Check: AIX7-00-001040
IBM AIX 7.x STIG:
AIX7-00-001040
(in versions v3 r1 through v1 r1)
Title
The AIX root accounts home directory must not have an extended ACL. (Cat II impact)
Discussion
Excessive permissions on root home directories allow unauthorized access to root user files.
Check Content
Verify the "root" account's home directory has no extended ACL using command: # aclget ~root * * ACL_type AIXC * attributes: base permissions owner(root): rwx group(system): --- others: --- extended permissions disabled If extended permissions are enabled, the directory has an extended ACL, and this is a finding.
Fix Text
Remove the extended ACL from the "root" account's home directory using command: # acledit ~root Change extended attributes to disabled.
Additional Identifiers
Rule ID: SV-215199r991592_rule
Vulnerability ID: V-215199
Group Title: SRG-OS-000480-GPOS-00230
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |