STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must set Stack Execution Disable (SED) system wide mode to all.

DISA Rule

SV-215398r508663_rule

Vulnerability Number

V-215398

Group Title

SRG-OS-000142-GPOS-00071

Rule Version

AIX7-00-003096

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.
• CCI-002824 - The information system implements organization-defined security safeguards to protect its memory from unauthorized code execution.

Weight

10

Fix Recommendation

From the command prompt, run the following command to set the SED systemwide mode to select:
# sedmgr -m all

AIX has to be rebooted for the new SED mode to take effect.

Check Contents

From the command prompt, run the following command to display SED systemwide mode:

# sedmgr
Stack Execution Disable (SED) mode: all
SED configured in kernel: all

If the above command shows a systemwide SED mode other than "all", this is a finding.

Vulnerability Number

V-215398

Documentable

False

Rule Version

AIX7-00-003096

Severity Override Guidance

From the command prompt, run the following command to display SED systemwide mode:

# sedmgr
Stack Execution Disable (SED) mode: all
SED configured in kernel: all

If the above command shows a systemwide SED mode other than "all", this is a finding.

Check Content Reference

M

Target Key

4012

Comments