STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX /etc/passwd, /etc/security/passwd, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups or LDAP netgroups.

DISA Rule

SV-215206r508663_rule

Vulnerability Number

V-215206

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-001047

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit "/etc/passwd", "/etc/security/passwd", and/or "/etc/group" files and remove entries containing a plus (+).

Check Contents

Check system configuration files for plus (+) entries using the following commands:

# cat /etc/passwd | grep -v "^#" | grep "\+"

# cat /etc/security/passwd | grep -v "^#" | grep "\+"

# cat /etc/group | grep -v "^#" | grep "\+"

If the "/etc/passwd", "/etc/security/passwd", and/or "/etc/group" files contain a plus (+) and do not define entries for NIS+ netgroups or LDAP netgroups, this is a finding.

Vulnerability Number

V-215206

Documentable

False

Rule Version

AIX7-00-001047

Severity Override Guidance

Check system configuration files for plus (+) entries using the following commands:

# cat /etc/passwd | grep -v "^#" | grep "\+"

# cat /etc/security/passwd | grep -v "^#" | grep "\+"

# cat /etc/group | grep -v "^#" | grep "\+"

If the "/etc/passwd", "/etc/security/passwd", and/or "/etc/group" files contain a plus (+) and do not define entries for NIS+ netgroups or LDAP netgroups, this is a finding.

Check Content Reference

M

Target Key

4012

Comments