STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must disable /usr/bin/rcp, /usr/bin/rlogin, /usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands.

DISA Rule

SV-215322r508663_rule

Vulnerability Number

V-215322

Group Title

SRG-OS-000074-GPOS-00042

Rule Version

AIX7-00-003005

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Use the chmod command to remove all permissions on these commands:
# chmod ugo= /usr/bin/rcp
# chmod ugo= /usr/bin/rlogin
# chmod ugo= /usr/bin/rsh
# chmod ugo= /usr/bin/rexec
# chmod ugo= /usr/bin/telnet

Check Contents

From the command prompt, execute the following commands:
# ls -l /usr/bin/rcp | awk '{print $1}'
# ls -l /usr/bin/rlogin | awk '{print $1}'
# ls -l /usr/bin/rsh | awk '{print $1}'
# ls -l /usr/bin/telnet | awk '{print $1}'
# ls -l /usr/bin/rexec | awk '{print $1}'

Each of the above commands should return with the following permissions:
----------

If the permissions are more permissive, this is a finding.

Vulnerability Number

V-215322

Documentable

False

Rule Version

AIX7-00-003005

Severity Override Guidance

From the command prompt, execute the following commands:
# ls -l /usr/bin/rcp | awk '{print $1}'
# ls -l /usr/bin/rlogin | awk '{print $1}'
# ls -l /usr/bin/rsh | awk '{print $1}'
# ls -l /usr/bin/telnet | awk '{print $1}'
# ls -l /usr/bin/rexec | awk '{print $1}'

Each of the above commands should return with the following permissions:
----------

If the permissions are more permissive, this is a finding.

Check Content Reference

M

Target Key

4012

Comments