Title

AIX package management tool must be used daily to verify system software. (Cat II impact)

Discussion

Verification using the system package management tool can be used to determine that system software has not been tampered with. This requirement is not applicable to systems not using package management tools.

Check Content

Check the root crontab for a daily job invoking the system package management tool to verify the integrity of installed packages. From the command prompt, run the following command: # crontab -l | grep lppchk 55 22 * * * /lppchk.sh # Daily LPP check script If no such job exists, this is a finding.

Fix Text

Add a job to the root crontab invoking the following system package management tool to verify the integrity of installed packages and email the result to root user. Run the following command to add the cron job: # crontab -e Within crontab command, add the following daily job to the cron table, then save the change: 0 23 * * * /usr/bin/lppchk -c > /tmp/111 2>&1; sendmail root < /tmp/111

Additional Identifiers

Rule ID: SV-215426r508663_rule

Vulnerability ID: V-215426

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.