STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX user home directories must not have extended ACLs.

DISA Rule

SV-215332r508663_rule

Vulnerability Number

V-215332

Group Title

SRG-OS-000480-GPOS-00230

Rule Version

AIX7-00-003019

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the extended ACL from the user home directory and disable extended permissions:
# acledit <directory>

Check Contents

Verify user home directories have no extended ACLs using command:

# cat /etc/passwd | cut -f 6,6 -d ":" | xargs -n1 aclget
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rwx
group(system): r-x
others: r---
extended permissions
disabled

If extended permissions are not disabled, this is a finding.

Vulnerability Number

V-215332

Documentable

False

Rule Version

AIX7-00-003019

Severity Override Guidance

Verify user home directories have no extended ACLs using command:

# cat /etc/passwd | cut -f 6,6 -d ":" | xargs -n1 aclget
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rwx
group(system): r-x
others: r---
extended permissions
disabled

If extended permissions are not disabled, this is a finding.

Check Content Reference

M

Target Key

4012

Comments