Check: GEN002260
HP-UX 11.31 STIG:
GEN002260
(in versions v1 r19 through v1 r13)
Title
The system must be checked for extraneous device files at least weekly. (Cat III impact)
Discussion
If an unauthorized device is allowed to exist on the system, there is the possibility the system may perform unauthorized operations.
Check Content
NOTE: This will virtually always be a manual review. Check the system for an automated job, or check with the SA, to determine if the system is checked for extraneous device files on a weekly basis. If no automated or manual process is in place, this is a finding.
Fix Text
Establish a weekly automated or manual process to create a list of device files on the system and determine if any files have been added, moved, or deleted since the last list was generated. A list of device files can be generated with this command: # find / -type b -o -type c -o -type n > device-file-list
Additional Identifiers
Rule ID: SV-38504r1_rule
Vulnerability ID: V-923
Group Title: GEN002260
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000318 |
The organization audits and reviews activities associated with configuration-controlled changes to the system. |
Controls
Number | Title |
---|---|
CM-3 |
Configuration Change Control |