Navigate

Check: GEN000000-SOL00220

Solaris 10 X86 STIG: GEN000000-SOL00220 (in versions v2 r4 through v1 r17)

Title

The /usr/aset/userlist file must exist. (Cat II impact)

Discussion

If the userlist file does not exist, then an unauthorized user may exist in the /etc/passwd file.

Check Content

Determine if ASET is being used. # crontab -l | grep aset If ASET is not used on the system, this is not applicable. If ASET is being used, but is not invoked with the "-u /usr/aset/userlist" option, this is a finding. Check the /usr/aset/userlist file. # ls -lL /usr/aset/userlist If /usr/aset/userlist file does not exist, this is a finding. An empty /usr/aset/userlist file, while not optimal, is not a finding.

Fix Text

Create the /usr/aset/userlist file and populate it with a list of authorized users.

Additional Identifiers

Rule ID: SV-227541r603266_rule

Vulnerability ID: V-227541

Group Title: SRG-OS-000016

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000032	Enforce information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.
CCI-000366	Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-4(8)	Security Policy Filters
CM-6	Configuration Settings