IBM AIX 7.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480-GPOS-00229
<GroupDescription></GroupDescription>Group -
The .rhosts file must not be supported in AIX PAM.
<VulnDiscussion>.rhosts files are used to specify a list of hosts permitted remote access to a particular account without authenticating. The...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
<GroupDescription></GroupDescription>Group -
The AIX root user home directory must not be the root directory (/).
<VulnDiscussion>Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for int...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
<GroupDescription></GroupDescription>Group -
All AIX interactive users must be assigned a home directory in the passwd file and the directory must exist.
<VulnDiscussion>All users must be assigned a home directory in the passwd file. Failure to have a home directory may result in the user being...Rule Medium Severity -
SRG-OS-000105-GPOS-00052
<GroupDescription></GroupDescription>Group -
The AIX operating system must use Multi Factor Authentication.
<VulnDiscussion>To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor aut...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The AIX operating system must be configured to authenticate using Multi Factor Authentication.
<VulnDiscussion>To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor aut...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The AIX operating system must be configured to use Multi Factor Authentication for remote connections.
<VulnDiscussion>To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor aut...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
AIX must have the have the PowerSC Multi Factor Authentication Product configured.
<VulnDiscussion>To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor aut...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The AIX operating system must be configured to use a valid server_ca.pem file.
<VulnDiscussion>To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor aut...Rule Medium Severity -
SRG-OS-000376-GPOS-00161
<GroupDescription></GroupDescription>Group -
The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.
<VulnDiscussion>The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.
<VulnDiscussion>Failure to restrict network connectivity only to authorized systems permits inbound connections from malicious systems. It al...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.