<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" ><div><strong><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Product:</span></span></strong><br><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >IBM BigFix Compliance </span></span></div>
<div> </div>
<div><strong><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Title:</span></span></strong><br><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Updated Security Configuration Management (SCM) CIS Checklist for Solaris 11</span></span></div>
<div> </div>
<div><strong><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Security Benchmark:</span></span></strong><br><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS Oracle Solaris 11.2 </span></span></span><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Benchmark, V</span></span></span><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >1.1.0</span></span></span></div>
<div> </div>
<div><strong><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Published Site:</span></span></strong><br><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS Checklist for Solaris 11 RG03, site version 3<br>(The site version is provided for air-gap customers)</span></span></div>
<div> </div>
<div style="background:white;" ><strong><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Actions to take:</span></span></span></strong></div>
<ul>        <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >If you are already subscribed to this site, no action is needed.</span></span></span></li>        <li style="text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigiFix Compliance product and you must be using IBM BigFix version 9.2 and later. </span></span></span></li></ul>
<div style="background:white;" > </div>
<div style="background:white;" ><strong><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Details:</span></span></span></strong></div>
<ul>        <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Both analysis and remediation checks are included</span></span></span></li>        <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.  </span></span></span></li></ul>
<div style="background:white;" ><strong><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Changelist: </span></span></span></strong><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Please see the changes detailed below:</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-5.1  is removed</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.17 is removed</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-2.11 is removed</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" > </div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >The following checks were renumbered from Check number A to Check number B as shown below:</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-2.13 to CIS-2.12</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.18 to CIS-9.17</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.19 to CIS-9.18</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.20 to CIS-9.19</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.21 to CIS-9.20</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.24 to CIS-9.23</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.25 to CIS-9.24</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" > </div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-2.2:  Also check for port 587.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-2.4:  No longer check svc:/network/nis/domain.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-2.5:  No longer check svc:/network/nis/domain.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-3.13: Check send_redirects instead of _send_redirects and check </span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >value off instead of 0.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-4.5:  Change regular expression to be more flexible in matching.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-6.4:  MaxAuthTries is now 6.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-6.8:  Also check /etc/pam.d/*.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-6.11: The gdm-autologin settings can no longer be commented out, </span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >they must be completely removed.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-6.17: Now check for passwd.cfg and in changed grub.cfg location.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-7.1:  No longer check /etc/default/passwd.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-7.2:  Check MINSPECIAL=1 instead of MINALPHA=2 and check MINDIGIT </span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >instead of MINNONALPHA.  PASSLENGTH is now 14.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-7.4:  Make sure proftp is installed before performing check.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-8.1:  Also check owner and group.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-8.3:  Make sure gdmis installed before performing check.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.1:  Only apply to non-global zones.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.3:  Added more system accounts.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >CIS-9.14: Now applies to all users with passwords.</span></span></span></div>
<div style="margin-left:.5in;text-autospace:none;" ><span style="color:#353535;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Various minor changes to documentation.</span></span></span></div>
<div style="background:white;" ><br><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" ><span style="color:#121212;" >To know more about IBM BigFix Compliance SCM checklists, please see</span></span></span></div>
<ul>        <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >IBM Developer Works: </span></span></span><u><span style="color:#4178be;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists</span></span></span></u></li></ul>
<ul>        <li style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >IBM Blog for Checklist Release Announcement: </span></span></span><a href="https://www.ibm.com/developerworks/community/groups/service/html/community/updates?communityUuid=a1a33778-88b7-452a-9133-c955812f8910&filter=all" target="_blank" ><span style="color:#4178be;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >https://www.ibm.com/developerworks/community/groups/service/html/community/updates?communityUuid=a1a33778-88b7-452a-9133-c955812f8910&filter=all</span></span></span></a></li></ul>
<ul>        <li style="background:white;" ><span style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >Bigfix forums: </span></span></span></span><a href="https://forum.bigfix.com/c/release-announcements/compliance%22%20%5Ct%20%22_blank" target="_blank" ><span style="color:#dca10d;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" >https://forum.bigfix.com/c/release-announcements/compliance</span></span></span></a></li></ul>
<div style="background:white;" ><br><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" ><span style="color:#121212;" >We hope you find this latest release of SCM content useful and effective. Thank you!</span></span></span></div>
<div style="background:white;" > </div>
<div style="background:white;" ><span style="color:#121212;" ><span style="font-family:helvetica neue,serif;" ><span style="font-size:10.5pt;" > -- The IBM BigFix Compliance team</span></span></span></div></div></div><BR>