STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must monitor and record successful remote logins.

DISA Rule

SV-215285r508663_rule

Vulnerability Number

V-215285

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

AIX7-00-002100

Severity

CAT II

CCI(s)

CCI-000067 - The information system monitors remote access methods.

Weight

Fix Recommendation

Remove the symlink of "/var/adm/wtmp" file by using the following command:
# rm /var/adm/wtmp

The "/var/adm/wtmp" file will be created when the system logs event for successful or failed login.

Check Contents

Check if the file "/var/adm/wtmp" is a symlink by using the following command:
# ls -al /var/adm/wtmp

The above command should yield the following output:
-rw-rw-r-- 1 adm adm 45360 Sep 05 15:00 /var/adm/wtmp

If the file "/var/adm/wtmp" is a symlink, this is a finding.

Vulnerability Number

V-215285

Documentable

False

Rule Version

AIX7-00-002100

Severity Override Guidance

Check Content Reference

Target Key

4012

AIX must monitor and record successful remote logins.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments