STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX administrative accounts must not run a web browser, except as needed for local service administration.

DISA Rule

SV-215191r508663_rule

Vulnerability Number

V-215191

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-001032

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Enforce policy requiring administrative accounts use web browsers only for local service administration.

Check Contents

Inspect the root account home directory for a ".netscape" or a ".mozilla" directory using the following commands:
# find /home/root -name .netscape
# find /home/root -name .mozilla

If none exists, this is not a finding.

If a file exists, verify with the root users and the ISSO the intent of the browsing.

If a file exists and use of a web browser has not been authorized, this is a finding.

Vulnerability Number

V-215191

Documentable

False

Rule Version

AIX7-00-001032

Severity Override Guidance

Inspect the root account home directory for a ".netscape" or a ".mozilla" directory using the following commands:
# find /home/root -name .netscape
# find /home/root -name .mozilla

If none exists, this is not a finding.

If a file exists, verify with the root users and the ISSO the intent of the browsing.

If a file exists and use of a web browser has not been authorized, this is a finding.

Check Content Reference

M

Target Key

4012

Comments