STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must request and perform data origin and integrity authentication verification on the name/address resolution responses the system receives from authoritative sources.

DISA Rule

SV-215307r508663_rule

Vulnerability Number

V-215307

Group Title

SRG-OS-000399-GPOS-00178

Rule Version

AIX7-00-002125

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Add the following line to the "/etc/resolv.conf" file:

nameserver <nameserver_IPAddress>

Check Contents

Run "nslookup" command at the prompt:

#nslookup <host_name>

Server: 10.18.12.40
Address: 10.18.12.40#53

If the Server output does not point to an authorized nameserver IPAddress, this is a finding.

Verify the nameserver is configured in "/etc/resov.conf":

# grep -i nameserver /etc/resolv.conf
nameserver 10.18.12.40

If the "nameserver" entry is not found in "/etc/resolv.conf" or does not match the ipaddress from the "nslookup" command, this is a finding.

Vulnerability Number

V-215307

Documentable

False

Rule Version

AIX7-00-002125

Severity Override Guidance

Run "nslookup" command at the prompt:

#nslookup <host_name>

Server: 10.18.12.40
Address: 10.18.12.40#53

If the Server output does not point to an authorized nameserver IPAddress, this is a finding.

Verify the nameserver is configured in "/etc/resov.conf":

# grep -i nameserver /etc/resolv.conf
nameserver 10.18.12.40

If the "nameserver" entry is not found in "/etc/resolv.conf" or does not match the ipaddress from the "nslookup" command, this is a finding.

Check Content Reference

M

Target Key

4012

Comments