UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct.


Overview

Finding ID Version Rule ID IA Controls Severity
V-953 GEN000000-SOL00180 SV-953r2_rule ECSC-1 Medium
Description
If settings in the asetenv file have been modified, then system vulnerabilities may not be detected.
STIG Date
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2017-03-03

Details

Check Text ( C-2249r2_chk )
Determine if ASET is being used.
# crontab -l | grep aset

Check the configuration of ASET.
# more /usr/aset/asetenv

OR

Check that asetenv has not been modified since installation.
# pkgchk SUNWast

If there are any changes below the following two lines that are not comments, this is a finding.

# Don't change from here on down ... #
# there shouldn't be any reason to. #

In addition, if any of the following lines do not match, this is a finding.

TASKS="firewall env sysconf usrgrp tune cklist eeprom"
CKLISTPATH_LOW=${ASETDIR}/tasks:#${ASETDIR} \
/util:${ASETDIR}/masters:/etc
CKLISTPATH_MED=${CKLISTPATH_LOW}:/usr/bin:/usr/ucb
CKLISTPATH_HIGH=${CKLISTPATH_MED}:/usr/lib:/sbin: \
/usr/sbin:/usr/ucblib
YPCHECK=false
PERIODIC_SCHEDULE="0 0 * * *"
UID_ALIASES=${ASETDIR}/masters/uid_aliases

(The default asetenv file can be found on the Solaris installation media.)
Fix Text (F-1107r2_fix)
Restore the ASET configuration to vendor default and only modify the portions of the configuration designated as customizable.