Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
IBM AIX 7.x Security Technical Implementation Guide
IBM AIX 7.x Security Technical Implementation Guide
An XCCDF Benchmark
Details
Profiles
Items
Prose
File Metadata
283 rules organized in 283 groups
SRG-OS-000002-GPOS-00002
1 Rule
AIX must automatically remove or disable temporary user accounts after 72 hours or sooner.
Medium Severity
If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation. Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation. If temporary accounts are used, the operating system must be configured to automatically terminate these types of accounts after a DoD-defined time period of 72 hours. To address access requirements, many operating systems may be integrated with enterprise-level authentication/access mechanisms that meet or exceed access control policy requirements.
SRG-OS-000021-GPOS-00005
1 Rule
AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.
Medium Severity
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128
SRG-OS-000027-GPOS-00008
1 Rule
AIX must limit the number of concurrent sessions to 10 for all accounts and/or account types.
Medium Severity
Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to DoS attacks.
SRG-OS-000066-GPOS-00034
1 Rule
If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA.
Medium Severity
Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly trusted.
SRG-OS-000073-GPOS-00041
1 Rule
If AIX is using LDAP for authentication or account information, the /etc/ldap.conf file (or equivalent) must not contain passwords.
High Severity
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
SRG-OS-000104-GPOS-00051
1 Rule
All accounts on AIX system must have unique account names.
High Severity
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Organizational users include organizational employees or individuals the organization deems to have equivalent status of employees (e.g., contractors). Organizational users (and processes acting on behalf of users) must be uniquely identified and authenticated to all accesses, except for the following: 1) Accesses explicitly identified and documented by the organization. Organizations document specific user actions that can be performed on the information system without identification or authentication; and 2) Accesses that occur through authorized use of group authenticators without individual authentication. Organizations may require unique identification of individuals in group accounts (e.g., shared privilege accounts) or for detailed accountability of individual activity.
SRG-OS-000104-GPOS-00051
1 Rule
All accounts on AIX must be assigned unique User Identification Numbers (UIDs) and must authenticate organizational and non-organizational users (or processes acting on behalf of these users).
High Severity
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Lack of authentication and identification enables non-organizational users to gain access to the application or possibly other information systems and provides an opportunity for intruders to compromise resources within the application or information system. Organizational users include organizational employees or individuals the organization deems to have equivalent status of employees (e.g., contractors). Organizational users (and processes acting on behalf of users) must be uniquely identified and authenticated to all accesses, except for the following: 1) Accesses explicitly identified and documented by the organization. Organizations document specific user actions that can be performed on the information system without identification or authentication; and 2) Accesses that occur through authorized use of group authenticators without individual authentication. Organizations may require unique identification of individuals in group accounts (e.g., shared privilege accounts) or for detailed accountability of individual activity. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062
SRG-OS-000104-GPOS-00051
1 Rule
The AIX SYSTEM attribute must not be set to NONE for any account.
High Severity
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Organizational users include organizational employees or individuals the organization deems to have equivalent status of employees (e.g., contractors). Organizational users (and processes acting on behalf of users) must be uniquely identified and authenticated to all accesses, except for the following: 1) Accesses explicitly identified and documented by the organization. Organizations document specific user actions that can be performed on the information system without identification or authentication; and 2) Accesses that occur through authorized use of group authenticators without individual authentication. Organizations may require unique identification of individuals in group accounts (e.g., shared privilege accounts) or for detailed accountability of individual activity.
SRG-OS-000109-GPOS-00056
1 Rule
Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.
Medium Severity
Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or individual accountability.
SRG-OS-000112-GPOS-00057
1 Rule
AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
High Severity
A replay attack may enable an unauthorized user to gain access to the operating system. Authentication sessions between the authenticator and the operating system validating the user credentials must not be vulnerable to a replay attack. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. A privileged account is any information system account with authorizations of a privileged user. Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators. Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058
SRG-OS-000123-GPOS-00064
1 Rule
The AIX system must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
Medium Severity
Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disabled, system maintenance during emergencies may not be possible, thus adversely affecting system availability. Emergency accounts are different from infrequently used accounts (i.e., local login accounts used by the organization's system administrators when network or normal login/access is not available). Infrequently used accounts are not subject to automatic termination dates. Emergency accounts are accounts created in response to crisis situations, usually for use by maintenance personnel. The automatic expiration or disabling time period may be extended as needed until the crisis is resolved; however, it must not be extended indefinitely. A permanent account should be established for privileged users who need long-term maintenance accounts. To address access requirements, many operating systems can be integrated with enterprise-level authentication/access mechanisms that meet or exceed access control policy requirements.
SRG-OS-000001-GPOS-00001
1 Rule
The shipped /etc/security/mkuser.sys file on AIX must not be customized directly.
Medium Severity
The "/etc/security/mkuser.sys" script customizes the new user account when a new user is created, or a user is logging into the system without a home directory. An improper "/etc/security/mkuser.sys" script increases the risk that non-privileged users may obtain elevated privileges.
SRG-OS-000001-GPOS-00001
1 Rule
The regular users default primary group must be staff (or equivalent) on AIX.
Medium Severity
The /usr/lib/security/mkuser.default file contains the default primary groups for regular and admin users. Setting a system group as the regular users' primary group increases the risk that the regular users can access privileged resources.
SRG-OS-000259-GPOS-00100
1 Rule
All system files, programs, and directories must be owned by a system account.
Medium Severity
Restricting permissions will protect the files from unauthorized modification.
SRG-OS-000259-GPOS-00100
1 Rule
AIX device files and directories must only be writable by users with a system account or as configured by the vendor.
Medium Severity
System device files in writable directories could be modified, removed, or used by an unprivileged user to control system hardware.
SRG-OS-000114-GPOS-00059
1 Rule
AIX must configure the ttys value for all interactive users.
Medium Severity
A user's "ttys" attribute controls from which device(s) the user can authenticate and log in. If the "ttys" attribute is not specified, all terminals can access the user account.
SRG-OS-000028-GPOS-00009
1 Rule
AIX must provide the lock command to let users retain their session lock until users are reauthenticated.
Medium Severity
All systems are vulnerable if terminals are left logged in and unattended. Leaving system terminals unsecure poses a potential security hazard. To lock the terminal, use the lock command.
SRG-OS-000028-GPOS-00009
1 Rule
AIX must provide xlock command in the CDE environment to let users retain their sessions lock until users are reauthenticated.
Medium Severity
All systems are vulnerable if terminals are left logged in and unattended. Leaving system terminals unsecure poses a potential security hazard. If the interface is AIXwindows (CDE), use the xlock command to lock the sessions.
SRG-OS-000480-GPOS-00227
1 Rule
AIX system must prevent the root account from directly logging in except from the system console.
Medium Severity
Limiting the root account direct logins to only system consoles protects the root account from direct unauthorized access from a non-console device. A common attack method of potential hackers is to obtain the root password. To avoid this type of attack, disable direct access to the root ID and then require system administrators to obtain root privileges by using the su - command. In addition to permitting removal of the root user as a point of attack, restricting direct root access permits monitoring which users gained root access, as well as the time of their action. Do this by viewing the /var/adm/sulog file. Another alternative is to enable system auditing, which will report this type of activity. To disable remote login access for the root user, edit the /etc/security/user file. Specify False as the rlogin value on the entry for root.
SRG-OS-000480-GPOS-00227
1 Rule
All AIX public directories must be owned by root or an application account.
Medium Severity
If a public directory has the sticky bit set and is not owned by a privileged UID, unauthorized users may be able to modify files created by others. The only authorized public directories are those temporary directories supplied with the system or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system and by users for temporary file storage, (e.g., /tmp), and for directories requiring global read/write access.
SRG-OS-000480-GPOS-00227
1 Rule
AIX administrative accounts must not run a web browser, except as needed for local service administration.
Medium Severity
If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. Specific exceptions for local service administration should be documented in site-defined policy. These exceptions may include HTTP(S)-based tools used for the administration of the local system, services, or attached devices. Examples of possible exceptions are HP’s System Management Homepage (SMH), the CUPS administrative interface, and Sun's StorageTek Common Array Manager (CAM) when these services are running on the local system.
SRG-OS-000480-GPOS-00227
1 Rule
AIX default system accounts (with the exception of root) must not be listed in the cron.allow file or must be included in the cron.deny file, if cron.allow does not exist.
Medium Severity
To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX root account must not have world-writable directories in its executable search path.
Medium Severity
If the root search path contains a world-writable directory, malicious software could be placed in the path by intruders and/or malicious users and inadvertently run by root with all of root's privileges.
SRG-OS-000480-GPOS-00227
1 Rule
The Group Identifiers (GIDs) reserved for AIX system accounts must not be assigned to non-system accounts as their primary group GID.
Medium Severity
Reserved GIDs are typically used by system software packages. If non-system groups have GIDs in this range, they may conflict with system software, possibly leading to the group having permissions to modify system files.
SRG-OS-000480-GPOS-00227
1 Rule
UIDs reserved for system accounts must not be assigned to non-system accounts on AIX systems.
Medium Severity
Reserved UIDs are typically used by system software packages. If non-system accounts have UIDs in this range, they may conflict with system software, possibly leading to the user having permissions to modify system files.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX root accounts list of preloaded libraries must be empty.
Medium Severity
The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the libraries required by the binary. If this list contains paths to libraries relative to the current working directory, unintended libraries may be preloaded.
SRG-OS-000480-GPOS-00229
1 Rule
AIX must not have accounts configured with blank or null passwords.
High Severity
If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without authentication. If the root user is configured without a password, the entire system may be compromised. For user accounts not using password authentication, the account must be configured with a password lock value instead of a blank or null value.
SRG-OS-000480-GPOS-00230
1 Rule
The AIX root accounts home directory (other than /) must have mode 0700.
Medium Severity
Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sharing of information with an SA through shared resources.
SRG-OS-000480-GPOS-00230
1 Rule
The AIX root accounts home directory must not have an extended ACL.
Medium Severity
Excessive permissions on root home directories allow unauthorized access to root user files.
SRG-OS-000023-GPOS-00006
1 Rule
AIX must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote login access to the system.
Medium Severity
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist. The banner must be formatted in accordance with applicable DoD policy. Use the following verbiage for operating systems that can accommodate banners of 1300 characters: "You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner: "I've read & consent to terms in IS user agreem't."
SRG-OS-000023-GPOS-00006
1 Rule
The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts on AIX.
Medium Severity
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist. The banner must be formatted in accordance with applicable DoD policy. Use the following verbiage for operating systems that can accommodate banners of 1300 characters: "You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner: "I've read & consent to terms in IS user agreem't."
SRG-OS-000023-GPOS-00006
1 Rule
The Department of Defense (DoD) login banner must be displayed during SSH, sftp, and scp login sessions on AIX.
Medium Severity
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist. The banner must be formatted in accordance with applicable DoD policy. Use the following verbiage for operating systems that can accommodate banners of 1300 characters: "You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner: "I've read & consent to terms in IS user agreem't."
SRG-OS-000228-GPOS-00088
1 Rule
Any publically accessible connection to AIX operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.
Medium Severity
Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist. The banner must be formatted in accordance with applicable DoD policy. Use the following verbiage for operating systems that can accommodate banners of 1300 characters: "You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner: "I've read & consent to terms in IS user agreem't."
SRG-OS-000074-GPOS-00042
1 Rule
IF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server.
High Severity
While LDAP client's authentication type is ldap_auth (server-side authentication), the client sends password to the server in clear text for authentication. SSL must be used in this case.
SRG-OS-000383-GPOS-00166
1 Rule
If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day.
Medium Severity
If cached authentication information is out-of-date, the validity of the authentication information may be questionable.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/passwd, /etc/security/passwd, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups or LDAP netgroups.
Medium Severity
A plus (+) in system accounts files causes the system to lookup the specified entry using NIS. If the system is not using NIS, no such entries should exist.
SRG-OS-000185-GPOS-00079
1 Rule
AIX must protect the confidentiality and integrity of all information at rest.
Medium Severity
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information.
SRG-OS-000355-GPOS-00143
1 Rule
AIX must provide time synchronization applications that can synchronize the system clock to external time sources at least every 24 hours.
Medium Severity
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate. Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. Organizations should consider endpoints that may not have regular access to the authoritative time server (e.g., mobile, teleworking, and tactical endpoints). Satisfies: SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144
SRG-OS-000480-GPOS-00227
1 Rule
All AIX NFS anonymous UIDs and GIDs must be configured to values without permissions.
Medium Severity
When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.
SRG-OS-000480-GPOS-00227
1 Rule
AIX nosuid option must be enabled on all NFS client mounts.
Medium Severity
Enabling the nosuid mount option prevents the system from granting owner or group-owner privileges to programs with the suid or sgid bit set. If the system does not restrict this access, users with unprivileged access to the local system may be able to acquire privileged access by executing suid or sgid files located on the mounted NFS file system.
SRG-OS-000030-GPOS-00011
1 Rule
AIX must be configured to allow users to directly initiate a session lock for all connection types.
Medium Severity
A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence. The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, operating systems need to provide users with the ability to manually invoke a session lock so users may secure their session should the need arise for them to temporarily vacate the immediate physical vicinity.
SRG-OS-000031-GPOS-00012
1 Rule
AIX CDE must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
Medium Severity
A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. The session lock is implemented at the point where session activity can be determined. The operating system session lock event must include an obfuscation of the display screen so as to prevent other users from reading what was previously displayed. Publicly viewable images can include static or dynamic images, for example, patterns used with screen savers, photographic images, solid colors, a clock, a battery life indicator, or a blank screen, with the additional caveat that none of the images convey sensitive information.
SRG-OS-000125-GPOS-00065
1 Rule
AIX must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
High Severity
If maintenance tools are used by unauthorized personnel, they may accidentally or intentionally damage or compromise the system. The act of managing systems and applications includes the ability to access sensitive application information, such as system configuration details, diagnostic information, user information, and potentially sensitive application data. Some maintenance and test tools are either standalone devices with their own operating systems or are applications bundled with an operating system. Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection. Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multifactor authentication. Strong authenticators include, for example, PKI where certificates are stored on a token protected by a password, passphrase, or biometric.
SRG-OS-000250-GPOS-00093
1 Rule
If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
Medium Severity
If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
SRG-OS-000403-GPOS-00182
1 Rule
AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
Medium Severity
Untrusted Certificate Authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DoD systems or by organizations with insufficient security controls. If the CA used for verifying the certificate is not a DoD-approved CA, trust of this CA has not been established. The DoD will only accept PKI-certificates obtained from a DoD-approved internal or external certificate authority. Reliance on CAs for the establishment of secure sessions includes, for example, the use of SSL/TLS certificates.
SRG-OS-000120-GPOS-00061
1 Rule
AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Medium Severity
FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meets DoD requirements. This allows for Security Levels 1, 2, 3, or 4 for use on a general purpose computing system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. AIX must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. OpenSSL FIPS object module is a cryptographic module that is designed to meet the requirements for FIPS 140-2 validation by CMVP and is compatible with OpenSSL libraries. The 2.0.13 FIPS object module version has been FIPS validated and certified by CMVP for multiple AIX versions on Power 7 and Power 8 platforms under certificate #2398. IBM has released a FIPS capable OpenSSL (Fileset VRMF: 20.13.102.1000), which is OpenSSL 1.0.2j version with 2.0.13 object module. The fileset is available in Web Download Pack. Satisfies: SRG-OS-000120-GPOS-00061, SRG-OS-000478-GPOS-00223, SRG-OS-000396-GPOS-00176
SRG-OS-000069-GPOS-00037
1 Rule
AIX must enforce password complexity by requiring that at least one upper-case character be used.
High Severity
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
SRG-OS-000070-GPOS-00038
1 Rule
AIX must enforce password complexity by requiring that at least one lower-case character be used.
High Severity
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
SRG-OS-000071-GPOS-00039
1 Rule
AIX must enforce password complexity by requiring that at least one numeric character be used.
High Severity
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
SRG-OS-000072-GPOS-00040
1 Rule
AIX must require the change of at least 50% of the total number of characters when passwords are changed.
High Severity
If the operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing and brute-force attacks. The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. In other words, characters may be the same within the two passwords; however, the positions of the like characters must be different. If the password length is an odd number then number of changed characters must be rounded up. For example, a password length of 15 characters must require the change of at least 8 characters.
SRG-OS-000074-GPOS-00042
1 Rule
AIX root passwords must never be passed over a network in clear text form.
High Severity
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
SRG-OS-000075-GPOS-00043
1 Rule
AIX Operating systems must enforce 24 hours/1 day as the minimum password lifetime.
Medium Severity
Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
SRG-OS-000076-GPOS-00044
1 Rule
AIX Operating systems must enforce a 60-day maximum password lifetime restriction.
Medium Severity
Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.
SRG-OS-000078-GPOS-00046
1 Rule
AIX must use Loadable Password Algorithm (LPA) password hashing algorithm.
High Severity
The default legacy password hashing algorithm, crypt(), uses only the first 8 characters from the password string, meaning the user's password is truncated to eight characters. If the password is shorter than 8 characters, it is padded with zero bits on the right. The crypt() is a modified DES algorithm that is vulnerable to brute force password guessing attacks and also to cracking the DES-hashing algorithm by using techniques such as pre-computation. With the Loadable Password Algorithm (LPA) framework release, AIX implemented a set of LPAs using MD5, SHA2, and Blowfish algorithms. These IBM proprietary password algorithms support a password longer than 8 characters and Unicode characters in passwords.
SRG-OS-000078-GPOS-00046
1 Rule
AIX must enforce a minimum 15-character password length.
High Severity
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.
SRG-OS-000266-GPOS-00101
1 Rule
AIX must enforce password complexity by requiring that at least one special character be used.
Medium Severity
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor in determining how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised. Special characters are those characters that are not alphanumeric. Examples include: ~ ! @ # $ % ^ *.
SRG-OS-000480-GPOS-00225
1 Rule
AIX must prevent the use of dictionary words for passwords.
Medium Severity
If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.
SRG-OS-000480-GPOS-00227
1 Rule
The password hashes stored on AIX system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.
Medium Severity
Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes that are more vulnerable to compromise.
SRG-OS-000480-GPOS-00227
1 Rule
If SNMP service is enabled on AIX, the default SNMP password must not be used in the /etc/snmpd.conf config file.
Medium Severity
Use default SNMP password increases the chance of security vulnerability on SNMP service.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must require passwords to contain no more than three consecutive repeating characters.
Medium Severity
Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.
SRG-OS-000297-GPOS-00115
1 Rule
AIX must be able to control the ability of remote login for users.
High Severity
Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and make remote user access management difficult at best. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Operating system functionality (e.g., RDP) must be capable of taking enforcement action if the audit reveals unauthorized activity. Automated control of remote access sessions allows organizations to ensure ongoing compliance with remote access policies by enforcing connection rules of remote access applications on a variety of information system components (e.g., servers, workstations, notebook computers, smartphones, and tablets).
SRG-OS-000326-GPOS-00126
1 Rule
NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.
Medium Severity
The nosuid mount option causes the system to not execute setuid files with owner privileges. This option must be used for mounting any file system not containing approved setuid files. Executing setuid files from untrusted file systems, or file systems not containing approved setuid files, increases the opportunity for unprivileged users to attain unauthorized administrative access.
SRG-OS-000480-GPOS-00227
1 Rule
AIX removable media, remote file systems, and any file system not containing approved device files must be mounted with the nodev option.
Medium Severity
The nodev (or equivalent) mount option causes the system to not handle device files as system devices. This option must be used for mounting any file system not containing approved device files. Device files can provide direct access to system hardware and can compromise security if not protected.
SRG-OS-000037-GPOS-00015
1 Rule
AIX must produce audit records containing information to establish what the date, time, and type of events that occurred.
Medium Severity
Without establishing what type of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Associating event types with detected events in AIX audit logs provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured operating system. Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPOS-00016
SRG-OS-000039-GPOS-00017
1 Rule
AIX must produce audit records containing information to establish where the events occurred.
Medium Severity
Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know where events occurred, such as operating system components, modules, device identifiers, node names, file names, and functionality. Associating information about where the event occurred within AIX provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured operating system.
SRG-OS-000040-GPOS-00018
1 Rule
AIX must produce audit records containing information to establish the source and the identity of any individual or process associated with an event.
Medium Severity
Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event. In addition to logging where events occur within AIX, AIX must also generate audit records that identify sources of events. Sources of operating system events include, but are not limited to, processes and services. In order to compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know the source of the event. Satisfies: SRG-OS-000040-GPOS-00018, SRG-OS-000255-GPOS-00096
SRG-OS-000041-GPOS-00019
1 Rule
AIX must produce audit records containing information to establish the outcome of the events.
Medium Severity
Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if changes were made to the security state of the system. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred). As such, they also provide a means to measure the impact of an event and help authorized personnel to determine the appropriate response.
SRG-OS-000042-GPOS-00020
1 Rule
AIX must produce audit records containing the full-text recording of privileged commands.
Medium Severity
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
SRG-OS-000046-GPOS-00022
1 Rule
AIX must be configured to generate an audit record when 75% of the audit file system is full.
Medium Severity
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. This requirement applies to each audit data storage repository (i.e., distinct information system component where audit records are stored), the centralized audit storage capacity of organizations (i.e., all audit data storage repositories combined), or both.
SRG-OS-000054-GPOS-00025
1 Rule
AIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.
Medium Severity
The ability to specify the event criteria that are of interest provides the individuals reviewing the logs with the ability to quickly isolate and identify these events without having to review entries that are of little or no consequence to the investigation. Without this capability, forensic investigations are impeded. Events of interest can be identified by the content of specific audit record fields, including, for example, identities of individuals, event types, event locations, event times, event dates, system resources involved, IP addresses involved, or information objects accessed. Organizations may define audit event criteria to any degree of granularity required, for example, locations selectable by general networking location (e.g., by network or subnetwork) or selectable by specific information system component. The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents. The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates the organization's ability to generate incident reports, as needed, to better handle larger-scale or more complex security incidents. If the audit reduction capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack, or identify those responses for one. This capability is also required to comply with applicable Federal laws and DoD policies. Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. The report generation capability provided by the application must support on-demand (i.e., customizable, ad hoc, and as-needed) reports. This requires operating systems to provide the capability to customize audit record reports based on all available criteria. Satisfies: SRG-OS-000054-GPOS-00025, SRG-OS-000122-GPOS-00063, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137
SRG-OS-000057-GPOS-00027
1 Rule
Audit logs on the AIX system must be owned by root.
Medium Severity
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029
SRG-OS-000057-GPOS-00027
1 Rule
Audit logs on the AIX system must be group-owned by system.
Medium Severity
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029
SRG-OS-000057-GPOS-00027
1 Rule
Audit logs on the AIX system must be set to 660 or less permissive.
Medium Severity
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029
SRG-OS-000062-GPOS-00031
1 Rule
AIX must provide audit record generation functionality for DoD-defined auditable events.
Medium Severity
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records. DoD has defined the list of events for which AIX will provide an audit record generation capability as the following: 1) Successful and unsuccessful attempts to access, modify, or delete privileges, security objects, security levels, or categories of information (e.g., classification levels); 2) Access actions, such as successful and unsuccessful login attempts, privileged activities or other system-level access, starting and ending time for user access to the system, concurrent logins from different workstations, successful and unsuccessful accesses to objects, all program initiations, and all direct access to the information system; 3) All account creations, modifications, disabling, and terminations; and 4) All kernel module load, unload, and restart actions. Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000004-GPOS-00004, SRG-OS-000051-GPOS-00024, SRG-OS-000064-GPOS-00033, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000277-GPOS-00107, SRG-OS-000303-GPOS-00120, SRG-OS-000304-GPOS-00121, SRG-OS-000327-GPOS-00127, SRG-OS-000327-GPOS-00127, SRG-OS-000364-GPOS-00151, SRG-OS-000392-GPOS-00172, SRG-OS-000458-GPOS-00203, SRG-OS-000461-GPOS-00205, SRG-OS-000462-GPOS-00206, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209, SRG-OS-000466-GPOS-00210, SRG-OS-000467-GPOS-00211, SRG-OS-000468-GPOS-00212, SRG-OS-000470-GPOS-00214, SRG-OS-000471-GPOS-00215, SRG-OS-000471-GPOS-00216, SRG-OS-000472-GPOS-00217, SRG-OS-000473-GPOS-00218, SRG-OS-000474-GPOS-00219, SRG-OS-000475-GPOS-00220, SRG-OS-000476-GPOS-00221, SRG-OS-000477-GPOS-00222
SRG-OS-000254-GPOS-00095
1 Rule
AIX must start audit at boot.
Medium Severity
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
SRG-OS-000256-GPOS-00097
1 Rule
AIX audit tools must be owned by root.
Medium Severity
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information. Operating systems providing tools to interface with audit information will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order to make access decisions regarding the access to audit tools. Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators. Satisfies: SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
SRG-OS-000256-GPOS-00097
1 Rule
AIX audit tools must be group-owned by audit.
Medium Severity
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information. Operating systems providing tools to interface with audit information will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order to make access decisions regarding the access to audit tools. Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators. Satisfies: SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
SRG-OS-000256-GPOS-00097
1 Rule
AIX audit tools must be set to 4550 or less permissive.
Medium Severity
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information. Operating systems providing tools to interface with audit information will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order to make access decisions regarding the access to audit tools. Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators. Satisfies: SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
SRG-OS-000278-GPOS-00108
1 Rule
AIX must verify the hash of audit tools.
Medium Severity
Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. Audit tools include, but are not limited to, vendor-provided and open source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators. It is not uncommon for attackers to replace the audit tools or inject code into the existing tools with the purpose of providing the capability to hide or erase system activity from the audit logs. To address this risk, audit tools must be cryptographically signed in order to provide the capability to identify when the audit tools have been modified, manipulated, or replaced. An example is a checksum hash of the file or files.
SRG-OS-000337-GPOS-00129
1 Rule
AIX must provide the function for assigned ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.
Medium Severity
If authorized individuals do not have the ability to modify auditing parameters in response to a changing threat environment, the organization may not be able to effectively respond, and important forensic information may be lost. This requirement enables organizations to extend or limit auditing as necessary to meet organizational requirements. Auditing that is limited to conserve information system resources may be extended to address certain threat situations. In addition, auditing may be limited to a specific set of events to facilitate audit reduction, analysis, and reporting.
SRG-OS-000341-GPOS-00132
1 Rule
AIX must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility.
Medium Severity
In order to ensure operating systems have a sufficient storage capacity in which to write the audit logs, operating systems need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of AIX.
SRG-OS-000350-GPOS-00138
1 Rule
AIX must provide a report generation function that supports on-demand audit review and analysis, on-demand reporting requirements, and after-the-fact investigations of security incidents.
Medium Severity
The report generation capability must support on-demand review and analysis in order to facilitate the organization's ability to generate incident reports, as needed, to better handle larger-scale or more complex security incidents. If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack, or identify those responses for one. This capability is also required to comply with applicable Federal laws and DoD policies. Report generation must be capable of generating on-demand (i.e., customizable, ad hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective. Satisfies: SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140
SRG-OS-000359-GPOS-00146
1 Rule
AIX must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
Medium Severity
If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by AIX include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.
SRG-OS-000480-GPOS-00227
1 Rule
AIX audit logs must be rotated daily.
Medium Severity
Rotate audit logs daily to preserve audit file system space and to conform to the DoD/DISA requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.
SRG-OS-000074-GPOS-00042
1 Rule
The AIX rexec daemon must not be running.
High Severity
The exec service is used to execute a command sent from a remote server. The username and passwords are passed over the network in clear text and therefore insecurely. Unless required the rexecd daemon will be disabled. This function, if required, should be facilitated through SSH.
SRG-OS-000074-GPOS-00042
1 Rule
AIX telnet daemon must not be running.
High Severity
This telnet service is used to service remote user connections. This is historically the most commonly used remote access method for UNIX servers. The username and passwords are passed over the network in clear text and therefore insecurely. Unless required the telnetd daemon will be disabled. This function, if required, should be facilitated through SSH.
SRG-OS-000074-GPOS-00042
1 Rule
AIX ftpd daemon must not be running.
High Severity
The ftp service is used to transfer files from or to a remote machine. The username and passwords are passed over the network in clear text and therefore insecurely. Remote file transfer, if required, should be facilitated through SSH.
SRG-OS-000373-GPOS-00156
1 Rule
AIX must remove NOPASSWD tag from sudo config files.
High Severity
sudo command does not require reauthentication if NOPASSWD tag is specified in /etc/sudoers config file, or sudoers files in /etc/sudoers.d/ directory. With this tag in sudoers file, users are not required to reauthenticate for privilege escalation.
SRG-OS-000373-GPOS-00156
1 Rule
AIX must remove !authenticate option from sudo config files.
Medium Severity
sudo command does not require reauthentication if !authenticate option is specified in /etc/sudoers config file, or config files in /etc/sudoers.d/ directory. With this tag in sudoers, users are not required to reauthenticate for privilege escalation.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router.
Medium Severity
If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial of Service attacks.
SRG-OS-000480-GPOS-00227
1 Rule
IP forwarding for IPv4 must not be enabled on AIX unless the system is a router.
Medium Severity
IP forwarding permits the kernel to forward packets from one network interface to another. The ability to forward packets between two networks is only appropriate for systems acting as routers.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must be configured with a default gateway for IPv6 if the system uses IPv6 unless the system is a router.
Medium Severity
If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial of Service attacks.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must not have IP forwarding for IPv6 enabled unless the system is an IPv6 router.
Medium Severity
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.
SRG-OS-000206-GPOS-00084
1 Rule
AIX log files must be owned by a system account.
Medium Severity
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify AIX or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives. The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SRG-OS-000206-GPOS-00084
1 Rule
AIX log files must be owned by a system group.
Medium Severity
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify AIX or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives. The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SRG-OS-000259-GPOS-00100
1 Rule
AIX system files, programs, and directories must be group-owned by a system group.
Medium Severity
Restricting permissions will protect the files from unauthorized modification.
SRG-OS-000480-GPOS-00227
1 Rule
The inetd.conf file on AIX must be owned by root.
Medium Severity
Failure to give ownership of sensitive files or utilities to system groups may provide unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
AIX cron and crontab directories must be owned by root or bin.
Medium Severity
Incorrect ownership of the cron or crontab directories could permit unauthorized users the ability to alter cron jobs and run automated jobs as privileged users. Failure to give ownership of cron or crontab directories to root or to bin provides the designated owner and unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
AIX audio devices must be group-owned by root, sys, bin, or system.
Medium Severity
Without privileged group owners, audio devices will be vulnerable to being used as eaves-dropping devices by malicious users or intruders to possibly listen to conversations containing sensitive information.
SRG-OS-000480-GPOS-00227
1 Rule
AIX time synchronization configuration file must be owned by root.
Medium Severity
A synchronized system clock is critical for the enforcement of time-based policies and the correlation of logs and audit records with other systems. If an illicit time source is used for synchronization, the integrity of system logs and the security of the system could be compromised. If the configuration files controlling time synchronization are not owned by a system account, unauthorized modifications could result in the failure of time synchronization.
SRG-OS-000480-GPOS-00227
1 Rule
AIX time synchronization configuration file must be group-owned by bin, or system.
Medium Severity
A synchronized system clock is critical for the enforcement of time-based policies and the correlation of logs and audit records with other systems. If an illicit time source is used for synchronization, the integrity of system logs and the security of the system could be compromised. If the configuration files controlling time synchronization are not owned by a system group, unauthorized modifications could result in the failure of time synchronization.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/group file must be owned by root.
Medium Severity
The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/group file must be group-owned by security.
Medium Severity
The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.
SRG-OS-000480-GPOS-00230
1 Rule
All AIX interactive users home directories must be owned by their respective users.
Medium Severity
System binaries are executed by privileged users as well as system services, and restrictive permissions are necessary to ensure that their execution of these programs cannot be co-opted.
SRG-OS-000480-GPOS-00230
1 Rule
All AIX interactive users home directories must be group-owned by the home directory owner primary group.
Medium Severity
If the Group Identifier (GID) of the home directory is not the same as the GID of the user, this would allow unauthorized access to files.
SRG-OS-000480-GPOS-00230
1 Rule
All files and directories contained in users home directories on AIX must be group-owned by a group in which the home directory owner is a member.
Medium Severity
If the Group Identifier (GID) of the home directory is not the same as the GID of the user, this would allow unauthorized access to files.
SRG-OS-000259-GPOS-00100
1 Rule
AIX library files must have mode 0755 or less permissive.
Medium Severity
Unauthorized access could destroy the integrity of the library files.
SRG-OS-000480-GPOS-00227
1 Rule
Samba packages must be removed from AIX.
Medium Severity
If the smbpasswd file has a mode more permissive than 0600, the smbpasswd file may be maliciously accessed or modified, potentially resulting in the compromise of Samba accounts.
SRG-OS-000480-GPOS-00227
1 Rule
AIX time synchronization configuration file must have mode 0640 or less permissive.
Medium Severity
A synchronized system clock is critical for the enforcement of time-based policies and the correlation of logs and audit records with other systems. If an illicit time source is used for synchronization, the integrity of system logs and the security of the system could be compromised. File permissions more permissive than 0640 for time synchronization configuration file may allow access and change the config file by system intruders or malicious users, could result in the failure of time synchronization.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/group file must have mode 0644 or less permissive.
Medium Severity
The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must encrypt user data at rest using AIX Encrypted File System (EFS) if it is required.
Medium Severity
The AIX Encrypted File System (EFS) is a J2 filesystem-level encryption through individual key stores. This allows for file encryption in order to protect confidential data from attackers with physical access to the computer. User authentication and access control lists can protect files from unauthorized access (even from root user) while the operating system is running. Operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. Selection of a cryptographic mechanism is based on the need to protect the integrity of organizational information. The strength of the mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000405-GPOS-00184, SRG-OS-000404-GPOS-00183
SRG-OS-000423-GPOS-00187
1 Rule
AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.
Medium Severity
Without protection of the transmitted or received information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. This requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. Protecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, then logical means (cryptography) do not have to be employed, and vice versa. Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174
SRG-OS-000032-GPOS-00013
1 Rule
AIX must monitor and record successful remote logins.
Medium Severity
Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities, increase risk and make remote user access management difficult at best. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Automated monitoring of remote access sessions allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities, such as Remote Desktop Protocol (RDP), on a variety of information system components (e.g., servers, workstations, notebook computers, smartphones, and tablets).
SRG-OS-000032-GPOS-00013
1 Rule
AIX must monitor and record unsuccessful remote logins.
Medium Severity
Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities, increase risk and make remote user access management difficult at best. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Automated monitoring of remote access sessions allows organizations to detect cyberattacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities, such as Remote Desktop Protocol (RDP), on a variety of information system components (e.g., servers, workstations, notebook computers, smartphones, and tablets).
SRG-OS-000480-GPOS-00227
1 Rule
On AIX, the SSH server must not permit root logins using remote access programs.
Medium Severity
Permitting direct root login reduces auditable information about who ran privileged commands on the system and also allows direct attack attempts on root's password.
SRG-OS-000480-GPOS-00227
1 Rule
All AIX shells referenced in passwd file must be listed in /etc/shells file, except any shells specified for the purpose of preventing logins.
Medium Severity
The /etc/shells file lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized unsecure shell.
SRG-OS-000033-GPOS-00014
1 Rule
The AIX SSH server must use SSH Protocol 2.
Medium Severity
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., RDP), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.
SRG-OS-000279-GPOS-00109
1 Rule
AIX must config the SSH idle timeout interval.
Medium Severity
Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions. Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include, for example, organization-defined periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on information system use. This capability is typically reserved for specific operating system functionality where the system owner, data owner, or organization requires additional assurance. Satisfies: SRG-OS-000163-GPOS-00072
SRG-OS-000365-GPOS-00152
1 Rule
AIX must disable Kerberos Authentication in ssh config file to enforce access restrictions.
Medium Severity
Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation for after-the-fact actions. Enforcement actions are the methods or mechanisms used to prevent unauthorized changes to configuration settings. Enforcement action methods may be as simple as denying access to a file based on the application of file permissions (access restriction). Audit items may consist of lists of actions blocked by access restrictions or changes identified after the fact.
SRG-OS-000373-GPOS-00158
1 Rule
If GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication.
Medium Severity
GSSAPI authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system's GSSAPI to remote hosts, increasing the attack surface of the system. GSSAPI authentication must be disabled unless needed.
SRG-OS-000384-GPOS-00167
1 Rule
AIX must setup SSH daemon to disable revoked public keys.
Medium Severity
Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).
SRG-OS-000480-GPOS-00227
1 Rule
AIX SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
Medium Severity
DoD information systems are required to use FIPS 140-2 approved cryptographic hash functions.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX SSH daemon must be configured for IP filtering.
Medium Severity
The SSH daemon must be configured for IP filtering to provide a layered defense against connection attempts from unauthorized addresses.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX SSH daemon must not allow compression.
Medium Severity
If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must turn on SSH daemon privilege separation.
Medium Severity
SSH daemon privilege separation causes the SSH process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the unprivileged section.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must turn on SSH daemon reverse name checking.
Medium Severity
If reverse name checking is off, SSH may allow a remote attacker to circumvent security policies and attempt to or actually login from IP addresses that are not permitted to access resources.
SRG-OS-000480-GPOS-00227
1 Rule
AIX SSH daemon must perform strict mode checking of home directory configuration files.
Medium Severity
If other users have access to modify user-specific SSH configuration files, they may be able to log into the system as another user.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must turn off X11 forwarding for the SSH daemon.
Medium Severity
X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection and should not be enabled unless needed.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must turn off TCP forwarding for the SSH daemon.
Medium Severity
SSH TCP connection forwarding provides a mechanism to establish TCP connections proxied by the SSH server. This function can provide similar convenience to a Virtual Private Network (VPN) with the similar risk of providing a path to circumvent firewalls and network ACLs.
SRG-OS-000480-GPOS-00229
1 Rule
The AIX SSH daemon must be configured to disable empty passwords.
Medium Severity
When password authentication is allowed, PermitEmptyPasswords specifies whether the server allows login to accounts with empty password strings. If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
SRG-OS-000480-GPOS-00229
1 Rule
The AIX SSH daemon must be configured to disable user .rhosts files.
Medium Severity
Trust .rhost file means a compromise on one host can allow an attacker to move trivially to other hosts.
SRG-OS-000480-GPOS-00229
1 Rule
The AIX SSH daemon must be configured to not use host-based authentication.
Medium Severity
SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.
SRG-OS-000480-GPOS-00229
1 Rule
The AIX SSH daemon must not allow RhostsRSAAuthentication.
Medium Severity
If SSH permits rhosts RSA authentication, a user may be able to log in based on the keys of the host originating the request and not any user-specific authentication.
SRG-OS-000480-GPOS-00232
1 Rule
If AIX SSH daemon is required, the SSH daemon must only listen on the approved listening IP addresses.
Medium Severity
The SSH daemon should only listen on the approved listening IP addresses. Otherwise the SSH service could be subject to unauthorized access.
SRG-OS-000480-GPOS-00227
1 Rule
AIX system must require authentication upon booting into single-user and maintenance modes.
Medium Severity
This prevents attackers with physical access from trivially bypassing security on the machine and gaining root access. Such accesses are further prevented by configuring the bootloader password.
SRG-OS-000281-GPOS-00111
1 Rule
If bash is used, AIX must display logout messages.
Low Severity
If a user cannot explicitly end an operating system session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Users need to be aware of whether or not the session has been terminated. Information resources to which users gain access via authentication include, for example, local workstations and remote services. Logoff messages can be displayed after authenticated sessions have been terminated. However, for some types of interactive sessions, including, for example, remote login, information systems typically send logoff messages as final messages prior to terminating sessions.
SRG-OS-000281-GPOS-00111
1 Rule
If Bourne / ksh shell is used, AIX must display logout messages.
Low Severity
If a user cannot explicitly end an operating system session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Users need to be aware of whether or not the session has been terminated. Information resources to which users gain access via authentication include, for example, local workstations and remote services. Logoff messages can be displayed after authenticated sessions have been terminated. However, for some types of interactive sessions, including, for example, remote login, information systems typically send logoff messages as final messages prior to terminating sessions.
SRG-OS-000281-GPOS-00111
1 Rule
If csh/tcsh shell is used, AIX must display logout messages.
Low Severity
If a user cannot explicitly end an operating system session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Users need to be aware of whether or not the session has been terminated. Information resources to which users gain access via authentication include, for example, local workstations and remote services. Logoff messages can be displayed after authenticated sessions have been terminated. However, for some types of interactive sessions, including, for example, remote login, information systems typically send logoff messages as final messages prior to terminating sessions.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must implement a remote syslog server that is documented using site-defined procedures.
Medium Severity
If a remote log host is in use and it has not been justified and documented, sensitive information could be obtained by unauthorized users without the administrator’s knowledge. Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224
SRG-OS-000480-GPOS-00227
1 Rule
The AIX syslog daemon must not accept remote messages unless it is a syslog server documented using site-defined procedures.
Medium Severity
Unintentionally running a syslog server accepting remote messages puts the system at increased risk. Malicious syslog messages sent to the server could exploit vulnerabilities in the server software itself, could introduce misleading information in to the system's logs, or could fill the system's storage leading to a Denial of Service.
SRG-OS-000365-GPOS-00152
1 Rule
AIX must be configured to use syslogd to log events by TCPD.
Medium Severity
Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation for after-the-fact actions. Enforcement actions are the methods or mechanisms used to prevent unauthorized changes to configuration settings. Enforcement action methods may be as simple as denying access to a file based on the application of file permissions (access restriction). Audit items may consist of lists of actions blocked by access restrictions or changes identified after the fact.
SRG-OS-000063-GPOS-00032
1 Rule
The AIX audit configuration files must be owned by root.
Medium Severity
Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
SRG-OS-000063-GPOS-00032
1 Rule
The AIX audit configuration files must be group-owned by audit.
Medium Severity
Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
SRG-OS-000063-GPOS-00032
1 Rule
The AIX audit configuration files must be set to 640 or less permissive.
Medium Severity
Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
SRG-OS-000029-GPOS-00010
1 Rule
AIX must automatically lock after 15 minutes of inactivity in the CDE Graphical desktop environment.
Medium Severity
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, operating systems need to be able to identify when a user's session has idled and take action to initiate the session lock. The session lock is implemented at the point where session activity can be determined and/or controlled.
SRG-OS-000279-GPOS-00109
1 Rule
AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.
Medium Severity
Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions. Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. If a maintenance session or connection remains open after maintenance is completed, it may be hijacked by an attacker and used to compromise or damage the system. Some maintenance and test tools are either standalone devices with their own operating systems or are applications bundled with an operating system. Conditions or trigger events requiring automatic session termination can include, for example, organization-defined periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on information system use. This capability is typically reserved for specific operating system functionality where the system owner, data owner, or organization requires additional assurance. Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at AIX level, and de-allocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. This does not mean that AIX terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session. Satisfies: SRG-OS-000279-GPOS-00109, SRG-OS-000163-GPOS-00072, SRG-OS-000126-GPOS-00066
SRG-OS-000067-GPOS-00035
1 Rule
AIX SSH private host key files must have mode 0600 or less permissive.
Medium Severity
If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure. The cornerstone of the PKI is the private key used to encrypt or digitally sign information. If the private key is stolen, this will lead to the compromise of the authentication and non-repudiation gained through PKI because the attacker can use the private key to digitally sign documents and pretend to be the authorized user. Both the holders of a digital certificate and the issuing authority must protect the computers, storage devices, or whatever they use to keep the private keys.
SRG-OS-000074-GPOS-00042
1 Rule
AIX must disable /usr/bin/rcp, /usr/bin/rlogin, /usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands.
High Severity
The listed applications permit the transmission of passwords in plain text. Alternative applications such as SSH, which encrypt data, should be use instead.
SRG-OS-000206-GPOS-00084
1 Rule
AIX log files must have mode 0640 or less permissive.
Medium Severity
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify AIX or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives. The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SRG-OS-000206-GPOS-00084
1 Rule
AIX log files must not have extended ACLs, except as needed to support authorized software.
Medium Severity
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify AIX or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives. The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
SRG-OS-000259-GPOS-00100
1 Rule
All system command files must not have extended ACLs.
Medium Severity
Restricting permissions will protect system command files from unauthorized modification. System command files include files present in directories used by the operating system for storing default system executables and files present in directories included in the system's default executable search paths.
SRG-OS-000259-GPOS-00100
1 Rule
All library files must not have extended ACLs.
Medium Severity
Unauthorized access could destroy the integrity of the library files.
SRG-OS-000480-GPOS-00227
1 Rule
AIX passwd.nntp file must have mode 0600 or less permissive.
Medium Severity
File permissions more permissive than 0600 for /etc/news/passwd.nntp may allow access to privileged information by system intruders or malicious users.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/group file must not have an extended ACL.
Medium Severity
The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX ldd command must be disabled.
Medium Severity
The ldd command provides a list of dependent libraries needed by a given binary, which is useful for troubleshooting software. Instead of parsing the binary file, some ldd implementations invoke the program with a special environment variable set, which causes the system dynamic linker to display the list of libraries. Specially crafted binaries can specify an alternate dynamic linker which may cause a program to be executed instead of examined. If the program is from an untrusted source, such as in a user home directory, or a file suspected of involvement in a system compromise, unauthorized software may be executed with the rights of the user running ldd.
SRG-OS-000480-GPOS-00227
1 Rule
AIX NFS server must be configured to restrict file system access to local hosts.
Medium Severity
The NFS access option limits user access to the specified level. This assists in protecting exported file systems. If access is not restricted, unauthorized hosts may be able to access the system's NFS exports.
SRG-OS-000480-GPOS-00230
1 Rule
All AIX users home directories must have mode 0750 or less permissive.
Medium Severity
Excessive permissions on home directories allow unauthorized access to user files.
SRG-OS-000480-GPOS-00230
1 Rule
The AIX user home directories must not have extended ACLs.
Medium Severity
Excessive permissions on home directories allow unauthorized access to user files.
SRG-OS-000312-GPOS-00124
1 Rule
AIX must use Trusted Execution (TE) Check policy.
Medium Severity
Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions. When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
SRG-OS-000365-GPOS-00152
1 Rule
AIX must disable trivial file transfer protocol.
High Severity
Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation for after-the-fact actions. Enforcement actions are the methods or mechanisms used to prevent unauthorized changes to configuration settings. Enforcement action methods may be as simple as denying access to a file based on the application of file permissions (access restriction). Audit items may consist of lists of actions blocked by access restrictions or changes identified after the fact.
SRG-OS-000368-GPOS-00154
1 Rule
AIX must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
Medium Severity
Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that runs counter to the mission or provides users with functionality that exceeds mission requirements. This includes functions and services installed at AIX-level. Some of the programs, installed by default, may be harmful or may not be necessary to support essential organizational operations (e.g., key missions, functions). Removal of executable programs is not always possible; therefore, establishing a method of preventing program execution is critical to maintaining a secure system baseline. Methods for complying with this requirement include restricting execution of programs in certain environments, while preventing execution in other environments; or limiting execution of certain program functionality based on organization-defined criteria (e.g., privileges, subnets, sandboxed environments, or roles). The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting. Verification of white-listed software occurs prior to execution or at system startup. This requirement applies to operating system programs, functions, and services designed to manage system processes and configurations (e.g., group policies). Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000370-GPOS-00155
SRG-OS-000437-GPOS-00194
1 Rule
AIX must remove all software components after updated versions have been installed.
Medium Severity
Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.
SRG-OS-000480-GPOS-00226
1 Rule
AIX must enforce a delay of at least 4 seconds between login prompts following a failed login attempt.
Medium Severity
Limiting the number of login attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
SRG-OS-000480-GPOS-00227
1 Rule
AIX system must restrict the ability to switch to the root user to members of a defined group.
Medium Severity
Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.
SRG-OS-000480-GPOS-00227
1 Rule
All AIX Group Identifiers (GIDs) referenced in the /etc/passwd file must be defined in the /etc/group file.
Medium Severity
If a user is assigned the GID of a group not existing on the system, and a group with that GID is subsequently created, the user may have unintended rights to the group.
SRG-OS-000480-GPOS-00227
1 Rule
All AIX files and directories must have a valid owner.
Medium Severity
Unowned files do not directly imply a security problem, but they are generally a sign that something is amiss. They may be caused by an intruder, by incorrect software installation or draft software removal, or by failure to remove all files belonging to a deleted account. The files should be repaired so they will not cause problems when accounts are created in the future, and the cause should be discovered and addressed.
SRG-OS-000480-GPOS-00227
1 Rule
The sticky bit must be set on all public directories on AIX systems.
Medium Severity
Failing to set the sticky bit on public directories allows unauthorized users to delete files in the directory structure. The only authorized public directories are those temporary directories supplied with the system, or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system, and by users for temporary file storage - such as /tmp - and for directories requiring global read/write access.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX global initialization files must contain the mesg -n or mesg n commands.
Medium Severity
Command "mesg -n" allows only the root user the permission to send messages to your workstation to avoid having others clutter your display with incoming messages.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX hosts.lpd file must not contain a + character.
Medium Severity
Having the '+' character in the hosts.lpd (or equivalent) file allows all hosts to use local system print resources.
SRG-OS-000480-GPOS-00227
1 Rule
AIX sendmail logging must not be set to less than nine in the sendmail.cf file.
Medium Severity
If Sendmail is not configured to log at level 9, system logs may not contain the information necessary for tracking unauthorized use of the sendmail service.
SRG-OS-000480-GPOS-00227
1 Rule
AIX run control scripts executable search paths must contain only absolute paths.
Medium Severity
The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory or other relative paths, executables in these directories may be executed instead of system commands.
SRG-OS-000074-GPOS-00042
1 Rule
The AIX rsh daemon must be disabled.
High Severity
The rsh daemon permits username and passwords to be passed over the network in clear text.
SRG-OS-000074-GPOS-00042
1 Rule
The AIX rlogind service must be disabled.
High Severity
The rlogin daemon permits username and passwords to be passed over the network in clear text.
SRG-OS-000095-GPOS-00049
1 Rule
The AIX qdaemon must be disabled if local or remote printing is not required.
Medium Severity
The qdaemon program is the printing scheduling daemon that manages the submission of print jobs to the piobe service. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If AIX system does not act as a remote print server for other servers, the lpd daemon must be disabled.
Medium Severity
The lpd daemon accepts remote print jobs from other systems. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If AIX system does not support either local or remote printing, the piobe service must be disabled.
Medium Severity
The piobe daemon is the I/O back end for the printing process, handling the job scheduling and spooling. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If there are no X11 clients that require CDE on AIX, the dt service must be disabled.
Medium Severity
This entry executes the CDE startup script which starts the AIX Common Desktop Environment. To prevent attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If NFS is not required on AIX, the NFS daemon must be disabled.
Medium Severity
The rcnfs entry starts the NFS daemons during system boot. NFS is a service with numerous historical vulnerabilities and should not be enabled unless there is no alternative. If NFS serving is required, then read-only exports are recommended and no filesystem or directory should be exported with root access. Unless otherwise required the NFS daemons (rcnfs) will be disabled.
SRG-OS-000095-GPOS-00049
1 Rule
If sendmail is not required on AIX, the sendmail service must be disabled.
Medium Severity
The sendmail service has many historical vulnerabilities and, where possible, should be disabled. If the system is not required to operate as a mail server i.e. sending, receiving or processing e-mail, disable the sendmail daemon.
SRG-OS-000095-GPOS-00049
1 Rule
If SNMP is not required on AIX, the snmpd service must be disabled.
Medium Severity
The snmpd daemon is used by many 3rd party applications to monitor the health of the system. This allows remote monitoring of network and server configuration. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
The AIX DHCP client must be disabled.
Medium Severity
The dhcpcd daemon receives address and configuration information from the DHCP server. DHCP relies on trusting the local network. If the local network is not trusted, then it should not be used. To prevent remote attacks this daemon should not be enabled unless there is no alternative. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227
SRG-OS-000095-GPOS-00049
1 Rule
If DHCP is not enabled in the network on AIX, the dhcprd daemon must be disabled.
Medium Severity
The dhcprd daemon listens for broadcast packets, receives them, and forwards them to the appropriate server. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If IPv6 is not utilized on AIX server, the autoconf6 daemon must be disabled.
Medium Severity
"autoconf6" is used to automatically configure IPv6 interfaces at boot time. Running this service may allow other hosts on the same physical subnet to connect via IPv6, even when the network does not support it. Disable this unless you use IPv6 on the server.
SRG-OS-000095-GPOS-00049
1 Rule
If AIX server is not functioning as a network router, the gated daemon must be disabled.
Medium Severity
This daemon provides gateway routing functions for protocols such as RIP and SNMP. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If AIX server is not functioning as a multicast router, the mrouted daemon must be disabled.
Medium Severity
This daemon is an implementation of the multicast routing protocol. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If AIX server is not functioning as a DNS server, the named daemon must be disabled.
Medium Severity
This is the server for the DNS protocol and controls domain name resolution for its clients. To prevent attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If AIX server is not functioning as a network router, the routed daemon must be disabled.
Medium Severity
The routed daemon manages the network routing tables in the kernel. To prevent attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If rwhod is not required on AIX, the rwhod daemon must be disabled.
Medium Severity
This is the remote WHO service. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
The timed daemon must be disabled on AIX.
Medium Severity
This is the old UNIX time service. The timed daemon is the old UNIX time service. Disable this service and use xntp, if time synchronization is required in the environment.
SRG-OS-000095-GPOS-00049
1 Rule
If AIX server does not host an SNMP agent, the dpid2 daemon must be disabled.
Medium Severity
The dpid2 daemon acts as a protocol converter, which enables DPI (SNMP v2) sub-agents, such as hostmibd, to talk to a SNMP v1 agent that follows SNMP MUX protocol. To prevent attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
If SNMP is not required on AIX, the snmpmibd daemon must be disabled.
Medium Severity
The snmpmibd daemon is a dpi2 sub-agent which manages a number of MIB variables. If snmpd is not required, it is recommended that it is disabled.
SRG-OS-000095-GPOS-00049
1 Rule
The aixmibd daemon must be disabled on AIX.
Medium Severity
The aixmibd daemon is a dpi2 sub-agent which manages a number of MIB variables. To prevent attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
The ndpd-host daemon must be disabled on AIX.
Medium Severity
This is the Neighbor Discovery Protocol (NDP) daemon, required in IPv6. The ndpd-host is the NDP daemon for the server. Unless the server utilizes IPv6, this is not required and should be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The ndpd-router must be disabled on AIX.
Medium Severity
This manages the Neighbor Discovery Protocol (NDP) for non-kernel activities, required in IPv6. The ndpd-router manages NDP for non-kernel activities. Unless the server utilizes IPv6, this is not required and should be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The daytime daemon must be disabled on AIX.
Medium Severity
The daytime service provides the current date and time to other servers on a network. This daytime service is a defunct time service, typically used for testing purposes only. The service should be disabled as it can leave the system vulnerable to DoS ping attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The cmsd daemon must be disabled on AIX.
Medium Severity
This is a calendar and appointment service for CDE. The cmsd service is utilized by CDE to provide calendar functionality. If CDE is not required, this service should be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The ttdbserver daemon must be disabled on AIX.
Medium Severity
The ttdbserver service is the tool-talk database service for CDE. This service runs as root and should be disabled. Unless required the ttdbserver service will be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The uucp (UNIX to UNIX Copy Program) daemon must be disabled on AIX.
Medium Severity
This service facilitates file copying between networked servers. The uucp (UNIX to UNIX Copy Program), service allows users to copy files between networked machines. Unless an application or process requires UUCP this should be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The time daemon must be disabled on AIX.
Medium Severity
This service can be used to synchronize system clocks. The time service is an obsolete process used to synchronize system clocks at boot time. This has been superseded by NTP, which should be used if time synchronization is necessary. Unless required the time service must be disabled.
SRG-OS-000095-GPOS-00049
1 Rule
The talk daemon must be disabled on AIX.
Medium Severity
This talk service is used to establish an interactive two-way communication link between two UNIX users. Unless required the talk service will be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The ntalk daemon must be disabled on AIX.
High Severity
This service establishes a two-way communication link between two users, either locally or remotely. Unless required the ntalk service will be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The chargen daemon must be disabled on AIX.
Medium Severity
This service is used to test the integrity of TCP/IP packets arriving at the destination. This chargen service is a character generator service and is used for testing the integrity of TCP/IP packets arriving at the destination. An attacker may spoof packets between machines running the chargen service and thus provide an opportunity for DoS attacks. Disable this service to prevent attacks unless testing the network.
SRG-OS-000095-GPOS-00049
1 Rule
The discard daemon must be disabled on AIX.
Medium Severity
The discard service is used as a debugging and measurement tool. It sets up a listening socket and ignores data that it receives. This is a /dev/null service and is obsolete. This can be used in DoS attacks and therefore, must be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The dtspc daemon must be disabled on AIX.
Medium Severity
The dtspc service deals with the CDE interface of the X11 daemon. It is started automatically by the inetd daemon in response to a CDE client requesting a process to be started on the daemon's host. This makes it vulnerable to buffer overflow attacks, which may allow an attacker to gain root privileges on a host. This service must be disabled unless it is absolutely required.
SRG-OS-000095-GPOS-00049
1 Rule
The pcnfsd daemon must be disabled on AIX.
Medium Severity
The pcnfsd service is an authentication and printing program, which uses NFS to provide file transfer services. This service is vulnerable and exploitable and permits the machine to be compromised both locally and remotely. If PC NFS clients are required within the environment, Samba is recommended as an alternative software solution. The pcnfsd daemon predates Microsoft's release of SMB specifications. This service should therefore be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The rstatd daemon must be disabled on AIX.
Medium Severity
The rstatd service is used to provide kernel statistics and other monitorable parameters pertinent to the system such as: CPU usage, system uptime, network usage etc. An attacker may use this information in a DoS attack. This service should be disabled.
SRG-OS-000095-GPOS-00049
1 Rule
The rusersd daemon must be disabled on AIX.
Medium Severity
The rusersd service runs as root and provides a list of current users active on a system. An attacker may use this service to learn valid account names on the system. This is not an essential service and should be disabled.
SRG-OS-000095-GPOS-00049
1 Rule
The sprayd daemon must be disabled on AIX.
Medium Severity
The sprayd service is used as a tool to generate UDP packets for testing and diagnosing network problems. The service must be disabled if NFS is not in use, as it can be used by attackers in a Distributed Denial of Service (DDoS) attack.
SRG-OS-000095-GPOS-00049
1 Rule
The klogin daemon must be disabled on AIX.
Medium Severity
The klogin service offers a higher degree of security than traditional rlogin or telnet by eliminating most clear-text password exchanges on the network. However, it is still not as secure as SSH, which encrypts all traffic. If using klogin to log in to a system, the password is not sent in clear text; however, if using "su" to another user, that password exchange is open to detection from network-sniffing programs. The recommendation is to use SSH wherever possible instead of klogin. If the klogin service is used, use the latest Kerberos version available and make sure that all the latest patches are installed.
SRG-OS-000095-GPOS-00049
1 Rule
The kshell daemon must be disabled on AIX.
Medium Severity
The kshell service offers a higher degree of security than traditional rsh services. However, it still does not use encrypted communications. The recommendation is to use SSH wherever possible instead of kshell. If the kshell service is used, you should use the latest Kerberos version available and must make sure that all the latest patches are installed.
SRG-OS-000095-GPOS-00049
1 Rule
The rquotad daemon must be disabled on AIX.
Medium Severity
The rquotad service allows NFS clients to enforce disk quotas on file systems that are mounted on the local system. This service should be disabled if to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The tftp daemon must be disabled on AIX.
Medium Severity
The tftp service allows remote systems to download or upload files to the tftp server without any authentication. It is therefore a service that should not run, unless needed. One of the main reasons for requiring this service to be activated is if the host is a NIM master. However, the service can be enabled and then disabled once a NIM operation has completed, rather than left running permanently.
SRG-OS-000095-GPOS-00049
1 Rule
The imap2 service must be disabled on AIX.
Medium Severity
The imap2 service or Internet Message Access Protocol (IMAP) supports the IMAP4 remote mail access protocol. It works with sendmail and bellmail. This service should be disabled if it is not required to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The pop3 daemon must be disabled on AIX.
Medium Severity
The pop3 service provides a pop3 server. It supports the pop3 remote mail access protocol. It works with sendmail and bellmail. This service should be disabled if it is not required to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The finger daemon must be disabled on AIX.
Medium Severity
The fingerd daemon provides the server function for the finger command. This allows users to view real-time pertinent user login information on other remote systems. This service should be disabled as it may provide an attacker with a valid user list to target.
SRG-OS-000095-GPOS-00049
1 Rule
The instsrv daemon must be disabled on AIX.
Medium Severity
The instsrv service is part of the Network Installation Tools, used for servicing servers running AIX 3.2. This service should be disabled to prevent attacks.
SRG-OS-000095-GPOS-00049
1 Rule
The echo daemon must be disabled on AIX.
Medium Severity
The echo service can be used in Denial of Service or SMURF attacks. It can also be used by someone else to get through a firewall or start a data storm. The echo service is unnecessary and it increases the attack vector of the system.
SRG-OS-000095-GPOS-00049
1 Rule
The Internet Network News (INN) server must be disabled on AIX.
Medium Severity
Internet Network News (INN) servers access Usenet newsfeeds and store newsgroup articles. INN servers use the Network News Transfer Protocol (NNTP) to transfer information from the Usenet to the server and from the server to authorized remote hosts. If this function is necessary to support a valid mission requirement, its use must be authorized and approved in the system accreditation package.
SRG-OS-000096-GPOS-00050
1 Rule
If Stream Control Transmission Protocol (SCTP) must be disabled on AIX.
Medium Severity
The Stream Control Transmission Protocol (SCTP) is an IETF-standardized transport layer protocol. This protocol is not yet widely used. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol.
SRG-OS-000096-GPOS-00050
1 Rule
The Reliable Datagram Sockets (RDS) protocol must be disabled on AIX.
Medium Severity
The Reliable Datagram Sockets (RDS) protocol is a relatively new protocol developed by Oracle for communication between the nodes of a cluster. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol. AIX has RDS protocol installed as part of the 'bos.net.tcp.client' fileset. The RDS protocol in primarily used for communication on INFI-Band interfaces. The protocol is manually loaded with the bypassctrl command. To prevent possible attacks this protocol must be disabled unless required.
SRG-OS-000378-GPOS-00163
1 Rule
If automated file system mounting tool is not required on AIX, it must be disabled.
Medium Severity
Automated file system mounting tools may provide unprivileged users with the ability to access local media and network shares. If this access is not necessary for the system’s operation, it must be disabled to reduce the risk of unauthorized access to these resources.
SRG-OS-000480-GPOS-00227
1 Rule
AIX process core dumps must be disabled.
Medium Severity
A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.
SRG-OS-000480-GPOS-00227
1 Rule
AIX kernel core dumps must be disabled unless needed.
Medium Severity
Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in Denial of Service by exhausting the available space on the target file system. The kernel core dump process may increase the amount of time a system is unavailable due to a crash. Kernel core dumps can be useful for kernel debugging.
SRG-OS-000142-GPOS-00071
1 Rule
AIX must set Stack Execution Disable (SED) system wide mode to all.
Medium Severity
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning. Satisfies: SRG-OS-000142-GPOS-00071, SRG-OS-000480-GPOS-00227, SRG-OS-000433-GPOS-00192
SRG-OS-000420-GPOS-00186
1 Rule
AIX must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring AIX is implementing rate-limiting measures on impacted network interfaces.
Medium Severity
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This requirement addresses the configuration of AIX to mitigate the impact of DoS attacks that have occurred or are ongoing on system availability. For each system, known and potential DoS attacks must be identified and solutions for each type implemented. A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks (e.g., limiting processes or establishing memory partitions). Employing increased capacity and bandwidth, combined with service redundancy, may reduce the susceptibility to some DoS attacks.
SRG-OS-000312-GPOS-00122
1 Rule
AIX must allow admins to send a message to all the users who logged in currently.
Medium Severity
Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions. When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
SRG-OS-000312-GPOS-00122
1 Rule
AIX must allow admins to send a message to a user who logged in currently.
Medium Severity
Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions. When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
SRG-OS-000033-GPOS-00014
1 Rule
The AIX SSH daemon must be configured to only use FIPS 140-2 approved ciphers.
Medium Severity
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., RDP), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.
SRG-OS-000073-GPOS-00041
1 Rule
The AIX system must have no .netrc files on the system.
High Severity
Unencrypted passwords for remote FTP servers may be stored in .netrc files. Policy requires passwords be encrypted in storage and not used in access scripts.
SRG-OS-000080-GPOS-00048
1 Rule
AIX must turn on enhanced Role-Based Access Control (RBAC) to isolate security functions from nonsecurity functions, to grant system privileges to other operating system admins, and prohibit user installation of system software without explicit privileged status.
Medium Severity
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement. Access control policies include: identity-based policies, role-based policies, and attribute-based policies. Access enforcement mechanisms include: access control lists, access control matrices, and cryptography. These policies and mechanisms must be employed by the application to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, and domains) in the information system. Security functions are the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Operating systems implement code separation (i.e., separation of security functions from nonsecurity functions) in a number of ways, including through the provision of security kernels via processor rings or processor modes. For non-kernel code, security function isolation is often achieved through file system protections that serve to protect the code on disk and address space protections that protect executing code. Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions. Operating system functionality will vary, and while users are not permitted to install unapproved software, there may be instances where the organization allows the user to install approved software packages, such as from an approved software repository. AIX or software configuration management utility must enforce control of software installation by users based upon what types of software installations are permitted (e.g., updates and security patches to existing software) and what types of installations are prohibited (e.g., software whose pedigree with regard to being potentially malicious is unknown or suspect) by the organization. Satisfies: SRG-OS-000080-GPOS-00048, SRG-OS-000134-GPOS-00068, SRG-OS-000312-GPOS-00123, SRG-OS-000362-GPOS-00149
SRG-OS-000095-GPOS-00049
1 Rule
If DHCP server is not required on AIX, the DHCP server must be disabled.
Medium Severity
The dhcpsd daemon is the DHCP server that serves addresses and configuration information to DHCP clients in the network. To prevent remote attacks this daemon should not be enabled unless there is no alternative.
SRG-OS-000095-GPOS-00049
1 Rule
The rwalld daemon must be disabled on AIX.
Medium Severity
The rwalld service allows remote users to broadcast system wide messages. The service runs as root and should be disabled unless absolutely necessary to prevent attacks.
SRG-OS-000269-GPOS-00103
1 Rule
In the event of a system failure, AIX must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
Medium Severity
Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes.
SRG-OS-000480-GPOS-00227
1 Rule
The /etc/shells file must exist on AIX systems.
Medium Severity
The shells file (or equivalent) lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized unsecure shell.
SRG-OS-000480-GPOS-00227
1 Rule
AIX public directories must be the only world-writable directories and world-writable files must be located only in public directories.
Medium Severity
World-writable files and directories make it easy for a malicious user to place potentially compromising files on the system. The only authorized public directories are those temporary directories supplied with the system or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system and by users for temporary file storage (e.g., /tmp) and for directories requiring global read/write access.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must be configured to only boot from the system boot device.
Medium Severity
The ability to boot from removable media is the same as being able to boot into single user or maintenance mode without a password. This ability could allow a malicious user to boot the system and perform changes possibly compromising or damaging the system. It could also allow the system to be used for malicious purposes by a malicious anonymous user.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must not use removable media as the boot loader.
Medium Severity
Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader.
SRG-OS-000480-GPOS-00227
1 Rule
If the AIX host is running an SMTP service, the SMTP greeting must not provide version information.
Low Severity
The version of the SMTP service can be used by attackers to plan an attack based on vulnerabilities present in the specific version.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must contain no .forward files.
Low Severity
The .forward file allows users to automatically forward mail to another system. Use of .forward files could allow the unauthorized forwarding of mail and could potentially create mail loops which could degrade system performance.
SRG-OS-000480-GPOS-00227
1 Rule
The sendmail server must have the debug feature disabled on AIX systems.
Medium Severity
Debug mode is a feature present in older versions of Sendmail which, if not disabled, may allow an attacker to gain access to a system through the Sendmail service.
SRG-OS-000480-GPOS-00227
1 Rule
SMTP service must not have the EXPN or VRFY features active on AIX systems.
Medium Severity
The SMTP EXPN function allows an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. EXPN may also provide additional information concerning users on the system, such as the full names of account owners. The VRFY (Verify) command allows an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. VRFY may provide additional information about users on the system, such as the full names of account owners.
SRG-OS-000480-GPOS-00227
1 Rule
All global initialization file executable search paths must contain only absolute paths.
Medium Severity
Failure to restrict system access to authenticated users negatively impacts operating system security.
SRG-OS-000480-GPOS-00227
1 Rule
The SMTP service HELP command must not be enabled on AIX.
Medium Severity
The HELP command should be disabled to mask version information. The version of the SMTP service software could be used by attackers to target vulnerabilities present in specific software versions.
SRG-OS-000480-GPOS-00227
1 Rule
NIS maps must be protected through hard-to-guess domain names on AIX.
Medium Severity
The use of hard-to-guess NIS domain names provides additional protection from unauthorized access to the NIS directory information.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX systems access control program must be configured to grant or deny system access to specific hosts.
Medium Severity
If the system's access control program is not configured with appropriate rules for allowing and denying access to system network resources, services may be accessible to unauthorized hosts.
SRG-OS-000480-GPOS-00227
1 Rule
All AIX files and directories must have a valid group owner.
Medium Severity
Failure to restrict system access to authenticated users negatively impacts operating system security.
SRG-OS-000480-GPOS-00227
1 Rule
AIX control scripts library search paths must contain only absolute paths.
Medium Severity
The library search path environment variable(s) contain a list of directories for the dynamic linker to search to find libraries. If this path includes the current working directory or other relative paths, libraries in these directories may be loaded instead of system libraries. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon, or two consecutive colons, this is interpreted as the current working directory. Paths starting with a slash (/) are absolute paths.
SRG-OS-000480-GPOS-00227
1 Rule
The control script lists of preloaded libraries must contain only absolute paths on AIX systems.
Medium Severity
The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the libraries required by the binary. If this list contains paths to libraries relative to the current working directory, unintended libraries may be preloaded.
SRG-OS-000480-GPOS-00227
1 Rule
The global initialization file lists of preloaded libraries must contain only absolute paths on AIX.
Medium Severity
The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the libraries required by the binary. If this list contains paths to libraries relative to the current working directory, unintended libraries may be preloaded.
SRG-OS-000480-GPOS-00227
1 Rule
The local initialization file library search paths must contain only absolute paths on AIX.
Medium Severity
The library search path environment variable(s) contain a list of directories for the dynamic linker to search to find libraries. If this path includes the current working directory or other relative paths, libraries in these directories may be loaded instead of system libraries. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon, or two consecutive colons, this is interpreted as the current working directory.
SRG-OS-000480-GPOS-00227
1 Rule
The local initialization file lists of preloaded libraries must contain only absolute paths on AIX.
Medium Severity
The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the libraries required by the binary. If this list contains paths to libraries relative to the current working directory, unintended libraries may be preloaded. This variable is formatted as a space-separated list of libraries.
SRG-OS-000480-GPOS-00227
1 Rule
AIX package management tool must be used daily to verify system software.
Medium Severity
Verification using the system package management tool can be used to determine that system software has not been tampered with. This requirement is not applicable to systems not using package management tools.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX DHCP client must not send dynamic DNS updates.
Medium Severity
Dynamic DNS updates transmit unencrypted information about a system including its name and address and should not be used unless needed.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must not run any routing protocol daemons unless the system is a router.
Medium Severity
Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must not process ICMP timestamp requests.
Medium Severity
The processing of Internet Control Message Protocol (ICMP) timestamp requests increases the attack surface of the system.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must not respond to ICMPv6 echo requests sent to a broadcast address.
Medium Severity
Responding to broadcast ICMP echo requests facilitates network mapping and provides a vector for amplification attacks.
SRG-OS-000480-GPOS-00228
1 Rule
AIX must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
Medium Severity
Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.
SRG-OS-000480-GPOS-00229
1 Rule
There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the AIX system.
Medium Severity
Trust files are convenient, but when used in conjunction with the remote login services, they can allow unauthenticated access to a system.
SRG-OS-000480-GPOS-00229
1 Rule
The .rhosts file must not be supported in AIX PAM.
Medium Severity
.rhosts files are used to specify a list of hosts permitted remote access to a particular account without authenticating. The use of such a mechanism defeats strong identification and authentication requirements.
SRG-OS-000480-GPOS-00230
1 Rule
The AIX root user home directory must not be the root directory (/).
Medium Severity
Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for intruders to manipulate the system by reading the files that root places in its default directory. It also gives root the same discretionary access control for root's home directory as for the other plain user home directories.
SRG-OS-000480-GPOS-00230
1 Rule
All AIX interactive users must be assigned a home directory in the passwd file and the directory must exist.
Medium Severity
All users must be assigned a home directory in the passwd file. Failure to have a home directory may result in the user being put in the root directory. This could create a Denial of Service because the user would not be able to perform useful tasks in this location.
SRG-OS-000105-GPOS-00052
1 Rule
The AIX operating system must use Multi Factor Authentication.
Medium Severity
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160
SRG-OS-000480-GPOS-00227
1 Rule
The AIX operating system must be configured to authenticate using Multi Factor Authentication.
Medium Severity
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX operating system must be configured to use Multi Factor Authentication for remote connections.
Medium Severity
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
SRG-OS-000480-GPOS-00227
1 Rule
AIX must have the have the PowerSC Multi Factor Authentication Product configured.
Medium Severity
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX operating system must be configured to use a valid server_ca.pem file.
Medium Severity
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
SRG-OS-000376-GPOS-00161
1 Rule
The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.
Medium Severity
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under Homeland Security Presidential Directive (HSPD) 12, as well as making the CAC a primary component of layered protection for national security systems. Satisfies: SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162
SRG-OS-000480-GPOS-00227
1 Rule
AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.
Medium Severity
Failure to restrict network connectivity only to authorized systems permits inbound connections from malicious systems. It also permits outbound connections that may facilitate exfiltration of DoD data.
SRG-OS-000342-GPOS-00133
1 Rule
AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.
Medium Severity
Taking appropriate action in case of a filled audit storage volume will minimize the possibility of losing audit records.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/hosts file must be owned by root.
Medium Severity
Unauthorized ownership of the /etc/hosts file can lead to the ability for a malicious actor to redirect traffic to servers of their choice. It is also possible to use the /etc/hosts file to block detection by security software by blocking the traffic to all the download or update servers of well-known security vendors.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/hosts file must be group-owned by system.
Medium Severity
Unauthorized group ownership of the /etc/hosts file can lead to the ability for a malicious actor to redirect traffic to servers of their choice. It is also possible to use the /etc/hosts file to block detection by security software by blocking the traffic to all the download or update servers of well-known security vendors.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/hosts file must have a mode of 0640 or less permissive.
Medium Severity
Unauthorized permissions of the /etc/hosts file can lead to the ability for a malicious actor to redirect traffic to servers of their choice. It is also possible to use the /etc/hosts file to block detection by security software by blocking the traffic to all the download or update servers of well-known security vendors.
SRG-OS-000480-GPOS-00227
1 Rule
AIX cron and crontab directories must have a mode of 0640 or less permissive.
Medium Severity
Incorrect permissions of the cron or crontab directories could permit unauthorized users the ability to alter cron jobs and run automated jobs as privileged users. Failure to set proper permissions of cron or crontab directories provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/syslog.conf file must be owned by root.
Medium Severity
Unauthorized ownership of the /etc/syslog.conf file can lead to the ability for a malicious actor to alter or disrupt system logging activities. This can aid the malicious actor in avoiding detection and further their ability to conduct malicious activities on the system.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/syslog.conf file must be group-owned by system.
Medium Severity
Unauthorized group ownership of the /etc/syslog.conf file can lead to the ability for a malicious actor to alter or disrupt system logging activities. This can aid the malicious actor in avoiding detection and further their ability to conduct malicious activities on the system.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/syslog.conf file must have a mode of 0640 or less permissive.
Medium Severity
Unauthorized permissions of the /etc/syslog.conf file can lead to the ability for a malicious actor to alter or disrupt system logging activities. This can aid the malicious actor in avoiding detection and further their ability to conduct malicious activities on the system.
SRG-OS-000480-GPOS-00227
1 Rule
The inetd.conf file on AIX must be group owned by the "system" group.
Medium Severity
Failure to give ownership of sensitive files or utilities to system groups may provide unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /etc/inetd.conf file must have a mode of 0640 or less permissive.
Medium Severity
Failure to set proper permissions of sensitive files or utilities may provide unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /var/spool/cron/atjobs directory must be owned by root or bin.
Medium Severity
Unauthorized ownership of the /var/spool/cron/atjobs directory could permit unauthorized users the ability to alter atjobs and run automated jobs as privileged users. Failure to set proper permissions of the /var/spool/cron/atjobs directory provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /var/spool/cron/atjobs directory must be group-owned by cron.
Medium Severity
Unauthorized group ownership of the /var/spool/cron/atjobs directory could permit unauthorized users the ability to alter atjobs and run automated jobs as privileged users. Failure to set proper permissions of the /var/spool/cron/atjobs directory provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX /var/spool/cron/atjobs directory must have a mode of 0640 or less permissive.
Medium Severity
Incorrect permissions of the /var/spool/cron/atjobs directory could permit unauthorized users the ability to alter atjobs and run automated jobs as privileged users. Failure to set proper permissions of the /var/spool/cron/atjobs directory provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000480-GPOS-00227
1 Rule
The AIX cron and crontab directories must be group-owned by cron.
Medium Severity
Incorrect group ownership of the cron or crontab directories could permit unauthorized users the ability to alter cron jobs and run automated jobs as privileged users. Failure to give ownership of cron or crontab directories to root or to bin provides the designated owner and unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
SRG-OS-000001-GPOS-00001
1 Rule
AIX /etc/security/mkuser.sys.custom file must not exist unless it is needed for customizing a new user account.
Medium Severity
The "/etc/security/mkuser.sys.custom" is called by "/etc/security/mkuser.sys" to customize the new user account when a new user is created, or a user is logging into the system without a home directory. An improper "/etc/security/mkuser.sys.custom" script increases the risk that non-privileged users may obtain elevated privileges. It must not exist unless it is needed.