STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX audit configuration files must be owned by root.

DISA Rule

SV-215315r508663_rule

Vulnerability Number

V-215315

Group Title

SRG-OS-000063-GPOS-00032

Rule Version

AIX7-00-002200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the owner audit configuration files to "root".
# chown root /etc/security/audit/*

Check Contents

Check that all the audit configuration files under /etc/security/audit/* have correct ownership.

# ls -l /etc/security/audit/*
-rw-r----- 1 root audit 37 Oct 10 2016 /etc/security/audit/bincmds
-rw-r----- 1 root audit 2838 Sep 05 16:33 /etc/security/audit/config
-rw-r----- 1 root audit 26793 Oct 10 2016 /etc/security/audit/events
-rw-r----- 1 root audit 340 Oct 10 2016 /etc/security/audit/objects
-rw-r----- 1 root audit 54 Oct 10 2016 /etc/security/audit/streamcmds

If any file's ownership is not "root", this is a finding.

Vulnerability Number

V-215315

Documentable

False

Rule Version

AIX7-00-002200

Severity Override Guidance

Check that all the audit configuration files under /etc/security/audit/* have correct ownership.

# ls -l /etc/security/audit/*
-rw-r----- 1 root audit 37 Oct 10 2016 /etc/security/audit/bincmds
-rw-r----- 1 root audit 2838 Sep 05 16:33 /etc/security/audit/config
-rw-r----- 1 root audit 26793 Oct 10 2016 /etc/security/audit/events
-rw-r----- 1 root audit 340 Oct 10 2016 /etc/security/audit/objects
-rw-r----- 1 root audit 54 Oct 10 2016 /etc/security/audit/streamcmds

If any file's ownership is not "root", this is a finding.

Check Content Reference

M

Target Key

4012

Comments