Check: AIX7-00-003109
IBM AIX 7.x STIG:
AIX7-00-003109
(in versions v3 r1 through v1 r1)
Title
In the event of a system failure, AIX must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes. (Cat II impact)
Discussion
Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes.
Check Content
To display the current dump device settings enter the following command: #sysdumpdev -l primary /dev/lg_dumplv secondary /dev/sysdumpnull copy directory /var/adm/ras forced copy flag TRUE always allow dump FALSE dump compression ON type of dump fw-assisted full memory dump disallow If the primary device and copy directory is not configured, this is a finding.
Fix Text
The "sysdumpdev" command should be used to configure dump device. #sysdumpdev -p "Primary dump device" #sysdumpdev -d <directory> Note: The "-d <directory> " specifies the directory the device is copied to at boot time.
Additional Identifiers
Rule ID: SV-215407r991562_rule
Vulnerability ID: V-215407
Group Title: SRG-OS-000269-GPOS-00103
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001665 |
Preserve organization-defined system state information in the event of a system failure. |
Controls
Number | Title |
---|---|
SC-24 |
Fail in Known State |