IBM AIX 7.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The talk daemon must be disabled on AIX.
<VulnDiscussion>This talk service is used to establish an interactive two-way communication link between two UNIX users. Unless required the ...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The ntalk daemon must be disabled on AIX.
<VulnDiscussion>This service establishes a two-way communication link between two users, either locally or remotely. Unless required the ntal...Rule High Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The sprayd daemon must be disabled on AIX.
<VulnDiscussion>The sprayd service is used as a tool to generate UDP packets for testing and diagnosing network problems. The service must be...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The finger daemon must be disabled on AIX.
<VulnDiscussion>The fingerd daemon provides the server function for the finger command. This allows users to view real-time pertinent user lo...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The instsrv daemon must be disabled on AIX.
<VulnDiscussion>The instsrv service is part of the Network Installation Tools, used for servicing servers running AIX 3.2. This service shoul...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The echo daemon must be disabled on AIX.
<VulnDiscussion>The echo service can be used in Denial of Service or SMURF attacks. It can also be used by someone else to get through a fire...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
AIX must provide xlock command in the CDE environment to let users retain their sessions lock until users are reauthenticated.
<VulnDiscussion>All systems are vulnerable if terminals are left logged in and unattended. Leaving system terminals unsecure poses a potentia...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
AIX must contain no .forward files.
<VulnDiscussion>The .forward file allows users to automatically forward mail to another system. Use of .forward files could allow the unautho...Rule Low Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The sendmail server must have the debug feature disabled on AIX systems.
<VulnDiscussion>Debug mode is a feature present in older versions of Sendmail which, if not disabled, may allow an attacker to gain access to...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
AIX must turn off TCP forwarding for the SSH daemon.
<VulnDiscussion>SSH TCP connection forwarding provides a mechanism to establish TCP connections proxied by the SSH server. This function can ...Rule Medium Severity -
SRG-OS-000480-GPOS-00229
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.