Check: AIX7-00-003113
IBM AIX 7.x STIG:
AIX7-00-003113
(in versions v3 r1 through v1 r1)
Title
AIX must not use removable media as the boot loader. (Cat II impact)
Discussion
Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader.
Check Content
Check the servers boot lists for the "normal", "service", "both", or "prevboot" modes by command: # bootlist -m <mode> -o Ensure "hdisk{x}" is the only devices listed. If boot devices, such as "cd{x}", "fd{x}", "rmt{x}", or "ent{x}" are used, this is a finding.
Fix Text
Configure the system to use a bootloader installed on fixed media, such as: # bootlist -m normal hdisk0 # bootlist -m service hdisk0
Additional Identifiers
Rule ID: SV-215411r991589_rule
Vulnerability ID: V-215411
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |