The Solaris system EEPROM security-mode parameter must be set to full or command mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-958 | GEN000000-SOL00300 | SV-958r2_rule | ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| If the EEPROM security-mode parameter is not set to full or command, then unauthorized access to system EEPROM can take place. In normal situations, when the system is in a controlled access area and it is desirable to have it automatically reboot upon loss of and restoring of power, for instance, then command mode with the autoboot parameter set to true is recommended. |
| STIG | Date |
|---|---|
| SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Details
| Check Text ( C-2254r2_chk ) |
|---|
| If the system does not have an OBP / EEPROM, this is not applicable. # eeprom | grep security-mode If the EEPROM security-mode parameter is not set to full or command, this is a finding. |
| Fix Text (F-1112r2_fix) |
|---|
| Set the system EEPROM security-mode parameter to full or command. # eeprom security-mode=full OR # eeprom security-mode=command The system will prompt the user for a password. This should be securely stored. |