[pca] PCA features: Check if SST(aka JASS) is installed on thesystem to analyze.
Glen Gunselman
ggunselm at emporia.edu
Tue Oct 27 17:33:53 CET 2009
Matin,
It's my understanding that the patching process ignores SST hardening.
I have seen patching "undo" hardening on Solaris 9.
As far as configuration files go - doesn't the --safe option address that issue?
Glen Gunselman
Systems Software Specialist
TCS
Emporia State University
>>> Martin Paul <martin at par.univie.ac.at> 10/27/2009 10:18 AM >>>
Hi Michele,
> echo " * Package SUNWjass is installed. Be prepared to audit your *"
> echo " * JASS settings after patching and possibly re-apply JASS. *"
It's probably fine to do such things in a wrapper, like other local
checks, or advices from the senior to the junior administrators.
The fact that SUNWjass is installed doesn't have to mean that it is
used, and the more informational output a tool creates the less it is
read, I guess. It's probably common sense to run any hardening tools
again after a system modification (like a patch install). I don't think
that a patch should modify a system in a way that makes it more unsecure
than it was before by changing some settings, and I can't remember any
such issue ..
Thanks for the feedback, anyway.
Martin.
More information about the pca
mailing list