DISA STIG AIX 5.3 v1r2

Audit Details

Name: DISA STIG AIX 5.3 v1r2

Updated: 11/6/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.32

Estimated Item Count: 946

File Details

Filename: DISA_STIG_AIX_5.3_v1r2.audit

Size: 1.48 MB

MD5: 307ffae08ea1a7e35d1eacb93f4fe10b
SHA256: 666677e481788d69a1fb15a56a7900b26701a0c4dc3675d12dfc8d6de96eef7b

Audit Items

DescriptionCategories
DISA_STIG_AIX_5.3_v1r2.audit for AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE v1r2
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.

ACCESS CONTROL, SYSTEM AND SERVICES ACQUISITION

GEN000000-AIX00040 - The securetcpip command must be used

ACCESS CONTROL

GEN000000-AIX00060 - A baseline of AIX files with the TCB bit set must be checked weekly.

SYSTEM AND INFORMATION INTEGRITY

GEN000000-AIX00080 - The SYSTEM attribute must not be set to NONE for any account.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-AIX0085 - The /etc/netsvc.conf file must be root owned.

ACCESS CONTROL

GEN000000-AIX0090 - The /etc/netsvc.conf file must be group-owned by bin, sys, or system.

ACCESS CONTROL

GEN000000-AIX0100 - The /etc/netsvc.conf file must have mode 0644 or less permissive.

ACCESS CONTROL

GEN000000-AIX0110 - The /etc/netsvc.conf file must not have an extended ACL.

ACCESS CONTROL

GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.

ACCESS CONTROL

GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.

ACCESS CONTROL

GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.

ACCESS CONTROL

GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.

ACCESS CONTROL

GEN000000-AIX0300 - The system must not have the bootp service active.

ACCESS CONTROL

GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.

ACCESS CONTROL

GEN000000-AIX0320 - The /etc/ftpaccess.ctl file must be owned by root.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-AIX0330 - The /etc/ftpaccess.ctl file must be group-owned by bin, sys, or system.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-AIX0340 - The /etc/ftpaccess.ctl file must have mode 0640 or less permissive.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-AIX0350 - The /etc/ftpaccess.ctl file must not have an extended ACL.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000020 - The system must require authentication upon booting into single-user and maintenance modes.

ACCESS CONTROL

GEN000100 - The operating system must be a supported release.

SYSTEM AND INFORMATION INTEGRITY

GEN000120 - System security patches and updates must be installed and up-to-date.

SYSTEM AND INFORMATION INTEGRITY

GEN000140 - A file integrity baseline must be created and maintained.

CONFIGURATION MANAGEMENT

GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes.

RISK ASSESSMENT

GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'NTP daemon is running'

AUDIT AND ACCOUNTABILITY

GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'NTP daemon is started at boot'

AUDIT AND ACCOUNTABILITY

GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'NTP daemon uses approved sources'

AUDIT AND ACCOUNTABILITY

GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'xntpd is started at boot time'

AUDIT AND ACCOUNTABILITY

GEN000240 - The system clock must be synchronized to an authoritative DoD time source - 'xntpd|ntpd is running'

AUDIT AND ACCOUNTABILITY

GEN000241 - The system clock must be synchronized continuously, or at least daily - 'NTP daemon is running'

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

GEN000241 - The system clock must be synchronized continuously, or at least daily - 'NTP daemon is started at boot'

CONFIGURATION MANAGEMENT

GEN000242 - The system must use at least two time sources for clock synchronization - 'at least 2 servers are configured'

AUDIT AND ACCOUNTABILITY

GEN000242 - The system must use at least two time sources for clock synchronization - 'NTP daemon is running'

AUDIT AND ACCOUNTABILITY

GEN000242 - The system must use at least two time sources for clock synchronization - 'NTP daemon is started at boot'

AUDIT AND ACCOUNTABILITY

GEN000244 - The system must use time sources local to the enclave.

AUDIT AND ACCOUNTABILITY

GEN000250 - The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root.

ACCESS CONTROL

GEN000251 - The time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by bin, sys, or system.

ACCESS CONTROL

GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.

ACCESS CONTROL

GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL.

ACCESS CONTROL

GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - '/etc/security/user rlogin=false'

IDENTIFICATION AND AUTHENTICATION

GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - 'results of last should be reviewed'

IDENTIFICATION AND AUTHENTICATION

GEN000290 - The system must not have unnecessary accounts - 'ftp does not exsit'

ACCESS CONTROL

GEN000290 - The system must not have unnecessary accounts - 'games does not exsit'

ACCESS CONTROL

GEN000290 - The system must not have unnecessary accounts - 'gopher does not exsit'

ACCESS CONTROL

GEN000290 - The system must not have unnecessary accounts - 'guest does not exsit'

ACCESS CONTROL

GEN000290 - The system must not have unnecessary accounts - 'lp does not exsit'

ACCESS CONTROL

GEN000290 - The system must not have unnecessary accounts - 'news does not exsit'

ACCESS CONTROL

GEN000290 - The system must not have unnecessary accounts - 'uucp does not exsit'

ACCESS CONTROL

GEN000300 - All accounts on the system must have unique user or account names.

IDENTIFICATION AND AUTHENTICATION

GEN000320 - All accounts must be assigned unique User Identification Numbers (UIDs).

IDENTIFICATION AND AUTHENTICATION