STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must monitor and record unsuccessful remote logins.

DISA Rule

SV-215286r508663_rule

Vulnerability Number

V-215286

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

AIX7-00-002101

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.

Weight

10

Fix Recommendation

Remove the symlink of "/etc/security/failedlogin" file by using the following command:
# rm /etc/security/failedlogin

The "/etc/security/failedlogin" file will be created when system logs event for a failed login.

Check Contents

Check if the file "/etc/security/failedlogin" is a symlink by using the following command:
# ls -al /etc/security/failedlogin

The above command should yield the following output:
-rw------- 1 root system 648 Sep 05 14:59 /etc/security/failedlogin

If the file "/etc/security/failedlogin" is a symlink, this is a finding.

Vulnerability Number

V-215286

Documentable

False

Rule Version

AIX7-00-002101

Severity Override Guidance

Check if the file "/etc/security/failedlogin" is a symlink by using the following command:
# ls -al /etc/security/failedlogin

The above command should yield the following output:
-rw------- 1 root system 648 Sep 05 14:59 /etc/security/failedlogin

If the file "/etc/security/failedlogin" is a symlink, this is a finding.

Check Content Reference

M

Target Key

4012

Comments