Check: AIX7-00-003010
IBM AIX 7.x STIG:
AIX7-00-003010
(in versions v3 r1 through v1 r1)
Title
All library files must not have extended ACLs. (Cat II impact)
Discussion
Unauthorized access could destroy the integrity of the library files.
Check Content
The following system library directories need to be checked: /usr/lib/security/ /usr/lib/methods/ Determine if any system library file has an extended ACL by running the follow script: find /usr/lib/security /usr/lib/methods/ -type f | while read file do aclget -o /tmp/111.acl $file > /dev/null 2>&1 if [ $? -eq 0 ]; then grep -e "[[:space:]]enabled$" /tmp/111.acl > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "$file has ACL" fi fi done If the above script yield any output, this is a finding.
Fix Text
Remove the extended ACL(s) from the system library file(s) and disable extended permissions using the follow script: find /usr/lib/security /usr/lib/methods/ -type f | while read file do aclget -o /tmp/111.acl $file > /dev/null 2>&1 if [ $? -eq 0 ]; then grep -e "[[:space:]]enabled$" /tmp/111.acl > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "Removing ACL from "$file cat /tmp/111.acl | head -n9 > /tmp/222.acl echo " disabled" >> /tmp/222.acl aclput -i /tmp/222.acl $file fi fi done
Additional Identifiers
Rule ID: SV-215326r991560_rule
Vulnerability ID: V-215326
Group Title: SRG-OS-000259-GPOS-00100
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001499 |
Limit privileges to change software resident within software libraries. |
Controls
Number | Title |
---|---|
CM-5(6) |
Limit Library Privileges |