STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX /etc/group file must not have an extended ACL.

DISA Rule

SV-215328r508663_rule

Vulnerability Number

V-215328

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003015

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the extended ACL from the "/etc/group" using command:
# acledit /etc/group

Check Contents

Check the ACL of the "/etc/group" file:
# aclget /etc/group

The above command should yield the following output:
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rw-
group(security): r--
others: r--
extended permissions
disabled

If the extended ACL are not "disabled", this is a finding.

Vulnerability Number

V-215328

Documentable

False

Rule Version

AIX7-00-003015

Severity Override Guidance

Check the ACL of the "/etc/group" file:
# aclget /etc/group

The above command should yield the following output:
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rw-
group(security): r--
others: r--
extended permissions
disabled

If the extended ACL are not "disabled", this is a finding.

Check Content Reference

M

Target Key

4012

Comments