The Solaris system EEPROM security-mode parameter must be set to full or command mode.

From SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE

Part of GEN000000-SOL00300

Associated with IA controls: ECCD-2, ECCD-1

Associated with: CCI-000366

SV-958r2_rule The Solaris system EEPROM security-mode parameter must be set to full or command mode.

Vulnerability discussion

If the EEPROM security-mode parameter is not set to full or command, then unauthorized access to system EEPROM can take place. In normal situations, when the system is in a controlled access area and it is desirable to have it automatically reboot upon loss of and restoring of power, for instance, then command mode with the autoboot parameter set to true is recommended.

Check content

If the system does not have an OBP / EEPROM, this is not applicable. # eeprom | grep security-mode If the EEPROM security-mode parameter is not set to full or command, this is a finding.

Fix text

Set the system EEPROM security-mode parameter to full or command. # eeprom security-mode=full OR # eeprom security-mode=command The system will prompt the user for a password. This should be securely stored.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer