STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must provide a report generation function that supports on-demand audit review and analysis, on-demand reporting requirements, and after-the-fact investigations of security incidents.

DISA Rule

SV-215254r508663_rule

Vulnerability Number

V-215254

Group Title

SRG-OS-000350-GPOS-00138

Rule Version

AIX7-00-002036

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Use the installp command to install a fileset (assume cd is mounted).
# installp -aXYqg -d /dev/cd0 bos.rte.security

Check Contents

Check to see if the application for generating audit reports exists ("/usr/sbin/auditpr"):

# ls -l /usr/sbin/auditpr
-r-sr-x--- 1 root audit 54793 Feb 14 2017 /usr/sbin/auditpr

If the file does not exist, this is a finding.

Vulnerability Number

V-215254

Documentable

False

Rule Version

AIX7-00-002036

Severity Override Guidance

Check to see if the application for generating audit reports exists ("/usr/sbin/auditpr"):

# ls -l /usr/sbin/auditpr
-r-sr-x--- 1 root audit 54793 Feb 14 2017 /usr/sbin/auditpr

If the file does not exist, this is a finding.

Check Content Reference

M

Target Key

4012

Comments