Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system package management tool must not automatically obtain updates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22589 | GEN008820 | SV-40814r1_rule | ECSC-1 | Low |
| Description |
|---|
| System package management tools can obtain a list of updates and patches from a package repository and make this information available to the SA for review and action. Using a package repository outside of the organization's control, presents a risk that malicious packages could be introduced. |
| STIG | Date |
|---|---|
| SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2016-06-22 |
Details
| Check Text ( C-39533r1_chk ) |
|---|
| Determine if the system package management tool is configured to automatically obtain updated packages using the cron or at utilities. # grep smpatch /var/spool/cron/crontabs/* /var/spool/cron/atjobs/* If smpatch is called with the add, update, or remove subcommands, this is a finding. |
| Fix Text (F-34669r1_fix) |
|---|
| Disable any cron or at jobs running smpatch. # crontab -e < user running smpatch > # atrm < id of at job running smpatch > |