Check: GEN008600
AIX 5.3 STIG:
GEN008600
(in version v1 r3)
Title
The system must be configured to only boot from the system boot device. (Cat I impact)
Discussion
The ability to boot from removable media is the same as being able to boot into single user, or maintenance, mode without a password. This ability could allow a malicious user to boot the system and perform changes that could compromise or damage the system. It could also allow the system to be used for malicious purposes by a malicious anonymous user.
Check Content
Determine if the system is configured to boot from devices other than the system startup media. # bootlist -m normal -o The returned values should be hdisk{x}. If the system is setup to boot from a non-hard disk device, this is a finding. Additionally, ask the SA if the machine is setup for multi-boot in the SMS application. If multi-boot is enabled, the firmware will stop at boot time and request which image to boot from the user. If multi-boot is enabled, this is a finding.
Fix Text
Configure the system to only boot from system startup media. # bootlist -m normal hdisk< x > Set multi-boot to off in the SMS application.
Additional Identifiers
Rule ID: SV-38835r1_rule
Vulnerability ID: V-1013
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |