The system package management tool must be used to verify system software periodically.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22506 | GEN006565 | SV-35166r1_rule | ECAT-1 | Medium |
| Description |
|---|
| Verification using the system package management tool can be used to determine that system software has not been tampered with. This requirement is not applicable to systems that do not use package management tools. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2015-12-02 |
Details
| Check Text ( C-35018r1_chk ) |
|---|
| Check the root crontab for a job invoking the system package management tool to verify the integrity of installed packages. If no such job exists, this is a finding. An example using HP's command line tool suite to list/verify installed local machine software bundles is: # swlist -l bundle # Initializing... # Contacting target "abc123"... # # Target: abc123:/ # 10GigEthr-00 B.11.31.0709 PCI-X 10 Gigabit Ethernet;Supptd Then run swverify, at the end of the output look for status of Verification succeeded. # swverify -v 10GigEthr-00 |
| Fix Text (F-32107r1_fix) |
|---|
| Add a job to the root crontab invoking the system package management tool to verify the integrity of installed packages. |