STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must provide the function for assigned ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.

DISA Rule

SV-215252r508663_rule

Vulnerability Number

V-215252

Group Title

SRG-OS-000337-GPOS-00129

Rule Version

AIX7-00-002032

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Create a role "auditadm" that is assigned with security related authorization with the following commend:
# mkrole authorizations="aix.security.audit,aix.security.user.audit,aix.security.role.audit" auditadm

Check Contents

Verify that an audit admin role has been configured to include the authorizations for auditing, namely "aix.security.audit,aix.security.user.audit,aix.security.role.audit":

# lsrole ALL |grep "aix.security.audit" |grep "aix.security.user.audit" |grep "aix.security.role.audit"
auditadm authorizations=aix.security.audit,aix.security.user.audit,aix.security.role.audit rolelist= groups= visibility=1 screens=* dfltmsg=Audit Administrator msgcat=role_desc.cat msgnum=15 msgset=1 auth_mode=INVOKER id=16

If the above command has no output, this is a finding.

Vulnerability Number

V-215252

Documentable

False

Rule Version

AIX7-00-002032

Severity Override Guidance

Verify that an audit admin role has been configured to include the authorizations for auditing, namely "aix.security.audit,aix.security.user.audit,aix.security.role.audit":

# lsrole ALL |grep "aix.security.audit" |grep "aix.security.user.audit" |grep "aix.security.role.audit"
auditadm authorizations=aix.security.audit,aix.security.user.audit,aix.security.role.audit rolelist= groups= visibility=1 screens=* dfltmsg=Audit Administrator msgcat=role_desc.cat msgnum=15 msgset=1 auth_mode=INVOKER id=16

If the above command has no output, this is a finding.

Check Content Reference

M

Target Key

4012

Comments