III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
AIX administrative accounts must not run a web browser, except as needed for local service administration.
<VulnDiscussion>If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. Specific exc...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
AIX default system accounts (with the exception of root) must not be listed in the cron.allow file or must be included in the cron.deny file, if cron.allow does not exist.
<VulnDiscussion>To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab.<...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The AIX root account must not have world-writable directories in its executable search path.
<VulnDiscussion>If the root search path contains a world-writable directory, malicious software could be placed in the path by intruders and/...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Group Identifiers (GIDs) reserved for AIX system accounts must not be assigned to non-system accounts as their primary group GID.
<VulnDiscussion>Reserved GIDs are typically used by system software packages. If non-system groups have GIDs in this range, they may conflict...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
UIDs reserved for system accounts must not be assigned to non-system accounts on AIX systems.
<VulnDiscussion>Reserved UIDs are typically used by system software packages. If non-system accounts have UIDs in this range, they may confli...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The AIX root accounts list of preloaded libraries must be empty.
<VulnDiscussion>The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the ...Rule Medium Severity -
SRG-OS-000480-GPOS-00229
<GroupDescription></GroupDescription>Group -
AIX must not have accounts configured with blank or null passwords.
<VulnDiscussion>If an account is configured for password authentication but does not have an assigned password, it may be possible to log int...Rule High Severity -
SRG-OS-000480-GPOS-00230
<GroupDescription></GroupDescription>Group -
The AIX root accounts home directory (other than /) must have mode 0700.
<VulnDiscussion>Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sha...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
<GroupDescription></GroupDescription>Group -
The AIX root accounts home directory must not have an extended ACL.
<VulnDiscussion>Excessive permissions on root home directories allow unauthorized access to root user files.</VulnDiscussion><FalseP...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group -
AIX must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote login access to the system.
<VulnDiscussion>Display of a standardized and approved use notification before granting access to the operating system ensures privacy and se...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.