IBM BigFix Compliance: Updated DISA STIG Checklist for Solaris 11 published 2018-11-20

Release Announcements Compliance (Release Announcements)
1

Product:
IBM BigFix Compliance

Title:
Updated DISA STIG Checklist for Solaris 11 to support a more recent version of benchmark

Security Benchmark:
Solaris 11 Manual STIG Version 1, Release 16

Published Sites:
DISA STIG Checklist for Solaris 11, site version 6
(The site version is provided for air-gap customers.)

Release Notes:
• Permissions checks now use /usr/xpg4/bin/sh instead of /bin/sh.
• SOL-11.1-010420 is now relevant if “cnt” policy is active.
• SOL-11.1-040130 now looks for the value 6 for CRYPT_DEFAULT. Also fixed typo in CRYPT_ALGORITHMS_ALLOW name.
• SOL-11.1-040390 now ignores comments in the config files.
• SOL-11.1-070130 added polkitd to the list of system users.
• SOL-11.1-080020 now applies to all zones on Solaris 11.3 and higher.
• SOL-11.1-080140 also makes sure custom.cfg is sourced from grub.cfg.
• SOL-11.1-100010 now ignores progress output.
• Checks using the logins or getent commands now support the ONLY_LOCAL_USERS custom parameter. If set to “true” then external databases such as LDAP or AD will not be used.
• Removed “Configure Filesystem Scan Options” task. The parameters for EXCLUDEFS and EXCLUDEMOUNTS can now be set from a dialog box when the “Deploy and Run” action is taken.
• The Applicability Fixlet now checks to see if the “Deploy and Run” action has been taken within the last 90 days.

Details:
• Both analysis and remediation checks are included

• Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.

Actions to take:
• To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using IBM BigFix version 9.2 and later.

• If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.

More information:
To know more about the IBM BigFix Compliance SCM checklists, please see the following resources:
• IBM Developer Works:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists

• IBM BigFix Blog:
https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910?lang=en

• IBM BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance

We hope you find this latest release of SCM content useful and effective. Thank you!

– The IBM BigFix Compliance team