Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The /usr/aset/userlist file must exist.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-955 | GEN000000-SOL00220 | SV-955r2_rule | ECSC-1 | Medium |
| Description |
|---|
| If the userlist file does not exist, then an unauthorized user may exist in the /etc/passwd file. |
| STIG | Date |
|---|---|
| SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Details
| Check Text ( C-28803r1_chk ) |
|---|
| Determine if ASET is being used. # crontab -l | grep aset If ASET is not used on the system, this is not applicable. If ASET is being used, but is not invoked with the "-u /usr/aset/userlist" option, this is a finding. Check the /usr/aset/userlist file. # ls -lL /usr/aset/userlist If /usr/aset/userlist file does not exist, this is a finding. An empty /usr/aset/userlist file, while not optimal, is not a finding. |
| Fix Text (F-1109r2_fix) |
|---|
| Create the /usr/aset/userlist file and populate it with a list of authorized users. |