III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
Group -
IP forwarding for IPv4 must not be enabled on AIX unless the system is a router.
IP forwarding permits the kernel to forward packets from one network interface to another. The ability to forward packets between two networks is only appropriate for systems acting as routers.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AIX must be configured with a default gateway for IPv6 if the system uses IPv6 unless the system is a router.
If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial of Service attacks.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AIX must not have IP forwarding for IPv6 enabled unless the system is an IPv6 router.
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.Rule Medium Severity -
SRG-OS-000206-GPOS-00084
Group -
AIX log files must be owned by a system account.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify AIX or platform. Additional...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
Group -
AIX log files must be owned by a system group.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify AIX or platform. Additional...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
AIX system files, programs, and directories must be group-owned by a system group.
Restricting permissions will protect the files from unauthorized modification.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The inetd.conf file on AIX must be owned by root.
Failure to give ownership of sensitive files or utilities to system groups may provide unauthorized users with the potential to access sensitive information or change the system configuration which...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AIX cron and crontab directories must be owned by root or bin.
Incorrect ownership of the cron or crontab directories could permit unauthorized users the ability to alter cron jobs and run automated jobs as privileged users. Failure to give ownership of cron o...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AIX audio devices must be group-owned by root, sys, bin, or system.
Without privileged group owners, audio devices will be vulnerable to being used as eaves-dropping devices by malicious users or intruders to possibly listen to conversations containing sensitive in...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AIX time synchronization configuration file must be owned by root.
A synchronized system clock is critical for the enforcement of time-based policies and the correlation of logs and audit records with other systems. If an illicit time source is used for synchroniz...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.