Check: GEN006565
HP-UX 11.31 STIG:
GEN006565
(in versions v1 r19 through v1 r13)
Title
The system package management tool must be used to verify system software periodically. (Cat II impact)
Discussion
Verification using the system package management tool can be used to determine that system software has not been tampered with. This requirement is not applicable to systems that do not use package management tools.
Check Content
Check the root crontab for a job invoking the system package management tool to verify the integrity of installed packages. If no such job exists, this is a finding. An example using HP's command line tool suite to list/verify installed local machine software bundles is: # swlist -l bundle # Initializing... # Contacting target "abc123"... # # Target: abc123:/ # 10GigEthr-00 B.11.31.0709 PCI-X 10 Gigabit Ethernet;Supptd Then run swverify, at the end of the output look for status of Verification succeeded. # swverify -v 10GigEthr-00
Fix Text
Add a job to the root crontab invoking the system package management tool to verify the integrity of installed packages.
Additional Identifiers
Rule ID: SV-35166r1_rule
Vulnerability ID: V-22506
Group Title: GEN006565
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-000698 |
The organization requires the developer of the information system, system component, or information system service to enable integrity verification of software and firmware components. |