STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: AIX must monitor and record unsuccessful remote logins.

DISA Rule

SV-101341r1_rule

Vulnerability Number

V-91241

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

AIX7-00-002101

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove the symlink of "/etc/security/failedlogin" file by using the following command:
# rm /etc/security/failedlogin

The "/etc/security/failedlogin" file will be created when system logs event for a failed login.

Check Contents

Check if the file "/etc/security/failedlogin" is a symlink by using the following command:
# ls -al /etc/security/failedlogin

The above command should yield the following output:
-rw------- 1 root system 648 Sep 05 14:59 /etc/security/failedlogin

If the file "/etc/security/failedlogin" is a symlink, this is a finding.

Vulnerability Number

V-91241

Documentable

False

Rule Version

AIX7-00-002101

Severity Override Guidance

Check if the file "/etc/security/failedlogin" is a symlink by using the following command:
# ls -al /etc/security/failedlogin

The above command should yield the following output:
-rw------- 1 root system 648 Sep 05 14:59 /etc/security/failedlogin

If the file "/etc/security/failedlogin" is a symlink, this is a finding.

Check Content Reference

M

Target Key

3491

Comments