-
Notifications
You must be signed in to change notification settings - Fork 63
Solaris_11
Richard Spindler edited this page Jan 15, 2017
·
1 revision
CIS benchmarks:
https://benchmarks.cisecurity.org/downloads/multiform/index.cfm
Solaris 11 Security Guidelines:
http://docs.oracle.com/cd/E23824_01/html/819-3195/index.html
This output is in an older format.
# ./lunar.sh -a
Running: In audit mode (no changes will be made to system)
Filesystem checks will not be done
# SYSTEM INFORMATION:
Platform: Oracle Solaris SunOS 11 Update 1 on i386
Checking: Security message in /etc/issue
Warning: No security message in /etc/issue [-1]
Checking: Remote consoles
Secure: No remote consoles enabled [0]
Checking: Value of "AllowTcpForwarding" in /etc/ssh/sshd_config is "yes"
Warning: Parameter "AllowTcpForwarding" not set to "yes" in /etc/ssh/sshd_config [-1]
Checking: Service svc:/network/shell:kshell is disabled
Secure: Service svc:/network/shell:kshell is already disabled [0]
Checking: Service svc:/network/login:eklogin is disabled
Secure: Service svc:/network/login:eklogin is already disabled [1]
Checking: Service svc:/network/login:klogin is disabled
Secure: Service svc:/network/login:klogin is already disabled [2]
Checking: Service svc:/network/rpc/rex:default is disabled
Secure: Service svc:/network/rpc/rex:default is already disabled [3]
Checking: Service svc:/network/rexec:default is disabled
Secure: Service svc:/network/rexec:default is already disabled [4]
Checking: Service svc:/network/shell:default is disabled
Secure: Service svc:/network/shell:default is already disabled [5]
Checking: Service svc:/network/login:rlogin is disabled
Secure: Service svc:/network/login:rlogin is already disabled [6]
Checking: Service svc:/network/telnet:default is disabled
Secure: Service svc:/network/telnet:default is already disabled [7]
Checking: Service svc:/system/console-login:terma is disabled
Secure: Service svc:/system/console-login:terma is already disabled [8]
Checking: Service svc:/system/console-login:termb is disabled
Secure: Service svc:/system/console-login:termb is already disabled [9]
Checking: Value of "BANNER" in /etc/default/telnetd is "/etc/issue"
Warning: Parameter "BANNER" not set to "/etc/issue" in /etc/default/telnetd [8]
Checking: Rhost authentication disabled in /etc/pam.conf
Secure: Rhost authentication disabled in /etc/pam.conf [9]
Checking: Rhosts files
Checking: File /.rhosts does not exist
Secure: File /.rhosts does not exist [10]
Checking: File /.shosts does not exist
Secure: File /.shosts does not exist [11]
Checking: File /etc/hosts.equiv does not exist
Secure: File /etc/hosts.equiv does not exist [12]
Checking: For .netrc files
Secure: File /root/.netrc does not exist [13]
Secure: File /.netrc does not exist [14]
Secure: File /usr/bin/.netrc does not exist [15]
Secure: File /.netrc does not exist [16]
Secure: File /var/adm/.netrc does not exist [17]
Secure: File /.netrc does not exist [18]
Secure: File /usr/lib/uucp/.netrc does not exist [19]
Secure: File /var/spool/uucppublic/.netrc does not exist [20]
Secure: File /.netrc does not exist [21]
Secure: File /.netrc does not exist [22]
Secure: File /.netrc does not exist [23]
Secure: File /.netrc does not exist [24]
Secure: File /var/lib/gdm/.netrc does not exist [25]
Secure: File /.netrc does not exist [26]
Secure: File /var/coherence/.netrc does not exist [27]
Secure: File /.netrc does not exist [28]
Secure: File /.netrc does not exist [29]
Secure: File /.netrc does not exist [30]
Secure: File /.netrc does not exist [31]
Secure: File /.netrc does not exist [32]
Secure: File /.netrc does not exist [33]
Secure: File /.netrc does not exist [34]
Secure: File /.netrc does not exist [35]
Secure: File /.netrc does not exist [36]
Secure: File /.netrc does not exist [37]
Secure: File /.netrc does not exist [38]
Secure: File /.netrc does not exist [39]
Secure: File /.netrc does not exist [40]
Secure: File /.netrc does not exist [41]
Secure: File /export/home/sysadmin/.netrc does not exist [42]
Warning: Process accounting not enabled [41]
Warning: Audit class not enabled [40]
Checking: Parameter "lck:AUE_ACCEPT" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_ACCEPT" does not exist in /etc/security/audit_class [39]
Checking: Parameter "lck:AUE_CONNECT" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_CONNECT" does not exist in /etc/security/audit_class [38]
Checking: Parameter "lck:AUE_SOCKACCEPT" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SOCKACCEPT" does not exist in /etc/security/audit_class [37]
Checking: Parameter "lck:AUE_SOCKCONNECT" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SOCKCONNECT" does not exist in /etc/security/audit_class [36]
Checking: Parameter "lck:AUE_inetd_connect" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_inetd_connect" does not exist in /etc/security/audit_class [35]
Checking: Parameter "lck:AUE_CHMOD" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_CHMOD" does not exist in /etc/security/audit_class [34]
Checking: Parameter "lck:AUE_CHOWN" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_CHOWN" does not exist in /etc/security/audit_class [33]
Checking: Parameter "lck:AUE_FCHOWN" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_FCHOWN" does not exist in /etc/security/audit_class [32]
Checking: Parameter "lck:AUE_FCHMOD" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_FCHMOD" does not exist in /etc/security/audit_class [31]
Checking: Parameter "lck:AUE_LCHOWN" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_LCHOWN" does not exist in /etc/security/audit_class [30]
Checking: Parameter "lck:AUE_ACLSET" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_ACLSET" does not exist in /etc/security/audit_class [29]
Checking: Parameter "lck:AUE_FACLSET" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_FACLSET" does not exist in /etc/security/audit_class [28]
Checking: Parameter "lck:AUE_CHROOT" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_CHROOT" does not exist in /etc/security/audit_class [27]
Checking: Parameter "lck:AUE_SETREUID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETREUID" does not exist in /etc/security/audit_class [26]
Checking: Parameter "lck:AUE_SETREGID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETREGID" does not exist in /etc/security/audit_class [25]
Checking: Parameter "lck:AUE_FCHROOT" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_FCHROOT" does not exist in /etc/security/audit_class [24]
Checking: Parameter "lck:AUE_PFEXEC" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_PFEXEC" does not exist in /etc/security/audit_class [23]
Checking: Parameter "lck:AUE_SETUID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETUID" does not exist in /etc/security/audit_class [22]
Checking: Parameter "lck:AUE_NICE" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_NICE" does not exist in /etc/security/audit_class [21]
Checking: Parameter "lck:AUE_SETGID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETGID" does not exist in /etc/security/audit_class [20]
Checking: Parameter "lck:AUE_PRIOCNTLSYS" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_PRIOCNTLSYS" does not exist in /etc/security/audit_class [19]
Checking: Parameter "lck:AUE_SETEGID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETEGID" does not exist in /etc/security/audit_class [18]
Checking: Parameter "lck:AUE_SETEUID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETEUID" does not exist in /etc/security/audit_class [17]
Checking: Parameter "lck:AUE_SETPPRIV" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETPPRIV" does not exist in /etc/security/audit_class [16]
Checking: Parameter "lck:AUE_SETSID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETSID" does not exist in /etc/security/audit_class [15]
Checking: Parameter "lck:AUE_SETPGID" is set in /etc/security/audit_class
Warning: Parameter "lck:AUE_SETPGID" does not exist in /etc/security/audit_class [14]
Checking: Service svc:/network/ipsec/manual-key:default is disabled
Secure: Service svc:/network/ipsec/manual-key:default is already disabled [15]
Checking: Service svc:/network/ipsec/ike:default is disabled
Secure: Service svc:/network/ipsec/ike:default is already disabled [16]
Checking: Service svc:/network/ipsec/ipsecalgs:default is disabled
Warning: Service svc:/network/ipsec/ipsecalgs:default is enabled [15]
Checking: Service svc:/network/ipsec/policy:default is disabled
Warning: Service svc:/network/ipsec/policy:default is enabled [14]
Checking: Service svc:/network/ipfilter:default is disabled
Secure: Service svc:/network/ipfilter:default is already disabled [15]
Checking: Service svc:/network/rpc/bind
Warning: Service svc:/network/rpc/bind config/enable_tcpwrappers not set to true [14]
Checking: Service svc:/application/cups/in-lpd:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [13]
Checking: Service svc:/network/security/ktkt_warn:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [12]
Checking: Service svc:/network/telnet:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [11]
Checking: Service svc:/network/echo:dgram has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [10]
Checking: Service svc:/network/echo:stream has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [9]
Checking: Service svc:/network/tftp/udp6:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [8]
Checking: Service svc:/network/login:eklogin has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [7]
Checking: Service svc:/network/login:klogin has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [6]
Checking: Service svc:/network/login:rlogin has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [5]
Checking: Service svc:/network/nfs/rquota:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [4]
Checking: Service svc:/network/time:dgram has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [3]
Checking: Service svc:/network/time:stream has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [2]
Checking: Service svc:/network/daytime:dgram has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [1]
Checking: Service svc:/network/daytime:stream has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [0]
Checking: Service svc:/network/finger:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-1]
Checking: Service svc:/network/rpc/smserver:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-2]
Checking: Service svc:/network/rpc/rstat:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-3]
Checking: Service svc:/network/rpc/rusers:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-4]
Checking: Service svc:/network/rpc/gss:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-5]
Checking: Service svc:/network/rpc/rex:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-6]
Checking: Service svc:/network/rpc/spray:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-7]
Checking: Service svc:/network/rpc/wall:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-8]
Checking: Service svc:/network/stdiscover:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-9]
Checking: Service svc:/network/rexec:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-10]
Checking: Service svc:/network/shell:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-11]
Checking: Service svc:/network/shell:kshell has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-12]
Checking: Service svc:/network/chargen:dgram has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-13]
Checking: Service svc:/network/chargen:stream has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-14]
Checking: Service svc:/network/discard:dgram has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-15]
Checking: Service svc:/network/discard:stream has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-16]
Checking: Service svc:/network/stlisten:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-17]
Checking: Service svc:/network/talk:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-18]
Checking: Service svc:/network/comsat:default has "tcp_wrappers" set to "TRUE"
Warning: Parameter "tcp_wrappers" not set to "TRUE" [-19]
Checking: Value of "ALL" in /etc/hosts.deny is " ALL"
Warning: Parameter "ALL" not set to " ALL" in /etc/hosts.deny [-20]
Checking: Value of "ALL" in /etc/hosts.allow is " localhost"
Warning: Parameter "ALL" not set to " localhost" in /etc/hosts.allow [-21]
Checking: Value of "ALL" in /etc/hosts.allow is " 127.0.0.1"
Warning: Parameter "ALL" not set to " 127.0.0.1" in /etc/hosts.allow [-22]
Checking: Value of "MAXWEEKS" in /etc/default/passwd is "13"
Warning: Parameter "MAXWEEKS" not set to "13" in /etc/default/passwd [-23]
Checking: Value of "MINWEEKS" in /etc/default/passwd is "1"
Warning: Parameter "MINWEEKS" not set to "1" in /etc/default/passwd [-24]
Checking: Value of "WARNWEEKS" in /etc/default/passwd is "4"
Warning: Parameter "WARNWEEKS" not set to "4" in /etc/default/passwd [-25]
Checking: Value of "DISABLETIME" in /etc/default/login is "3600"
Warning: Parameter "DISABLETIME" not set to "3600" in /etc/default/login [-26]
Checking: Value of "PASSLENGTH" in /etc/default/passwd is "8"
Warning: Parameter "PASSLENGTH" not set to "8" in /etc/default/passwd [-27]
Checking: Value of "NAMECHECK" in /etc/default/passwd is "YES"
Warning: Parameter "NAMECHECK" not set to "YES" in /etc/default/passwd [-28]
Checking: Value of "HISTORY" in /etc/default/passwd is "10"
Warning: Parameter "HISTORY" not set to "10" in /etc/default/passwd [-29]
Checking: Value of "MINDIFF" in /etc/default/passwd is "3"
Warning: Parameter "MINDIFF" not set to "3" in /etc/default/passwd [-30]
Checking: Value of "MINALPHA" in /etc/default/passwd is "2"
Warning: Parameter "MINALPHA" not set to "2" in /etc/default/passwd [-31]
Checking: Value of "MINUPPER" in /etc/default/passwd is "1"
Warning: Parameter "MINUPPER" not set to "1" in /etc/default/passwd [-32]
Checking: Value of "MINLOWER" in /etc/default/passwd is "1"
Warning: Parameter "MINLOWER" not set to "1" in /etc/default/passwd [-33]
Checking: Value of "MINDIGIT" in /etc/default/passwd is "1"
Warning: Parameter "MINDIGIT" not set to "1" in /etc/default/passwd [-34]
Checking: Value of "MINNONALPHA" in /etc/default/passwd is "1"
Warning: Parameter "MINNONALPHA" not set to "1" in /etc/default/passwd [-35]
Checking: Value of "MAXREPEATS" in /etc/default/passwd is "0"
Warning: Parameter "MAXREPEATS" not set to "0" in /etc/default/passwd [-36]
Checking: Value of "WHITESPACE" in /etc/default/passwd is "YES"
Warning: Parameter "WHITESPACE" not set to "YES" in /etc/default/passwd [-37]
Checking: Value of "DICTIONDBDIR" in /etc/default/passwd is "/var/passwd"
Warning: Parameter "DICTIONDBDIR" not set to "/var/passwd" in /etc/default/passwd [-38]
Checking: Value of "DICTIONLIST" in /etc/default/passwd is "/usr/share/lib/dict/words"
Warning: Parameter "DICTIONLIST" not set to "/usr/share/lib/dict/words" in /etc/default/passwd [-39]
Checking: Value of "RETRIES" in /etc/default/login is "3"
Warning: Parameter "RETRIES" not set to "3" in /etc/default/login [-40]
Checking: Value of "LOCK_AFTER_RETRIES" in /etc/security/policy.conf is "YES"
Warning: Parameter "LOCK_AFTER_RETRIES" not set to "YES" in /etc/security/policy.conf [-41]
Checking: Value of "SLEEPTIME" in /etc/default/login is "4"
Warning: Parameter "SLEEPTIME" not set to "4" in /etc/default/login [-42]
Checking: Value of "PASSREQ" in /etc/default/login is "YES"
Secure: Parameter "PASSREQ" already set to "YES" in /etc/default/login [-41]
Checking: Value of "CRYPT_DEFAULT" in /etc/security/policy.conf is "6"
Warning: Parameter "CRYPT_DEFAULT" not set to "6" in /etc/security/policy.conf [-42]
Checking: Value of "CRYPT_ALGORITHMS_ALLOW" in /etc/security/policy.conf is "6"
Warning: Parameter "CRYPT_ALGORITHMS_ALLOW" not set to "6" in /etc/security/policy.conf [-43]
Checking: Value of "set noexec_user_stack" in /etc/system is "1"
Warning: Parameter "set noexec_user_stack" not set to "1" in /etc/system [-44]
Checking: Value of "set noexec_user_stack_log" in /etc/system is "1"
Warning: Parameter "set noexec_user_stack_log" not set to "1" in /etc/system [-45]
Checking: Value of "TCP_STRONG_ISS" in /etc/default/inetinit is "2"
Warning: Parameter "TCP_STRONG_ISS" not set to "2" in /etc/default/inetinit [-46]
Checking: Value of "_strong_iss" for "tcp" is "2"
Warning: Value of "_strong_iss tcp" not set to "2" [-47]
Checking: Output of routeadm "ipv4-routing" is "disabled"
Secure: Output for command routeadm "ipv4-routing" already set to "disabled" [-46]
Checking: Output of routeadm "ipv6-routing" is "disabled"
Secure: Output for command routeadm "ipv6-routing" already set to "disabled" [-45]
Checking: Output of routeadm "ipv4-forwarding" is "disabled"
Secure: Output for command routeadm "ipv4-forwarding" already set to "disabled" [-44]
Checking: Output of routeadm "ipv6-forwarding" is "disabled"
Secure: Output for command routeadm "ipv6-forwarding" already set to "disabled" [-43]
Checking: File /etc/notrouter exists
Warning: File /etc/notrouter does not exist [-44]
Checking: Value of "_forward_src_routed" for "ipv4" is "0"
Secure: Value of "_forward_src_routed ipv4" already set to "0" [-43]
Checking: Value of "_forward_src_routed" for "ipv6" is "0"
Secure: Value of "_forward_src_routed ipv6" already set to "0" [-42]
Checking: Value of "_rev_src_routes" for "tcp" is "0"
Secure: Value of "_rev_src_routes tcp" already set to "0" [-41]
Checking: Value of "_forward_directed_broadcasts" for "ip" is "0"
Secure: Value of "_forward_directed_broadcasts ip" already set to "0" [-40]
Checking: Value of "_respond_to_timestamp" for "ip" is "0"
Secure: Value of "_respond_to_timestamp ip" already set to "0" [-39]
Checking: Value of "_respond_to_timestamp_broadcast" for "ip" is "0"
Secure: Value of "_respond_to_timestamp_broadcast ip" already set to "0" [-38]
Checking: Value of "_respond_to_address_mask_broadcast" for "ip" is "0"
Secure: Value of "_respond_to_address_mask_broadcast ip" already set to "0" [-37]
Checking: Value of "_respond_to_echo_broadcast" for "ip" is "0"
Warning: Value of "_respond_to_echo_broadcast ip" not set to "0" [-38]
Checking: Value of "_respond_to_echo_multicast" for "ipv4" is "0"
Warning: Value of "_respond_to_echo_multicast ipv4" not set to "0" [-39]
Checking: Value of "_respond_to_echo_multicast" for "ipv6" is "0"
Warning: Value of "_respond_to_echo_multicast ipv6" not set to "0" [-40]
Checking: Value of "_ignore_redirect" for "ipv4" is "1"
Warning: Value of "_ignore_redirect ipv4" not set to "1" [-41]
Checking: Value of "_ignore_redirect" for "ipv6" is "1"
Warning: Value of "_ignore_redirect ipv6" not set to "1" [-42]
Checking: Value of "_send_redirects" for "ipv4" is "0"
Warning: Value of "_send_redirects ipv4" not set to "0" [-43]
Checking: Value of "_send_redirects" for "ipv6" is "0"
Warning: Value of "_send_redirects ipv6" not set to "0" [-44]
Checking: Value of "_strict_dst_multihoming" for "ipv4" is "1"
Warning: Value of "_strict_dst_multihoming ipv4" not set to "1" [-45]
Checking: Value of "_strict_dst_multihoming" for "ipv6" is "1"
Warning: Value of "_strict_dst_multihoming ipv6" not set to "1" [-46]
Checking: Value of "_conn_req_max_q0" for "tcp" is "4096"
Warning: Value of "_conn_req_max_q0 tcp" not set to "4096" [-47]
Checking: Value of "_conn_req_max_q" for "tcp" is "1024"
Warning: Value of "_conn_req_max_q tcp" not set to "1024" [-48]
Checking: Service svc:/network/smtp:sendmail is disabled
Secure: Service svc:/network/smtp:sendmail is already disabled [-47]
Checking: Value of "QUEUEINTERVAL" in /etc/default/sendmail is "15m"
Warning: Parameter "QUEUEINTERVAL" not set to "15m" in /etc/default/sendmail [-48]
Checking: Parameter "MODE=" is set in /etc/default/sendmail
Warning: Parameter "MODE=" does not exist in /etc/default/sendmail [-49]
Checking: Mail transfer agent is running in local-only mode
Secure: Mail transfer agent is running in local-only mode [-48]
Secure: No version information in sendmail greeting [-47]
Checking: Parameter "O HelpFile" in /etc/mail/sendmail.cf is disabled
Secure: No help information in sendmail greeting [-46]
Checking: File permissions on /etc/mail/sendmail.cf
Warning: File /etc/mail/sendmail.cf has incorrect permissions [-47]
Checking: Parameter "decode" in /etc/aliases is disabled
Checking: File permissions on /etc/aliases
Warning: File /etc/aliases has incorrect permissions [-48]
Checking: Primary group for root is root
Secure: Primary group for root is root [-47]
Checking: Root SSH keys
Secure: Keys file /root/.ssh/authorized_keys does not exist
Secure: Keys file /root/.ssh/authorized_keys2 does not exist
Checking: Value of "mesg" in /etc/.login is "n"
Warning: Parameter "mesg" not set to "n" in /etc/.login [-46]
Checking: Value of "mesg" in /etc/profile is "n"
Warning: Parameter "mesg" not set to "n" in /etc/profile [-47]
Checking: Value of "mesg" in /etc/skel/.bash_profile is "n"
Warning: Parameter "mesg" not set to "n" in /etc/skel/.bash_profile [-48]
Checking: Value of "mesg" in /etc/skel/.bashrc is "n"
Warning: Parameter "mesg" not set to "n" in /etc/skel/.bashrc [-49]
Checking: Groups in passwd file exist in group file
Secure: No non existant group issues [-48]
Checking: User home directory permissions
Checking: File permissions on /export/home/sysadmin
Warning: File /export/home/sysadmin has incorrect permissions [-49]
Checking: Ownership of home directories
Warning: User dladm has no home directory defined [-50]
Warning: User netadm has no home directory defined [-51]
Warning: User netcfg has no home directory defined [-52]
Warning: User zfssnap has no home directory defined [-53]
Warning: User xvm has no home directory defined [-54]
Warning: User mysql has no home directory defined [-55]
Warning: User openldap has no home directory defined [-56]
Warning: User aiuser has no home directory defined [-57]
Warning: User ftp has no home directory defined [-58]
Warning: User dhcpserv has no home directory defined [-59]
Warning: User pkg5srv has no home directory defined [-60]
Checking: For users with duplicate name
Secure: No users with duplicate name [-59]
Checking: For users with duplicate id
Secure: No users with duplicate id [-58]
Checking: For groups with duplicate name
Secure: No groups with duplicate name [-57]
Checking: For groups with duplicate id
Secure: No groups with duplicate id [-56]
Checking: User dot file permissions
Checking: File permissions on /root/.bash_history
Secure: File /root/.bash_history has correct permissions [-55]
Checking: File permissions on /root/.bashrc
Warning: File /root/.bashrc has incorrect permissions [-56]
Checking: File permissions on /root/.lesshst
Secure: File /root/.lesshst has correct permissions [-55]
Checking: File permissions on /root/.profile
Warning: File /root/.profile has incorrect permissions [-56]
Checking: File permissions on /root/.sh_history
Secure: File /root/.sh_history has correct permissions [-55]
Checking: File permissions on /export/home/sysadmin/.bash_history
Secure: File /export/home/sysadmin/.bash_history has correct permissions [-54]
Checking: File permissions on /export/home/sysadmin/.bash_profile
Warning: File /export/home/sysadmin/.bash_profile has incorrect permissions [-55]
Checking: File permissions on /export/home/sysadmin/.bashrc
Warning: File /export/home/sysadmin/.bashrc has incorrect permissions [-56]
Checking: For .forward files
Secure: File /root/.forward does not exist [-55]
Secure: File /.forward does not exist [-54]
Secure: File /usr/bin/.forward does not exist [-53]
Secure: File /.forward does not exist [-52]
Secure: File /var/adm/.forward does not exist [-51]
Secure: File /.forward does not exist [-50]
Secure: File /usr/lib/uucp/.forward does not exist [-49]
Secure: File /var/spool/uucppublic/.forward does not exist [-48]
Secure: File /.forward does not exist [-47]
Secure: File /.forward does not exist [-46]
Secure: File /.forward does not exist [-45]
Secure: File /.forward does not exist [-44]
Secure: File /var/lib/gdm/.forward does not exist [-43]
Secure: File /.forward does not exist [-42]
Secure: File /var/coherence/.forward does not exist [-41]
Secure: File /.forward does not exist [-40]
Secure: File /.forward does not exist [-39]
Secure: File /.forward does not exist [-38]
Secure: File /.forward does not exist [-37]
Secure: File /.forward does not exist [-36]
Secure: File /.forward does not exist [-35]
Secure: File /.forward does not exist [-34]
Secure: File /.forward does not exist [-33]
Secure: File /.forward does not exist [-32]
Secure: File /.forward does not exist [-31]
Secure: File /.forward does not exist [-30]
Secure: File /.forward does not exist [-29]
Secure: File /.forward does not exist [-28]
Secure: File /.forward does not exist [-27]
Secure: File /export/home/sysadmin/.forward does not exist [-26]
Checking: Root PATH
Secure: No empty directory in PATH [-25]
Secure: No trailing : in PATH [-24]
Secure: Group write permission not set on directory /usr/bin [-23]
Secure: Other write permission not set on directory /usr/bin [-22]
Secure: Group write permission not set on directory /usr/sbin [-21]
Secure: Other write permission not set on directory /usr/sbin [-20]
Checking: Primary group for root is root
Secure: Primary group for root is root [-19]
Checking: Value of "UMASK" in /etc/default/login is "077"
Warning: Parameter "UMASK" not set to "077" in /etc/default/login [-20]
Checking: Value of "umask" in /etc/.login is "077"
Warning: Parameter "umask" not set to "077" in /etc/.login [-21]
Checking: Value of "umask" in /etc/profile is "077"
Warning: Parameter "umask" not set to "077" in /etc/profile [-22]
Checking: Value of "umask" in /etc/skel/.bash_profile is "077"
Warning: Parameter "umask" not set to "077" in /etc/skel/.bash_profile [-23]
Checking: Value of "UMASK" in /etc/bashrc is "077"
Warning: Parameter "UMASK" not set to "077" in /etc/bashrc [-24]
Checking: Value of "UMASK" in /etc/skel/.bashrc is "077"
Warning: Parameter "UMASK" not set to "077" in /etc/skel/.bashrc [-25]
Checking: Password fields
Secure: No empty password entries
Checking: Whether reserved UUIDs are assigned to system accounts
Warning: User dladm has a reserved UID (15) [-25]
Warning: User netadm has a reserved UID (16) [-26]
Warning: User netcfg has a reserved UID (17) [-27]
Warning: User zfssnap has a reserved UID (51) [-28]
Warning: User upnp has a reserved UID (52) [-29]
Warning: User xvm has a reserved UID (60) [-30]
Warning: User mysql has a reserved UID (70) [-31]
Warning: User openldap has a reserved UID (75) [-32]
Warning: User aiuser has a reserved UID (61) [-33]
Warning: User ftp has a reserved UID (21) [-34]
Warning: User dhcpserv has a reserved UID (18) [-35]
Warning: User pkg5srv has a reserved UID (97) [-36]
Checking: Super users other than root
Secure: No accounts other than root have UID 0 [-35]
Secure: Default service file creation mask set to 022 [-34]
Checking: Wheel group exists in /etc/group
Warning: Wheel group does not exist in /etc/group [-35]
Checking: File permissions on /usr/bin/su
Warning: File /usr/bin/su has incorrect permissions [-36]
Secure: No user has never logged in and their account is not locked [-35]
Checking: System accounts have valid shells
Warning: System account daemon has an invalid shell
Warning: System account bin has an invalid shell
Warning: System account sys has an invalid shell
Warning: System account adm has an invalid shell
Warning: System account lp has an invalid shell
Warning: System account uucp has an invalid shell
Warning: System account nuucp has an invalid shell
Warning: System account dladm has an invalid shell
Warning: System account netadm has an invalid shell
Warning: System account netcfg has an invalid shell
Warning: System account smmsp has an invalid shell
Warning: System account gdm has an invalid shell
Warning: System account zfssnap has an invalid shell
Warning: System account upnp has an invalid shell
Warning: System account xvm has an invalid shell
Warning: System account mysql has an invalid shell
Warning: System account openldap has an invalid shell
Warning: System account webservd has an invalid shell
Warning: System account postgres has an invalid shell
Warning: System account svctag has an invalid shell
Warning: System account unknown has an invalid shell
Warning: System account aiuser has an invalid shell
Warning: System account ftp has an invalid shell
Warning: System account dhcpserv has an invalid shell
Warning: System account pkg5srv has an invalid shell
Warning: System account sysadmin has an invalid shell but the account is disabled
Checking: Service svc:/system/hotplug:default is disabled
Secure: Service svc:/system/hotplug:default is already disabled [-59]
Secure: Power suspend disabled [-58]
Checking: Value of "PERMS" in /etc/default/sys-suspend is "-"
Warning: Parameter "PERMS" not set to "-" in /etc/default/sys-suspend [-59]
Checking: Service svc:/system/rcap:default is disabled
Secure: Service svc:/system/rcap:default is already disabled [-58]
Checking: Service svc:/system/pools:default is disabled
Secure: Service svc:/system/pools:default is already disabled [-57]
Checking: Service svc:/system/zones:default is disabled
Warning: Service svc:/system/zones:default is enabled [-58]
Checking: Value of "*timeout:" in /usr/openwin/lib/app-defaults/XScreenSaver is "0:10:00"
Warning: Parameter "*timeout:" not set to "0:10:00" in /usr/openwin/lib/app-defaults/XScreenSaver [-59]
Checking: Value of "*lockTimeout:" in /usr/openwin/lib/app-defaults/XScreenSaver is "0:00:00"
Warning: Parameter "*lockTimeout:" not set to "0:00:00" in /usr/openwin/lib/app-defaults/XScreenSaver [-60]
Checking: Value of "*lockTimeout:" in /usr/openwin/lib/app-defaults/XScreenSaver is "0:00:00"
Warning: Parameter "*lockTimeout:" not set to "0:00:00" in /usr/openwin/lib/app-defaults/XScreenSaver [-61]
Checking: Service svc:/application/font/fc-cache:default is disabled
Warning: Service svc:/application/font/fc-cache:default is enabled [-62]
Checking: Service svc:/network/dns/server:default is disabled
Secure: Service svc:/network/dns/server:default is already disabled [-61]
Checking: Service svc:/network/security/krb5kdc:default is disabled
Secure: Service svc:/network/security/krb5kdc:default is already disabled [-60]
Checking: Service svc:/network/security/kadmin:default is disabled
Secure: Service svc:/network/security/kadmin:default is already disabled [-59]
Checking: Legacy NIS '+' entries
Secure: No NIS entries in /etc/passwd [-58]
Secure: No NIS entries in /etc/shadow [-57]
Secure: No NIS entries in /etc/group [-56]
Checking: File permissions on /var/log/syslog
Warning: File /var/log/syslog has incorrect permissions [-57]
Checking: File /etc/dfs/dfstab contains "/usr/bin/share" rather than "share"
Warning: File /etc/dfs/dfstab contains "share" rather than "/usr/bin/share" [-58]
Checking: Service svc:/network/nfs/mapid:default is disabled
Warning: Service svc:/network/nfs/mapid:default is enabled [-59]
Checking: Service svc:/network/nfs/status:default is disabled
Warning: Service svc:/network/nfs/status:default is enabled [-60]
Checking: Service svc:/network/nfs/cbd:default is disabled
Secure: Service svc:/network/nfs/cbd:default is already disabled [-59]
Checking: Service svc:/network/nfs/nlockmgr:default is disabled
Warning: Service svc:/network/nfs/nlockmgr:default is enabled [-60]
Checking: Service svc:/network/nfs/client:default is disabled
Secure: Service svc:/network/nfs/client:default is already disabled [-59]
Checking: Service svc:/network/nfs/server:default is disabled
Warning: Service svc:/network/nfs/server:default is enabled [-60]
Checking: Value of "nfssrv:nfs_portmon" in /etc/system is "1"
Warning: Parameter "nfssrv:nfs_portmon" not set to "1" in /etc/system [-61]
Checking: Service svc:/network/http:apache22 is disabled
Warning: Service svc:/network/http:apache22 is enabled [-62]
Checking: Service svc:/network/routing/ripng:default is disabled
Secure: Service svc:/network/routing/ripng:default is already disabled [-61]
Checking: Service svc:/network/routing/legacy-routing:ipv4 is disabled
Secure: Service svc:/network/routing/legacy-routing:ipv4 is already disabled [-60]
Checking: Service svc:/network/routing/legacy-routing:ipv6 is disabled
Secure: Service svc:/network/routing/legacy-routing:ipv6 is already disabled [-59]
Checking: Service svc:/network/routing/rdisc:default is disabled
Secure: Service svc:/network/routing/rdisc:default is already disabled [-58]
Checking: Service svc:/network/routing/route:default is disabled
Secure: Service svc:/network/routing/route:default is already disabled [-57]
Checking: Service svc:/network/routing/ndp:default is disabled
Warning: Service svc:/network/routing/ndp:default is enabled [-58]
Checking: Output of routeadm "ipv4-routing" is "disabled"
Secure: Output for command routeadm "ipv4-routing" already set to "disabled" [-57]
Checking: Output of routeadm "ipv6-routing" is "disabled"
Secure: Output for command routeadm "ipv6-routing" already set to "disabled" [-56]
Checking: Output of routeadm "ipv4-forwarding" is "disabled"
Secure: Output for command routeadm "ipv4-forwarding" already set to "disabled" [-55]
Checking: Output of routeadm "ipv6-forwarding" is "disabled"
Secure: Output for command routeadm "ipv6-forwarding" already set to "disabled" [-54]
Checking: File /etc/notrouter exists
Warning: File /etc/notrouter does not exist [-55]
Checking: Value of "_forward_src_routed" for "ipv4" is "0"
Secure: Value of "_forward_src_routed ipv4" already set to "0" [-54]
Checking: Value of "_forward_src_routed" for "ipv6" is "0"
Secure: Value of "_forward_src_routed ipv6" already set to "0" [-53]
Checking: Value of "_rev_src_routes" for "tcp" is "0"
Secure: Value of "_rev_src_routes tcp" already set to "0" [-52]
Checking: Value of "_forward_directed_broadcasts" for "ip" is "0"
Secure: Value of "_forward_directed_broadcasts ip" already set to "0" [-51]
Checking: Value of "_respond_to_timestamp" for "ip" is "0"
Secure: Value of "_respond_to_timestamp ip" already set to "0" [-50]
Checking: Value of "_respond_to_timestamp_broadcast" for "ip" is "0"
Secure: Value of "_respond_to_timestamp_broadcast ip" already set to "0" [-49]
Checking: Value of "_respond_to_address_mask_broadcast" for "ip" is "0"
Secure: Value of "_respond_to_address_mask_broadcast ip" already set to "0" [-48]
Checking: Value of "_respond_to_echo_broadcast" for "ip" is "0"
Warning: Value of "_respond_to_echo_broadcast ip" not set to "0" [-49]
Checking: Value of "_respond_to_echo_multicast" for "ipv4" is "0"
Warning: Value of "_respond_to_echo_multicast ipv4" not set to "0" [-50]
Checking: Value of "_respond_to_echo_multicast" for "ipv6" is "0"
Warning: Value of "_respond_to_echo_multicast ipv6" not set to "0" [-51]
Checking: Value of "_ignore_redirect" for "ipv4" is "1"
Warning: Value of "_ignore_redirect ipv4" not set to "1" [-52]
Checking: Value of "_ignore_redirect" for "ipv6" is "1"
Warning: Value of "_ignore_redirect ipv6" not set to "1" [-53]
Checking: Value of "_send_redirects" for "ipv4" is "0"
Warning: Value of "_send_redirects ipv4" not set to "0" [-54]
Checking: Value of "_send_redirects" for "ipv6" is "0"
Warning: Value of "_send_redirects ipv6" not set to "0" [-55]
Checking: Value of "_strict_dst_multihoming" for "ipv4" is "1"
Warning: Value of "_strict_dst_multihoming ipv4" not set to "1" [-56]
Checking: Value of "_strict_dst_multihoming" for "ipv6" is "1"
Warning: Value of "_strict_dst_multihoming ipv6" not set to "1" [-57]
Checking: Value of "_conn_req_max_q0" for "tcp" is "4096"
Warning: Value of "_conn_req_max_q0 tcp" not set to "4096" [-58]
Checking: Value of "_conn_req_max_q" for "tcp" is "1024"
Warning: Value of "_conn_req_max_q tcp" not set to "1024" [-59]
Checking: File permissions on /etc/sfw/private/smbpasswd
Notice: File /etc/sfw/private/smbpasswd does not exist [-58]
Checking: File permissions on /etc/samba/smb.conf
Notice: File /etc/samba/smb.conf does not exist [-57]
Checking: Service svc:/network/inetd:default is disabled
Warning: Service svc:/network/inetd:default is enabled [-58]
Checking: Value of "LOG_FROM_REMOTE" in /etc/default/syslogd is "NO"
Warning: Parameter "LOG_FROM_REMOTE" not set to "NO" in /etc/default/syslogd [-59]
Warning: Cores are not restricted to a private directory [-60]
Checking: Value of "server" in /etc/inet/ntp.conf is "pool.ntp.org"
Warning: Parameter "server" not set to "pool.ntp.org" in /etc/inet/ntp.conf [-61]
Checking: Service svc:/network/ipmievd:default is disabled
Secure: Service svc:/network/ipmievd:default is already disabled [-60]
Checking: Service svc:/network/echo:dgram is disabled
Secure: Service svc:/network/echo:dgram is already disabled [-59]
Checking: Service svc:/network/echo:stream is disabled
Secure: Service svc:/network/echo:stream is already disabled [-58]
Checking: Service svc:/network/time:dgram is disabled
Secure: Service svc:/network/time:dgram is already disabled [-57]
Checking: Service svc:/network/time:stream is disabled
Secure: Service svc:/network/time:stream is already disabled [-56]
Checking: Service svc:/network/comsat:default is disabled
Secure: Service svc:/network/comsat:default is already disabled [-55]
Checking: Service svc:/network/discard:dgram is disabled
Secure: Service svc:/network/discard:dgram is already disabled [-54]
Checking: Service svc:/network/discard:stream is disabled
Secure: Service svc:/network/discard:stream is already disabled [-53]
Checking: Service svc:/network/chargen:dgram is disabled
Secure: Service svc:/network/chargen:dgram is already disabled [-52]
Checking: Service svc:/network/chargen:stream is disabled
Secure: Service svc:/network/chargen:stream is already disabled [-51]
Checking: Service svc:/network/rpc/spray:default is disabled
Secure: Service svc:/network/rpc/spray:default is already disabled [-50]
Checking: Service svc:/network/daytime:dgram is disabled
Secure: Service svc:/network/daytime:dgram is already disabled [-49]
Checking: Service svc:/network/daytime:stream is disabled
Secure: Service svc:/network/daytime:stream is already disabled [-48]
Checking: Service svc:/network/talk:default is disabled
Secure: Service svc:/network/talk:default is already disabled [-47]
Checking: Service svc:/network/stdiscover:default is disabled
Secure: Service svc:/network/stdiscover:default is already disabled [-46]
Checking: Service svc:/network/stlisten:default is disabled
Secure: Service svc:/network/stlisten:default is already disabled [-45]
Checking: Service svc:/application/stosreg:default is disabled
Warning: Service svc:/application/stosreg:default is enabled [-46]
Checking: Service svc:/network/rarp:default is disabled
Secure: Service svc:/network/rarp:default is already disabled [-45]
Checking: Service svc:/network/rpc/bootparams:default is disabled
Secure: Service svc:/network/rpc/bootparams:default is already disabled [-44]
Checking: Service svc:/network/tftp/udp6:default is disabled
Warning: Service svc:/network/tftp/udp6:default is enabled [-45]
Checking: Service svc:/network/slp:default is disabled
Secure: Service svc:/network/slp:default is already disabled [-44]
Tests: 357
Score: 313