Check: AIX7-00-003035
IBM AIX 7.x STIG:
AIX7-00-003035
(in versions v3 r1 through v1 r1)
Title
The sticky bit must be set on all public directories on AIX systems. (Cat II impact)
Discussion
Failing to set the sticky bit on public directories allows unauthorized users to delete files in the directory structure. The only authorized public directories are those temporary directories supplied with the system, or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system, and by users for temporary file storage - such as /tmp - and for directories requiring global read/write access.
Check Content
Verify all world-writable directories have the sticky bit set by running the command: # find / -type d -perm -002 ! -perm -1000 > wwlist # cat wwlist If any directories are listed in the "wwlist" file, this is a finding.
Fix Text
Set the sticky bit on all public directories, such as: # chmod 1777 /tmp (Replace /tmp with the public directory missing the sticky bit, if necessary.)
Additional Identifiers
Rule ID: SV-215341r991589_rule
Vulnerability ID: V-215341
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |