[pca] PCA features: Check if SST(aka JASS) is installed on the system to analyze.
Michele Vecchiato
mv.antispam at gmail.com
Sun Oct 25 13:43:02 CET 2009
Hi Martin,
I searched on the ML archive the hardening topic, but I did not find any
posts that responded to what I ask you.
WHEREAS, the hardenig of Solaris is not a issue that PCA must resolve,
can suggest for the next version a control if JASS (JumpStart
Architecture and Security Scripts, SUNWjass packege) is installed or not
on the system to analyze. Many patches modify files that the JASS
trusted. It would be useful to control by PCA is installed or not.
I'm not very good with perl but you could translate what I have done
below sh:
[...bla bla bla...]
isjassinstalled()
{
/usr/bin/pkginfo -q SUNWjass
if [ $? = 0 ]
then
echo ""
echo "
*************************************************************"
echo " * Package SUNWjass is installed. Be prepared to audit
your *"
echo " * JASS settings after patching and possibly re-apply
JASS. *"
echo "
* *"
echo " * Refer to the SST 4.2 Administration Guide, Chapter
2, *"
echo " * pp. 32-33, \"Maintaining System
Security\" *"
echo "
*************************************************************"
echo ""
fi
}
[...bla bla bla...]
For the curious, more JASS info here:
*Solaris Security Toolkit (SST aka JASS)*[1]
*The SST 4.2 documentation*[2]
*Maintaining System Security*[3]
1.<http://www.sun.com/software/security/jass/>
2.<http://docs.sun.com/app/docs/coll/sstoolkit4.2>
3.<http://docs.sun.com/source/819-1402-10/methodology_security_toolkit.html#pgfId-1001492>
Thanks
Michele
P.S.: Excuse me for bad English, but Italian ;)
More information about the pca
mailing list