GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/atjobs/*

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

System package management tools can obtain a list of updates and patches from a package repository and make this information available to the SA for review and action. Using a package repository outside of the organization's control, presents a risk that malicious packages could be introduced.

Solution

Disable any cron or at jobs running smpatch.

# crontab -e < user running smpatch >
# atrm < id of at job running smpatch >

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2(5), CAT|III, CCI|CCI-001233, Rule-ID|SV-227077r505925_rule, STIG-ID|GEN008820, STIG-Legacy|SV-40814, STIG-Legacy|V-22589, Vuln-ID|V-227077

Plugin: Unix

Control ID: f993b13f472b0fefb76fba74f4d068ca8dbe1dd5a1649131451a11d54a146605