Navigate

Check: GEN006565

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN006565 (in versions v1 r14 through v1 r10)

Title

The system package management tool must be used to verify system software periodically. (Cat II impact)

Discussion

Verification using the system package management tool can be used to determine that system software has not been tampered with. This requirement is not applicable to systems that do not use package management tools.

Check Content

Check the root crontab for a job invoking the system package management tool to verify the integrity of installed packages. # crontab -l | grep lppchk If no such job exists, this is a finding.

Fix Text

Add a job to the root crontab invoking the system package management tool to verify the integrity of installed packages. # lppchk -c

Additional Identifiers

Rule ID: SV-38958r1_rule

Vulnerability ID: V-22506

Group Title: GEN006565

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-000698	The organization requires the developer of the information system, system component, or information system service to enable integrity verification of software and firmware components.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
SA-10 (1)	Software / Firmware Integrity Verification