DISA STIG AIX 7.x v2r9

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG AIX 7.x v2r9

Updated: 11/22/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.5

Estimated Item Count: 311

File Details

Filename: DISA_STIG_AIX_7.x_v2r9.audit

Size: 562 kB

MD5: 04df995060ca98ea1c8779fbabc40ecf
SHA256: f9bd8add9841beb771d583ed4a66ebca0568f8e32957e422984bbec6431d4e05

Audit Changelog

 
Revision 1.5

Nov 22, 2024

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.4

Oct 15, 2024

Functional Update
  • AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.
  • AIX7-00-001031 - All AIX public directories must be owned by root or an application account.
  • AIX7-00-003101 - The AIX system must have no .netrc files on the system.
  • AIX7-00-003115 - AIX must contain no .forward files.
  • AIX7-00-003138 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the AIX system.
Informational Update
  • AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.
Miscellaneous
  • References updated.
Revision 1.3

Jun 3, 2024

Functional Update
  • AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - Certificate Issuer
  • AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - ldapsslkeyf
  • AIX7-00-001006 - If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA - useSSL
  • AIX7-00-001007 - If AIX is using LDAP for authentication or account information, the /etc/ldap.conf file (or equivalent) must not contain passwords - bindpwd DES
  • AIX7-00-001007 - If AIX is using LDAP for authentication or account information, the /etc/ldap.conf file (or equivalent) must not contain passwords - ldapsslkeypwd
  • AIX7-00-001046 - If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day - group cache
  • AIX7-00-001046 - If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day - user cache
  • AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - Certificate Issuer
  • AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - ldapsslkeyf
  • AIX7-00-001105 - AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - useSSL
Revision 1.2

Apr 29, 2024

Functional Update
  • AIX7-00-001015 - The shipped /etc/security/mkuser.sys file on AIX must not be customized directly.
Revision 1.1

Apr 15, 2024

Miscellaneous
  • Variables updated.