STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must monitor and record successful remote logins.

DISA Rule

SV-215285r508663_rule

Vulnerability Number

V-215285

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

AIX7-00-002100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove the symlink of "/var/adm/wtmp" file by using the following command:
# rm /var/adm/wtmp

The "/var/adm/wtmp" file will be created when the system logs event for successful or failed login.

Check Contents

Check if the file "/var/adm/wtmp" is a symlink by using the following command:
# ls -al /var/adm/wtmp

The above command should yield the following output:
-rw-rw-r-- 1 adm adm 45360 Sep 05 15:00 /var/adm/wtmp

If the file "/var/adm/wtmp" is a symlink, this is a finding.

Vulnerability Number

V-215285

Documentable

False

Rule Version

AIX7-00-002100

Severity Override Guidance

Check if the file "/var/adm/wtmp" is a symlink by using the following command:
# ls -al /var/adm/wtmp

The above command should yield the following output:
-rw-rw-r-- 1 adm adm 45360 Sep 05 15:00 /var/adm/wtmp

If the file "/var/adm/wtmp" is a symlink, this is a finding.

Check Content Reference

M

Target Key

4012

Comments