STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must start audit at boot.

DISA Rule

SV-215247r508663_rule

Vulnerability Number

V-215247

Group Title

SRG-OS-000254-GPOS-00095

Rule Version

AIX7-00-002023

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To start auditing at system startup, add the following line to the /etc/rc file, just prior to the line reading dspmsg rc.cat 5 'Multi-user initialization completed':
/usr/sbin/audit start

Symmetrically add the '/usr/sbin/audit shutdown' command to /etc/rc.shutdown.

Check Contents

Check if /etc/rc contains the following line:
/usr/sbin/audit start

# grep "audit start" /etc/rc
/usr/sbin/audit start

If a result is not returned, this is a finding.

Vulnerability Number

V-215247

Documentable

False

Rule Version

AIX7-00-002023

Severity Override Guidance

Check if /etc/rc contains the following line:
/usr/sbin/audit start

# grep "audit start" /etc/rc
/usr/sbin/audit start

If a result is not returned, this is a finding.

Check Content Reference

M

Target Key

4012

Comments