STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX audit configuration files must be group-owned by audit.

DISA Rule

SV-215316r508663_rule

Vulnerability Number

V-215316

Group Title

SRG-OS-000063-GPOS-00032

Rule Version

AIX7-00-002201

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the group of the audit configuration files to "audit".
# chgrp audit /etc/security/audit/*

Check Contents

Check that all the audit configuration files under /etc/security/audit/* have group ownership.

# ls -l /etc/security/audit/*
-rw-r----- 1 root audit 37 Oct 10 2016 /etc/security/audit/bincmds
-rw-r----- 1 root audit 2838 Sep 05 16:33 /etc/security/audit/config
-rw-r----- 1 root audit 26793 Oct 10 2016 /etc/security/audit/events
-rw-r----- 1 root audit 340 Oct 10 2016 /etc/security/audit/objects
-rw-r----- 1 root audit 54 Oct 10 2016 /etc/security/audit/streamcmds

If any file's group ownership is not "audit", this is a finding.

Vulnerability Number

V-215316

Documentable

False

Rule Version

AIX7-00-002201

Severity Override Guidance

Check that all the audit configuration files under /etc/security/audit/* have group ownership.

# ls -l /etc/security/audit/*
-rw-r----- 1 root audit 37 Oct 10 2016 /etc/security/audit/bincmds
-rw-r----- 1 root audit 2838 Sep 05 16:33 /etc/security/audit/config
-rw-r----- 1 root audit 26793 Oct 10 2016 /etc/security/audit/events
-rw-r----- 1 root audit 340 Oct 10 2016 /etc/security/audit/objects
-rw-r----- 1 root audit 54 Oct 10 2016 /etc/security/audit/streamcmds

If any file's group ownership is not "audit", this is a finding.

Check Content Reference

M

Target Key

4012

Comments