Skip to content

IBM AIX 7.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The AIX systems access control program must be configured to grant or deny system access to specific hosts.

    &lt;VulnDiscussion&gt;If the system's access control program is not configured with appropriate rules for allowing and denying access to system net...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • All AIX files and directories must have a valid group owner.

    &lt;VulnDiscussion&gt;Failure to restrict system access to authenticated users negatively impacts operating system security.&lt;/VulnDiscussion&gt;...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • AIX control scripts library search paths must contain only absolute paths.

    &lt;VulnDiscussion&gt;The library search path environment variable(s) contain a list of directories for the dynamic linker to search to find librar...
    Rule Medium Severity
  • The global initialization file lists of preloaded libraries must contain only absolute paths on AIX.

    &lt;VulnDiscussion&gt;The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The local initialization file library search paths must contain only absolute paths on AIX.

    &lt;VulnDiscussion&gt;The library search path environment variable(s) contain a list of directories for the dynamic linker to search to find librar...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The local initialization file lists of preloaded libraries must contain only absolute paths on AIX.

    &lt;VulnDiscussion&gt;The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • AIX package management tool must be used daily to verify system software.

    &lt;VulnDiscussion&gt;Verification using the system package management tool can be used to determine that system software has not been tampered wit...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The AIX DHCP client must not send dynamic DNS updates.

    &lt;VulnDiscussion&gt;Dynamic DNS updates transmit unencrypted information about a system including its name and address and should not be used unl...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • AIX must not run any routing protocol daemons unless the system is a router.

    &lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this s...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • AIX must not process ICMP timestamp requests.

    &lt;VulnDiscussion&gt;The processing of Internet Control Message Protocol (ICMP) timestamp requests increases the attack surface of the system.&lt;...
    Rule Medium Severity
  • The AIX root user home directory must not be the root directory (/).

    &lt;VulnDiscussion&gt;Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for int...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules