STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: The AIX /etc/group file must not have an extended ACL.

DISA Rule

SV-101715r1_rule

Vulnerability Number

V-91617

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003015

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove the extended ACL from the "/etc/group" using command:
# acledit /etc/group

Check Contents

Check the ACL of the "/etc/group" file:
# aclget /etc/group

The above command should yield the following output:
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rw-
group(security): r--
others: r--
extended permissions
disabled

If the extended ACL are not "disabled", this is a finding.

Vulnerability Number

V-91617

Documentable

False

Rule Version

AIX7-00-003015

Severity Override Guidance

Check the ACL of the "/etc/group" file:
# aclget /etc/group

The above command should yield the following output:
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rw-
group(security): r--
others: r--
extended permissions
disabled

If the extended ACL are not "disabled", this is a finding.

Check Content Reference

M

Target Key

3491

Comments