Check: AIX7-00-003019
IBM AIX 7.x STIG:
AIX7-00-003019
(in versions v3 r1 through v1 r1)
Title
The AIX user home directories must not have extended ACLs. (Cat II impact)
Discussion
Excessive permissions on home directories allow unauthorized access to user files.
Check Content
Verify user home directories have no extended ACLs using command: # cat /etc/passwd | cut -f 6,6 -d ":" | xargs -n1 aclget * * ACL_type AIXC * attributes: base permissions owner(root): rwx group(system): r-x others: r--- extended permissions disabled If extended permissions are not disabled, this is a finding.
Fix Text
Remove the extended ACL from the user home directory and disable extended permissions: # acledit <directory>
Additional Identifiers
Rule ID: SV-215332r991592_rule
Vulnerability ID: V-215332
Group Title: SRG-OS-000480-GPOS-00230
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |