STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX package management tool must be used daily to verify system software.

DISA Rule

SV-215426r508663_rule

Vulnerability Number

V-215426

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003131

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Add a job to the root crontab invoking the following system package management tool to verify the integrity of installed packages and email the result to root user.

Run the following command to add the cron job:
# crontab -e

Within crontab command, add the following daily job to the cron table, then save the change:
0 23 * * * /usr/bin/lppchk -c > /tmp/111 2>&1; sendmail root < /tmp/111

Check Contents

Check the root crontab for a daily job invoking the system package management tool to verify the integrity of installed packages.

From the command prompt, run the following command:

# crontab -l | grep lppchk
55 22 * * * /lppchk.sh # Daily LPP check script

If no such job exists, this is a finding.

Vulnerability Number

V-215426

Documentable

False

Rule Version

AIX7-00-003131

Severity Override Guidance

Check the root crontab for a daily job invoking the system package management tool to verify the integrity of installed packages.

From the command prompt, run the following command:

# crontab -l | grep lppchk
55 22 * * * /lppchk.sh # Daily LPP check script

If no such job exists, this is a finding.

Check Content Reference

M

Target Key

4012

Comments