STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must provide the lock command to let users retain their session lock until users are reauthenticated.

DISA Rule

SV-215187r508663_rule

Vulnerability Number

V-215187

Group Title

SRG-OS-000028-GPOS-00009

Rule Version

AIX7-00-001028

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Install "bos.rte.security" fileset from the AIX DVD Volume 1 using the following command (assuming that the DVD device is mounted to /dev/cd0):

# installp -aXYgd /dev/cd0 -e /tmp/install.log bos.rte.security

Check Contents

Check the system to determine if "bos.rte.security" is installed:

# lslpp -L bos.rte.security
Fileset Level State Type Description (Uninstaller)
----------------------------------------------------------------------------
bos.rte.security 7.2.1.1 C F Base Security Function

If the "bos.rte.security" fileset is not installed, this is a finding.

Check if lock command exist using the following command:
# ls /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Vulnerability Number

V-215187

Documentable

False

Rule Version

AIX7-00-001028

Severity Override Guidance

Check the system to determine if "bos.rte.security" is installed:

# lslpp -L bos.rte.security
Fileset Level State Type Description (Uninstaller)
----------------------------------------------------------------------------
bos.rte.security 7.2.1.1 C F Base Security Function

If the "bos.rte.security" fileset is not installed, this is a finding.

Check if lock command exist using the following command:
# ls /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Check Content Reference

M

Target Key

4012

Comments