Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-219970 | SOL-11.1-020190 | SV-219970r603267_rule | Medium |
Description |
---|
Addition of unauthorized code or packages may result in data corruption or theft. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2021-11-23 |
Check Text ( C-21680r370976_chk ) |
---|
The Software Installation Profile is required. Display the installation history of packages on the system to ensure that no undesirable packages have been installed: # pkg history -o finish,user,operation,command |grep install If the install command is listed as "/usr/bin/packagemanager", execute the command: # pkg history -l to determine which packages were installed during package manager sessions. If undocumented or unapproved packages have been installed, this is a finding. |
Fix Text (F-21679r370977_fix) |
---|
The Software Installation Profile is required. Review and report any unauthorized package installation operations. If necessary, remove unauthorized packages. # pfexec pkg uninstall [package name] |