STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must use Trusted Execution (TE) Check policy.

DISA Rule

SV-215333r508663_rule

Vulnerability Number

V-215333

Group Title

SRG-OS-000312-GPOS-00124

Rule Version

AIX7-00-003020

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

Run the following command to turn on the all parts of Trusted Execution (TE):
# trustchk -p TE=on CHKEXEC=on CHKKERNEXT=on

Check Contents

Run the following command to show the current status of the "TE", "CHKEXEC", and "CHKKERNEXT" on the system:
# trustchk -p 2>&1 | egrep -e "TE=|CHKEXEC|CHKKERNEXT"

The above command should yield the following output:
TE=ON
CHKEXEC=ON
CHKKERNEXT=ON

If "TE", "CHKEXEC", or "CHKKERNEXT" is "OFF", this is a finding.

Vulnerability Number

V-215333

Documentable

False

Rule Version

AIX7-00-003020

Severity Override Guidance

Run the following command to show the current status of the "TE", "CHKEXEC", and "CHKKERNEXT" on the system:
# trustchk -p 2>&1 | egrep -e "TE=|CHKEXEC|CHKKERNEXT"

The above command should yield the following output:
TE=ON
CHKEXEC=ON
CHKKERNEXT=ON

If "TE", "CHKEXEC", or "CHKKERNEXT" is "OFF", this is a finding.

Check Content Reference

M

Target Key

4012

Comments