STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

All system command files must not have extended ACLs.

DISA Rule

SV-215325r508663_rule

Vulnerability Number

V-215325

Group Title

SRG-OS-000259-GPOS-00100

Rule Version

AIX7-00-003009

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Remove the extended ACL(s) from the system command file(s) and set the extended permissions to disabled by running the following command:
# acledit [command-path ]/[ command-file]

Check Contents

Verify all system command files have no extended ACLs by running the following commands:
# aclget /etc
# aclget /bin
# aclget /usr/bin
# aclget /usr/lbin
# aclget /usr/ucb
# aclget /sbin
# aclget /usr/sbin

If any of the command files have extended permissions enabled, this is a finding.

Vulnerability Number

V-215325

Documentable

False

Rule Version

AIX7-00-003009

Severity Override Guidance

Verify all system command files have no extended ACLs by running the following commands:
# aclget /etc
# aclget /bin
# aclget /usr/bin
# aclget /usr/lbin
# aclget /usr/ucb
# aclget /sbin
# aclget /usr/sbin

If any of the command files have extended permissions enabled, this is a finding.

Check Content Reference

M

Target Key

4012

Comments