IBM AIX 7.x Security Technical Implementation Guide

ID Vuln ID Title Cat Status
AIX7-00-002132 V-215313 The AIX syslog daemon must not accept remote messages unless it is a syslog server documented using site-defined procedures. Cat II
AIX7-00-002003 V-215237 AIX must produce audit records containing information to establish where the events occurred. Cat II
AIX7-00-003132 V-215427 The AIX DHCP client must not send dynamic DNS updates. Cat II
AIX7-00-003130 V-215425 The local initialization file lists of preloaded libraries must contain only absolute paths on AIX. Cat II
AIX7-00-003124 V-215419 The AIX systems access control program must be configured to grant or deny system access to specific hosts. Cat II
AIX7-00-001042 V-215201 The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts on AIX. Cat II
AIX7-00-003016 V-215329 The AIX ldd command must be disabled. Cat II
AIX7-00-002015 V-215245 Audit logs on the AIX system must be set to 660 or less permissive. Cat II
AIX7-00-003019 V-215332 The AIX user home directories must not have extended ACLs. Cat II
AIX7-00-003042 V-215348 The AIX qdaemon must be disabled if local or remote printing is not required. Cat II
AIX7-00-003070 V-215375 The ntalk daemon must be disabled on AIX. Cat I
AIX7-00-003072 V-215377 The discard daemon must be disabled on AIX. Cat II
AIX7-00-003133 V-215428 AIX must not run any routing protocol daemons unless the system is a router. Cat II
AIX7-00-003099 V-215401 AIX must allow admins to send a message to a user who logged in currently. Cat II
AIX7-00-002017 V-219956 AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.