STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must be configured to allow users to directly initiate a session lock for all connection types.

DISA Rule

SV-215211r508663_rule

Vulnerability Number

V-215211

Group Title

SRG-OS-000030-GPOS-00011

Rule Version

AIX7-00-001100

Severity

CAT II

CCI(s)

• CCI-000058 - The information system provides the capability for users to directly initiate session lock mechanisms.

Weight

10

Fix Recommendation

Install, or re-install, bos.rte.security fileset from the AIX DVD Volume 1 using the following command (assuming that the DVD device is /dev/cd0):
# installp -aXYgd /dev/cd0 -e /tmp/install.log bos.rte.security

Check Contents

Check if the "lock" command exists by using the following command:
# ls /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Check if the "xlock" command exists by using the following command:
# ls /usr/bin/X11/xlock

The above command should display the following:
/usr/bin/X11/xlock

If the above command does not show that "/usr/bin/xlock" exists, this is a finding.

Vulnerability Number

V-215211

Documentable

False

Rule Version

AIX7-00-001100

Severity Override Guidance

Check if the "lock" command exists by using the following command:
# ls /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Check if the "xlock" command exists by using the following command:
# ls /usr/bin/X11/xlock

The above command should display the following:
/usr/bin/X11/xlock

If the above command does not show that "/usr/bin/xlock" exists, this is a finding.

Check Content Reference

M

Target Key

4012

Comments