Navigate

Check: AIX7-00-003015

IBM AIX 7.x STIG: AIX7-00-003015 (in versions v2 r9 through v1 r1)

Title

The AIX /etc/group file must not have an extended ACL. (Cat II impact)

Discussion

The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.

Check Content

Check the ACL of the "/etc/group" file: # aclget /etc/group The above command should yield the following output: * * ACL_type AIXC * attributes: base permissions owner(root): rw- group(security): r-- others: r-- extended permissions disabled If the extended ACL are not "disabled", this is a finding.

Fix Text

Remove the extended ACL from the "/etc/group" using command: # acledit /etc/group

Additional Identifiers

Rule ID: SV-215328r508663_rule

Vulnerability ID: V-215328

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings