Solaris 10 x86 CIS security scan

ghouliajoolia · 02-09-2005, 12:21 PM

Hi

I downloaded and installed the CIS security benchmark scoring tool, but I cannot get it to run.

I looked in the tester.sub script and it looks like it should run if the OS is => Solaris 9.

When I run the tool it says ./tester: cannot execute.

Has anyone used this tool on Solaris 10 with success or do you have any suggestions for getting the scoring tool to run.

This is going to be the first Solaris 10 system, and they wont let it onto our network unless it has been scored.

Thanks in advance for any advice or recommendations.

Julie

jlliagre · 02-10-2005, 04:38 AM

I've no idea about what this benchmark is about, but anyway the error message
"./tester" cannot execute is usually displayed when the file is missing execute permission privilege.
ls -l ./tester
and chmod may help.

ghouliajoolia · 02-10-2005, 06:56 AM

Hi..thanks for replying.

The CIS security scan is a tool that scans your system for security issues, and provides you with a score to measure your security level. It provides negative results so you can see what changes you need to make in order to get a better score. They like using it at my worksite. They have a scoring tool for linux too.

The first thing I did when the message came up was to check if it was executable. The file is installed as executable (755), is owned by root, and is in the path. The program was installed with a pkgadd command and I have had no issue with it on other systems. btw.. I am running it as root.

jlliagre · 02-10-2005, 10:48 AM

What are "file ./tester" and "isainfo -kv" telling ?

ghouliajoolia · 02-11-2005, 09:32 AM

jlliagre

file tester says

ELF 32-bit MSB executable SPARC version 1, dynamically linked, stripped

isainfo -kv

32-bit i386 kernel modules

So..Im guessing that the script is incompatable with the PC version of Solaris as it was compiled for a sparc system?? Im new to Solaris on a PC.

Hmm.. so Im pretty sure they dont offer anything other than a pre-compiled package.

Wonder if the linux version would work.

ghouliajoolia · 02-11-2005, 10:02 AM

OK..the linux CIS tool doesn't have a file called tester. It's cis-scan script only points to one perl script. Anyway.. I edited my cis-scan script on the solaris PC to bypass the tester script, and it is sort of working....it's working well enough that I can have it check the system for security issues at least and provide me with a score.