Check: SOL-11.1-090010
Solaris 11 x86 STIG:
SOL-11.1-090010
(in versions v2 r10 through v2 r7)
Title
A file integrity baseline must be created, maintained, and reviewed at least weekly to determine if unauthorized changes have been made to important system files located in the root file system. (Cat II impact)
Discussion
A file integrity baseline is a collection of file metadata used to evaluate the integrity of the system. A minimal baseline must contain metadata for all device files, setuid files, setgid files, system libraries, system binaries, and system configuration files. The minimal metadata must consist of the mode, owner, group owner, and modification times. For regular files, metadata must also include file size and a cryptographic hash of the file's contents.
Check Content
The root role is required. Solaris 11 includes the Basic Account and Reporting Tool (BART), which uses cryptographic-strength checksums and file system metadata to determine changes. By default, the manifest generator catalogs all attributes of all files in the root (/) file system. File systems mounted on the root file system are cataloged only if they are of the same type as the root file system. A Baseline BART manifest may exist in: /var/adm/log/bartlogs/[control manifest filename] If a BART manifest does not exist, this is a finding. At least weekly, create a new BART baseline report. # bart create > /var/adm/log/bartlogs/[new manifest filename] Compare the new report to the previous report to identify any changes in the system baseline. # bart compare /var/adm/log/bartlogs/[baseline manifest filename] /var/adm/log/bartlogs/[new manifest filename] Examine the BART report for changes. If there are changes to system files in /etc that are not approved, this is a finding.
Fix Text
The root role is required. Solaris 11 includes the Basic Account and Reporting Tool (BART), which uses cryptographic-strength checksums and file system metadata to determine changes. By default, the manifest generator catalogs all attributes of all files in the root (/) file system. File systems mounted on the root file system are cataloged only if they are of the same type as the root file system. Create a protected area to store BART manifests. # mkdir /var/adm/log/bartlogs # chmod 700 /var/adm/log/bartlogs After initial installation and configuration of the system, create a manifest report of the current baseline. # bart create > /var/adm/log/bartlogs/[baseline manifest filename]
Additional Identifiers
Rule ID: SV-216221r877441_rule
Vulnerability ID: V-216221
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |