Home
Security Hardening
DISA STIG AIX 5.3 V1R2

DISA STIG AIX 5.3 V1R2

GEN000000-AIX0200 – The system must not allow directed broadcasts to gateway.
Details Disabling directed broadcast prevents packets directed to a gateway to be broadcasted on a remote network. Solution Configure directed_broadcast...
GEN000000-AIX0210 – The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.
Details The ICMP attacks may be of the form of ICMP source quench attacks and Path MTU Discovery (PMTUD) attacks....
GEN000000-AIX0220 – The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.
Details The tcp_tcpsecure parameter provides protection for TCP connections from fake SYN’s, fake RST, and data injections on established connections....
GEN000000-AIX0230 – The system must provide protection against IP fragmentation attacks.
Details The parameter ip_nfrag provides an additional layer of protection against IP fragmentation attacks. The value the ip_nfrag specifies is...
GEN000000-AIX0300 – The system must not have the bootp service active.
Details The bootp service is used for Network Installation Management (NIM) and remote booting of systems. The bootp service should...
GEN000000-AIX0310 – The /etc/ftpaccess.ctl file must exist.
Details The ftpaccess.ctl file contains options for the ftp daemon, such as herald, motd, user access, and permissions to files...
GEN000000-AIX0320 – The /etc/ftpaccess.ctl file must be owned by root.
Details If the ftpaccess.ctl file is not owned by root, an unauthorized user may modify the file to allow unauthorized...
GEN000000-AIX0350 – The /etc/ftpaccess.ctl file must not have an extended ACL.
Details Excessive permissions on the ftpaccess.ctl file could permit unauthorized modification. Unauthorized modification could result in Denial of Service to...
GEN000020 – The system must require authentication upon booting into single-user and maintenance modes.
Details If the system does not require a valid root password before it boots into single-user or maintenance mode, anyone...
GEN000100 – The operating system must be a supported release.
Details An operating system release is considered ‘supported’ if the vendor continues to provide security patches for the product. With...

Prev Next

DISA STIG AIX 5.3 V1R2

GEN000000-AIX0200 – The system must not allow directed broadcasts to gateway.

GEN000000-AIX0210 – The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.

GEN000000-AIX0220 – The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.

GEN000000-AIX0230 – The system must provide protection against IP fragmentation attacks.

GEN000000-AIX0300 – The system must not have the bootp service active.

GEN000000-AIX0310 – The /etc/ftpaccess.ctl file must exist.

GEN000000-AIX0320 – The /etc/ftpaccess.ctl file must be owned by root.

GEN000000-AIX0350 – The /etc/ftpaccess.ctl file must not have an extended ACL.

GEN000020 – The system must require authentication upon booting into single-user and maintenance modes.

GEN000100 – The operating system must be a supported release.