;
168 f:/etc/security/audit_event -> !r:^\d+:AUE_SETREGID:\.+cis\.*;
169 f:/etc/security/audit_event -> !r:^\d+:AUE_FCHROOT:\.+cis\.*;
170 f:/etc/security/audit_event -> !r:^\d+:AUE_PFEXEC:\.+cis\.*;
171 f:/etc/security/audit_event -> !r:^\d+:AUE_SETUID:\.+cis\.*;
172 f:/etc/security/audit_event -> !r:^\d+:AUE_NICE:\.+cis\.*;
173 f:/etc/security/audit_event -> !r:^\d+:AUE_SETGID:\.+cis\.*;
174 f:/etc/security/audit_event -> !r:^\d+:AUE_PRIOCNTLSYS:\.+cis\.*;
175 f:/etc/security/audit_event -> !r:^\d+:AUE_SETEGID:\.+cis\.*;
176 f:/etc/security/audit_event -> !r:^\d+:AUE_SETEUID:\.+cis\.*;
177 f:/etc/security/audit_event -> !r:^\d+:AUE_SETPRIV:\.+cis\.*;
178 f:/etc/security/audit_event -> !r:^\d+:AUE_SETSID:\.+cis\.*;
179 f:/etc/security/audit_event -> !r:^\d+:AUE_SETPGID:\.+cis\.*;
182 #4.5 Configure Solaris Auditing
183 [CIS - Solaris 11 Configuration - 4.5 Configure Solaris Auditing] [any] [https://workbench.cisecurity.org/benchmarks/410]
184 d:/var/spool/cron/crontabs -> !r:/usr/sbin/audit -n;
187 #5.1 Default Service File Creation Mask
188 [CIS - Solaris 11 Configuration - 5.1 Default Service File Creation Mask] [any] [https://workbench.cisecurity.org/benchmarks/410]
189 f:/etc/profile -> !r:^umask\s*\d\d\d;
192 #6.2 Disable "nobody" Access for RPC Encryption Key Storage Service
193 [CIS - Solaris 11 Configuration - 6.2 Disable "nobody" Access for RPC Encryption Key Storage Service] [any] [https://workbench.cisecurity.org/benchmarks/410]
194 f!:/etc/default/keyserv;
195 f:/etc/default/keyserv -> !r:^ENABLE\.NOBODY\.KEYS\pNO;
196 f:/etc/default/keyserv -> !r:^# && r:ENABLE\.NOBODY\.KEYS\pYES;
199 #6.3 Disable X11 Forwarding for SSH
200 [CIS - Solaris 11 Configuration - 6.3 Disable X11 Forwarding for SSH] [any] [https://workbench.cisecurity.org/benchmarks/410]
201 f:/etc/ssh/sshd_config -> !r:^X11Forwarding\s*no;
202 f:/etc/ssh/sshd_config -> !r:^# && r:X11Forwarding\s*yes;
205 #6.4 Limit Consecutive Login Attempts for SSH
206 [CIS - Solaris 11 Configuration - 6.4 Limit Consecutive Login Attempts for SSH] [any] [https://workbench.cisecurity.org/benchmarks/410]
207 f:/etc/ssh/sshd_config -> !r:^MaxAuthTries\s*3;
208 f:/etc/ssh/sshd_config -> !r:^# && r:MaxAuthTries\s*3\d+;
211 #6.5 Disable Rhost-based Authentication for SSH
212 [CIS - Solaris 11 Configuration - 6.5 Disable Rhost-based Authentication for SSH] [any] [https://workbench.cisecurity.org/benchmarks/410]
213 f:/etc/ssh/sshd_config -> !r:^IgnoreRhosts\s*yes;
214 f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\s*no;
217 #6.6 Disable root login for SSH
218 [CIS - Solaris 11 Configuration - 6.6 Disable root login for SSH] [any] [https://workbench.cisecurity.org/benchmarks/410]
219 f:/etc/ssh/sshd_config -> !r:^PermitRootLogin\s*no;
220 f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\s*yes;
223 #6.7 Blocking Authentication Using Empty/Null Passwords for SSH
224 [CIS - Solaris 11 Configuration - 6.7 Blocking Authentication Using Empty/Null Passwords for SSH] [any] [https://workbench.cisecurity.org/benchmarks/410]
225 f:/etc/ssh/sshd_config -> !r:^PermitEmptyPasswords\s*no;
226 f:/etc/ssh/sshd_config -> !r:^# && r:PermitEmptyPasswords\s*yes;
229 #6.8 Disable Host-based Authentication for Login-based Services
230 [CIS - Solaris 11 Configuration - 6.8 Disable Host-based Authentication for Login-based Services] [any] [https://workbench.cisecurity.org/benchmarks/410]
231 f:/etc/pam.conf -> !r:^rlogin\s*\t*auth sufficient\s*\t*pam_rhosts_auth.so.1;
232 f:/etc/pam.conf -> !r:^rsh\s*\t*auth sufficient\s*\t*pam_rhosts_auth.so.1;
235 #6.9 Restrict FTP Use
236 [CIS - Solaris 11 Configuration - 6.9 Restrict FTP Use] [any] [https://workbench.cisecurity.org/benchmarks/410]
237 f:/etc/ftpd/ftpusers -> !r:^root;
238 f:/etc/ftpd/ftpusers -> !r:^daemon;
239 f:/etc/ftpd/ftpusers -> !r:^bin;
240 f:/etc/ftpd/ftpusers -> !r:^sys;
241 f:/etc/ftpd/ftpusers -> !r:^adm;
242 f:/etc/ftpd/ftpusers -> !r:^uucp;
243 f:/etc/ftpd/ftpusers -> !r:^nuucp;
244 f:/etc/ftpd/ftpusers -> !r:^smmsp;
245 f:/etc/ftpd/ftpusers -> !r:^listen;
246 f:/etc/ftpd/ftpusers -> !r:^gdm;
247 f:/etc/ftpd/ftpusers -> !r:^lp;
248 f:/etc/ftpd/ftpusers -> !r:^webservd;
249 f:/etc/ftpd/ftpusers -> !r:^postgres;
250 f:/etc/ftpd/ftpusers -> !r:^svctag;
251 f:/etc/ftpd/ftpusers -> !r:^openldap;
252 f:/etc/ftpd/ftpusers -> !r:^unknown;
253 f:/etc/ftpd/ftpusers -> !r:^aiuser;
254 f:/etc/ftpd/ftpusers -> !r:^nobody;
255 f:/etc/ftpd/ftpusers -> !r:^nobody4;
256 f:/etc/ftpd/ftpusers -> !r:^noaccess;
259 #6.10 Set Delay between Failed Login Attempts to 4
260 [CIS - Solaris 11 Configuration - 6.10 Set Delay between Failed Login Attempts to 4] [any] [https://workbench.cisecurity.org/benchmarks/410]
261 f:/etc/default/login -> !r:^SLEEPTIME\p4;
262 f:/etc/default/login -> !r:^# && r:SLEEPTIME\p4\d;
265 #6.11 Remove Autologin Capabilities from the GNOME desktop
266 [CIS - Solaris 11 Configuration - 6.11 Remove Autologin Capabilities from the GNOME desktop] [any] [https://workbench.cisecurity.org/benchmarks/410]
267 f:/etc/pam.conf -> !r:^# && r:gdm-autologin;
270 #6.12 Set Default Screen Lock for GNOME Users
271 [CIS - Solaris 11 Configuration - 6.12 Set Default Screen Lock for GNOME Users] [any] [https://workbench.cisecurity.org/benchmarks/410]
272 f:/usr/share/X11/app-defaults/XScreensaver -> !r:^*timeout:\s*\t*0:10:00;
273 f:/usr/share/X11/app-defaults/XScreensaver -> !r:^*locktimeout:\s*\t*0:00:00;
274 f:/usr/share/X11/app-defaults/XScreensaver -> !r:^*lock:\s*\t*true;
277 #6.13 Restrict at/cron to Authorized Users
278 [CIS - Solaris 11 Configuration - 6.13 Restrict at/cron to Authorized Users] [any] [https://workbench.cisecurity.org/benchmarks/410]
279 f:/etc/cron.d/cron.deny;
280 f:/etc/cron.d/at.deny;
281 f:!/etc/cron.d/cron.allow;
282 f:/etc/cron.d/cron.allow -> !r:^root$;
283 f:!/etc/cron.d/at.allow;
284 f:/etc/cron.d/at.allow -> !r:^# && r:\w;
287 #6.14 Restrict root Login to System Console
288 [CIS - Solaris 11 Configuration - 6.14 Restrict root Login to System Console] [any] [https://workbench.cisecurity.org/benchmarks/410]
289 f:/etc/default/login -> !r:^CONSOLE\p/dev/console;
292 #6.15 Set Retry Limit for Account Lockout
293 [CIS - Solaris 11 Configuration - 6.14 Restrict root Login to System Console] [any] [https://workbench.cisecurity.org/benchmarks/410]
294 f:/etc/default/login -> !r:^RETRIES\p3;
295 f:/etc/default/login -> !r:^# && r:RETRIES\p3\d;
296 f:/etc/security/policy.conf -> !r:^LOCK_AFTER_RETRIES\pyes;
297 f:/etc/security/policy.conf -> !r:^# && r:LOCK_AFTER_RETRIES\pno;
300 #6.17 Secure the GRUB Menu (Intel)
301 [CIS - Solaris 11 Configuration - 6.17 Secure the GRUB Menu (Intel)] [any] [https://workbench.cisecurity.org/benchmarks/410]
302 f:/rpool/boot/grub/menu.lst -> !r:^password\s*--md5;
305 #7.1 Set Password Expiration Parameters on Active Accounts
306 [CIS - Solaris 11 Configuration - 7.1 Set Password Expiration Parameters on Active Accounts] [any] [https://workbench.cisecurity.org/benchmarks/410]
307 f:/etc/default/passwd -> !r:^maxweeks\p13;
308 f:/etc/default/passwd -> !r:^# &&r:maxweeks\p13\d;
309 f:/etc/default/passwd -> !r:^minweeks\p1;
310 f:/etc/default/passwd -> !r:^# &&r:minweeks\p1\d;
311 f:/etc/default/passwd -> !r:^warnweeks\p4;
312 f:/etc/default/passwd -> !r:^# &&r:warnweeks\p4\d;
315 #7.2 Set Strong Password Creation Policies
316 [CIS - Solaris 11 Configuration - 7.2 Set Strong Password Creation Policies] [any] [https://workbench.cisecurity.org/benchmarks/410]
317 f:/etc/default/passwd -> !r:^passlength\p8;
318 f:/etc/default/passwd -> !r:^# && r:passlength\p8\d;
319 f:/etc/default/passwd -> !r:^namecheck\pyes;
320 f:/etc/default/passwd -> !r:^# && r:namecheck\pno;
321 f:/etc/default/passwd -> !r:^history\p10;
322 f:/etc/default/passwd -> !r:^# && r:history\p10\d;
323 f:/etc/default/passwd -> !r:^mindiff\p3;
324 f:/etc/default/passwd -> !r:^# && r:mindiff\p3\d;
325 f:/etc/default/passwd -> !r:^minalpha\p2;
326 f:/etc/default/passwd -> !r:^# && r:minalpha\p2\d;
327 f:/etc/default/passwd -> !r:^minupper\p1;
328 f:/etc/default/passwd -> !r:^# && r:minupper\p1\d;
329 f:/etc/default/passwd -> !r:^minlower\p1;
330 f:/etc/default/passwd -> !r:^# && r:minlower\p1\d;
331 f:/etc/default/passwd -> !r:^minnonalpha\p1;
332 f:/etc/default/passwd -> !r:^# && r:minnonalpha\p1\d;
333 f:/etc/default/passwd -> !r:^maxrepeats\p0;
334 f:/etc/default/passwd -> !r:^# && r:maxrepeats\p0\d;
335 f:/etc/default/passwd -> !r:^whitespace\pyes;
336 f:/etc/default/passwd -> !r:^# && r:whitespace\pno;
337 f:/etc/default/passwd -> !r:^dictiondbdir\p/var/passwd;
338 f:/etc/default/passwd -> !r:^dictionlist\p/usr/share/lib/dict/words;
341 #7.3 Set Default umask for users
342 [CIS - Solaris 11 Configuration - 7.3 Set Default umask for users] [any] [https://workbench.cisecurity.org/benchmarks/410]
343 f:/etc/default/login -> !r:^umask\p027|^umask\p077;
344 f:/etc/default/login -> !r:^# && r:umask\p026;
345 f:/etc/default/login -> !r:^# && r:umask\p022;
348 #7.4 Set Default File Creation Mask for FTP Users
349 [CIS - Solaris 11 Configuration - 7.4 Set Default File Creation Mask for FTP Users] [any] [https://workbench.cisecurity.org/benchmarks/410]
350 f:/etc/proftpd.conf -> !r:^umask\s*027;
351 f:/etc/proftpd.conf -> !r:^# && r:umask\s*026;
352 f:/etc/proftpd.conf -> !r:^# && r:umask\s*022;
355 #7.5 Set "mesg n" as Default for All Users
356 [CIS - Solaris 11 Configuration - 7.5 Set "mesg n" as Default for All Users] [any] [https://workbench.cisecurity.org/benchmarks/410]
357 f:/etc/.login -> !r:^mesg\s*n;
358 f:/etc/profile -> !r:^mesg\s*n;
361 #8.1 Create Warnings for Standard Login Services
362 [CIS - Solaris 11 Configuration - 8.1 Create Warnings for Standard Login Services] [any] [https://workbench.cisecurity.org/benchmarks/410]
363 f:/etc/issue -> r:SunOS;
364 f:/etc/issue -> r:Oracle;
365 f:/etc/issue -> r:solaris;
366 f:/etc/issue -> !r:Authorized users only. All activity may be monitored and reported;
367 f:/etc/motd -> r:SunOS;
368 f:/etc/motd -> r:Oracle;
369 f:/etc/motd -> r:solaris;
370 f:/etc/motd -> !r:Authorized users only. All activity may be monitored and reported;
373 #8.2 Enable a Warning Banner for the SSH Service
374 [CIS - Solaris 11 Configuration - 8.2 Enable a Warning Banner for the SSH Service] [any] [https://workbench.cisecurity.org/benchmarks/410]
375 f:/etc/ssh/sshd_config -> !r:^Banner\s*/etc/issue;
378 #8.3 Enable a Warning Banner for the GNOME Service
379 [CIS - Solaris 11 Configuration - 8.3 Enable a Warning Banner for the GNOME Service] [any] [https://workbench.cisecurity.org/benchmarks/410]
380 f:/etc/gdm/Init/Default -> !r:^/usr/bin/zenity\s\.;
383 #8.4 Enable a Warning Banner for the FTP service
384 [CIS - Solaris 11 Configuration - 8.4 Enable a Warning Banner for the FTP service] [any] [https://workbench.cisecurity.org/benchmarks/410]
385 f:/etc/proftpd.conf -> !r:^DisplayConnect\s+/etc/issue;
388 #8.5 Check that the Banner Setting for telnet is Null
389 [CIS - Solaris 11 Configuration - 8.5 Check that the Banner Setting for telnet is Null] [any] [https://workbench.cisecurity.org/benchmarks/410]
390 f:/etc/default/telnetd -> !r:^# && r:BANNER=\.;
391 f:/etc/default/telnetd -> !r:BANNER=$;
394 #9.3 Verify System Account Default Passwords
395 [CIS - Solaris 11 Configuration - 9.3 Verify System Account Default Passwords] [any] [https://workbench.cisecurity.org/benchmarks/410]
396 f:/etc/shadow -> r:daemon && !r::NL:|:NP:;
397 f:/etc/shadow -> r:lp && !r::NL:|:NP:;
398 f:/etc/shadow -> r:adm && !r::NL:|:NP:;
399 f:/etc/shadow -> r:bin && !r::NL:|:NP:;
400 f:/etc/shadow -> r:gdm && !r::\p*LK\p*:;
401 f:/etc/shadow -> r:noaccess && !r::\p*LK\p*:;
402 f:/etc/shadow -> r:nobody && !r::\p*LK\p*:;
403 f:/etc/shadow -> r:nobody4 && !r::\p*LK\p*:;
404 f:/etc/shadow -> r:openldap && !r::\p*LK\p*:;
405 f:/etc/shadow -> r:unknown && !r::\p*LK\p*:;
406 f:/etc/shadow -> r:webservd && !r::\p*LK\p*:;
407 f:/etc/shadow -> r:mysql && !r::NL:|:NP:;
408 f:/etc/shadow -> r:nuuc && !r::NL:|:NP:;
409 f:/etc/shadow -> r:postgres && !r::NL:|:NP:;
410 f:/etc/shadow -> r:smmsp && !r::NL:|:NP:;
411 f:/etc/shadow -> r:sys && !r::NL:|:NP:;
412 f:/etc/shadow -> r:uucp && !r::NL:|:NP:;
413 f:/etc/shadow -> r:aiuser && !r::\p*LK\p*:;
414 f:/etc/shadow -> r:dhcpserv && !r::\p*LK\p*:;
415 f:/etc/shadow -> r:dladm && !r::\p*LK\p*:;
416 f:/etc/shadow -> r:ftp && !r::\p*LK\p*:;
417 f:/etc/shadow -> r:netadm && !r::\p*LK\p*:;
418 f:/etc/shadow -> r:netcfg && !r::\p*LK\p*:;
419 f:/etc/shadow -> r:pkg5srv && !r::\p*LK\p*:;
420 f:/etc/shadow -> r:svctag && !r::\p*LK\p*:;
421 f:/etc/shadow -> r:xvm && !r::\p*LK\p*:;
422 f:/etc/shadow -> r:upnp && !r::NL:|:NP:;
423 f:/etc/shadow -> r:zfssnap && !r::NL:|:NP:;
426 #9.4 Ensure Password Fields are Not Empty
427 [CIS - Solaris 11 Configuration - 9.4 Ensure Password Fields are Not Empty] [any] [https://workbench.cisecurity.org/benchmarks/410]
428 f:/etc/shadow -> r:\.+::\.+\w+\.*$;
431 #9.5 Verify No UID 0 Accounts Exist Other than root
432 [CIS - Solaris 11 Configuration - 9.5 Verify No UID 0 Accounts Exist Other than root] [any] [https://workbench.cisecurity.org/benchmarks/410]
433 f:/etc/passwd -> !r:^root && r::\.:0:\.*;
436 #9.6 Ensure root PATH Integrity
437 [CIS - Solaris 11 Configuration - Ensure root PATH Integrity] [any] [https://workbench.cisecurity.org/benchmarks/410]
438 f:/etc/profile -> r:.;
439 f:/etc/environment -> r:.;
441 f:/.bash_profile -> r:.;
443 f:/etc/profile -> r:::;
444 f:/etc/environment -> r:::;
446 f:/.bash_profile -> r:::;
448 f:/etc/profile -> r::$;
449 f:/etc/environment -> r::$;
451 f:/.bash_profile -> r::$;
455 #9.10 Check for Presence of User .rhosts Files
456 [CIS - Solaris 11 Configuration - 9.10 Check for Presence of User .rhosts Files] [any] [https://workbench.cisecurity.org/benchmarks/410]
457 d:$home_dirs -> ^.rhosts$;
460 #9.12 Check That Users Are Assigned Home Directories
461 [CIS - Solaris 11 Configuration - 9.12 Check That Users Are Assigned Home Directories] [any] [https://workbench.cisecurity.org/benchmarks/410]
462 f:/etc/passwd -> \w+:\.*:\d*:\d*:\.*:\S+:\.*;
465 #9.20 Check for Presence of User .netrc Files
466 [CIS - Solaris 11 Configuration - 9.20 Check for Presence of User .netrc Files] [any] [https://workbench.cisecurity.org/benchmarks/410]
467 d:$home_dirs -> ^.netrc$;
470 #9.21 Check for Presence of User .forward Files
471 [CIS - Solaris 11 Configuration - 9.21 Check for Presence of User .forward Files] [any] [https://workbench.cisecurity.org/benchmarks/410]
472 d:$home_dirs -> ^.forward$;