Check: GEN006360

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN006360 (in versions v1 r14 through v1 r10)

The files in /etc/news must be group-owned by system or news. (Cat II impact)

If critical system files do not have a privileged group owner, system integrity could be compromised.

Check /etc/news files group ownership. Procedure: # ls -al /etc/news If /etc/news files are not group-owned by system or news, this is a finding.

Change the group owner of the files in /etc/news to system or news. Procedure: # chgrp news /etc/news/*

Rule ID: SV-40837r1_rule

Vulnerability ID: V-4278

Group Title: GEN006360

Expert comments are only available to logged-in users.

CCIs tied to check.

Number	Definition
CCI-000225	The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-6	Least Privilege