UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must protect audit tools from unauthorized modification.


Overview

Finding ID Version Rule ID IA Controls Severity
V-47887 SOL-11.1-020040 SV-60759r1_rule Medium
Description
Failure to maintain system configurations may result in privilege escalation.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2015-04-03

Details

Check Text ( C-50323r1_chk )
The Software Installation Profile is required.

Determine what the signature policy is for pkg publishers:

# pkg property | grep signature-policy

Check that output produces:

signature-policy verify

If the output does not confirm that signature-policy verify is active, this is a finding.

Check that package permissions are configured and signed per vendor requirements.

# pkg verify

If the command produces any output unrelated to STIG changes, this is a finding.

There is currently a Solaris 11 bug 16267888 which reports pkg verify errors for a variety of python packages. These can be ignored.
Fix Text (F-51499r1_fix)
The Software Installation Profile is required.

Configure the package system to ensure that digital signatures are verified.

# pfexec pkg set-property signature-policy verify

Check that package permissions are configured per vendor requirements.

# pfexec pkg verify

If any errors are reported unrelated to STIG changes, use:

# pfexec pkg fix

to bring configuration settings and permissions into factory compliance.