STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: AIX root passwords must never be passed over a network in clear text form.

DISA Rule

SV-101391r1_rule

Vulnerability Number

V-91293

Group Title

SRG-OS-000074-GPOS-00042

Rule Version

AIX7-00-001124

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

If OpenSSH server is not installed, install it from the from AIX DVD Volume 1 using the following command (assuming that the DVD device is /dev/cd0):
# installp -aXYgd /dev/cd0 -e /tmp/install.log openssh.base.server

Start SSH server if it is not started:
# startsrc -s sshd

Enable SSH on the system and use it for all remote connections used to attain root access.

Disable direct root remote login:
# chsec -f /etc/security/user -s root -a rlogin=false

Check Contents

Determine if root has logged in over an unencrypted network connection:

# last | grep "root " | egrep -v "reboot|console" | more
root pts/1 10.74.17.76 Jul 4 16:44 - 17:39 (00:54)

Next, determine if the SSH daemon is running:

# ps -ef |grep sshd
root 3670408 6029762 0 Jan 24 - 0:00 /usr/sbin/sshd

If root has logged in over the network and SSHD is not running, this is a finding.

Vulnerability Number

V-91293

Documentable

False

Rule Version

AIX7-00-001124

Severity Override Guidance

Determine if root has logged in over an unencrypted network connection:

# last | grep "root " | egrep -v "reboot|console" | more
root pts/1 10.74.17.76 Jul 4 16:44 - 17:39 (00:54)

Next, determine if the SSH daemon is running:

# ps -ef |grep sshd
root 3670408 6029762 0 Jan 24 - 0:00 /usr/sbin/sshd

If root has logged in over the network and SSHD is not running, this is a finding.

Check Content Reference

M

Target Key

3491

Comments