Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-47923 | SOL-11.1-020190 | SV-60795r1_rule | Medium |
Description |
---|
Addition of unauthorized code or packages may result in data corruption or theft. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2019-12-18 |
Check Text ( C-50359r1_chk ) |
---|
The Software Installation Profile is required. Display the installation history of packages on the system to ensure that no undesirable packages have been installed: # pkg history -o finish,user,operation,command |grep install If the install command is listed as "/usr/bin/packagemanager", execute the command: # pkg history -l to determine which packages were installed during package manager sessions. If undocumented or unapproved packages have been installed, this is a finding. |
Fix Text (F-51535r1_fix) |
---|
The Software Installation Profile is required. Review and report any unauthorized package installation operations. If necessary, remove unauthorized packages. # pfexec pkg uninstall [package name] |