III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
AIX must not respond to ICMPv6 echo requests sent to a broadcast address.
<VulnDiscussion>Responding to broadcast ICMP echo requests facilitates network mapping and provides a vector for amplification attacks.</V...Rule Medium Severity -
SRG-OS-000480-GPOS-00228
<GroupDescription></GroupDescription>Group -
AIX must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
<VulnDiscussion>Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary acce...Rule Medium Severity -
SRG-OS-000480-GPOS-00229
<GroupDescription></GroupDescription>Group -
There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the AIX system.
<VulnDiscussion>Trust files are convenient, but when used in conjunction with the remote login services, they can allow unauthenticated acces...Rule Medium Severity -
SRG-OS-000480-GPOS-00229
<GroupDescription></GroupDescription>Group -
The .rhosts file must not be supported in AIX PAM.
<VulnDiscussion>.rhosts files are used to specify a list of hosts permitted remote access to a particular account without authenticating. The...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
<GroupDescription></GroupDescription>Group -
The AIX root user home directory must not be the root directory (/).
<VulnDiscussion>Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for int...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.