STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX root accounts home directory must not have an extended ACL.

DISA Rule

SV-215199r508663_rule

Vulnerability Number

V-215199

Group Title

SRG-OS-000480-GPOS-00230

Rule Version

AIX7-00-001040

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the extended ACL from the "root" account's home directory using command:
# acledit ~root

Change extended attributes to disabled.

Check Contents

Verify the "root" account's home directory has no extended ACL using command:

# aclget ~root
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rwx
group(system): ---
others: ---
extended permissions
disabled

If extended permissions are enabled, the directory has an extended ACL, and this is a finding.

Vulnerability Number

V-215199

Documentable

False

Rule Version

AIX7-00-001040

Severity Override Guidance

Verify the "root" account's home directory has no extended ACL using command:

# aclget ~root
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rwx
group(system): ---
others: ---
extended permissions
disabled

If extended permissions are enabled, the directory has an extended ACL, and this is a finding.

Check Content Reference

M

Target Key

4012

Comments