Access to a logical domain console must be restricted to authorized users.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-216349 | SRG-OS-000480 | SOL-11.1-040316 | SV-216349r959010_rule | 2024-11-25 | 3 |
| Description |
|---|
| A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain. |
| ℹ️ Check |
|---|
| The root role is required. This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this check does not apply. Determine if the vntsd service is online. # pfexec svcs vntsd If the service is not "online", this is not applicable. Check the status of the vntsd authorization property. # svcprop -p vntsd/authorization vntsd If the state is not true, this is a finding. |
| ✔️ Fix |
|---|
| The root role is required. This action applies only to the control domain. Determine the domain that you are currently securing. # virtinfo Domain role: LDoms control I/O service root The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain. If the current domain is not the control domain, this action does not apply. Configure the vntsd service to require authorization. # svccfg -s vntsd setprop vntsd/authorization = true The vntsd service must be restarted for the changes to take effect. # svcadm restart vntsd |