[BESAdmin-Announcements] Maintenance Update for DISA UNIX - June 15, 2011

[Announcements for BES Administrators]

IBM Tivoli Endpoint Manager for Security and Compliance 

Security Configuration Management (SCM) for Unix Systems

Release Notes for 15 June 2011 UNIX maintenance update:

The Security and Compliance team at IBM has modified the content within 
the UNIX System checklists to 


---- Affected Sites ----

SCM Checklist DISA STIG on AIX 5.1      site version 17
SCM Checklist DISA STIG on AIX 5.2      site version 15
SCM Checklist DISA STIG on AIX 5.3      site version 17
SCM Checklist DISA STIG on AIX 6.1      site version 13
SCM Checklist DISA STIG on HP-UX 11.00  site version 15
SCM Checklist DISA STIG on HP-UX 11.11  site version 13
SCM Checklist DISA STIG on HP-UX 11.23  site version 13
SCM Checklist DISA STIG on RedHat 3     site version 13
SCM Checklist DISA STIG on RedHat 4     site version 13
SCM Checklist DISA STIG on RedHat 5     site version 11
SCM Checklist DISA STIG on Solaris 8    site version 13
SCM Checklist DISA STIG on Solaris 9    site version 13
SCM Checklist DISA STIG on Solaris 10   site version 19

*Note: RHEL/RedHat content is also supported on CentOS.


---- CHANGES ----

GEN000460, GEN000540, GEN000560, GEN000600a, GEN000620, GEN000680, 
GEN000700, GEN000800, GEN000880, GEN001440, GEN001460, GEN001500, 
GEN001520, GEN001540, GEN001860, GEN001880, GEN001900, GEN001960, 
GEN001980, GEN002000, GEN002020, GEN002040, GEN002060c, GEN002060d, 
GEN002140, GEN004780, GEN005000, GEN005040, GEN005120a, GEN005120b, 
GEN005180 - modified to ignore netgroups in the /etc/passwd file.

GEN000600a - resolved an issue on AIX in which remediation would fail if 
the default: stanza AND an individual user's stanza were out of 
compliance.

GEN000460, GEN000580, GEN000600a, GEN000600b, GEN000620, GEN000640 - a 
parameter has been added for Linux fixlets to allow the console operator 
to define in which PAM file to look for the desired setting.

GEN000460 - the fixlet description was modified.
GEN000800 - the shell script for Linux was revised to make it more 
consistent with the other PAM checks; removed remediation capabilities on 
Linux.


---- KNOWN ISSUES ----
GEN001700 on Solaris systems may create STDERR if it encounters a dead 
symbolic link. This should not affect the compliance status of this 
fixlet. 


Please contact IBM Tivoli Endpoint Manager Technical Support if you have 
any questions regarding this update.

We hope you find this latest release of SCM content useful and effective. 
Thank you!

  -- The Tivoli Endpoint Manager for Security and Compliance product team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20110615/1945fd89/attachment.htm