STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system must be checked weekly for unauthorized setuid files, as well as, unauthorized modification to authorized setuid files.

DISA Rule

SV-227706r603266_rule

Vulnerability Number

V-227706

Group Title

SRG-OS-000363

Rule Version

GEN002400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Establish a weekly automated or manual process to generate a list of setuid files on the system and compare it with the prior list. To create a list of setuid files use the following command.
# find / -perm -4000 > setuid-file-list

Check Contents

Determine if a weekly automated or manual process is used to generate a list of setuid files on the system and compare it with the prior list. If no such process is in place, this is a finding.

Vulnerability Number

V-227706

Documentable

False

Rule Version

GEN002400

Severity Override Guidance

Determine if a weekly automated or manual process is used to generate a list of setuid files on the system and compare it with the prior list. If no such process is in place, this is a finding.

Check Content Reference

M

Target Key

4061

Comments