<div class="socmaildefaultfont" dir="ltr" style="font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;font-size:10.5pt" ><div dir="ltr" ><div style="background:white;" ><strong><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Product:</span></span></span></strong></div>
<div style="background:white;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >IBM BigFix Compliance</span></span></span></div>
<div style="background:white;" > </div>
<div style="background:white;" ><strong><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Title:</span></span></span></strong></div>
<div style="background:white;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Updated Security Configuration Management (SCM) DISA STIG Checklist for Solaris 10</span></span></span></div>
<div style="background:white;" > </div>
<div style="background:white;" ><strong><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Security Benchmark:</span></span></span></strong></div>
<div style="background:white;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Solaris 10 SPARC Manual STIG, V1, R15</span></span></span></div>
<div style="background:white;" > </div>
<div style="background:white;" > </div>
<div style="background:white;" ><strong><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Published Site:</span></span></span></strong></div>
<div style="background:white;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >DISA STIG Checklist for </span></span></span><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Solaris 10 - RG03, site version 7</span></span></span></div>
<div style="background:white;" ><em><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >(The site version is provided for air-gap customers.)</span></span></span></em></div>
<div style="background:white;" > </div>
<div style="background:white;" ><strong><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Release Notes:</span></span></span></strong></div>
<div style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Removed checks:</span></span></span></div>
<div style="text-autospace:none;" ><div>* GEN004400<br>* GEN004420<br>* GEN007940</div>
<div> </div></div>
<div style="text-autospace:none;" > </div>
<div style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >Changed checks:</span></span></span></div>
<ul> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN000241 Makes sure ntp service is online for global zone and not </span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >online for other zones. No longer checks crontab.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN000580 Minimum password length is now 15, up from 14.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN000700 Ignores password locked accounts.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN000750 Requires 8 different characters, up from 4.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN001640 Added /sbin/init.d/* to list of rcfiles to check.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN002660 Only applies to global zone unless perzone policy set.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003540 Only applies to global zone.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003600 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003601 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003602 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003603 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003604 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003605 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003609 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003610 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003623 Looks at df output instead of /etc/vfstab.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003650 Only allow the following filesystems logging|vxfs|zfs|devfs.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003920 Also check /etc/samba/smb.conf and /etc/sfw/samba/smb.conf.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003930 Also check /etc/samba/smb.conf and /etc/sfw/samba/smb.conf.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003940 Also check /etc/samba/smb.conf and /etc/sfw/samba/smb.conf.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN003950 Also check /etc/samba/smb.conf and /etc/sfw/samba/smb.conf.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006100 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006120 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006140 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006150 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006220 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006225 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006230 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006235 Also check /etc/smb.conf /etc/sfw/smb.conf /etc/samba/smb.conf </span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN006580 Check service svc:/network/inetd.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN007860 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN007880 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN007920 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN007950 Only applies to global zone or zones with exclusive interfaces.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008520 Only applies to global zone.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008660 Only applies to global zone. Use bootadm to determine </span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >grub.conf locat</span></span></span></li> <li style="text-autospace:none;" > </li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008700 Only applies to global zone. Use bootadm to determine </span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >grub.conf location.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008710 Only applies to global zone. Use bootadm to determine </span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >grub.conf location.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008720 Only applies to global zone.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008740 Only applies to global zone.</span></span></span></li> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008760 Only applies to global zone.</span></span></span></li> <li style="background:white;" ><span style="color:#353535;" ><span style="font-family:helvetica;" ><span style="font-size:10.5pt;" >GEN008780 Only applies to global zone.</span></span></span></li></ul>
<div style="background:white;" > </div>
<div style="background:white;" ><strong><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >Actions to take:</span></span></span></strong></div>
<ul> <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >To subscribe to the above sites, you can use the License Overview Dashboard to enable and gather the sites. Note that you must be entitled to the BigiFix Compliance product and you must be using IBM BigFix version 9.2 and later. </span></span></span></li></ul>
<div style="background:white;" > </div>
<div style="background:white;" ><strong><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >Details:</span></span></span></strong></div>
<ul> <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >Both analysis and remediation checks are included</span></span></span></li> <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site. </span></span></span></li></ul>
<div style="background:white;" ><br><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >To know more about IBM BigFix Compliance SCM checklists, please see</span></span></span></div>
<ul> <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >IBM Developer Works: </span></span></span><a href="https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists" target="_blank" ><span style="color:#4178be;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists</span></span></span></a></li></ul>
<ul> <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >IBM Blog for Checklist Release Announcement: </span></span></span><a href="https://www.ibm.com/developerworks/community/groups/service/html/community/updates?communityUuid=a1a33778-88b7-452a-9133-c955812f8910&filter=all" target="_blank" ><span style="color:#4178be;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >https://www.ibm.com/developerworks/community/groups/service/html/community/updates?communityUuid=a1a33778-88b7-452a-9133-c955812f8910&filter=all</span></span></span></a></li></ul>
<ul> <li style="background:white;" ><span style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >Bigfix forums: https://forum.bigfix.com/</span></span></span></span></li></ul>
<div style="background:white;" ><br><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" >We hope you find this latest release of SCM content useful and effective. Thank you!</span></span></span></div>
<div style="background:white;" > </div>
<div style="background:white;" ><em><span style="color:#121212;" ><span style="font-family:helvetica neue;" ><span style="font-size:10.5pt;" > -- The IBM BigFix Compliance team</span></span></span></em></div></div></div></div><BR>