STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: All AIX NFS anonymous UIDs and GIDs must be configured to values without permissions.

DISA Rule

SV-101689r1_rule

Vulnerability Number

V-91591

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-001055

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit "/etc/exports" and set the "anon=-1" option for all exported file systems without it.

Re-export the file systems using command:
# exportfs -a

Check Contents

Check if the "anon" option is set correctly for exported file systems.

List exported file systems using command:

# exportfs -v
/home/doej rw,anon=-1,access=doej

Note: Each of the exported file systems should include an entry for the "anon=" option set to "-1" or an equivalent (60001, 60002, 65534, or 65535).

If an appropriate "anon=" setting is not present for an exported file system, this is a finding.

Vulnerability Number

V-91591

Documentable

False

Rule Version

AIX7-00-001055

Severity Override Guidance

Check if the "anon" option is set correctly for exported file systems.

List exported file systems using command:

# exportfs -v
/home/doej rw,anon=-1,access=doej

Note: Each of the exported file systems should include an entry for the "anon=" option set to "-1" or an equivalent (60001, 60002, 65534, or 65535).

If an appropriate "anon=" setting is not present for an exported file system, this is a finding.

Check Content Reference

M

Target Key

3491

Comments