STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX root accounts home directory (other than /) must have mode 0700.

DISA Rule

SV-215198r508663_rule

Vulnerability Number

V-215198

Group Title

SRG-OS-000480-GPOS-00230

Rule Version

AIX7-00-001039

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Use the following command to change protections for the root home directory:
# chmod 0700 /root.

Check Contents

Check the mode of the root home directory by running the following commands:
# ls -ld `grep "^root" /etc/passwd | awk -F":" '{print $6}'`

The above command should yield the following output:
drwx------ 22 root system 4096 Sep 06 18:00 /root

If the mode of the directory is not equal to "0700", this is a finding.

Vulnerability Number

V-215198

Documentable

False

Rule Version

AIX7-00-001039

Severity Override Guidance

Check the mode of the root home directory by running the following commands:
# ls -ld `grep "^root" /etc/passwd | awk -F":" '{print $6}'`

The above command should yield the following output:
drwx------ 22 root system 4096 Sep 06 18:00 /root

If the mode of the directory is not equal to "0700", this is a finding.

Check Content Reference

M

Target Key

4012

Comments