Navigate

Check: AIX7-00-003101

IBM AIX 7.x STIG: AIX7-00-003101 (in versions v3 r1 through v1 r1)

Title

The AIX system must have no .netrc files on the system. (Cat I impact)

Discussion

Unencrypted passwords for remote FTP servers may be stored in .netrc files. Policy requires passwords be encrypted in storage and not used in access scripts.

Check Content

Check the system for the existence of any ".netrc" files by running the following command: # find / -name .netrc If any ".netrc" file exists, this is a finding.

Fix Text

Remove all ".netrc" file(s): # find / -name .netrc -exec rm {} \;

Additional Identifiers

Rule ID: SV-215403r1009555_rule

Vulnerability ID: V-215403

Group Title: SRG-OS-000073-GPOS-00041

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000196	The information system, for password-based authentication, stores only cryptographically-protected passwords.
CCI-004062	For password-based authentication, store passwords using an approved salted key derivation function, preferably using a keyed hash.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5(1)	Password-based Authentication