STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX nosuid option must be enabled on all NFS client mounts.

DISA Rule

SV-215210r508663_rule

Vulnerability Number

V-215210

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-001056

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit "/etc/filesystems" and add the "nosuid" option for all NFS file systems.

Remount the NFS file systems to make the change take effect.

Check Contents

Check the system for NFS mounts not using the "nosuid" option using command:

# lsfs -v nfs
Name Nodename Mount Pt VFS Size Options Auto Accounting
/home/doej -- /mount/doej nfs 786432 -- yes no

If the "mounted" file systems do not have the "nosuid option", this is a finding.

Vulnerability Number

V-215210

Documentable

False

Rule Version

AIX7-00-001056

Severity Override Guidance

Check the system for NFS mounts not using the "nosuid" option using command:

# lsfs -v nfs
Name Nodename Mount Pt VFS Size Options Auto Accounting
/home/doej -- /mount/doej nfs 786432 -- yes no

If the "mounted" file systems do not have the "nosuid option", this is a finding.

Check Content Reference

M

Target Key

4012

Comments