STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.

DISA Rule

SV-215242r517599_rule

Vulnerability Number

V-215242

Group Title

SRG-OS-000054-GPOS-00025

Rule Version

AIX7-00-002011

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Re-install the "bos.rte.security" fileset from the base media.

Use "installp" command (assume cd is mounted).

# installp -aXYqg -d /dev/cd0 bos.rte.security

Check Contents

The application file "/usr/sbin/auditselect" provides the audit filtering function. Check if it exists:

# ls -l /usr/sbin/auditselect
-r-sr-x--- 1 root audit 36240 Jul 4 1776 /usr/sbin/auditselect

If the "/usr/sbin/auditselect" file does not exist, this is a finding

Vulnerability Number

V-215242

Documentable

False

Rule Version

AIX7-00-002011

Severity Override Guidance

The application file "/usr/sbin/auditselect" provides the audit filtering function. Check if it exists:

# ls -l /usr/sbin/auditselect
-r-sr-x--- 1 root audit 36240 Jul 4 1776 /usr/sbin/auditselect

If the "/usr/sbin/auditselect" file does not exist, this is a finding

Check Content Reference

M

Target Key

4012

Comments