Check: SOL-11.1-090240
Solaris 11 SPARC STIG:
SOL-11.1-090240
(in versions v2 r10 through v1 r10)
Title
All manual editing of system-relevant files shall be done using the pfedit command, which logs changes made to the files. (Cat III impact)
Discussion
Editing a system file with common tools such as vi, emacs, or gedit does not allow the auditing of changes made by an operator. This reduces the capability of determining which operator made security-relevant changes to the system.
Check Content
Ask the operators if they use vi, emacs, or gedit to make changes to system files. If vi, emacs, or gedit are used to make changes to system files, this is a finding.
Fix Text
Advise the operators to use pdfedit or other appropriate command line tools to make system changes instead of vi, emacs, or gedit. Oracle Solaris includes administrative configuration files which use pfedit, and the solaris.admin.edit/path_to_file authorization is not recommended. Alternate commands exist which are both domain-specific and safer. For example, for the /etc/passwd, /etc/shadow, or /etc/user_attr files, use instead passwd, useradd, userdel, or usermod. For the /etc/group file, use instead groupadd, groupdel, or groupmod. For updating /etc/security/auth_attr, /etc/security/exec_attr, or /etc/security/prof_attr, the preferred command is profiles.
Additional Identifiers
Rule ID: SV-216470r603267_rule
Vulnerability ID: V-216470
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |