GEN000000-AIX00020 – AIX Trusted Computing Base (TCB) software must be implemented.
Details The AIX Trusted Computing Base (TCB) software provides protection from the unauthorized modification of core system files. Solution Ensure...
- Home
- Security Hardening
- DISA STIG AIX 5.3 V1R2
DISA STIG AIX 5.3 V1R2
GEN000000-AIX00040 – The securetcpip command must be used
Details The AIX securetcpip command disables insecure network utilities, such as rcp, rlogin, rlogind, rsh, rshd, tftp, tftpd, and trpt/d....GEN000000-AIX00060 – A baseline of AIX files with the TCB bit set must be checked weekly.
Details If a baseline of files with the TCB bit set is not kept and checked weekly, the system could...GEN000000-AIX00080 – The SYSTEM attribute must not be set to NONE for any account.
Details The SYSTEM attribute in /etc/security/user defines the mechanisms used to authenticate specific user accounts. If the value is set...GEN000000-AIX0085 – The /etc/netsvc.conf file must be root owned.
Details The /etc/netsvc.conf file is used to specify the ordering of name resolution for the sendmail command, alias resolution for...GEN000000-AIX0090 – The /etc/netsvc.conf file must be group-owned by bin, sys, or system.
Details The /etc/netsvc.conf file is used to specify the ordering of name resolution for the sendmail command, alias resolution for...GEN000000-AIX0100 – The /etc/netsvc.conf file must have mode 0644 or less permissive.
Details The /etc/netsvc.conf file is used to specify the ordering of name resolution for the sendmail command, alias resolution for...GEN000000-AIX0330 – The /etc/ftpaccess.ctl file must be group-owned by bin, sys, or system.
Details If the ftpaccess.ctl file is not group-owned by a system group, an unauthorized user may modify the file to...GEN000000-AIX0340 – The /etc/ftpaccess.ctl file must have mode 0640 or less permissive.
Details Excessive permissions on the ftpaccess.ctl file could permit unauthorized modification. Unauthorized modification could result in Denial of Service to...GEN000000-AIX0110 – The /etc/netsvc.conf file must not have an extended ACL.
Details The /etc/netsvc.conf file is used to specify the ordering of name resolution for the sendmail command, alias resolution for...