PCI DSS 2.0/3.0 - AIX

Audit Details

Name: PCI DSS 2.0/3.0 - AIX

Updated: 4/25/2022

Authority: PCI DSS

Plugin: Unix

Revision: 1.32

Estimated Item Count: 263

Audit Items

DescriptionCategories
PCI 2.2.4 - Remove all unnecessary functionality - CDE - 'de-installing CDE'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Remove all unnecessary functionality - NFS - 'de-install NFS'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Remove all unnecessary functionality - NIS - 'bos.net.nis.client is not installed'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Remove all unnecessary functionality - NIS - 'bos.net.nis.server is not installed'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - '/etc/environment PATH does not include dot'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - '/etc/motd contains the appropriate text'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - '/etc/profile PATH does not include dot'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - '~root/.profile PATH does not include dot'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'default herald is set to appropriate text'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - 'default umask = 27'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - 'hosts.equiv has no entries'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'no group or world writable directories in root PATH'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - 'no SUID or SGID files exist'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - 'no unowned files exist'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - 'no world writable directories exist'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - 'no world writable files exist'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - 'on:/usr/sbin/getty does not exist in /etc/inittab'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'rcp mode 000'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'rlogin mode 000'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'rlogind mode 000'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'rsh mode 000'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'rshd mode 000'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - 'tftpd mode 000'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - at access - 'at.deny does not exist'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - at permissions - '/var/adm/cron/at.allow root:sys 400'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in at.allow - 'at.allow contains @[email protected]'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in at.allow - 'at.allow contains adm'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in at.allow - 'at.allow contains sys'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in at.allow - 'at.allow includes root'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in at.allow - 'only root, sys, adm, @[email protected]'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in at.allow - 'only root, sys, adm'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in cron.allow - 'cron.allow contains @[email protected]'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in cron.allow - 'cron.allow contains adm'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in cron.allow - 'cron.allow contains sys'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in cron.allow - 'cron.allow includes root'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in cron.allow - 'only root, sys, adm, @[email protected]'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - authorized users in cron.allow - 'only root,sys,adm'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - 'disabling dtlogin'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - 'Dtlogin.servers = /etc/dt/config/Xservers'

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - 'dtsession*lockTimeout <= 10'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - 'dtsession*saverTimeout <= 10'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - 'remote GUI login disabled'

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - dtaction permissions

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - dtappgather permissions

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - dtlogin*greeting.labelString is set to appropriate text

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - dtlogin*greeting.persLabelString is set to appropriate text

ACCESS CONTROL

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - dtprintinfo permissions

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - dtsession permissions

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - Xconfig permissions

CONFIGURATION MANAGEMENT

PCI 2.2.4 - Verify that common security parameter settings are included - CDE - Xresources permissions

CONFIGURATION MANAGEMENT