The system must require passwords to change the boot device settings. (SPARC)

An XCCDF Rule

Description

Setting the EEPROM password helps prevent attackers who gain physical access to the system console from booting from an external device (such as a CD-ROM or floppy).

ID: SV-216454r959010_rule
Version: SOL-11.1-080130
Severity: Low
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

The root role is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename
If the command output is "global", this action applies.

# eeprom security-mode=command


After entering the command above, the administrator will be prompted for a password. This password will be required to authorize any future command issued at boot-level on the system (the ok or > prompt) except for the normal multi-user boot command (i.e., the system will be able to reboot unattended).

Write down the password and store it in a secure location.

The system must require passwords to change the boot device settings. (SPARC)

Description

Remediation Templates

A Manual Procedure