STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must be configured to only boot from the system boot device.

DISA Rule

SV-215410r508663_rule

Vulnerability Number

V-215410

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003112

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the system to only boot from system startup media:
# bootlist -m normal hdisk<x>

Set "multi-boot" to "off" in the SMS application.

Check Contents

Determine if the system is configured to boot from devices other than the system startup media by running command:
# bootlist -m normal -o

The returned values should be "hdisk{x}".

If the system is setup to boot from a non-hard disk device, this is a finding.

Additionally, ask the SA if the machine is setup for "multi-boot" in the SMS application. If multi-boot is enabled, the firmware will stop at boot time and request which image to boot from the user.

If "multi-boot" is enabled, this is a finding.

Vulnerability Number

V-215410

Documentable

False

Rule Version

AIX7-00-003112

Severity Override Guidance

Determine if the system is configured to boot from devices other than the system startup media by running command:
# bootlist -m normal -o

The returned values should be "hdisk{x}".

If the system is setup to boot from a non-hard disk device, this is a finding.

Additionally, ask the SA if the machine is setup for "multi-boot" in the SMS application. If multi-boot is enabled, the firmware will stop at boot time and request which image to boot from the user.

If "multi-boot" is enabled, this is a finding.

Check Content Reference

M

Target Key

4012

Comments