Skip to content
Log In

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • AIX must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

    Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that runs counter to the mission or provides users wi...
    Rule Medium Severity
    Show

  • SRG-OS-000437-GPOS-00194

    Group
    Show

  • AIX must remove all software components after updated versions have been installed.

    Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00226

    Group
    Show

  • AIX must enforce a delay of at least 4 seconds between login prompts following a failed login attempt.

    Limiting the number of login attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AIX system must restrict the ability to switch to the root user to members of a defined group.

    Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • All AIX Group Identifiers (GIDs) referenced in the /etc/passwd file must be defined in the /etc/group file.

    If a user is assigned the GID of a group not existing on the system, and a group with that GID is subsequently created, the user may have unintended rights to the group.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • All AIX files and directories must have a valid owner.

    Unowned files do not directly imply a security problem, but they are generally a sign that something is amiss. They may be caused by an intruder, by incorrect software installation or draft softwar...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The sticky bit must be set on all public directories on AIX systems.

    Failing to set the sticky bit on public directories allows unauthorized users to delete files in the directory structure. The only authorized public directories are those temporary directories supp...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The AIX global initialization files must contain the mesg -n or mesg n commands.

    Command "mesg -n" allows only the root user the permission to send messages to your workstation to avoid having others clutter your display with incoming messages.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The AIX hosts.lpd file must not contain a + character.

    Having the '+' character in the hosts.lpd (or equivalent) file allows all hosts to use local system print resources.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AIX sendmail logging must not be set to less than nine in the sendmail.cf file.

    If Sendmail is not configured to log at level 9, system logs may not contain the information necessary for tracking unauthorized use of the sendmail service.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules