STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

All AIX NFS anonymous UIDs and GIDs must be configured to values without permissions.

DISA Rule

SV-215209r508663_rule

Vulnerability Number

V-215209

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-001055

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit "/etc/exports" and set the "anon=-1" option for all exported file systems without it.

Re-export the file systems using command:
# exportfs -a

Check Contents

Check if the "anon" option is set correctly for exported file systems.

List exported file systems using command:

# exportfs -v
/home/doej rw,anon=-1,access=doej

Note: Each of the exported file systems should include an entry for the "anon=" option set to "-1" or an equivalent (60001, 60002, 65534, or 65535).

If an appropriate "anon=" setting is not present for an exported file system, this is a finding.

Vulnerability Number

V-215209

Documentable

False

Rule Version

AIX7-00-001055

Severity Override Guidance

Check if the "anon" option is set correctly for exported file systems.

List exported file systems using command:

# exportfs -v
/home/doej rw,anon=-1,access=doej

Note: Each of the exported file systems should include an entry for the "anon=" option set to "-1" or an equivalent (60001, 60002, 65534, or 65535).

If an appropriate "anon=" setting is not present for an exported file system, this is a finding.

Check Content Reference

M

Target Key

4012

Comments