STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

All system files, programs, and directories must be owned by a system account.

DISA Rule

SV-215183r508663_rule

Vulnerability Number

V-215183

Group Title

SRG-OS-000259-GPOS-00100

Rule Version

AIX7-00-001018

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Change the owner of public directories to "root" or an application account using the following command:
# chown root </public/directory>

Note: Replace "root" with an application user as necessary.

Check Contents

Check the ownership of system files, programs, and directories by running the following command:
# ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin

If any of the system files, programs, or directories are not owned by a system account, this is a finding.

Note: For this check, the system-provided "ipsec" user is considered to be a system account.

Vulnerability Number

V-215183

Documentable

False

Rule Version

AIX7-00-001018

Severity Override Guidance

Check the ownership of system files, programs, and directories by running the following command:
# ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin

If any of the system files, programs, or directories are not owned by a system account, this is a finding.

Note: For this check, the system-provided "ipsec" user is considered to be a system account.

Check Content Reference

M

Target Key

4012

Comments