Detections
Analytics

CIS IBM AIX 7.2 L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IBM AIX 7.2 L1 v1.0.0

Updated: 4/1/2024

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 205

File Details

Filename: CIS_AIX_7.2_Benchmark_v1.0.0_Level_1.audit

Size: 320 kB

MD5: 0893e40a4c2e4ba25e4794f583698a99
SHA256: 3c54d6b707abc34395149fa0ed8bfab6def92d43593096dd6a41d1a09fce9340

Audit Items

DescriptionCategories
2.1 Collect system configuration regularly
2.2 Scan for TROJAN aka Untrusted/Unauthorized Applications (Implement Allowlist)
2.3 Allowlist Authorized Software and Report Violations
2.4 Allowlist Authorized Libraries and Report Violations
2.5 Allowlist Authorized Scripts and Report Violations
2.7 Remove Unused Symbolic Links
3.3 Ensure default user umask is 027 or more restrictive
3.4 Remove group write permission from default groups - exceptions must be in TSD and audit
3.5 Application Data with requirement for world writable directories
3.6 Ensure there are no world writable files - exceptions must be in TSD and audit
3.7 Ensure there are no 'staff' writable files - exceptions must be in TSD and audit
3.8 Ensure all files and directories are owned by a user (uid) and assigned to a group (gid)
4.1.1.1 Disable writesrv
4.1.1.2 Disable ntalk/talk
4.1.1.3 dt
4.1.1.4 piobe
4.1.1.5 qdaemon
4.1.1.6 rc.nfs
4.1.1.7 cas_agent
4.1.2.1 inetd - aka Super Daemon
4.1.2.2 aixmibd
4.1.2.3 dhcpcd
4.1.2.4 dhcprd
4.1.2.5 dhcpsd
4.1.2.6 dpid2
4.1.2.7 gated
4.1.2.8 hostmibd
4.1.2.10 named
4.1.2.11 portmap
4.1.2.12 routed
4.1.2.13 rwhod
4.1.2.14 sendmail
4.1.2.15 snmpd
4.1.2.16 snmpmibd
4.1.2.17 timed
4.1.3.1 autoconf6
4.1.3.2 ndpd-host
4.1.3.3 ndpd-router
4.1.4.1 NFS - de-install NFS client
4.1.4.3 NFS - enable both nosuid and nodev options on NFS client mounts
4.1.4.4 NFS - localhost removal
4.1.4.6 NFS - no_root_squash option
4.1.5.1 bootps
4.1.5.2 chargen
4.1.5.3 comsat
4.1.5.4 daytime
4.1.5.5 discard
4.1.5.6 echo
4.1.5.7 exec
4.1.5.8 finger