Check: AIX7-00-002072
IBM AIX 7.x STIG:
AIX7-00-002072
(in versions v3 r1 through v1 r1)
Title
AIX system files, programs, and directories must be group-owned by a system group. (Cat II impact)
Discussion
Restricting permissions will protect the files from unauthorized modification.
Check Content
Check the group ownership of system files, programs, and directories run the following command: # ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin If any system file, program, or directory is not group-owned by a system group, this is a finding. Note: For this check, the system-provided "ipsec" group is also acceptable.
Fix Text
Change the group owner of system files to a system group by running the following command: # chgrp sys /path/to/system/file Note: System groups other than "sys" may be used.
Additional Identifiers
Rule ID: SV-215268r991560_rule
Vulnerability ID: V-215268
Group Title: SRG-OS-000259-GPOS-00100
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001499 |
Limit privileges to change software resident within software libraries. |
Controls
Number | Title |
---|---|
CM-5(6) |
Limit Library Privileges |