An error occurred:

Check: AIX7-00-002072

IBM AIX 7.x STIG: AIX7-00-002072 (in versions v2 r9 through v1 r1)

Title

AIX system files, programs, and directories must be group-owned by a system group. (Cat II impact)

Discussion

Restricting permissions will protect the files from unauthorized modification.

Check Content

Check the group ownership of system files, programs, and directories run the following command: # ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin If any system file, program, or directory is not group-owned by a system group, this is a finding. Note: For this check, the system-provided "ipsec" group is also acceptable.

Fix Text

Change the group owner of system files to a system group by running the following command: # chgrp sys /path/to/system/file Note: System groups other than "sys" may be used.

Additional Identifiers

Rule ID: SV-215268r508663_rule

Vulnerability ID: V-215268

Group Title: SRG-OS-000259-GPOS-00100

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001499

The organization limits privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (6)

Limit Library Privileges