Title

The Solaris system EEPROM security-mode parameter must be set to full or command mode. (Cat II impact)

Discussion

If the EEPROM security-mode parameter is not set to full or command, then unauthorized access to system EEPROM can take place. In normal situations, when the system is in a controlled access area and it is desirable to have it automatically reboot upon loss of and restoring of power, for instance, then command mode with the autoboot parameter set to true is recommended.

Check Content

If the system does not have an OBP / EEPROM, this is not applicable. # eeprom | grep security-mode If the EEPROM security-mode parameter is not set to full or command, this is a finding.

Fix Text

Set the system EEPROM security-mode parameter to full or command. # eeprom security-mode=full OR # eeprom security-mode=command The system will prompt the user for a password. This should be securely stored.

Additional Identifiers

Rule ID: SV-226419r603265_rule

Vulnerability ID: V-226419

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.