Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-953 | GEN000000-SOL00180 | SV-953r2_rule | ECSC-1 | Medium |
Description |
---|
If settings in the asetenv file have been modified, then system vulnerabilities may not be detected. |
STIG | Date |
---|---|
SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2018-04-10 |
Check Text ( C-2249r2_chk ) |
---|
Determine if ASET is being used. # crontab -l | grep aset Check the configuration of ASET. # more /usr/aset/asetenv OR Check that asetenv has not been modified since installation. # pkgchk SUNWast If there are any changes below the following two lines that are not comments, this is a finding. # Don't change from here on down ... # # there shouldn't be any reason to. # In addition, if any of the following lines do not match, this is a finding. TASKS="firewall env sysconf usrgrp tune cklist eeprom" CKLISTPATH_LOW=${ASETDIR}/tasks:#${ASETDIR} \ /util:${ASETDIR}/masters:/etc CKLISTPATH_MED=${CKLISTPATH_LOW}:/usr/bin:/usr/ucb CKLISTPATH_HIGH=${CKLISTPATH_MED}:/usr/lib:/sbin: \ /usr/sbin:/usr/ucblib YPCHECK=false PERIODIC_SCHEDULE="0 0 * * *" UID_ALIASES=${ASETDIR}/masters/uid_aliases (The default asetenv file can be found on the Solaris installation media.) |
Fix Text (F-1107r2_fix) |
---|
Restore the ASET configuration to vendor default and only modify the portions of the configuration designated as customizable. |