Check: GEN004360

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN004360 (in versions v1 r14 through v1 r10)

The alias file must be owned by root. (Cat II impact)

If the alias file is not owned by root, an unauthorized user may modify the file to add aliases to run malicious code or redirect email.

Check the ownership of the alias file. Procedure: # ls -lL /etc/mail/aliases If the file is not owned by root, this is a finding.

Change the owner of the /etc/mail/aliases file (or equivalent, such as /usr/lib/aliases) to root. Procedure: # chown root /etc/mail/aliases

Rule ID: SV-40836r1_rule

Vulnerability ID: V-831

Group Title: GEN004360

Expert comments are only available to logged-in users.

CCIs tied to check.

Number	Definition
CCI-000225	The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-6	Least Privilege