← Back to Solaris 11 SPARC Security Technical Implementation Guide

V-216349

CAT II (Medium)

Access to a logical domain console must be restricted to authorized users.

Rule ID

SV-216349r959010_rule

STIG

Solaris 11 SPARC Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain.

Check Content

The root role is required. This action applies only to the control domain. 

Determine the domain that you are currently securing.

# virtinfo 
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.

If the current domain is not the control domain, this check does not apply.

Determine if the vntsd service is online.

# pfexec svcs vntsd

If the service is not "online", this is not applicable.

Check the status of the vntsd authorization property.

# svcprop -p vntsd/authorization vntsd

If the state is not true, this is a finding.

Fix Text

The root role is required. This action applies only to the control domain. 

Determine the domain that you are currently securing.

# virtinfo 
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.

If the current domain is not the control domain, this action does not apply.

Configure the vntsd service to require authorization.

# svccfg -s vntsd setprop vntsd/authorization = true

The vntsd service must be restarted for the changes to take effect.

# svcadm restart vntsd