SST:LV 4.2.2 posted

I've just posted version 4.2.2.  You can download it here.

Recently, passwd behavior was changed so that it won't lock NP accounts.  SST has been updated so that it won't either, and so that the subsequent audits won't produce false positives. 

If anybody uses this version successfully, or has used 4.2.1 with good results, please let me know.  I've tested both as well as I can in my VM environment, but SST still needs a good burn-in in a real lab. 

Comments:

It's good to see that someone is trying to maintain this. I just tested this out on a Solaris 11 (final release, not express; I had to alter driver.run) and there are a number of things that still apply (/etc/motd, /etc/hosts.allow, /etc/pam.conf) but others that probably shouldn't be updated by SST/JASS (e.g. /etc/security/policy.conf), or that are somehow incompatible with S11 (coreadm.conf doesn't seem to get created).

Side note: strangely, Solaris 11's "solaris-small-server" doesn't include BART, so you have to remember to install that separately (or specify it as part of Jumpstart's replacement, AI).

Another Oracle blog points out that some of the config files in /etc only apply to FTP in Solaris 11 (see http://blogs.oracle.com/jimlaurent/resource/Solaris11STIGprocess.pdf). That may make them still worth creating, but it may be worth a closer look.

Posted by guest on December 08, 2011 at 01:46 PM EST #

One other change worth mentioning: SST 4.2.2 does a Bad Thing with S11 if you choose to run it. It removes from /etc/user_attr the lock_after_retries=no entry for root.

diff user_attr user_attr.JASS.20111208081801
9c9
< xifin::::type=normal;profiles=System Administrator;roles=root
---
> xifin::::type=normal;lock_after_retries=no;profiles=System Administrator;roles=root

Posted by Matt Warner on December 08, 2011 at 01:52 PM EST #

Cheers for the good work, we are in the process of upgrading SST to 4.2.2 and the latest version looks good. :)

Posted by Jukka on January 05, 2012 at 10:25 PM EST #

The first try on S11 didn't work. I saw Matt's post that something need to be altered, any hint?

Posted by guest on February 19, 2012 at 09:22 AM EST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jason Callaway

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Feeds