An error occurred:

Check: GEN008820

Solaris 10 X86 STIG: GEN008820 (in versions v2 r4 through v1 r17)

Title

The system package management tool must not automatically obtain updates. (Cat III impact)

Discussion

System package management tools can obtain a list of updates and patches from a package repository and make this information available to the SA for review and action. Using a package repository outside of the organization's control, presents a risk that malicious packages could be introduced.

Check Content

Determine if the system package management tool is configured to automatically obtain updated packages using the cron or at utilities. # grep smpatch /var/spool/cron/crontabs/* /var/spool/cron/atjobs/* If smpatch is called with the add, update, or remove subcommands, this is a finding.

Fix Text

Disable any cron or at jobs running smpatch. # crontab -e < user running smpatch > # atrm < id of at job running smpatch >

Additional Identifiers

Rule ID: SV-227987r603266_rule

Vulnerability ID: V-227987

Group Title: SRG-OS-000191

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001233

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-2 (2)

Automated Flaw Remediation Status