STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: AIX must be configured to allow users to directly initiate a session lock for all connection types.

DISA Rule

SV-101335r1_rule

Vulnerability Number

V-91235

Group Title

SRG-OS-000030-GPOS-00011

Rule Version

AIX7-00-001100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Install, or re-install, bos.rte.security fileset from the AIX DVD Volume 1 using the following command (assuming that the DVD device is /dev/cd0):
# installp -aXYgd /dev/cd0 -e /tmp/install.log bos.rte.security

Check Contents

Check if the "lock" command exists by using the following command:
# ls /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Check if the "xlock" command exists by using the following command:
# ls /usr/bin/X11/xlock

The above command should display the following:
/usr/bin/X11/xlock

If the above command does not show that "/usr/bin/xlock" exists, this is a finding.

Vulnerability Number

V-91235

Documentable

False

Rule Version

AIX7-00-001100

Severity Override Guidance

Check if the "lock" command exists by using the following command:
# ls /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Check if the "xlock" command exists by using the following command:
# ls /usr/bin/X11/xlock

The above command should display the following:
/usr/bin/X11/xlock

If the above command does not show that "/usr/bin/xlock" exists, this is a finding.

Check Content Reference

M

Target Key

3491

Comments