Note: This is an archival copy of Security Sun Alert 201197 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000899.1.
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
Solaris systems with Basic Security Module (BSM) enabled which have been security hardened may have had the SUNWscpu package removed. If this is the case, the BSM audit_warn(1M) script will not e-mail any errors or warning messages generated by the audit daemon (auditd(1M)).
The SUNWCscp cluster provides source compatibility support for Solaris 1.0 (previously known as SunOS 4.X) and the SUNWscpu package contains the mail(1b) command which the BSM audit_warn(1M) relies on.
This issue can occur in the following releases:
This issue only affects BSM enabled systems which do not have the SUNWscpu package installed.
To determine if a system has BSM enabled, the following line will appear in the "/etc/system" file:
$ grep c2audit /etc/system set c2audit:audit_load = 1
To determine if the SUNWscpu package is installed on a system, the pkginfo(1) command will display output similar to the following:
$ pkginfo SUNWscpu system SUNWscpu Source Compatibility, (Usr)
There are no reliable symptoms that would show the described issue has occurred on a system.
Sites which have removed the SUNWscpu package could edit the audit_warn(1M) script by hand to change all occurrences of mail(1b) to mailx(1).
For example, change all lines which reference /usr/ucb/mail:
/usr/ucb/mail -s "$SUBJECT" audit_warn To:
/usr/bin/mailx: /usr/bin/mailx -s "$SUBJECT" audit_warn
This issue is addressed in the following releases:
Note: Sites using Solaris 7 will need to upgrade to Solaris 8 or Solaris 9 and apply the relevant patches.
This solution has no attachment