STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.

DISA Rule

SV-215242r517599_rule

Vulnerability Number

V-215242

Group Title

SRG-OS-000054-GPOS-00025

Rule Version

AIX7-00-002011

Severity

CAT II

CCI(s)

CCI-000158 - The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records.
CCI-001875 - The information system provides an audit reduction capability that supports on-demand audit review and analysis.
CCI-001876 - The information system provides an audit reduction capability that supports on-demand reporting requirements.
CCI-001877 - The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents.

Weight

Fix Recommendation

Re-install the "bos.rte.security" fileset from the base media.

Use "installp" command (assume cd is mounted).

# installp -aXYqg -d /dev/cd0 bos.rte.security

Check Contents

The application file "/usr/sbin/auditselect" provides the audit filtering function. Check if it exists:

# ls -l /usr/sbin/auditselect
-r-sr-x--- 1 root audit 36240 Jul 4 1776 /usr/sbin/auditselect

If the "/usr/sbin/auditselect" file does not exist, this is a finding

Vulnerability Number

V-215242

Documentable

False

Rule Version

AIX7-00-002011

Severity Override Guidance

Check Content Reference

Target Key

4012

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments