Product:
BigFix Compliance
Title:
Updated DISA STIG Checklist for Solaris 11 to support a more recent version of the benchmark
Security Benchmark:
ORACLE SOLARIS 11 X86,V3R5
ORACLE SOLARIS 11 SPARC,V3R5
Published Sites:
DISA STIG Checklist for Solaris 11, site version 22
(The site version is provided for air-gap customers.)
Details:
● Total New Fixlets: 7
● Total Updated Fixlets:1
● Total Deleted Fixlets: 0
● Total Fixlets in Site: 169
New Fixlets:
V-216076 - X displays must not be exported to the world.
V-216205 - The operating system must be a supported release.
V-216034 - The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server.
V-216057 - The telnet service daemon must not be installed unless required.
V-216159 - The operating system must display the DOD-approved system use notification message or banner for SSH connections.
V-216160 - The GNOME service must display the DOD-approved system use notification message or banner before granting access to the system.
V-216161 - The FTP service must display the DOD-approved system use notification message or banner before granting access to the system.
Updated Fixlets:
V-216115 - Consecutive login attempts for SSH must be limited to 3.
● Both analysis and remediation checks are included
● Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.
Note: Additionally, as the site version has been upgraded, the prefetch blocks of the checks that include remediation have been updated. As a result, you may observe approximately 109 checks appearing as out of sync.
Actions to take:
● To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product, and you must be using BigFix version 10 and later.
● If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see
https://help.hcl-software.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html
More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:
● BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance
● BigFix Compliance SCM Checklists:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
We hope you find this latest release of SCM content useful and effective. Thank you!
– The BigFix Compliance team