An error occurred:

Check: AIX7-00-001018

IBM AIX 7.x STIG: AIX7-00-001018 (in versions v2 r9 through v1 r1)

Title

All system files, programs, and directories must be owned by a system account. (Cat II impact)

Discussion

Restricting permissions will protect the files from unauthorized modification.

Check Content

Check the ownership of system files, programs, and directories by running the following command: # ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin If any of the system files, programs, or directories are not owned by a system account, this is a finding. Note: For this check, the system-provided "ipsec" user is considered to be a system account.

Fix Text

Change the owner of public directories to "root" or an application account using the following command: # chown root </public/directory> Note: Replace "root" with an application user as necessary.

Additional Identifiers

Rule ID: SV-215183r508663_rule

Vulnerability ID: V-215183

Group Title: SRG-OS-000259-GPOS-00100

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001499

The organization limits privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (6)

Limit Library Privileges