Detections
Analytics

Revision 1.3

Mar 19, 2024
Functional Update
  • 2.8 Ensure the Trusted Execution Policies cannot be modified
  • 4.1.2.9 mrouted
  • 4.1.3.1 autoconf6
  • 4.1.3.2 ndpd-host
  • 4.1.3.3 ndpd-router
  • 4.4.3 Removal of entries from /etc/hosts.equiv
  • 4.5.3.14 sshd_config: Use Conditional exception(s).
  • 4.5.3.4 sshd_config: Restrict users and groups allowed access via OpenSSH
  • 4.5.3.5 sshd_config: PermitRootLogin is 'prohibit-password' or 'no'
  • 6.3.1 Privilege escalation: sudo
  • 6.3.2 Ensure sudo logging is active
  • 6.3.3 Ensure sudo commands use pty
Informational Update
  • 4.5.3.14 sshd_config: Use Conditional exception(s).
  • 6.1.1 Create baseline of executables that elevate to a different GUID (Not scored)
Miscellaneous
  • Metadata updated.
  • See also link updated.
  • Variables updated.
Added
  • 2.6 Enforce Allowlist aka Trusted Execution Checks
  • 3.1 Encryption: File System Level (EFS)
  • 4.1.4.2 NFS - de-install NFS server
  • 4.1.4.5 NFS - restrict NFS access
  • 4.1.4.7 NFS - secure NFS
  • 4.4.1.1 NIS - de-install NIS client
  • 4.4.1.2 NIS - de-install NIS server
  • 4.4.1.3 NIS - remove NIS markers from password and group files
  • 4.4.1.4 NIS - restrict NIS server communication
  • 4.4.2 Remote command lockdown
  • 4.4.4 Removal of .rhosts and .netrc files
  • 4.4.5 Remote daemon lockdown
  • 4.5.1.2 /etc/inetd.conf - cmsd
  • 4.5.1.3 CDE - disabling dtlogin
  • 4.5.1.4 /etc/inetd.conf - dtspc
  • 4.5.1.6 CDE - remote GUI login disabled
  • 4.5.5.1 SNMP - disable private community string
  • 4.5.5.2 SNMP - disable system community string
  • 4.5.5.3 SNMP - disable public community string
  • 4.5.5.4 SNMP - disable Readwrite community access
  • 4.5.5.5 SNMP - restrict community access
  • 4.6.5 Unattended terminal session timeout is 900 seconds (or less)
  • 4.8.1 TE - implementation
  • 6.5 Services - at access is root only
  • 6.7 Services - crontab access is root only
  • 8.1.2 Configuring syslog - remote logging
  • 8.1.3 Configuring syslog - remote messages
  • 8.2 AIX Auditing
Removed
  • 2.6 Enforce Allowlist aka Trusted Execution Checks - stop_on_chkfail
  • 2.6 Enforce Allowlist aka Trusted Execution Checks - stop_untrustd
  • 3.1 Encryption: File System Level (EFS) - clic
  • 3.1 Encryption: File System Level (EFS) - clic loaded
  • 4.1.4.2 NFS - de-install NFS server - /etc/exports
  • 4.1.4.2 NFS - de-install NFS server - server installed
  • 4.1.4.5 NFS - restrict NFS access - restrict NFS access
  • 4.1.4.7 NFS - secure NFS - secure NFS
  • 4.4.1.1 NIS - de-install NIS client - de-install NIS client
  • 4.4.1.2 NIS - de-install NIS server - de-install NIS server
  • 4.4.1.3 NIS - remove NIS markers from password and group files - /etc/group
  • 4.4.1.3 NIS - remove NIS markers from password and group files - /etc/passwd
  • 4.4.1.4 NIS - restrict NIS server communication - file permissions
  • 4.4.1.4 NIS - restrict NIS server communication - review contents
  • 4.4.2 Remote command lockdown - rcp
  • 4.4.2 Remote command lockdown - rlogin
  • 4.4.2 Remote command lockdown - rsh
  • 4.4.4 Removal of .rhosts and .netrc files - .netrc
  • 4.4.4 Removal of .rhosts and .netrc files - .rhosts
  • 4.4.5 Remote daemon lockdown - rlogind
  • 4.4.5 Remote daemon lockdown - rshd
  • 4.4.5 Remote daemon lockdown - tftpd
  • 4.5.1.2 /etc/inetd.conf - cmsd - cmsd
  • 4.5.1.3 CDE - disabling dtlogin - disabling dtlogin
  • 4.5.1.4 /etc/inetd.conf - dtspc - dtspc
  • 4.5.1.6 CDE - remote GUI login disabled - remote GUI login disabled
  • 4.5.5.1 SNMP - disable private community string - disable private community string
  • 4.5.5.2 SNMP - disable system community string - disable system community string
  • 4.5.5.3 SNMP - disable public community string - disable public community string
  • 4.5.5.4 SNMP - disable Readwrite community access - disable Readwrite community access
  • 4.5.5.5 SNMP - restrict community access - restrict community access
  • 4.6.5 Unattended terminal session timeout is 900 seconds (or less) - TIMEOUT
  • 4.6.5 Unattended terminal session timeout is 900 seconds (or less) - TMOUT
  • 4.6.5 Unattended terminal session timeout is 900 seconds (or less) - readonly
  • 4.8.1 TE - implementation - CHKEXEC
  • 4.8.1 TE - implementation - CHKSCRIPT
  • 4.8.1 TE - implementation - STOP_ON_CHKFAIL
  • 4.8.1 TE - implementation - TE
  • 4.8.1 TE - implementation - TEP
  • 6.5 Services - at access is root only - at.deny does not exist
  • 6.5 Services - at access is root only - root exists in at.allow
  • 6.7 Services - crontab access is root only - adm exists in cron.allow
  • 6.7 Services - crontab access is root only - cron.deny does not exist
  • 6.7 Services - crontab access is root only - root exists in cron.allow
  • 8.1.2 Configuring syslog - remote logging - *.info;auth.none in /etc/syslog.conf
  • 8.1.2 Configuring syslog - remote logging - auth.info in /etc/syslog.conf
  • 8.1.3 Configuring syslog - remote messages - remote messages
  • 8.2 AIX Auditing - /audit exists
  • 8.2 AIX Auditing - /etc/security/audit/config update
  • 8.2 AIX Auditing - audit startup
  • 8.2 AIX Auditing - auditclasses update
  • 8.2 AIX Auditing - cron audit rotation