GEN000000-AIX00020 – AIX Trusted Computing Base (TCB) software must be implemented.
Details The AIX Trusted Computing Base (TCB) software provides protection from the unauthorized modification of core system files. Solution Ensure...
- Home
- Security Hardening
- DISA STIG AIX 6.1 V1R14
DISA STIG AIX 6.1 V1R14
GEN000000-AIX00040 – The securetcpip command must be used.
Details The AIX securetcpip command disables insecure network utilities, such as rcp, rlogin, rlogind, rsh, rshd, tftp, tftpd, and trpt/d....GEN000000-AIX00040 – The securetcpip command must be used – /etc/security/config has been configured
Details The AIX securetcpip command disables insecure network utilities, such as rcp, rlogin, rlogind, rsh, rshd, tftp, tftpd, and trpt/d....GEN000000-AIX00060 – A baseline of AIX files with the TCB bit set must be checked weekly.
Details If a baseline of files with the TCB bit set is not kept and checked weekly, the system could...GEN000000-AIX00080 – The SYSTEM attribute must not be set to NONE for any account.
Details The SYSTEM attribute in /etc/security/user defines the mechanisms used to authenticate specific user accounts. If the value is set...GEN000000-AIX0085 – The /etc/netsvc.conf file must be root owned.
Details The /etc/netsvc.conf file is used to specify the ordering of name resolution for the sendmail command, alias resolution for...GEN000000-AIX0090 – The /etc/netsvc.conf file must be group-owned by bin, sys, or system.
Details The /etc/netsvc.conf file is used to specify the ordering of name resolution for the sendmail command, alias resolution for...GEN000000-AIX0100 – The /etc/netsvc.conf file must have mode 0644 or less permissive.
Details The /etc/netsvc.conf file is used to specify the ordering of name resolution for the sendmail command, alias resolution for...GEN000000-AIX0320 – The /etc/ftpaccess.ctl file must be owned by root.
Details If the ftpaccess.ctl file is not owned by root, an unauthorized user may modify the file to allow unauthorized...GEN000000-AIX0330 – The /etc/ftpaccess.ctl file must be group-owned by bin, sys, or system.
Details If the ftpaccess.ctl file is not group-owned by a system group, an unauthorized user may modify the file to...