IBM AIX 7.x STIG Version Comparison
IBM AIX 7.x Security Technical Implementation Guide
Comparison
There are 9 differences between versions v2 r4 (Jan. 27, 2022) (the "left" version) and v2 r6 (July 27, 2022) (the "right" version).
Check AIX7-00-002140 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.
The regular view of the left check and right check may be easier to read.
Text Differences
Title
The AIX /etc/hosts file must be owned by root.
Check Content
Check the ownership of /etc/hosts using command: # ls -al /etc/hosts The above command should yield the following output: -rw-r----- 1 root root system 993 Mar 11 07:04 /etc/hosts If the file is not owned by root, this is a finding.
Discussion
Unauthorized ownership of the /etc/hosts file can lead to the ability for a malicious actor to redirect traffic to servers of their choice. It is also possible to use the /etc/hosts file to block detection by security software by blocking the traffic to all the download or update servers of well-known security vendors.
Fix
Change the ownership of the file to root using command: # chown root /etc/hosts