Skip to content

IBM AIX 7.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000206-GPOS-00084

    <GroupDescription></GroupDescription>
    Group
  • AIX log files must have mode 0640 or less permissive.

    &lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...
    Rule Medium Severity
  • SRG-OS-000206-GPOS-00084

    <GroupDescription></GroupDescription>
    Group
  • AIX log files must not have extended ACLs, except as needed to support authorized software.

    &lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...
    Rule Medium Severity
  • SRG-OS-000259-GPOS-00100

    <GroupDescription></GroupDescription>
    Group
  • All system command files must not have extended ACLs.

    &lt;VulnDiscussion&gt;Restricting permissions will protect system command files from unauthorized modification. System command files include files ...
    Rule Medium Severity
  • SRG-OS-000259-GPOS-00100

    <GroupDescription></GroupDescription>
    Group
  • All library files must not have extended ACLs.

    &lt;VulnDiscussion&gt;Unauthorized access could destroy the integrity of the library files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalseP...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • AIX passwd.nntp file must have mode 0600 or less permissive.

    &lt;VulnDiscussion&gt;File permissions more permissive than 0600 for /etc/news/passwd.nntp may allow access to privileged information by system int...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The AIX /etc/group file must not have an extended ACL.

    &lt;VulnDiscussion&gt;The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is imp...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The AIX ldd command must be disabled.

    &lt;VulnDiscussion&gt;The ldd command provides a list of dependent libraries needed by a given binary, which is useful for troubleshooting software...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • AIX NFS server must be configured to restrict file system access to local hosts.

    &lt;VulnDiscussion&gt;The NFS access option limits user access to the specified level. This assists in protecting exported file systems. If access ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00230

    <GroupDescription></GroupDescription>
    Group
  • All AIX users home directories must have mode 0750 or less permissive.

    &lt;VulnDiscussion&gt;Excessive permissions on home directories allow unauthorized access to user files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&g...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00230

    <GroupDescription></GroupDescription>
    Group
  • The AIX user home directories must not have extended ACLs.

    &lt;VulnDiscussion&gt;Excessive permissions on home directories allow unauthorized access to user files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&g...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules