Access to a logical domain console must be restricted to authorized users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216349 | SOL-11.1-040316 | SV-216349r959010_rule | CCI-000366 | medium |
| Description | ||||
| A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single computer system. Access to the logical domain console provides system-level access to the OBP of the domain. | ||||
| STIG | Date | |||
| Solaris 11 SPARC Security Technical Implementation Guide | 2025-05-05 | |||
Details
Check Text (C-216349r959010_chk)
The root role is required. This action applies only to the control domain.
Determine the domain that you are currently securing.
# virtinfo
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.
If the current domain is not the control domain, this check does not apply.
Determine if the vntsd service is online.
# pfexec svcs vntsd
If the service is not "online", this is not applicable.
Check the status of the vntsd authorization property.
# svcprop -p vntsd/authorization vntsd
If the state is not true, this is a finding.
Fix Text (F-17583r371136_fix)
The root role is required. This action applies only to the control domain.
Determine the domain that you are currently securing.
# virtinfo
Domain role: LDoms control I/O service root
The current domain is the control domain, which is also an I/O domain, the service domain, and a root I/O domain.
If the current domain is not the control domain, this action does not apply.
Configure the vntsd service to require authorization.
# svccfg -s vntsd setprop vntsd/authorization = true
The vntsd service must be restarted for the changes to take effect.
# svcadm restart vntsd