STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX log files must have mode 0640 or less permissive.

DISA Rule

SV-215323r508663_rule

Vulnerability Number

V-215323

Group Title

SRG-OS-000206-GPOS-00084

Rule Version

AIX7-00-003006

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the mode of the system log file(s) to "0640" or less permissive:
# chmod 0640 /path/to/system-log-file

Check Contents

Check the mode of log files:

# ls -lL /var/log /var/log/syslog /var/adm
/var/adm:
total 376
drw-r----- 2 root system 256 Jan 24 12:31 SRC
drwx------ 4 root system 256 Jan 24 07:28 config
-rw-r----- 1 root system 1081 Jan 24 09:05 dev_pkg.fail
-rw-r----- 1 root system 250 Jan 24 09:05 dev_pkg.success
-rw------- 1 root system 64 Jan 24 09:43 sulog
drwxr-xr-x 3 root system 256 Jan 24 12:28 sw
drwx------ 2 root system 256 Jan 24 08:06 wpars

/var/log:
total 8
drwxr-xr-x 2 root system 256 Jan 24 08:44 aso
-rw-r----- 1 root system 603 Jan 24 10:30 cache_mgt.dr.log

If any of the log files have modes more permissive than "0640", this is a finding.

NOTE: Do not confuse system logfiles with audit logs. Any subsystems that require less stringent permissions must be documented.

Vulnerability Number

V-215323

Documentable

False

Rule Version

AIX7-00-003006

Severity Override Guidance

Check the mode of log files:

# ls -lL /var/log /var/log/syslog /var/adm
/var/adm:
total 376
drw-r----- 2 root system 256 Jan 24 12:31 SRC
drwx------ 4 root system 256 Jan 24 07:28 config
-rw-r----- 1 root system 1081 Jan 24 09:05 dev_pkg.fail
-rw-r----- 1 root system 250 Jan 24 09:05 dev_pkg.success
-rw------- 1 root system 64 Jan 24 09:43 sulog
drwxr-xr-x 3 root system 256 Jan 24 12:28 sw
drwx------ 2 root system 256 Jan 24 08:06 wpars

/var/log:
total 8
drwxr-xr-x 2 root system 256 Jan 24 08:44 aso
-rw-r----- 1 root system 603 Jan 24 10:30 cache_mgt.dr.log

If any of the log files have modes more permissive than "0640", this is a finding.

NOTE: Do not confuse system logfiles with audit logs. Any subsystems that require less stringent permissions must be documented.

Check Content Reference

M

Target Key

4012

Comments