6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-mode = command

Information

Oracle SPARC systems support the use of a EEPROM password for the console.

Setting the EEPROM password helps prevent attackers who gain physical access to the system console from booting from an external device (such as a CD-ROM or floppy).

Solution

Perform the following to implement the recommended state:
# eeprom security-mode=command
# eeprom security-#badlogins=0

After entering the last command above, the administrator will be prompted for a password. This password will be required to authorize any future command issued at boot-level on the system (the ok or > prompt) except for the normal multi-user boot command (i.e., the system will be able to reboot unattended). Write down the password and store it in a sealed envelope in a secure location (note that locked desk drawers are typically not secure). If the password is lost or forgotten, simply log into the system and run the command:
# eeprom security-mode=none

This will erase the forgotten password. If the password is lost or forgotten and this action cannot be completed, then the EEPROM must be replaced to gain access to the system. To set a new password, run the command:
# eeprom security-mode=command

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(9)

Plugin: Unix

Control ID: 2d00b72790d3a94628dde8235dc2d55379d14898ae2cc420f463f297d9216bc5