STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-215235r508663_rule
V-215235
SRG-OS-000480-GPOS-00227
AIX7-00-001139
CAT II
10
Edit "/etc/filesystems" and add the "options = nodev" to all entries for remote or removable media file systems, and file systems containing no approved device files.
Identify any file system mounted from removable media, network shares, or file systems not containing any approved device files:
# cat /etc/filesystems
/:
dev = /dev/hd4
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
type = bootfs
vol = root
free = true
/home:
dev = /dev/hd1
vol = "/home"
mount = true
check = true
free = false
vfs = jfs2
log = /dev/hd8
10.17.76.74:/opt/nfs /home/doejohn
vfs = nfs
log = /dev/hd8
mount = true
options = nodev
account = false
If any file system mounted from removable media, network shares, or file systems not containing any approved device files is not using the "nodev" option, this is a finding.
V-215235
False
AIX7-00-001139
Identify any file system mounted from removable media, network shares, or file systems not containing any approved device files:
# cat /etc/filesystems
/:
dev = /dev/hd4
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
type = bootfs
vol = root
free = true
/home:
dev = /dev/hd1
vol = "/home"
mount = true
check = true
free = false
vfs = jfs2
log = /dev/hd8
10.17.76.74:/opt/nfs /home/doejohn
vfs = nfs
log = /dev/hd8
mount = true
options = nodev
account = false
If any file system mounted from removable media, network shares, or file systems not containing any approved device files is not using the "nodev" option, this is a finding.
M
4012