Sep 19, 2023 Functional Update- 5.3 Set Sticky Bit on World Writable Directories
- 9.22 Find World Writable Files
- 9.23 Find SUID/SGID System Executables
- 9.24 Find Un-owned Files and Directories
- 9.25 Find Files and Directories with Extended Attributes. Files will be displayed with an INFO tag if found
Miscellaneous- Metadata updated.
- Variables updated.
|
Apr 12, 2023 Functional Update- 7.2 Set Password Expiration Parameters on Active Accounts - Check MAXWEEKS is set to 13
- 7.2 Set Password Expiration Parameters on Active Accounts - Check MINWEEKS is set to 1
- 7.2 Set Password Expiration Parameters on Active Accounts - Check WARNWEEKS is set to 4
- 7.3 Set Strong Password Creation Policies - Check DICTIONDBDIR is set to /var/passwd
- 7.3 Set Strong Password Creation Policies - Check DICTIONLIST is set to /usr/share/lib/dict/words
- 7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10
- 7.3 Set Strong Password Creation Policies - Check MAXREPEATS is set to 0
- 7.3 Set Strong Password Creation Policies - Check MINDIFF is set to 3
- 7.3 Set Strong Password Creation Policies - Check MINLOWER is set to 1
- 7.3 Set Strong Password Creation Policies - Check MINUPPER is set to 1
- 7.3 Set Strong Password Creation Policies - Check NAMECHECK is set to YES
- 7.3 Set Strong Password Creation Policies - Check PASSLENGTH is set to 8
- 7.3 Set Strong Password Creation Policies - MINALPHA is set to 2
- 7.3 Set Strong Password Creation Policies - MINNONALPHA is set to 1
- 7.3 Set Strong Password Creation Policies - WHITESPACE is set to YES
Miscellaneous- Metadata updated.
- Platform check updated.
- Variables updated.
|
Mar 7, 2023 Miscellaneous- Metadata updated.
- References updated.
|
Jan 4, 2023 Miscellaneous- Metadata updated.
- Variables updated.
|
Dec 7, 2022 Functional Update- 4.1 Enable inetd Connection Logging - Make sure that tcp_trace is set to true
- 6.12 Set EEPROM Security Mode and Log Failed Access - SPARC only. Should *not* be 'security-mode=none'.
- 6.13 Secure the GRUB Menu - Check if 'lock' command is set after failsafe section
- 6.13 Secure the GRUB Menu - Check if 'password' is set in /boot/grub/menu.lst. Note: This check only checks if password is set
- 6.13 Secure the GRUB Menu - should pass if /boot/grub/menu.lst permissions are OK.
|
Apr 25, 2022 |
Mar 29, 2022 Miscellaneous- Metadata updated.
- References updated.
|
Jun 17, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Feb 1, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Oct 5, 2020 Functional Update- 2.2.12 Disable Solaris Volume Manager Services - Make sure that /platform/sun4u/mpxio-upgrade is disabled
- 2.2.12 Disable Solaris Volume Manager Services - Make sure that /system/device/mpxio-upgrade is disabled
- 2.2.12 Disable Solaris Volume Manager Services - Make sure that /system/metainit is disabled - Solaris 10 <= 11/06
- 2.2.12 Disable Solaris Volume Manager Services - Make sure that /system/metainit is disabled - Solaris 10 >= 8/07
- 2.2.12 Disable Solaris Volume Manager Services - Make sure that system/mdmonitor is disabled - Solaris 10 <= 11/06
- 2.2.12 Disable Solaris Volume Manager Services - Make sure that system/mdmonitor is disabled - Solaris 10 >= 8/07
- 2.2.9 Disable Samba Support - Make sure that /etc/sfw/smb.conf does not exist. Note this check is only applicable for Solaris 10 >= 11/06
- 2.2.9 Disable Samba Support - Make sure that /network/samba is disabled. Note this check is only applicable for Solaris 10 >= 8/07
- 6.12 Set EEPROM Security Mode and Log Failed Access - SPARC only. Should *not* be 'security-mode=none'.
- 6.13 Secure the GRUB Menu - Check if 'lock' command is set after failsafe section
- 6.13 Secure the GRUB Menu - Check if 'password' is set in /boot/grub/menu.lst. Note: This check only checks if password is set
- 6.13 Secure the GRUB Menu - should pass if /boot/grub/menu.lst permissions are OK.
- 6.5 Restrict FTP Use - Audit the list of users in /etc/ftpd/ftpusers.
- 6.7 Set Default Screen Lock for CDE Users - CDE package was not found
- 6.7 Set Default Screen Lock for CDE Users - Check if 'dtsession*lockTimeout:' is set to 10.
- 6.7 Set Default Screen Lock for CDE Users - Check if 'dtsession*saverTimeout' is set to 10.
- 6.7 Set Default Screen Lock for CDE Users - Check if file permissions for files under /etc/dt/config/*/sys.resources are OK.
- 6.8 Set Default Screen Lock for GNOME Users - Check if lock is set to true in /usr/openwin/lib/app-defaults/XScreenSaver.
- 6.8 Set Default Screen Lock for GNOME Users - Check if lockTimeout is set to 0:00:00 in /usr/openwin/lib/app-defaults/XScreenSaver.
- 6.8 Set Default Screen Lock for GNOME Users - Check if timeout is set to 0:10:00 in /usr/openwin/lib/app-defaults/XScreenSaver.
- 6.8 Set Default Screen Lock for GNOME Users - GNOME package was not found
- 8.2 Create Warning Banner for CDE Users - CDE package was not found
- 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is not set to default string.
- 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is set appropriately.
- 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string.
- 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately.
- 8.2 Create Warning Banner for CDE Users - Check if file permissions for files under /etc/dt/config/*/Xresources are OK.
- 8.3 Create Warning Banner for GNOME Users - CDE package was not found
- 8.3 Create Warning Banner for GNOME Users - Check if banner is set correctly
- 8.3 Create Warnings Banner for GNOME Users - Check if Greeter is set to /usr/bin/gdmlogin
|
