UCF STIG Viewer Logo

The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct.


Overview

Finding ID Version Rule ID IA Controls Severity
V-227540 GEN000000-SOL00180 SV-227540r603266_rule Medium
Description
If settings in the asetenv file have been modified, then system vulnerabilities may not be detected.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-29702r488150_chk )
Determine if ASET is being used.
# crontab -l | grep aset

Check the configuration of ASET.
# more /usr/aset/asetenv

OR

Check that asetenv has not been modified since installation.
# pkgchk SUNWast

If there are any changes below the following two lines that are not comments, this is a finding.

# Don't change from here on down ... #
# there shouldn't be any reason to. #

In addition, if any of the following lines do not match, this is a finding.

TASKS="firewall env sysconf usrgrp tune cklist eeprom"
CKLISTPATH_LOW=${ASETDIR}/tasks:#${ASETDIR} \
/util:${ASETDIR}/masters:/etc
CKLISTPATH_MED=${CKLISTPATH_LOW}:/usr/bin:/usr/ucb
CKLISTPATH_HIGH=${CKLISTPATH_MED}:/usr/lib:/sbin: \
/usr/sbin:/usr/ucblib
YPCHECK=false
PERIODIC_SCHEDULE="0 0 * * *"
UID_ALIASES=${ASETDIR}/masters/uid_aliases

(The default asetenv file can be found on the Solaris installation media.)
Fix Text (F-29690r488151_fix)
Restore the ASET configuration to vendor default and only modify the portions of the configuration designated as customizable.