UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must require passwords to change the boot device settings. (SPARC)


Overview

Finding ID Version Rule ID IA Controls Severity
V-216454 SOL-11.1-080130 SV-216454r603267_rule Low
Description
Setting the EEPROM password helps prevent attackers who gain physical access to the system console from booting from an external device (such as a CD-ROM or floppy).
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2021-11-23

Details

Check Text ( C-17690r371450_chk )
This check applies only to SPARC-based systems.

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

Determine if the EEPROM security mode on SPARC-based systems is configured correctly.

# eeprom security-mode

If the output of this command is not "security-mode=command", this is a finding.
Fix Text (F-17688r371451_fix)
The root role is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this action applies.

# eeprom security-mode=command


After entering the command above, the administrator will be prompted for a password. This password will be required to authorize any future command issued at boot-level on the system (the ok or > prompt) except for the normal multi-user boot command (i.e., the system will be able to reboot unattended).

Write down the password and store it in a secure location.